From 6b41ce1a9da0bc4e66b0988c1dcc874f9a97870b Mon Sep 17 00:00:00 2001 From: Scott Mcdermott Date: Tue, 11 May 2021 21:37:17 -0700 Subject: [PATCH 1/3] Fix to honor become_user in synchronize module (Fixes #186) --- plugins/action/synchronize.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/plugins/action/synchronize.py b/plugins/action/synchronize.py index b6edd9f..10d8bdf 100644 --- a/plugins/action/synchronize.py +++ b/plugins/action/synchronize.py @@ -371,7 +371,10 @@ class ActionModule(ActionBase): # If no rsync_path is set, become was originally set, and dest is # remote then add privilege escalation here. if self._play_context.become_method == 'sudo': - rsync_path = 'sudo rsync' + if self._play_context.become_user: + rsync_path = 'sudo -u %s rsync' % self._play_context.become_user + else: + rsync_path = 'sudo rsync' # TODO: have to add in the rest of the become methods here # We cannot use privilege escalation on the machine running the From 0e6f8ab976211e703be204cf2d341ebea1fb29b0 Mon Sep 17 00:00:00 2001 From: Scott Mcdermott Date: Wed, 12 May 2021 00:34:48 -0700 Subject: [PATCH 2/3] Modify synchronize tests for '-u root' arg when become_user not supplied --- .../plugins/action/fixtures/synchronize/basic_become/meta.yaml | 3 ++- .../action/fixtures/synchronize/basic_become_cli/meta.yaml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/unit/plugins/action/fixtures/synchronize/basic_become/meta.yaml b/tests/unit/plugins/action/fixtures/synchronize/basic_become/meta.yaml index 1ba3b4a..8435735 100644 --- a/tests/unit/plugins/action/fixtures/synchronize/basic_become/meta.yaml +++ b/tests/unit/plugins/action/fixtures/synchronize/basic_become/meta.yaml @@ -25,7 +25,8 @@ asserts: - "self.execute_called" - "self.final_module_args['_local_rsync_path'] == 'rsync'" # this is a crucial aspect of this scenario ... - - "self.final_module_args['rsync_path'] == 'sudo rsync'" + # note: become_user None -> root + - "self.final_module_args['rsync_path'] == 'sudo -u root rsync'" - "self.final_module_args['src'] == '/tmp/deleteme'" - "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'" - "self.task.become == True" diff --git a/tests/unit/plugins/action/fixtures/synchronize/basic_become_cli/meta.yaml b/tests/unit/plugins/action/fixtures/synchronize/basic_become_cli/meta.yaml index 5e55801..294bfde 100644 --- a/tests/unit/plugins/action/fixtures/synchronize/basic_become_cli/meta.yaml +++ b/tests/unit/plugins/action/fixtures/synchronize/basic_become_cli/meta.yaml @@ -25,7 +25,8 @@ asserts: - "self.execute_called" - "self.final_module_args['_local_rsync_path'] == 'rsync'" # this is a crucial aspect of this scenario ... - - "self.final_module_args['rsync_path'] == 'sudo rsync'" + # note: become_user None -> root + - "self.final_module_args['rsync_path'] == 'sudo -u root rsync'" - "self.final_module_args['src'] == '/tmp/deleteme'" - "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'" - "self.task.become == None" From 6e60b0d45411d4ce3cf0cddc87a31017fc92d292 Mon Sep 17 00:00:00 2001 From: Scott Mcdermott Date: Wed, 12 May 2021 01:00:47 -0700 Subject: [PATCH 3/3] Add changelog fragment for synchronize become_user fix --- changelogs/fragments/187-fix-synchronize-become-user.yml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 changelogs/fragments/187-fix-synchronize-become-user.yml diff --git a/changelogs/fragments/187-fix-synchronize-become-user.yml b/changelogs/fragments/187-fix-synchronize-become-user.yml new file mode 100644 index 0000000..77d72e0 --- /dev/null +++ b/changelogs/fragments/187-fix-synchronize-become-user.yml @@ -0,0 +1,4 @@ +--- +bugfixes: + - synchronize - use become_user when invoking rsync on remote with sudo + (https://github.com/ansible-collections/ansible.posix/issues/186).