ansible: make _remote_expand_user() pay attention to sudoable=..

pull/322/head
David Wilson 6 years ago
parent eae531210a
commit b44b823c4a

@ -188,12 +188,13 @@ class ActionModuleMixin(ansible.plugins.action.ActionBase):
except AttributeError: except AttributeError:
s = ansible.constants.DEFAULT_REMOTE_TMP # <=2.4.x s = ansible.constants.DEFAULT_REMOTE_TMP # <=2.4.x
return self._remote_expand_user(s) return self._remote_expand_user(s, sudoable=False)
def _make_tmp_path(self, remote_user=None): def _make_tmp_path(self, remote_user=None):
""" """
Replace the base implementation's use of shell to implement mkdtemp() Replace the base implementation's use of shell to implement mkdtemp()
with an actual call to mkdtemp(). with an actual call to mkdtemp(). Like vanilla, the directory is always
created in the login account context.
""" """
LOG.debug('_make_tmp_path(remote_user=%r)', remote_user) LOG.debug('_make_tmp_path(remote_user=%r)', remote_user)
@ -281,20 +282,26 @@ class ActionModuleMixin(ansible.plugins.action.ActionBase):
""" """
Replace the base implementation's attempt to emulate Replace the base implementation's attempt to emulate
os.path.expanduser() with an actual call to os.path.expanduser(). os.path.expanduser() with an actual call to os.path.expanduser().
:param bool sudoable:
If :data:`True`, indicate unqualified tilde ("~" with no username)
should be evaluated in the context of the login account, not any
become_user.
""" """
LOG.debug('_remote_expand_user(%r, sudoable=%r)', path, sudoable) LOG.debug('_remote_expand_user(%r, sudoable=%r)', path, sudoable)
if not path.startswith('~'): if not path.startswith('~'):
# /home/foo -> /home/foo # /home/foo -> /home/foo
return path return path
if sudoable or not self._play_context.become:
if path == '~': if path == '~':
# ~ -> /home/dmw # ~ -> /home/dmw
return self._connection.homedir return self._connection.homedir
if path.startswith('~/'): if path.startswith('~/'):
# ~/.ansible -> /home/dmw/.ansible # ~/.ansible -> /home/dmw/.ansible
return os.path.join(self._connection.homedir, path[2:]) return os.path.join(self._connection.homedir, path[2:])
if path.startswith('~'):
# ~root/.ansible -> /root/.ansible # ~root/.ansible -> /root/.ansible
return self.call(os.path.expanduser, mitogen.utils.cast(path)) return self.call(os.path.expanduser, mitogen.utils.cast(path),
use_login_context=not sudoable)
def get_task_timeout_secs(self): def get_task_timeout_secs(self):
""" """

@ -16,10 +16,14 @@
setup: gather_subset=min setup: gather_subset=min
register: user_facts register: user_facts
# ------------------------
- name: "Expand ~/foo" - name: "Expand ~/foo"
action_passthrough: action_passthrough:
method: _remote_expand_user method: _remote_expand_user
args: ['~/foo'] kwargs:
path: '~/foo'
sudoable: false
register: out register: out
- assert: - assert:
that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo' that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo'
@ -27,17 +31,20 @@
- name: "Expand ~/foo with become active. ~ is become_user's home." - name: "Expand ~/foo with become active. ~ is become_user's home."
action_passthrough: action_passthrough:
method: _remote_expand_user method: _remote_expand_user
args: ['~/foo'] kwargs:
path: '~/foo'
sudoable: false
register: out register: out
become: true become: true
- assert: - assert:
that: out.result == '{{root_facts.ansible_facts.ansible_user_dir}}/foo' that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo'
- name: "Expand ~user/foo" - name: "Expand ~user/foo"
action_passthrough: action_passthrough:
method: _remote_expand_user method: _remote_expand_user
args: ['~{{ansible_user_id}}/foo'] kwargs:
path: '~{{ansible_user_id}}/foo'
sudoable: false
register: out register: out
- assert: - assert:
that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo' that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo'
@ -45,7 +52,53 @@
- name: "Expanding $HOME/foo has no effect." - name: "Expanding $HOME/foo has no effect."
action_passthrough: action_passthrough:
method: _remote_expand_user method: _remote_expand_user
args: ['$HOME/foo'] kwargs:
path: '$HOME/foo'
sudoable: false
register: out
- assert:
that: out.result == '$HOME/foo'
# ------------------------
- name: "sudoable; Expand ~/foo"
action_passthrough:
method: _remote_expand_user
kwargs:
path: '~/foo'
sudoable: true
register: out
- assert:
that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo'
- name: "sudoable; Expand ~/foo with become active. ~ is become_user's home."
action_passthrough:
method: _remote_expand_user
kwargs:
path: '~/foo'
sudoable: true
register: out
become: true
- assert:
that: out.result == '{{root_facts.ansible_facts.ansible_user_dir}}/foo'
- name: "sudoable; Expand ~user/foo"
action_passthrough:
method: _remote_expand_user
kwargs:
path: '~{{ansible_user_id}}/foo'
sudoable: true
register: out
- assert:
that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo'
- name: "sudoable; Expanding $HOME/foo has no effect."
action_passthrough:
method: _remote_expand_user
kwargs:
path: '$HOME/foo'
sudoable: true
register: out register: out
- assert: - assert:
that: out.result == '$HOME/foo' that: out.result == '$HOME/foo'

Loading…
Cancel
Save