Skip to content

Commit

Permalink
Merge pull request #1007 from moreati/ask-become-pass
Browse files Browse the repository at this point in the history
Fix --ask-become-pass
  • Loading branch information
moreati authored Apr 12, 2024
2 parents c4cf0d5 + 8c93973 commit bb9c51b
Show file tree
Hide file tree
Showing 10 changed files with 67 additions and 15 deletions.
11 changes: 10 additions & 1 deletion .ci/ansible_tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import os
import signal
import sys
import textwrap

import ci_lib

Expand Down Expand Up @@ -74,7 +75,15 @@ def pause_if_interactive():
fp.write('\n[%s]\n' % family)
fp.writelines('%s\n' % name for name in hostnames)

fp.write('\n[linux:children]\ntest-targets\n')
fp.write(textwrap.dedent(
'''
[linux:children]
test-targets
[linux_containers:children]
test-targets
'''
))

ci_lib.dump_file(inventory_path)

Expand Down
16 changes: 12 additions & 4 deletions ansible_mitogen/transport_config.py
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,6 @@
except ImportError:
from ansible.vars.unsafe_proxy import AnsibleUnsafeText

import ansible_mitogen.loaders
import mitogen.core


Expand Down Expand Up @@ -436,9 +435,18 @@ def become_user(self):
return self._play_context.become_user

def become_pass(self):
become_method = self.become_method()
become_plugin = ansible_mitogen.loaders.become_loader.get(become_method)
become_pass = become_plugin.get_option('become_pass', hostvars=self._task_vars)
# become_pass is owned/provided by the active become plugin. However
# PlayContext is intertwined with it. Known complications
# - ansible_become_password is higher priority than ansible_become_pass,
# `play_context.become_pass` doesn't obey this (atleast with Mitgeon).
# - `meta: reset_connection` runs `connection.reset()` but
# `ansible_mitogen.connection.Connection.reset()` recreates the
# connection object, setting `connection.become = None`.
become_plugin = self._connection.become
try:
become_pass = become_plugin.get_option('become_pass', playcontext=self._play_context)
except AttributeError:
become_pass = self._play_context.become_pass
return optional_secret(become_pass)

def password(self):
Expand Down
1 change: 1 addition & 0 deletions docs/changelog.rst
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ To avail of fixes in an unreleased version, please download a ZIP file
Unreleased
----------

* :gh:issue:`952` Fix Ansible `--ask-become-pass`, add test coverage


v0.3.7 (2024-04-08)
Expand Down
2 changes: 2 additions & 0 deletions tests/ansible/hosts/default.hosts
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,5 @@ target ansible_host=localhost ansible_user="{{ lookup('pipe', 'whoami') }}"

[test-targets]
target

[linux_containers]
14 changes: 6 additions & 8 deletions tests/ansible/integration/interpreter_discovery/complex_args.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,20 +29,18 @@
special_python: "source /tmp/fake || true && python{{ ansible_facts.python.version.major }}"

- name: run get_url with specially-sourced python
get_url:
uri:
# Plain http for wider Ansible & Python version compatibility
url: http://httpbin.org/get
dest: "/tmp/"
mode: 0644
url: http://www.gstatic.com/generate_204
status_code: [204]
vars:
ansible_python_interpreter: "{{ special_python }}"

- name: run get_url with specially-sourced python including jinja
get_url:
uri:
# Plain http for wider Ansible & Python version compatibility
url: http://httpbin.org/get
dest: "/tmp/"
mode: 0644
url: http://www.gstatic.com/generate_204
status_code: [204]
vars:
ansible_python_interpreter: >
{% if "1" == "1" %}
Expand Down
5 changes: 3 additions & 2 deletions tests/ansible/integration/transport_config/become_pass.yml
Original file line number Diff line number Diff line change
Expand Up @@ -143,8 +143,9 @@
- out.result|length == 2
- out.result[0].method == "ssh"
- out.result[1].method == "sudo"
# Ansible >= 2.10 builtin become plugins (e.g. sudo, su) give priority
# to ansible_become_pass over ansible_become_password.
# Ansible <= 2.9.1 prioritises ansible_become_password.
# Ansible >= 2.9.2 prioritises ansible_become_pass.
# https://github.com/ansible/ansible/commit/480b106d6535978ae6ecab68b40942ca4fa914a0
- out.result[1].kwargs.password == "bpass"
fail_msg: out={{out}}
tags:
Expand Down
1 change: 1 addition & 0 deletions tests/ansible/regression/all.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,4 @@
- import_playbook: issue_615__streaming_transfer.yml
- import_playbook: issue_655__wait_for_connection_error.yml
- import_playbook: issue_776__load_plugins_called_twice.yml
- import_playbook: issue_952__ask_become_pass.yml
9 changes: 9 additions & 0 deletions tests/ansible/regression/become_test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
- name: regression/become_test.yml
hosts: test-targets:&linux_containers
become: true
become_user: mitogen__pw_required
strategy: mitogen_linear
tasks:
- command: whoami
changed_when: false
check_mode: false
21 changes: 21 additions & 0 deletions tests/ansible/regression/issue_952__ask_become_pass.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
- name: regression/issue_952__ask_become_pass.yml
hosts: test-targets[0]:&linux_containers
gather_facts: false
tags:
- issue_952
tasks:
- name: Test --ask-become-pass
delegate_to: localhost
expect:
command: >
ansible-playbook
{% for inv in ansible_inventory_sources %}
-i "{{ inv }}"
{% endfor %}
--ask-become-pass
regression/become_test.yml
chdir: ../
responses:
'BECOME password:': pw_required_password
changed_when: false
check_mode: false
2 changes: 2 additions & 0 deletions tests/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ Django==3.2.20; python_version >= '3.6'
mock==3.0.5; python_version == '2.7'
mock==5.1.0; python_version >= '3.6'

pexpect==4.8

psutil==5.9.8

pytest==4.6.11; python_version == '2.7'
Expand Down

0 comments on commit bb9c51b

Please sign in to comment.