ansible: make _remote_expand_user() pay attention to sudoable=..

2018-07-25 12:13:27 -07:00 · 2018-07-25 12:13:27 -07:00 · b44b823c4a
parent eae531210a
commit b44b823c4a
2 changed files with 77 additions and 17 deletions
--- a/ansible_mitogen/mixins.py
+++ b/ansible_mitogen/mixins.py
@ -188,12 +188,13 @@ class ActionModuleMixin(ansible.plugins.action.ActionBase):
        except AttributeError:
            s = ansible.constants.DEFAULT_REMOTE_TMP  # <=2.4.x

-        return self._remote_expand_user(s)
+        return self._remote_expand_user(s, sudoable=False)

    def _make_tmp_path(self, remote_user=None):
        """
        Replace the base implementation's use of shell to implement mkdtemp()
-        with an actual call to mkdtemp().
+        with an actual call to mkdtemp(). Like vanilla, the directory is always
+        created in the login account context.
        """
        LOG.debug('_make_tmp_path(remote_user=%r)', remote_user)

@ -281,20 +282,26 @@ class ActionModuleMixin(ansible.plugins.action.ActionBase):
        """
        Replace the base implementation's attempt to emulate
        os.path.expanduser() with an actual call to os.path.expanduser().
+
+        :param bool sudoable:
+            If :data:`True`, indicate unqualified tilde ("~" with no username)
+            should be evaluated in the context of the login account, not any
+            become_user.
        """
        LOG.debug('_remote_expand_user(%r, sudoable=%r)', path, sudoable)
        if not path.startswith('~'):
            # /home/foo -> /home/foo
            return path
-        if path == '~':
-            # ~ -> /home/dmw
-            return self._connection.homedir
-        if path.startswith('~/'):
-            # ~/.ansible -> /home/dmw/.ansible
-            return os.path.join(self._connection.homedir, path[2:])
-        if path.startswith('~'):
-            # ~root/.ansible -> /root/.ansible
-            return self.call(os.path.expanduser, mitogen.utils.cast(path))
+        if sudoable or not self._play_context.become:
+            if path == '~':
+                # ~ -> /home/dmw
+                return self._connection.homedir
+            if path.startswith('~/'):
+                # ~/.ansible -> /home/dmw/.ansible
+                return os.path.join(self._connection.homedir, path[2:])
+        # ~root/.ansible -> /root/.ansible
+        return self.call(os.path.expanduser, mitogen.utils.cast(path),
+                         use_login_context=not sudoable)

    def get_task_timeout_secs(self):
        """
--- a/tests/ansible/integration/action/remote_expand_user.yml
+++ b/tests/ansible/integration/action/remote_expand_user.yml
@ -16,10 +16,14 @@
      setup: gather_subset=min
      register: user_facts

+    # ------------------------
+
    - name: "Expand ~/foo"
      action_passthrough:
        method: _remote_expand_user
-        args: ['~/foo']
+        kwargs:
+          path: '~/foo'
+          sudoable: false
      register: out
    - assert:
        that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo'
@ -27,17 +31,20 @@
    - name: "Expand ~/foo with become active. ~ is become_user's home."
      action_passthrough:
        method: _remote_expand_user
-        args: ['~/foo']
+        kwargs:
+          path: '~/foo'
+          sudoable: false
      register: out
      become: true
-
    - assert:
-        that: out.result == '{{root_facts.ansible_facts.ansible_user_dir}}/foo'
+        that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo'

    - name: "Expand ~user/foo"
      action_passthrough:
        method: _remote_expand_user
-        args: ['~{{ansible_user_id}}/foo']
+        kwargs:
+          path: '~{{ansible_user_id}}/foo'
+          sudoable: false
      register: out
    - assert:
        that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo'
@ -45,7 +52,53 @@
    - name: "Expanding $HOME/foo has no effect."
      action_passthrough:
        method: _remote_expand_user
-        args: ['$HOME/foo']
+        kwargs:
+          path: '$HOME/foo'
+          sudoable: false
+      register: out
+    - assert:
+        that: out.result == '$HOME/foo'
+
+    # ------------------------
+
+    - name: "sudoable; Expand ~/foo"
+      action_passthrough:
+        method: _remote_expand_user
+        kwargs:
+          path: '~/foo'
+          sudoable: true
+      register: out
+    - assert:
+        that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo'
+
+    - name: "sudoable; Expand ~/foo with become active. ~ is become_user's home."
+      action_passthrough:
+        method: _remote_expand_user
+        kwargs:
+          path: '~/foo'
+          sudoable: true
+      register: out
+      become: true
+
+    - assert:
+        that: out.result == '{{root_facts.ansible_facts.ansible_user_dir}}/foo'
+
+    - name: "sudoable; Expand ~user/foo"
+      action_passthrough:
+        method: _remote_expand_user
+        kwargs:
+          path: '~{{ansible_user_id}}/foo'
+          sudoable: true
+      register: out
+    - assert:
+        that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo'
+
+    - name: "sudoable; Expanding $HOME/foo has no effect."
+      action_passthrough:
+        method: _remote_expand_user
+        kwargs:
+          path: '$HOME/foo'
+          sudoable: true
      register: out
    - assert:
        that: out.result == '$HOME/foo'