Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use escalate privilege setting in ansible services and automate methods #19012

Merged
merged 2 commits into from
Jul 19, 2019
Merged

Use escalate privilege setting in ansible services and automate methods #19012

merged 2 commits into from
Jul 19, 2019

Conversation

carbonin
Copy link
Member

This adds a new option for ansible runner for whether to attempt to escalate privileges during the playbook run.

A side-effect of this is that the credential no-longer determines whether the --become arg is passed in the command line hash rather it is only passed if ansible runner is given :become_enabled == true. The credentials will provide their privilege escalation passwords unconditionally.

The second commit passes the option from services and automate methods to the ansible runner invocation.

carbonin added 2 commits July 19, 2019 16:10
@carbonin
Add become_enabled option to Ansible::Runner
2fdafc5 
This is implemented as a separate option for services and automate
methods so this commit moves the command line logic from the
credential to the main Runner module.

This commit also changes the password file because the actual
prompt for the BECOME password is "BECOME password[defaults to SSH password]:"
which didn't match the original regex.
@carbonin
Add become_enabled to playbook services and automate methods
88b1783
@carbonin carbonin requested review from Fryguy and NickLaMuro July 19, 2019 20:14
@miq-bot
Copy link
Member

miq-bot commented Jul 19, 2019

Some comments on commits carbonin/manageiq@2fdafc5~...88b1783

lib/ansible/runner/credential/machine_credential.rb

  • ⚠️ - 29 - Detected pp. Remove all debugging statements.
  • ⚠️ - 30 - Detected pp. Remove all debugging statements.

spec/lib/ansible/runner/credential/machine_credential_spec.rb

  • ⚠️ - 108 - Detected pp. Remove all debugging statements.
  • ⚠️ - 109 - Detected pp. Remove all debugging statements.
  • ⚠️ - 122 - Detected pp. Remove all debugging statements.
  • ⚠️ - 123 - Detected pp. Remove all debugging statements.
  • ⚠️ - 75 - Detected pp. Remove all debugging statements.
  • ⚠️ - 76 - Detected pp. Remove all debugging statements.
  • ⚠️ - 95 - Detected pp. Remove all debugging statements.

@miq-bot
Copy link
Member

miq-bot commented Jul 19, 2019

Checked commits carbonin/manageiq@2fdafc5~...88b1783 with ruby 2.4.6, rubocop 0.69.0, haml-lint 0.20.0, and yamllint 1.10.0
14 files checked, 0 offenses detected
Everything looks fine. 👍

@Fryguy Fryguy merged commit 1b2fee8 into ManageIQ:master Jul 19, 2019
@Fryguy Fryguy added this to the Sprint 116 Ending Jul 22, 2019 milestone Jul 19, 2019
@carbonin carbonin deleted the respect_escalate_privilege_setting branch August 16, 2019 15:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Fryguy Fryguy Awaiting requested review from Fryguy Fryguy is a code owner

@NickLaMuro NickLaMuro Awaiting requested review from NickLaMuro

Assignees

@Fryguy Fryguy

Labels
automate changelog/yes core/embedded ansible core enhancement lifecycle/services
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@carbonin @miq-bot @Fryguy