mark runas become method experimental (#23235)

Due to the number of "real world" caveats in the current runas become method, it was agreed that we'd warn that it's experimental on use. A potential future version based on LogonUser/CreateProcessAsUser will have very different requirements and limitations.
This commit is contained in:
Matt Davis 2017-04-03 13:46:51 -07:00 committed by GitHub
parent 2d8c5e6b8f
commit d85f4a443f
3 changed files with 5 additions and 4 deletions

View file

@ -48,7 +48,7 @@ Ansible Changes By Release
* Allow module_utils for custom modules to be placed in site-specific directories and shipped in roles * Allow module_utils for custom modules to be placed in site-specific directories and shipped in roles
* On platforms that support it, use more modern system polling API instead of select in the ssh connection plugin. * On platforms that support it, use more modern system polling API instead of select in the ssh connection plugin.
This removes one limitation on how many parallel forks are feasible on these systems. This removes one limitation on how many parallel forks are feasible on these systems.
* Windows/WinRM supports become method "runas" to run modules and scripts as a different user, and to transparently access network resources. * Windows/WinRM supports (experimental) become method "runas" to run modules and scripts as a different user, and to transparently access network resources.
* The WinRM connection plugin now uses pipelining when executing modules, resulting in significantly faster execution for small tasks. * The WinRM connection plugin now uses pipelining when executing modules, resulting in significantly faster execution for small tasks.
* The WinRM connection plugin can now manage Kerberos tickets automatically when `ansible_winrm_transport=kerberos` and `ansible_user`/`ansible_password` are specified. * The WinRM connection plugin can now manage Kerberos tickets automatically when `ansible_winrm_transport=kerberos` and `ansible_user`/`ansible_password` are specified.
* Refactored/standardized most Windows modules, adding check-mode and diff support where possible. * Refactored/standardized most Windows modules, adding check-mode and diff support where possible.

View file

@ -39,11 +39,11 @@ Target: Mid April 2017
- **Windows platform** (nitzmahone) - **Windows platform** (nitzmahone)
- Pipelining support **(done)** - Pipelining support **(done)**
- Become support **(done)** - Become support **(done/experimental)**
- Integrated kerberos ticket management (via ansible_user/ansible_password) **(done)** - Integrated kerberos ticket management (via ansible_user/ansible_password) **(done)**
- Switch PS input encoding to BOM-less UTF8 **(done)** - Switch PS input encoding to BOM-less UTF8 **(done)**
- Server 2016 support/testing (now RTMd) **(in progress)** - Server 2016 support/testing (now RTMd) **(partial)**
- Modularize Windows module_utils (allow N files) **(in progress)** - Modularize Windows module_utils (allow N files) **(partial)**
- Declarative argspec for PS / .NET **(bumped to 2.4)** - Declarative argspec for PS / .NET **(bumped to 2.4)**
- Kerberos encryption (via notting, pywinrm/requests_kerberos/pykerberos) **(in progress, available in pywinrm post 2.3 release)** - Kerberos encryption (via notting, pywinrm/requests_kerberos/pykerberos) **(in progress, available in pywinrm post 2.3 release)**
- Fix plugin-specific connection var lookup/delegation (either registered explicitly by plugins or ansible_(plugin)_*) **(bumped to 2.4)** - Fix plugin-specific connection var lookup/delegation (either registered explicitly by plugins or ansible_(plugin)_*) **(bumped to 2.4)**

View file

@ -552,6 +552,7 @@ class PlayContext(Base):
elif self.become_method == 'runas': elif self.become_method == 'runas':
# become is handled inside the WinRM connection plugin # become is handled inside the WinRM connection plugin
display.warning("The Windows 'runas' become method is experimental, and may change significantly in future Ansible releases.")
becomecmd = cmd becomecmd = cmd
elif self.become_method == 'doas': elif self.become_method == 'doas':