become mixin is no more (#54002)
* become mixin is no more since sudo/su keywords are removed in 2.9 .. no need to keep this code around * also don't need test for code that is removed * made preprocess_data on base noop its not used by anything anymore, but kept for backwards compat since other methods of same name are used
This commit is contained in:
parent
9ddde6b27f
commit
e40832df84
11 changed files with 23 additions and 219 deletions
2
changelogs/fragments/bye_become_mixin.yml
Normal file
2
changelogs/fragments/bye_become_mixin.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
bugfixes:
|
||||
- remove obsolete become mixin
|
|
@ -195,11 +195,6 @@ class FieldAttributeBase(with_metaclass(BaseMeta, object)):
|
|||
|
||||
def preprocess_data(self, ds):
|
||||
''' infrequently used method to do some pre-processing of legacy terms '''
|
||||
|
||||
for base_class in self.__class__.mro():
|
||||
method = getattr(self, "_preprocess_data_%s" % base_class.__name__.lower(), None)
|
||||
if method:
|
||||
return method(ds)
|
||||
return ds
|
||||
|
||||
def load_data(self, ds, variable_manager=None, loader=None):
|
||||
|
@ -615,8 +610,12 @@ class Base(FieldAttributeBase):
|
|||
# explicitly invoke a debugger on tasks
|
||||
_debugger = FieldAttribute(isa='string')
|
||||
|
||||
# param names which have been deprecated/removed
|
||||
DEPRECATED_ATTRIBUTES = [
|
||||
'sudo', 'sudo_user', 'sudo_pass', 'sudo_exe', 'sudo_flags',
|
||||
'su', 'su_user', 'su_pass', 'su_exe', 'su_flags',
|
||||
]
|
||||
# Privilege escalation
|
||||
_become = FieldAttribute(isa='bool', default=context.cliargs_deferred_get('become'))
|
||||
_become_method = FieldAttribute(isa='string', default=context.cliargs_deferred_get('become_method'))
|
||||
_become_user = FieldAttribute(isa='string', default=context.cliargs_deferred_get('become_user'))
|
||||
_become_flags = FieldAttribute(isa='string', default=context.cliargs_deferred_get('become_flags'))
|
||||
_become_exe = FieldAttribute(isa='string', default=context.cliargs_deferred_get('become_exe'))
|
||||
|
||||
# used to hold sudo/su stuff
|
||||
DEPRECATED_ATTRIBUTES = []
|
||||
|
|
|
@ -1,93 +0,0 @@
|
|||
# (c) 2012-2014, Michael DeHaan <michael.dehaan@gmail.com>
|
||||
#
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# Make coding more python3-ish
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
__metaclass__ = type
|
||||
|
||||
from ansible import constants as C
|
||||
from ansible import context
|
||||
from ansible.errors import AnsibleParserError
|
||||
from ansible.playbook.attribute import FieldAttribute
|
||||
from ansible.utils.display import Display
|
||||
|
||||
display = Display()
|
||||
|
||||
|
||||
class Become:
|
||||
|
||||
# Privilege escalation
|
||||
_become = FieldAttribute(isa='bool', default=context.cliargs_deferred_get('become'))
|
||||
_become_method = FieldAttribute(isa='string', default=context.cliargs_deferred_get('become_method'))
|
||||
_become_user = FieldAttribute(isa='string', default=context.cliargs_deferred_get('become_user'))
|
||||
_become_flags = FieldAttribute(isa='string')
|
||||
|
||||
def __init__(self):
|
||||
super(Become, self).__init__()
|
||||
|
||||
def _detect_privilege_escalation_conflict(self, ds):
|
||||
|
||||
# Fail out if user specifies conflicting privilege escalations
|
||||
has_become = 'become' in ds or 'become_user'in ds
|
||||
has_sudo = 'sudo' in ds or 'sudo_user' in ds
|
||||
has_su = 'su' in ds or 'su_user' in ds
|
||||
|
||||
if has_become:
|
||||
msg = 'The become params ("become", "become_user") and'
|
||||
if has_sudo:
|
||||
raise AnsibleParserError('%s sudo params ("sudo", "sudo_user") cannot be used together' % msg)
|
||||
elif has_su:
|
||||
raise AnsibleParserError('%s su params ("su", "su_user") cannot be used together' % msg)
|
||||
elif has_sudo and has_su:
|
||||
raise AnsibleParserError('sudo params ("sudo", "sudo_user") and su params ("su", "su_user") cannot be used together')
|
||||
|
||||
def _preprocess_data_become(self, ds):
|
||||
"""Preprocess the playbook data for become attributes
|
||||
|
||||
This is called from the Base object's preprocess_data() method which
|
||||
in turn is called pretty much anytime any sort of playbook object
|
||||
(plays, tasks, blocks, etc) is created.
|
||||
"""
|
||||
|
||||
self._detect_privilege_escalation_conflict(ds)
|
||||
|
||||
# Privilege escalation, backwards compatibility for sudo/su
|
||||
if 'sudo' in ds or 'sudo_user' in ds:
|
||||
ds['become_method'] = 'sudo'
|
||||
if 'sudo' in ds:
|
||||
ds['become'] = ds['sudo']
|
||||
del ds['sudo']
|
||||
|
||||
if 'sudo_user' in ds:
|
||||
ds['become_user'] = ds['sudo_user']
|
||||
del ds['sudo_user']
|
||||
|
||||
display.deprecated("Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default)", '2.9')
|
||||
|
||||
elif 'su' in ds or 'su_user' in ds:
|
||||
ds['become_method'] = 'su'
|
||||
if 'su' in ds:
|
||||
ds['become'] = ds['su']
|
||||
del ds['su']
|
||||
|
||||
if 'su_user' in ds:
|
||||
ds['become_user'] = ds['su_user']
|
||||
del ds['su_user']
|
||||
|
||||
display.deprecated("Instead of su/su_user, use become/become_user and set become_method to 'su' (default is sudo)", '2.9')
|
||||
|
||||
return ds
|
|
@ -22,7 +22,6 @@ __metaclass__ = type
|
|||
from ansible.errors import AnsibleParserError
|
||||
from ansible.playbook.attribute import FieldAttribute
|
||||
from ansible.playbook.base import Base
|
||||
from ansible.playbook.become import Become
|
||||
from ansible.playbook.conditional import Conditional
|
||||
from ansible.playbook.collectionsearch import CollectionSearch
|
||||
from ansible.playbook.helpers import load_list_of_tasks
|
||||
|
@ -31,7 +30,7 @@ from ansible.playbook.taggable import Taggable
|
|||
from ansible.utils.sentinel import Sentinel
|
||||
|
||||
|
||||
class Block(Base, Become, Conditional, CollectionSearch, Taggable):
|
||||
class Block(Base, Conditional, CollectionSearch, Taggable):
|
||||
|
||||
# main block fields containing the task lists
|
||||
_block = FieldAttribute(isa='list', default=list, inherit=False)
|
||||
|
|
|
@ -25,7 +25,6 @@ from ansible.errors import AnsibleParserError, AnsibleAssertionError
|
|||
from ansible.module_utils.six import string_types
|
||||
from ansible.playbook.attribute import FieldAttribute
|
||||
from ansible.playbook.base import Base
|
||||
from ansible.playbook.become import Become
|
||||
from ansible.playbook.block import Block
|
||||
from ansible.playbook.collectionsearch import CollectionSearch
|
||||
from ansible.playbook.helpers import load_list_of_blocks, load_list_of_roles
|
||||
|
@ -40,7 +39,7 @@ display = Display()
|
|||
__all__ = ['Play']
|
||||
|
||||
|
||||
class Play(Base, Taggable, Become, CollectionSearch):
|
||||
class Play(Base, Taggable, CollectionSearch):
|
||||
|
||||
"""
|
||||
A play is a language feature that represents a list of roles and/or
|
||||
|
|
|
@ -26,7 +26,6 @@ from ansible.module_utils.six import iteritems, binary_type, text_type
|
|||
from ansible.module_utils.common._collections_compat import Container, Mapping, Set, Sequence
|
||||
from ansible.playbook.attribute import FieldAttribute
|
||||
from ansible.playbook.base import Base
|
||||
from ansible.playbook.become import Become
|
||||
from ansible.playbook.collectionsearch import CollectionSearch
|
||||
from ansible.playbook.conditional import Conditional
|
||||
from ansible.playbook.helpers import load_list_of_blocks
|
||||
|
@ -92,7 +91,7 @@ def hash_params(params):
|
|||
return frozenset((params,))
|
||||
|
||||
|
||||
class Role(Base, Become, Conditional, Taggable, CollectionSearch):
|
||||
class Role(Base, Conditional, Taggable, CollectionSearch):
|
||||
|
||||
_delegate_to = FieldAttribute(isa='string')
|
||||
_delegate_facts = FieldAttribute(isa='bool')
|
||||
|
|
|
@ -27,7 +27,6 @@ from ansible.module_utils.six import iteritems, string_types
|
|||
from ansible.parsing.yaml.objects import AnsibleBaseYAMLObject, AnsibleMapping
|
||||
from ansible.playbook.attribute import Attribute, FieldAttribute
|
||||
from ansible.playbook.base import Base
|
||||
from ansible.playbook.become import Become
|
||||
from ansible.playbook.collectionsearch import CollectionSearch
|
||||
from ansible.playbook.conditional import Conditional
|
||||
from ansible.playbook.taggable import Taggable
|
||||
|
@ -41,7 +40,7 @@ __all__ = ['RoleDefinition']
|
|||
display = Display()
|
||||
|
||||
|
||||
class RoleDefinition(Base, Become, Conditional, Taggable, CollectionSearch):
|
||||
class RoleDefinition(Base, Conditional, Taggable, CollectionSearch):
|
||||
|
||||
_role = FieldAttribute(isa='string')
|
||||
|
||||
|
|
|
@ -30,7 +30,6 @@ from ansible.parsing.yaml.objects import AnsibleBaseYAMLObject, AnsibleMapping
|
|||
from ansible.plugins.loader import lookup_loader
|
||||
from ansible.playbook.attribute import FieldAttribute
|
||||
from ansible.playbook.base import Base
|
||||
from ansible.playbook.become import Become
|
||||
from ansible.playbook.block import Block
|
||||
from ansible.playbook.collectionsearch import CollectionSearch
|
||||
from ansible.playbook.conditional import Conditional
|
||||
|
@ -45,7 +44,7 @@ __all__ = ['Task']
|
|||
display = Display()
|
||||
|
||||
|
||||
class Task(Base, Conditional, Taggable, Become, CollectionSearch):
|
||||
class Task(Base, Conditional, Taggable, CollectionSearch):
|
||||
|
||||
"""
|
||||
A task is a language feature that represents a call to a module, with given arguments and other parameters.
|
||||
|
|
|
@ -367,12 +367,6 @@ class BaseSubClass(base.Base):
|
|||
_test_attr_method_missing = FieldAttribute(isa='string', default='some attr with a missing getter',
|
||||
always_post_validate=True)
|
||||
|
||||
def _preprocess_data_basesubclass(self, ds):
|
||||
return ds
|
||||
|
||||
def preprocess_data(self, ds):
|
||||
return super(BaseSubClass, self).preprocess_data(ds)
|
||||
|
||||
def _get_attr_test_attr_method(self):
|
||||
return 'foo bar'
|
||||
|
||||
|
|
|
@ -1,100 +0,0 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# (c) 2018 Matt Martz <matt@sivel.net>
|
||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
import re
|
||||
|
||||
from ansible.errors import AnsibleParserError
|
||||
from ansible.playbook.become import Become
|
||||
from ansible.module_utils._text import to_native
|
||||
|
||||
import pytest
|
||||
|
||||
|
||||
class InString(str):
|
||||
def __eq__(self, other):
|
||||
return self in other
|
||||
|
||||
|
||||
@pytest.mark.parametrize("ds", [
|
||||
{},
|
||||
{'become': True},
|
||||
{'become_user': 'root'},
|
||||
{'sudo': True},
|
||||
{'sudo_user': 'root'},
|
||||
{'su': True},
|
||||
{'su_user': 'root'}
|
||||
])
|
||||
def test_detect_privilege_escalation_conflict_valid(ds):
|
||||
become = Become()
|
||||
become._detect_privilege_escalation_conflict(ds)
|
||||
|
||||
|
||||
@pytest.mark.parametrize("ds,message", [
|
||||
({'become': True, 'sudo': True}, re.compile('"become".*"sudo"')),
|
||||
({'become': True, 'su': True}, re.compile('"become".*"su"')),
|
||||
({'sudo': True, 'su': True}, re.compile('"sudo".*"su"')),
|
||||
({'become_user': 'root', 'sudo': True}, re.compile('"become".*"sudo"')),
|
||||
({'sudo_user': 'root', 'su': True}, re.compile('"sudo".*"su"')),
|
||||
])
|
||||
def test_detect_privilege_escalation_conflict_invalid(ds, message):
|
||||
become = Become()
|
||||
with pytest.raises(AnsibleParserError) as excinfo:
|
||||
become._detect_privilege_escalation_conflict(ds)
|
||||
assert message.search(excinfo.value.message) is not None
|
||||
|
||||
|
||||
def test_preprocess_data_become(mocker):
|
||||
display_mock = mocker.patch('ansible.playbook.become.display')
|
||||
|
||||
become = Become()
|
||||
ds = {}
|
||||
assert become._preprocess_data_become(ds) == {}
|
||||
|
||||
display_mock.reset_mock()
|
||||
ds = {'sudo': True}
|
||||
out = become._preprocess_data_become(ds)
|
||||
assert 'sudo' not in out
|
||||
assert out.get('become_method') == 'sudo'
|
||||
display_mock.deprecated.assert_called_once_with(
|
||||
"Instead of sudo/sudo_user, use become/become_user and make sure become_method is 'sudo' (default)",
|
||||
'2.9'
|
||||
)
|
||||
|
||||
ds = {'sudo_user': 'root'}
|
||||
out = become._preprocess_data_become(ds)
|
||||
assert 'sudo_user' not in out
|
||||
assert out.get('become_user') == 'root'
|
||||
|
||||
ds = {'sudo': True, 'sudo_user': 'root'}
|
||||
out = become._preprocess_data_become(ds)
|
||||
assert 'sudo' not in out
|
||||
assert 'sudo_user' not in out
|
||||
assert out.get('become_method') == 'sudo'
|
||||
assert out.get('become_user') == 'root'
|
||||
|
||||
display_mock.reset_mock()
|
||||
ds = {'su': True}
|
||||
out = become._preprocess_data_become(ds)
|
||||
assert 'su' not in out
|
||||
assert out.get('become_method') == 'su'
|
||||
display_mock.deprecated.assert_called_once_with(
|
||||
"Instead of su/su_user, use become/become_user and set become_method to 'su' (default is sudo)",
|
||||
'2.9'
|
||||
)
|
||||
display_mock.reset_mock()
|
||||
|
||||
ds = {'su_user': 'root'}
|
||||
out = become._preprocess_data_become(ds)
|
||||
assert 'su_user' not in out
|
||||
assert out.get('become_user') == 'root'
|
||||
|
||||
ds = {'su': True, 'su_user': 'root'}
|
||||
out = become._preprocess_data_become(ds)
|
||||
assert 'su' not in out
|
||||
assert 'su_user' not in out
|
||||
assert out.get('become_method') == 'su'
|
||||
assert out.get('become_user') == 'root'
|
|
@ -140,6 +140,7 @@ def test_play_context_make_become_cmd(mocker, parser, reset_cli_args):
|
|||
default_exe, success, default_cmd), cmd) is not None)
|
||||
|
||||
play_context.become_pass = None
|
||||
play_context.become_method = 'su'
|
||||
play_context.set_become_plugin(become_loader.get('su'))
|
||||
play_context.become_flags = su_flags
|
||||
cmd = play_context.make_become_cmd(cmd=default_cmd, executable="/bin/bash")
|
||||
|
@ -147,33 +148,39 @@ def test_play_context_make_become_cmd(mocker, parser, reset_cli_args):
|
|||
success, default_cmd), cmd) is not None)
|
||||
|
||||
play_context.set_become_plugin(become_loader.get('pbrun'))
|
||||
play_context.become_method = 'pbrun'
|
||||
play_context.become_flags = pbrun_flags
|
||||
cmd = play_context.make_become_cmd(cmd=default_cmd, executable="/bin/bash")
|
||||
assert re.match("""%s %s -u %s 'echo %s; %s'""" % (pbrun_exe, pbrun_flags, play_context.become_user,
|
||||
success, default_cmd), cmd) is not None
|
||||
|
||||
play_context.set_become_plugin(become_loader.get('pfexec'))
|
||||
play_context.become_method = 'pfexec'
|
||||
play_context.become_flags = pfexec_flags
|
||||
cmd = play_context.make_become_cmd(cmd=default_cmd, executable="/bin/bash")
|
||||
assert re.match('''%s %s "'echo %s; %s'"''' % (pfexec_exe, pfexec_flags, success, default_cmd), cmd) is not None
|
||||
|
||||
play_context.set_become_plugin(become_loader.get('doas'))
|
||||
play_context.become_method = 'doas'
|
||||
play_context.become_flags = doas_flags
|
||||
cmd = play_context.make_become_cmd(cmd=default_cmd, executable="/bin/bash")
|
||||
assert (re.match("""%s %s -u %s %s -c 'echo %s; %s'""" % (doas_exe, doas_flags, play_context.become_user, default_exe, success,
|
||||
default_cmd), cmd) is not None)
|
||||
|
||||
play_context.set_become_plugin(become_loader.get('ksu'))
|
||||
play_context.become_method = 'ksu'
|
||||
play_context.become_flags = ksu_flags
|
||||
cmd = play_context.make_become_cmd(cmd=default_cmd, executable="/bin/bash")
|
||||
assert (re.match("""%s %s %s -e %s -c 'echo %s; %s'""" % (ksu_exe, play_context.become_user, ksu_flags,
|
||||
default_exe, success, default_cmd), cmd) is not None)
|
||||
|
||||
play_context.set_become_plugin(become_loader.get('bad'))
|
||||
play_context.become_method = 'bad'
|
||||
with pytest.raises(AnsibleError):
|
||||
play_context.make_become_cmd(cmd=default_cmd, executable="/bin/bash")
|
||||
|
||||
play_context.set_become_plugin(become_loader.get('dzdo'))
|
||||
play_context.become_method = 'dzdo'
|
||||
play_context.become_flags = dzdo_flags
|
||||
cmd = play_context.make_become_cmd(cmd=default_cmd, executable="/bin/bash")
|
||||
assert re.match("""%s %s -u %s %s -c 'echo %s; %s'""" % (dzdo_exe, dzdo_flags, play_context.become_user, default_exe,
|
||||
|
|
Loading…
Reference in a new issue