mitogen-hq · moreati · Oct 28, 2024
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -24,54 +24,6 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - name: Ans_27_210
-            tox_env: py27-mode_ansible-ansible2.10
-          - name: Ans_27_4
-            tox_env: py27-mode_ansible-ansible4
-
-          - name: Ans_36_210
-            python_version: '3.6'
-            tox_env: py36-mode_ansible-ansible2.10
-          - name: Ans_36_4
-            python_version: '3.6'
-            tox_env: py36-mode_ansible-ansible4
-
-          - name: Ans_311_210
-            python_version: '3.11'
-            tox_env: py311-mode_ansible-ansible2.10
-          - name: Ans_311_3
-            python_version: '3.11'
-            tox_env: py311-mode_ansible-ansible3
-          - name: Ans_311_4
-            python_version: '3.11'
-            tox_env: py311-mode_ansible-ansible4
-          - name: Ans_311_5
-            python_version: '3.11'
-            tox_env: py311-mode_ansible-ansible5
-          - name: Ans_313_6
-            python_version: '3.13'
-            tox_env: py313-mode_ansible-ansible6
-          - name: Ans_313_7
-            python_version: '3.13'
-            tox_env: py313-mode_ansible-ansible7
-          - name: Ans_313_8
-            python_version: '3.13'
-            tox_env: py313-mode_ansible-ansible8
-          - name: Ans_313_9
-            python_version: '3.13'
-            tox_env: py313-mode_ansible-ansible9
-          - name: Ans_313_10
-            python_version: '3.13'
-            tox_env: py313-mode_ansible-ansible10
-          - name: Van_313_10
-            python_version: '3.13'
-            tox_env: py313-mode_ansible-ansible10-strategy_linear
-
-          - name: Mito_27
-            tox_env: py27-mode_mitogen
-          - name: Mito_36
-            python_version: '3.6'
-            tox_env: py36-mode_mitogen
           - name: Mito_313
             python_version: '3.13'
             tox_env: py313-mode_mitogen

diff --git a/ansible_mitogen/transport_config.py b/ansible_mitogen/transport_config.py
@@ -450,19 +450,7 @@ def become_user(self):
         return self._become_option('become_user')
 
     def become_pass(self):
-        # become_pass is owned/provided by the active become plugin. However
-        # PlayContext is intertwined with it. Known complications
-        # - ansible_become_password is higher priority than ansible_become_pass,
-        #   `play_context.become_pass` doesn't obey this (atleast with Mitgeon).
-        # - `meta: reset_connection` runs `connection.reset()` but
-        #   `ansible_mitogen.connection.Connection.reset()` recreates the
-        #   connection object, setting `connection.become = None`.
-        become_plugin = self._connection.become
-        try:
-            become_pass = become_plugin.get_option('become_pass', playcontext=self._play_context)
-        except AttributeError:
-            become_pass = self._play_context.become_pass
-        return optional_secret(become_pass)
+        return optional_secret(self._become_option('become_pass'))
 
     def password(self):
         return optional_secret(self._connection_option('password'))

diff --git a/tests/ansible/hosts/default.hosts b/tests/ansible/hosts/default.hosts
@@ -33,6 +33,7 @@ ansible_host=localhost
 ansible_user="{{ lookup('pipe', 'whoami') }}"
 
 [tt_become_by_inv]
+tt-become-pass              ansible_become=true ansible_become_pass="{{ 'pw_required_password' | trim }}" ansible_become_user=mitogen__pw_required
 tt-become-user              ansible_become=true ansible_become_user="{{ 'root' | trim }}"
 
 [tt_become_by_inv:vars]

diff --git a/tests/ansible/integration/become/templated_by_inv.yml b/tests/ansible/integration/become/templated_by_inv.yml
@@ -4,11 +4,15 @@
   tasks:
     - meta: reset_connection
     - name: Templated become in inventory
+      vars:
+        expected_become_users:
+          tt-become-pass: mitogen__pw_required
+          tt-become-user: root
       command:
         cmd: whoami
       changed_when: false
       check_mode: false
       register: become_templated_by_inv_whoami
       failed_when:
         - become_templated_by_inv_whoami is failed
-          or become_templated_by_inv_whoami.stdout != 'root'
+          or become_templated_by_inv_whoami.stdout != expected_become_users[inventory_hostname]
diff --git a/tests/ansible/integration/become/templated_by_play_keywords.yml b/tests/ansible/integration/become/templated_by_play_keywords.yml
@@ -5,7 +5,8 @@
   become_user: "{{ 'root' | trim }}"
   tasks:
     - meta: reset_connection
-    - name: Templated become by play keywords
+
+    - name: Templated become by play keywords, no password
       command:
         cmd: whoami
       changed_when: false
@@ -14,3 +15,26 @@
       failed_when:
         - become_templated_by_play_keywords_whoami is failed
           or become_templated_by_play_keywords_whoami.stdout != 'root'
+
+- name: integration/become/templated_by_play_keywords.yml
+  hosts: tt_become_bare
+  gather_facts: true
+  become: true
+  become_user: "{{ 'mitogen__pw_required' | trim }}"
+  vars:
+    ansible_become_pass: "{{ 'pw_required_password' | trim }}"
+  tasks:
+    - name: Templated become by play keywords, password
+      command:
+        cmd: whoami
+      changed_when: false
+      check_mode: false
+      register: become_templated_by_play_keywords_password_whoami
+      failed_when:
+        - become_templated_by_play_keywords_password_whoami is failed
+          or become_templated_by_play_keywords_password_whoami.stdout != 'mitogen__pw_required'
+      when:
+        # https://github.com/ansible/ansible/pull/70785
+        - ansible_facts.distribution not in ["MacOSX"]
+          or ansible_version.full is version("2.11", ">=", strict=True)
+          or is_mitogen
diff --git a/tests/ansible/integration/become/templated_by_play_vars.yml b/tests/ansible/integration/become/templated_by_play_vars.yml
@@ -5,7 +5,7 @@
     ansible_become: true
     ansible_become_user: "{{ 'root' | trim }}"
   tasks:
-    - name: Templated become by play vars
+    - name: Templated become by play vars, no password
       command:
         cmd: whoami
       changed_when: false
@@ -14,3 +14,26 @@
       failed_when:
         - become_templated_by_play_vars_whoami is failed
           or become_templated_by_play_vars_whoami.stdout != 'root'
+
+- name: integration/become/templated_by_play_vars.yml
+  hosts: tt_become_bare
+  gather_facts: true
+  vars:
+    ansible_become: true
+    ansible_become_pass: "{{ 'pw_required_password' | trim }}"
+    ansible_become_user: "{{ 'mitogen__pw_required' | trim }}"
+  tasks:
+    - name: Templated become by play vars, password
+      command:
+        cmd: whoami
+      changed_when: false
+      check_mode: false
+      register: become_templated_by_play_vars_password_whoami
+      failed_when:
+        - become_templated_by_play_vars_password_whoami is failed
+          or become_templated_by_play_vars_password_whoami.stdout != 'mitogen__pw_required'
+      when:
+        # https://github.com/ansible/ansible/pull/70785
+        - ansible_facts.distribution not in ["MacOSX"]
+          or ansible_version.full is version("2.11", ">=", strict=True)
+          or is_mitogen
diff --git a/tests/ansible/integration/become/templated_by_task_keywords.yml b/tests/ansible/integration/become/templated_by_task_keywords.yml
@@ -25,3 +25,36 @@
       failed_when:
         - become_templated_by_task_with_delegate_to_whoami is failed
           or become_templated_by_task_with_delegate_to_whoami.stdout != 'root'
+
+
+- name: integration/become/templated_by_task_keywords.yml
+  hosts: tt_become_bare
+  gather_facts: false
+  # FIXME Resetting the connection shouldn't require credentials
+  #       https://github.com/mitogen-hq/mitogen/issues/1132
+  become: true
+  become_user: "{{ 'mitogen__pw_required' | trim }}"
+  vars:
+    ansible_become_pass: "{{ 'pw_required_password' | trim }}"
+  tasks:
+    - name: Reset connection to target that will be delegate_to
+      meta: reset_connection
+
+- name: Test connection template by task keywords, with delegate_to
+  hosts: test-targets[0]
+  gather_facts: false
+  tasks:
+    - name: Templated become by task keywords, with delegate_to
+      become: true
+      become_user: "{{ 'mitogen__pw_required' | trim }}"
+      delegate_to: "{{ groups.tt_become_bare[0] }}"
+      vars:
+        ansible_become_pass: "{{ 'pw_required_password' | trim }}"
+      command:
+        cmd: whoami
+      changed_when: false
+      check_mode: false
+      register: become_templated_by_task_with_delegate_to_password_whoami
+      failed_when:
+        - become_templated_by_task_with_delegate_to_password_whoami is failed
+          or become_templated_by_task_with_delegate_to_password_whoami.stdout != 'mitogen__pw_required'
diff --git a/tests/ansible/templates/test-targets.j2 b/tests/ansible/templates/test-targets.j2
@@ -45,7 +45,6 @@ tt-bare
 
 [tt_targets_bare:vars]
 ansible_host={{ tt.hostname }}
-ansible_port={{ tt.port }}
 ansible_python_interpreter={{ tt.python_path }}
 
 [tt_become_bare]
@@ -59,6 +58,7 @@ ansible_python_interpreter={{ tt.python_path }}
 ansible_user=mitogen__has_sudo_nopw
 
 [tt_become_by_inv]
+tt-become-pass              ansible_become=true ansible_become_pass="{{ '{{' }} 'pw_required_password' | trim {{ '}}' }}" ansible_become_user=mitogen__pw_required
 tt-become-user              ansible_become=true ansible_become_user="{{ '{{' }} 'root' | trim {{ '}}' }}"
 
 [tt_become_by_inv:vars]