From a1121c5a84da6d23a6bd3d463b9cf7269dd5b78d Mon Sep 17 00:00:00 2001 From: David Wilson Date: Tue, 29 Jan 2019 02:53:21 +0000 Subject: [PATCH 1/4] issue #499: respect C.BECOME_ALLOW_SAME_USER. --- ansible_mitogen/connection.py | 3 +- tests/ansible/hosts/become_same_user.hosts | 4 +++ tests/ansible/integration/connection/all.yml | 1 + .../connection/become_same_user.yml | 35 +++++++++++++++++++ 4 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 tests/ansible/hosts/become_same_user.hosts create mode 100644 tests/ansible/integration/connection/become_same_user.yml diff --git a/ansible_mitogen/connection.py b/ansible_mitogen/connection.py index bf1b0747..8bfbb51d 100644 --- a/ansible_mitogen/connection.py +++ b/ansible_mitogen/connection.py @@ -587,7 +587,8 @@ class Connection(ansible.plugins.connection.ConnectionBase): ) stack += (CONNECTION_METHOD[spec.transport()](spec),) - if spec.become(): + if spec.become() and ((spec.become_user() != spec.remote_user()) or + C.BECOME_ALLOW_SAME_USER): stack += (CONNECTION_METHOD[spec.become_method()](spec),) return stack diff --git a/tests/ansible/hosts/become_same_user.hosts b/tests/ansible/hosts/become_same_user.hosts new file mode 100644 index 00000000..a18b90d2 --- /dev/null +++ b/tests/ansible/hosts/become_same_user.hosts @@ -0,0 +1,4 @@ + +# become_same_user.yml +bsu-joe ansible_user=joe + diff --git a/tests/ansible/integration/connection/all.yml b/tests/ansible/integration/connection/all.yml index 7565b003..4211f1b3 100644 --- a/tests/ansible/integration/connection/all.yml +++ b/tests/ansible/integration/connection/all.yml @@ -1,5 +1,6 @@ --- +- include: become_same_user.yml - include: disconnect_during_module.yml - include: disconnect_resets_connection.yml - include: exec_command.yml diff --git a/tests/ansible/integration/connection/become_same_user.yml b/tests/ansible/integration/connection/become_same_user.yml new file mode 100644 index 00000000..440d6105 --- /dev/null +++ b/tests/ansible/integration/connection/become_same_user.yml @@ -0,0 +1,35 @@ +# issue #499: ensure C.BECOME_ALLOW_SAME_USER is respected. +--- + +- name: integration/connection/become_same_user.yml + hosts: bsu-joe + gather_facts: no + any_errors_fatal: true + tasks: + + # bsu-joe's login user is joe, so become should be ignored. + - mitogen_get_stack: + become: true + become_user: joe + register: out + + - assert: + that: + - out.result[0].method == "ssh" + - out.result[0].kwargs.username == "joe" + - out.result|length == 1 # no sudo + + + # Now try with a different account. + - mitogen_get_stack: + become: true + become_user: james + register: out + + - assert: + that: + - out.result[0].method == "ssh" + - out.result[0].kwargs.username == "joe" + - out.result[1].method == "sudo" + - out.result[1].kwargs.username == "james" + - out.result|length == 2 # no sudo From 60e9596e7d4d992fa56a6785789d3a97fc20bda2 Mon Sep 17 00:00:00 2001 From: David Wilson Date: Tue, 29 Jan 2019 02:54:18 +0000 Subject: [PATCH 2/4] docs: update Changelog; closes #499. --- docs/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/changelog.rst b/docs/changelog.rst index 1ca2becb..9be70eb7 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -260,6 +260,9 @@ Fixes trigger early finalization of Cython-based extension modules, leading to segmentation faults. +* `#499 `_: the ``allow_same_user`` + Ansible configuration setting is respected. + * `dc1d4251 `_: the ``synchronize`` module could fail with the Docker transport due to a missing attribute. From 53794469a0c3b11ee46c877c15a094fe3e8e4c28 Mon Sep 17 00:00:00 2001 From: David Wilson Date: Tue, 29 Jan 2019 03:26:21 +0000 Subject: [PATCH 3/4] issue #499: disable new test on vanilla. --- tests/ansible/integration/connection/become_same_user.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/ansible/integration/connection/become_same_user.yml b/tests/ansible/integration/connection/become_same_user.yml index 440d6105..d73eca86 100644 --- a/tests/ansible/integration/connection/become_same_user.yml +++ b/tests/ansible/integration/connection/become_same_user.yml @@ -12,12 +12,14 @@ become: true become_user: joe register: out + when: is_mitogen - assert: that: - out.result[0].method == "ssh" - out.result[0].kwargs.username == "joe" - out.result|length == 1 # no sudo + when: is_mitogen # Now try with a different account. @@ -25,6 +27,7 @@ become: true become_user: james register: out + when: is_mitogen - assert: that: @@ -33,3 +36,4 @@ - out.result[1].method == "sudo" - out.result[1].kwargs.username == "james" - out.result|length == 2 # no sudo + when: is_mitogen From 9df314f9c5cc106cc9d73e2b7c09e495722ba32c Mon Sep 17 00:00:00 2001 From: David Wilson Date: Tue, 29 Jan 2019 03:26:21 +0000 Subject: [PATCH 4/4] issue #499: another totally moronic implementation difference --- tests/ansible/integration/action/low_level_execute_command.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/ansible/integration/action/low_level_execute_command.yml b/tests/ansible/integration/action/low_level_execute_command.yml index 64b8c14c..7c14cb22 100644 --- a/tests/ansible/integration/action/low_level_execute_command.yml +++ b/tests/ansible/integration/action/low_level_execute_command.yml @@ -22,6 +22,8 @@ raw: 'whoami' register: raw + - debug: msg="x{{raw}}x" + # Can't test stdout because TTY inserts \r in Ansible version. - name: Verify raw module output. assert: @@ -33,6 +35,7 @@ - | raw.stdout_lines|to_text in ( ["\r\n"], + ["", "root"], ["root\r\n"], ["root"], )