diff --git a/ansible_mitogen/connection.py b/ansible_mitogen/connection.py index 03856f4d..5b9ae70b 100644 --- a/ansible_mitogen/connection.py +++ b/ansible_mitogen/connection.py @@ -409,6 +409,7 @@ def _connect_mitogen_doas(spec): #: generating ContextService keyword arguments matching a connection #: specification. CONNECTION_METHOD = { + # Ansible connection plugins 'buildah': _connect_buildah, 'docker': _connect_docker, 'kubectl': _connect_kubectl, @@ -421,9 +422,14 @@ CONNECTION_METHOD = { 'setns': _connect_setns, 'ssh': _connect_ssh, 'smart': _connect_ssh, # issue #548. + + # Ansible become plugins + 'community.general.doas': _connect_doas, 'su': _connect_su, 'sudo': _connect_sudo, 'doas': _connect_doas, + + # Mitogen specific methods 'mitogen_su': _connect_mitogen_su, 'mitogen_sudo': _connect_mitogen_sudo, 'mitogen_doas': _connect_mitogen_doas, diff --git a/docs/changelog.rst b/docs/changelog.rst index 8a052884..d25a1448 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -22,6 +22,7 @@ In progress (unreleased) ======================== * :gh:issue:`1318` CI: Abbreviate Github Actions job names +* :gh:issue:`1309` :mod:`ansible_mitogen`: Fix ``become_method: doas`` v0.3.25 (2025-07-29) diff --git a/tests/ansible/integration/become/all.yml b/tests/ansible/integration/become/all.yml index 1b507e16..2f22acd1 100644 --- a/tests/ansible/integration/become/all.yml +++ b/tests/ansible/integration/become/all.yml @@ -1,4 +1,5 @@ +- import_playbook: doas.yml - import_playbook: su_password.yml - import_playbook: sudo_flags_failure.yml - import_playbook: sudo_nonexistent.yml diff --git a/tests/ansible/integration/become/doas.yml b/tests/ansible/integration/become/doas.yml new file mode 100644 index 00000000..31858168 --- /dev/null +++ b/tests/ansible/integration/become/doas.yml @@ -0,0 +1,91 @@ +- name: integration/become/doas.yml - unqualified + hosts: test-targets:&linux_containers + gather_facts: false + become_method: doas # noqa: schema[playbook] + vars: + ansible_become_password: has_sudo_nopw_password + tasks: + # Vanilla Ansible doas requires pipelining=false + # https://github.com/ansible-collections/community.general/issues/9977 + - include_tasks: ../_mitogen_only.yml + + - name: Test doas -> default target user + become: true + command: whoami + changed_when: false + check_mode: false + register: doas_default_user + + - assert: + that: + - doas_default_user.stdout == 'root' + fail_msg: + doas_default_user={{ doas_default_user }} + + - name: Test doas -> mitogen__user1 + become: true + become_user: mitogen__user1 + command: whoami + changed_when: false + check_mode: false + register: doas_mitogen__user1 + when: + - become_unpriv_available + + - assert: + that: + - doas_mitogen__user1.stdout == 'mitogen__user1' + fail_msg: + doas_mitogen__user1={{ doas_mitogen__user1 }} + when: + - become_unpriv_available + tags: + - doas + - issue_1309 + - mitogen_only + +- name: integration/become/doas.yml - FQCN + hosts: test-targets:&linux_containers + gather_facts: false + become_method: community.general.doas + vars: + ansible_become_password: has_sudo_nopw_password + tasks: + # Vanilla Ansible doas requires pipelining=false + # https://github.com/ansible-collections/community.general/issues/9977 + - include_tasks: ../_mitogen_only.yml + + - name: Test community.general.doas -> default target user + become: true + command: whoami + changed_when: false + check_mode: false + register: fq_doas_default_user + + - assert: + that: + - fq_doas_default_user.stdout == 'root' + fail_msg: + fq_doas_default_user={{ fq_doas_default_user }} + + - name: Test community.general.doas -> mitogen__user1 + become: true + become_user: mitogen__user1 + command: whoami + changed_when: false + check_mode: false + register: fq_doas_mitogen__user1 + when: + - become_unpriv_available + + - assert: + that: + - fq_doas_mitogen__user1.stdout == 'mitogen__user1' + fail_msg: + fq_doas_mitogen__user1={{ fq_doas_mitogen__user1 }} + when: + - become_unpriv_available + tags: + - doas + - issue_1309 + - mitogen_only