Merge pull request #187 from smemsh/fix-synchronize-become-user

synchronize: fix to honor become_user when become_method sudo

SUMMARY

When become_method is sudo, the synchronize module ignores become_user, always running as root.  This means one cannot create files as a target user, when they need to get in via a third user and can only sudo via that one.  In my case, I'm connecting via a special provisioning user that has sudo privs, but I need to create the files as the become_user.  I'm using it to deposit skeleton files, and there should be no reason to run another task with chown; after all, the documentation already describes the desired behavior:

The user and permissions for the synchronize dest are those of the remote_user on the destination host or the become_user if become=yes is active.

This patch takes the running become_user (if it's not None) and adds it to the sudo command with the -u command line option, so the file gets created correctly.  I have tested this and it works.
Other become_methods are ignored, but they already were anyways (the code already has a TODO to add other methods, which we don't attempt in this patch)
Fixes #186

ISSUE TYPE


Bugfix Pull Request

COMPONENT NAME

synchronize
ADDITIONAL INFORMATION


See reproduction in #186.
This appears to have been in place since ansible/ansible@811a906

Reviewed-by: Amin Vakil <info@aminvakil.com>
Reviewed-by: Sumit Jaiswal <sjaiswal@redhat.com>

changelogs/fragments/187-fix-synchronize-become-user.yml

@@ -0,0 +1,4 @@
+---
+bugfixes:
+  - synchronize - use become_user when invoking rsync on remote with sudo
+    (https://github.com/ansible-collections/ansible.posix/issues/186).

plugins/action/synchronize.py

@@ -367,6 +367,9 @@ class ActionModule(ActionBase):
                 # If no rsync_path is set, become was originally set, and dest is
                 # remote then add privilege escalation here.
                 if self._play_context.become_method == 'sudo':
+                    if self._play_context.become_user:
+                        rsync_path = 'sudo -u %s rsync' % self._play_context.become_user
+                    else:
                         rsync_path = 'sudo rsync'
                 # TODO: have to add in the rest of the become methods here
 

tests/unit/plugins/action/fixtures/synchronize/basic_become/meta.yaml

@@ -25,7 +25,8 @@ asserts:
     - "self.execute_called"
     - "self.final_module_args['_local_rsync_path'] == 'rsync'"
     # this is a crucial aspect of this scenario ...
-    - "self.final_module_args['rsync_path'] == 'sudo rsync'"
+    # note: become_user None -> root
+    - "self.final_module_args['rsync_path'] == 'sudo -u root rsync'"
     - "self.final_module_args['src'] == '/tmp/deleteme'"
     - "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
     - "self.task.become == True"

tests/unit/plugins/action/fixtures/synchronize/basic_become_cli/meta.yaml

@@ -25,7 +25,8 @@ asserts:
     - "self.execute_called"
     - "self.final_module_args['_local_rsync_path'] == 'rsync'"
     # this is a crucial aspect of this scenario ...
-    - "self.final_module_args['rsync_path'] == 'sudo rsync'"
+    # note: become_user None -> root
+    - "self.final_module_args['rsync_path'] == 'sudo -u root rsync'"
     - "self.final_module_args['src'] == '/tmp/deleteme'"
     - "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
     - "self.task.become == None"