Use privilege escalation to attach to containers

When the play context contains 'become' for ansible privilege escalation, apply the configured become method (sudo) to the command used to attach to a container. This allows for non-root users to use the connection plugin to connect to containers. Closes-Bug: 1645732 Change-Id: I485bd0aa850f39201654c808f0c61d26113f6390
2018-11-03 13:49:16 -07:00 · 2018-11-03 13:49:16 -07:00 · 0b2981a5b5
parent 3d92c7da03
commit 0b2981a5b5
3 changed files with 4 additions and 6 deletions
--- a/connection/ssh.py
+++ b/connection/ssh.py
@ -425,6 +425,9 @@ class Connection(SSH.Connection):
                    SSH.shlex_quote(cmd)
                )

+            if self._play_context.become:
+                cmd = ' '.join((self._play_context.become_method, cmd))
+
        elif self._chroot_check():
            chroot_command = 'chroot %s' % self.chroot_path
            cmd = '%s %s' % (chroot_command, cmd)
--- a/tests/host_vars/container1.yml
+++ b/tests/host_vars/container1.yml
@ -15,4 +15,3 @@

 ansible_host: 10.100.100.2
 ansible_become: True
-ansible_user: root
--- a/tests/test-connection-plugin.yml
+++ b/tests/test-connection-plugin.yml
@ -16,7 +16,6 @@
 - name: Fail if sshd is running in the containers
  hosts: all_containers:alt_containers
  gather_facts: no
-  user: root
  become: True
  tasks:
    - name: Ensure sshd is not running
@ -29,7 +28,6 @@
 - name: Test the connection plugin container awareness functions
  hosts: all_containers:alt_containers
  gather_facts: no
-  user: root
  become: True
  tasks:
    - name: Test container ping
@ -40,7 +38,6 @@
 - name: Test delegation in the container aware connection plugin
  hosts: localhost
  gather_facts: no
-  user: root
  become: True
  tasks:
    - name: Test container delegation without templating
@ -60,7 +57,6 @@
 - name: Test conditional delegation
  hosts: container1
  gather_facts: no
-  user: root
  become: True
  vars:
    delegate_control: "target-host"
@ -76,7 +72,6 @@
 - name: Test delegation between container physical_hosts
  hosts: fakecontainer
  gather_facts: no
-  user: root
  become: True
  tasks:
    - name: Test delegation between containers on different hosts
@ -86,6 +81,7 @@

 - name: Test container_user attribute
  hosts: container1
+  user: root
  tasks:
    - name: Ensure container alt user
      user: