mirror of
https://github.com/ansible-collections/community.general.git
synced 2026-02-04 07:51:50 +00:00
111 lines
3.3 KiB
Python
111 lines
3.3 KiB
Python
# Copyright (c) 2021, Ansible Project
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
from __future__ import annotations
|
|
|
|
DOCUMENTATION = r"""
|
|
name: sudosu
|
|
short_description: Run tasks using sudo su -
|
|
description:
|
|
- This become plugin allows your remote/login user to execute commands as another user using the C(sudo) and C(su) utilities
|
|
combined.
|
|
author:
|
|
- Dag Wieers (@dagwieers)
|
|
version_added: 2.4.0
|
|
options:
|
|
become_user:
|
|
description: User you 'become' to execute the task.
|
|
type: string
|
|
default: root
|
|
ini:
|
|
- section: privilege_escalation
|
|
key: become_user
|
|
- section: sudo_become_plugin
|
|
key: user
|
|
vars:
|
|
- name: ansible_become_user
|
|
- name: ansible_sudo_user
|
|
env:
|
|
- name: ANSIBLE_BECOME_USER
|
|
- name: ANSIBLE_SUDO_USER
|
|
become_flags:
|
|
description: Options to pass to C(sudo).
|
|
type: string
|
|
default: -H -S -n
|
|
ini:
|
|
- section: privilege_escalation
|
|
key: become_flags
|
|
- section: sudo_become_plugin
|
|
key: flags
|
|
vars:
|
|
- name: ansible_become_flags
|
|
- name: ansible_sudo_flags
|
|
env:
|
|
- name: ANSIBLE_BECOME_FLAGS
|
|
- name: ANSIBLE_SUDO_FLAGS
|
|
become_pass:
|
|
description: Password to pass to C(sudo).
|
|
type: string
|
|
required: false
|
|
vars:
|
|
- name: ansible_become_password
|
|
- name: ansible_become_pass
|
|
- name: ansible_sudo_pass
|
|
env:
|
|
- name: ANSIBLE_BECOME_PASS
|
|
- name: ANSIBLE_SUDO_PASS
|
|
ini:
|
|
- section: sudo_become_plugin
|
|
key: password
|
|
alt_method:
|
|
description:
|
|
- Whether to use an alternative method to call C(su). Instead of running C(su -l user /path/to/shell -c command), it
|
|
runs C(su -l user -c command).
|
|
- Use this when the default one is not working on your system.
|
|
required: false
|
|
type: boolean
|
|
ini:
|
|
- section: community.general.sudosu
|
|
key: alternative_method
|
|
vars:
|
|
- name: ansible_sudosu_alt_method
|
|
env:
|
|
- name: ANSIBLE_SUDOSU_ALT_METHOD
|
|
version_added: 9.2.0
|
|
"""
|
|
|
|
|
|
from ansible.plugins.become import BecomeBase
|
|
|
|
|
|
class BecomeModule(BecomeBase):
|
|
name = "community.general.sudosu"
|
|
|
|
# messages for detecting prompted password issues
|
|
fail = ("Sorry, try again.",)
|
|
missing = ("Sorry, a password is required to run sudo", "sudo: a password is required")
|
|
|
|
def build_become_command(self, cmd, shell):
|
|
super().build_become_command(cmd, shell)
|
|
|
|
if not cmd:
|
|
return cmd
|
|
|
|
becomecmd = "sudo"
|
|
|
|
flags = self.get_option("become_flags") or ""
|
|
prompt = ""
|
|
if self.get_option("become_pass"):
|
|
self.prompt = f"[sudo via ansible, key={self._id}] password:"
|
|
if flags: # this could be simplified, but kept as is for now for backwards string matching
|
|
flags = flags.replace("-n", "")
|
|
prompt = f'-p "{self.prompt}"'
|
|
|
|
user = self.get_option("become_user") or ""
|
|
if user:
|
|
user = f"{user}"
|
|
|
|
if self.get_option("alt_method"):
|
|
return f"{becomecmd} {flags} {prompt} su -l {user} -c {self._build_success_command(cmd, shell, True)}"
|
|
else:
|
|
return f"{becomecmd} {flags} {prompt} su -l {user} {self._build_success_command(cmd, shell)}"
|