cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

add privileged role validation for nxos become (#50312)

Browse source 
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
This commit is contained in:
Trishna Guha 2019-01-04 16:29:36 +05:30 committed by GitHub
parent 71113ee291
commit 97621852db
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
lib/ansible/plugins/terminal/nxos.py
View file

@ -64,6 +64,9 @@ class TerminalModule(TerminalBase):
if '15' in out:
return
if self.validate_user_role():
return
cmd = {u'command': u'enable'}
if passwd:
cmd[u'prompt'] = to_text(r"(?i)[\r\n]?Password: $", errors='surrogate_or_strict')
@ -98,3 +101,16 @@ class TerminalModule(TerminalBase):
self._exec_cli_command(cmd)
except AnsibleConnectionFailure:
raise AnsibleConnectionFailure('unable to set terminal parameters')
def validate_user_role(self):
user = self._connection._play_context.remote_user
out = self._exec_cli_command('show user-account %s' % user)
out = to_text(out, errors='surrogate_then_replace').strip()
match = re.search(r'roles:(.+)$', out, re.M)
if match:
roles = match.group(1).split()
if 'network-admin' in roles:
return True
return False