Handle no-sudo in stage-output

The stage-output role had two assumptions:

1) The zuul_copy_output variable would always be defined
2) The role would be able to sudo on the remote node

To make it easier for users who want to use this in a base job,
remove both of those assumptions.

1) We now supply a default empty dict if the variable is not defined
so that the role does not fail with an error.

2) We check to see if we can sudo on the remote node, and if we can,
we do when copying files; otherwise we don't, and assume that the
user will only specify files they have access to (if they don't then
the copy will fail).

Change-Id: I5428c44adfafac4872342b59a92de311f41687b6
This commit is contained in:
James E. Blair 2021-05-31 09:42:02 -07:00
parent 0fcc5ff5ac
commit f0d7c980b5
3 changed files with 43 additions and 4 deletions

View File

@ -1,12 +1,20 @@
- name: Register sources - name: Register sources
stat: stat:
path: "{{ zj_source.key }}" path: "{{ zj_source.key }}"
loop: "{{ zuul_copy_output|dict2items }}" loop: "{{ zuul_copy_output | default({}) | dict2items }}"
loop_control: loop_control:
loop_var: zj_source loop_var: zj_source
register: sources register: sources
no_log: true no_log: true
# See if we're running with sudo; if so, we'll set 'become' later so
# we can copy root-owned files; if not, we'll just be able to copy
# user files.
- name: Check sudo
command: sudo -n true
failed_when: false
register: sudo_result
- name: Build the extensions list from a dict (or empty) - name: Build the extensions list from a dict (or empty)
set_fact: set_fact:
extension_list: > extension_list: >
@ -50,7 +58,7 @@
all_sources: "{{ results.results | selectattr('ansible_facts', 'defined') | map(attribute='ansible_facts') | list }}" all_sources: "{{ results.results | selectattr('ansible_facts', 'defined') | map(attribute='ansible_facts') | list }}"
- name: Ensure target folders exist - name: Ensure target folders exist
become: true become: "{{ sudo_result.rc == 0 }}"
file: file:
path: "{{ stage_dir }}/{{ zj_output_dirs }}" path: "{{ stage_dir }}/{{ zj_output_dirs }}"
state: directory state: directory
@ -67,7 +75,7 @@
# remote_src copy does not work recursively, synchronise is restricted by # remote_src copy does not work recursively, synchronise is restricted by
# zuul, using command # zuul, using command
command: cp -pRL {{ zj_source.source }} {{ stage_dir }}/{{ zj_source.dest }} command: cp -pRL {{ zj_source.source }} {{ stage_dir }}/{{ zj_source.dest }}
become: true become: "{{ sudo_result.rc == 0 }}"
with_items: "{{ all_sources }}" with_items: "{{ all_sources }}"
loop_control: loop_control:
loop_var: zj_source loop_var: zj_source
@ -78,7 +86,7 @@
dest: "{{ stage_dir }}/logs" dest: "{{ stage_dir }}/logs"
mode: u=rwX,g=rX,o=rX mode: u=rwX,g=rX,o=rX
recurse: yes recurse: yes
become: yes become: "{{ sudo_result.rc == 0 }}"
- name: Discover log files that match extension_list - name: Discover log files that match extension_list
find: find:

View File

@ -0,0 +1,21 @@
- hosts: all
tasks:
- name: Write a test file
copy:
content: "Test file"
dest: "/tmp/test-output.txt"
- name: Test stage-output with a file
include_role:
name: stage-output
vars:
zuul_copy_output:
/tmp/test-output.txt: logs
- name: Test stage-output with no input
include_role:
name: stage-output
- name: Remove sudo
include_role:
name: revoke-sudo
- name: Test stage-output without sudo
include_role:
name: stage-output

View File

@ -688,6 +688,14 @@
- test-playbooks/update-json-file.yaml - test-playbooks/update-json-file.yaml
- roles/update-json-file/.* - roles/update-json-file/.*
- job:
name: zuul-jobs-test-stage-output
description: Test the state-output role
run: test-playbooks/stage-output.yaml
files:
- test-playbooks/stage-output.yaml
- roles/stage-output/.*
# -* AUTOGENERATED *- # -* AUTOGENERATED *-
# The following project section is autogenerated by # The following project section is autogenerated by
# tox -e update-test-platforms # tox -e update-test-platforms
@ -742,6 +750,7 @@
- zuul-jobs-test-shake-build - zuul-jobs-test-shake-build
- zuul-jobs-test-ensure-zookeeper - zuul-jobs-test-ensure-zookeeper
- zuul-jobs-test-update-json-file - zuul-jobs-test-update-json-file
- zuul-jobs-test-stage-output
gate: gate:
jobs: &id001 jobs: &id001
- zuul-jobs-test-add-authorized-keys - zuul-jobs-test-add-authorized-keys
@ -787,5 +796,6 @@
- zuul-jobs-test-shake-build - zuul-jobs-test-shake-build
- zuul-jobs-test-ensure-zookeeper - zuul-jobs-test-ensure-zookeeper
- zuul-jobs-test-update-json-file - zuul-jobs-test-update-json-file
- zuul-jobs-test-stage-output
periodic-weekly: periodic-weekly:
jobs: *id001 jobs: *id001