The synchronize action plugin and module were a bit sloppy when it
came to the command-line parameter quoting and that caused failuer on
some systems (for example, on Fedora 34).
This commit makes sure any argumnts with potentially problematic
characters are quoted before being used.
synchronize: fix to honor become_user when become_method sudo
SUMMARY
When become_method is sudo, the synchronize module ignores become_user, always running as root. This means one cannot create files as a target user, when they need to get in via a third user and can only sudo via that one. In my case, I'm connecting via a special provisioning user that has sudo privs, but I need to create the files as the become_user. I'm using it to deposit skeleton files, and there should be no reason to run another task with chown; after all, the documentation already describes the desired behavior:
The user and permissions for the synchronize dest are those of the remote_user on the destination host or the become_user if become=yes is active.
This patch takes the running become_user (if it's not None) and adds it to the sudo command with the -u command line option, so the file gets created correctly. I have tested this and it works.
Other become_methods are ignored, but they already were anyways (the code already has a TODO to add other methods, which we don't attempt in this patch)
Fixes#186
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
synchronize
ADDITIONAL INFORMATION
See reproduction in #186.
This appears to have been in place since ansible/ansible@811a906
Reviewed-by: Amin Vakil <info@aminvakil.com>
Reviewed-by: Sumit Jaiswal <sjaiswal@redhat.com>
The synchronize action plugin has a built-in list of connection
plugins that it knows how to handle.
One of those connection plugins is the docker connection plugin. And
because the docker content has been moved around quite a lot, the
docker connection plugin has quite a few names:
- docker in Ansible 2.9,
- community.general.docker for community.general < 2.0.0, and
- community.docker.docker since a few months ago.
And while the synchronize module already knew about the first two
names, the last one was still missing. This commit fixes that omission
and adds a third name into the mix.
