From b44b823c4a3073be44351b7c430331e045a08666 Mon Sep 17 00:00:00 2001 From: David Wilson Date: Wed, 25 Jul 2018 12:13:27 -0700 Subject: [PATCH] ansible: make _remote_expand_user() pay attention to sudoable=.. --- ansible_mitogen/mixins.py | 29 +++++---- .../integration/action/remote_expand_user.yml | 65 +++++++++++++++++-- 2 files changed, 77 insertions(+), 17 deletions(-) diff --git a/ansible_mitogen/mixins.py b/ansible_mitogen/mixins.py index 5b8b90dd..2a9fdac8 100644 --- a/ansible_mitogen/mixins.py +++ b/ansible_mitogen/mixins.py @@ -188,12 +188,13 @@ class ActionModuleMixin(ansible.plugins.action.ActionBase): except AttributeError: s = ansible.constants.DEFAULT_REMOTE_TMP # <=2.4.x - return self._remote_expand_user(s) + return self._remote_expand_user(s, sudoable=False) def _make_tmp_path(self, remote_user=None): """ Replace the base implementation's use of shell to implement mkdtemp() - with an actual call to mkdtemp(). + with an actual call to mkdtemp(). Like vanilla, the directory is always + created in the login account context. """ LOG.debug('_make_tmp_path(remote_user=%r)', remote_user) @@ -281,20 +282,26 @@ class ActionModuleMixin(ansible.plugins.action.ActionBase): """ Replace the base implementation's attempt to emulate os.path.expanduser() with an actual call to os.path.expanduser(). + + :param bool sudoable: + If :data:`True`, indicate unqualified tilde ("~" with no username) + should be evaluated in the context of the login account, not any + become_user. """ LOG.debug('_remote_expand_user(%r, sudoable=%r)', path, sudoable) if not path.startswith('~'): # /home/foo -> /home/foo return path - if path == '~': - # ~ -> /home/dmw - return self._connection.homedir - if path.startswith('~/'): - # ~/.ansible -> /home/dmw/.ansible - return os.path.join(self._connection.homedir, path[2:]) - if path.startswith('~'): - # ~root/.ansible -> /root/.ansible - return self.call(os.path.expanduser, mitogen.utils.cast(path)) + if sudoable or not self._play_context.become: + if path == '~': + # ~ -> /home/dmw + return self._connection.homedir + if path.startswith('~/'): + # ~/.ansible -> /home/dmw/.ansible + return os.path.join(self._connection.homedir, path[2:]) + # ~root/.ansible -> /root/.ansible + return self.call(os.path.expanduser, mitogen.utils.cast(path), + use_login_context=not sudoable) def get_task_timeout_secs(self): """ diff --git a/tests/ansible/integration/action/remote_expand_user.yml b/tests/ansible/integration/action/remote_expand_user.yml index 813fbace..85990264 100644 --- a/tests/ansible/integration/action/remote_expand_user.yml +++ b/tests/ansible/integration/action/remote_expand_user.yml @@ -16,10 +16,14 @@ setup: gather_subset=min register: user_facts + # ------------------------ + - name: "Expand ~/foo" action_passthrough: method: _remote_expand_user - args: ['~/foo'] + kwargs: + path: '~/foo' + sudoable: false register: out - assert: that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo' @@ -27,17 +31,20 @@ - name: "Expand ~/foo with become active. ~ is become_user's home." action_passthrough: method: _remote_expand_user - args: ['~/foo'] + kwargs: + path: '~/foo' + sudoable: false register: out become: true - - assert: - that: out.result == '{{root_facts.ansible_facts.ansible_user_dir}}/foo' + that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo' - name: "Expand ~user/foo" action_passthrough: method: _remote_expand_user - args: ['~{{ansible_user_id}}/foo'] + kwargs: + path: '~{{ansible_user_id}}/foo' + sudoable: false register: out - assert: that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo' @@ -45,7 +52,53 @@ - name: "Expanding $HOME/foo has no effect." action_passthrough: method: _remote_expand_user - args: ['$HOME/foo'] + kwargs: + path: '$HOME/foo' + sudoable: false + register: out + - assert: + that: out.result == '$HOME/foo' + + # ------------------------ + + - name: "sudoable; Expand ~/foo" + action_passthrough: + method: _remote_expand_user + kwargs: + path: '~/foo' + sudoable: true + register: out + - assert: + that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo' + + - name: "sudoable; Expand ~/foo with become active. ~ is become_user's home." + action_passthrough: + method: _remote_expand_user + kwargs: + path: '~/foo' + sudoable: true + register: out + become: true + + - assert: + that: out.result == '{{root_facts.ansible_facts.ansible_user_dir}}/foo' + + - name: "sudoable; Expand ~user/foo" + action_passthrough: + method: _remote_expand_user + kwargs: + path: '~{{ansible_user_id}}/foo' + sudoable: true + register: out + - assert: + that: out.result == '{{user_facts.ansible_facts.ansible_user_dir}}/foo' + + - name: "sudoable; Expanding $HOME/foo has no effect." + action_passthrough: + method: _remote_expand_user + kwargs: + path: '$HOME/foo' + sudoable: true register: out - assert: that: out.result == '$HOME/foo'