diff --git a/awx/main/tasks.py b/awx/main/tasks.py index f02fb3047c..73a855f50c 100644 --- a/awx/main/tasks.py +++ b/awx/main/tasks.py @@ -532,7 +532,7 @@ class RunJob(BaseTask): passwords = super(RunJob, self).build_passwords(job, **kwargs) creds = job.credential if creds: - for field in ('ssh_key_unlock', 'ssh_password', 'sudo_password', 'su_password', 'vault_password'): + for field in ('ssh_key_unlock', 'ssh_password', 'become_password', 'vault_password'): if field == 'ssh_password': value = kwargs.get(field, decrypt_field(creds, 'password')) else: @@ -640,24 +640,13 @@ class RunJob(BaseTask): if job.job_template.become_enabled: args.append('--become') if become_method: - args.append('--become-method', become_method) + args.extend(['--become-method', become_method]) if become_username: - args.append('--become-username', become_username) + args.extend(['--become-user', become_username]) if 'become_password' in kwargs.get('passwords', {}): args.append('--ask-become-pass') except ValueError: pass - # We only specify sudo/su user and password if explicitly given by the - # credential. Credential should never specify both sudo and su. - # if su_username: - # args.extend(['-R', su_username]) - # if 'su_password' in kwargs.get('passwords', {}): - # args.append('--ask-su-pass') - # if sudo_username: - # args.extend(['-U', sudo_username]) - # if 'sudo_password' in kwargs.get('passwords', {}): - # args.append('--ask-sudo-pass') - # Support prompting for a vault password. if 'vault_password' in kwargs.get('passwords', {}): args.append('--ask-vault-pass') @@ -701,7 +690,6 @@ class RunJob(BaseTask): args.append("scan_facts.yml") else: args.append(job.playbook) - return args def build_cwd(self, job, **kwargs): @@ -721,10 +709,10 @@ class RunJob(BaseTask): d = super(RunJob, self).get_password_prompts() d[re.compile(r'^Enter passphrase for .*:\s*?$', re.M)] = 'ssh_key_unlock' d[re.compile(r'^Bad passphrase, try again for .*:\s*?$', re.M)] = '' - d[re.compile(r'^sudo password.*:\s*?$', re.M)] = 'sudo_password' - d[re.compile(r'^SUDO password.*:\s*?$', re.M)] = 'sudo_password' - d[re.compile(r'^su password.*:\s*?$', re.M)] = 'su_password' - d[re.compile(r'^SU password.*:\s*?$', re.M)] = 'su_password' + d[re.compile(r'^sudo password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^SUDO password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^su password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^SU password.*:\s*?$', re.M)] = 'become_password' d[re.compile(r'^SSH password:\s*?$', re.M)] = 'ssh_password' d[re.compile(r'^Password:\s*?$', re.M)] = 'ssh_password' d[re.compile(r'^Vault password:\s*?$', re.M)] = 'vault_password' diff --git a/awx/main/tests/base.py b/awx/main/tests/base.py index 7261374c28..467e30734e 100644 --- a/awx/main/tests/base.py +++ b/awx/main/tests/base.py @@ -338,10 +338,9 @@ class BaseTestMixin(QueueTestMixin): 'ssh_key_data': '', 'ssh_key_unlock': '', 'password': '', - 'sudo_username': '', - 'sudo_password': '', - 'su_username': '', - 'su_password': '', + 'become_method': '', + 'become_username': '', + 'become_password': '', 'vault_password': '', } opts.update(kwargs) diff --git a/awx/main/tests/jobs/base.py b/awx/main/tests/jobs/base.py index d13ef0a37c..44cd059ab9 100644 --- a/awx/main/tests/jobs/base.py +++ b/awx/main/tests/jobs/base.py @@ -283,8 +283,9 @@ class BaseJobTestMixin(BaseTestMixin): self.cred_eve = self.user_eve.credentials.create( username='eve', password='ASK', - sudo_username='root', - sudo_password='ASK', + become_method='sudo', + become_username='root', + become_password='ASK', created_by=self.user_sue, ) self.cred_frank = self.user_frank.credentials.create( diff --git a/awx/main/tests/jobs/jobs_monolithic.py b/awx/main/tests/jobs/jobs_monolithic.py index 1a1e6eda3d..ac079fa7bd 100644 --- a/awx/main/tests/jobs/jobs_monolithic.py +++ b/awx/main/tests/jobs/jobs_monolithic.py @@ -190,7 +190,7 @@ class JobTemplateTest(BaseJobTestMixin, django.test.TestCase): JOB_TEMPLATE_FIELDS = ('id', 'type', 'url', 'related', 'summary_fields', 'created', 'modified', 'name', 'description', 'job_type', 'inventory', 'project', 'playbook', - 'credential', 'use_su_credential', 'sudo_su_flag', + 'become_enabled', 'credential', 'cloud_credential', 'force_handlers', 'forks', 'limit', 'verbosity', 'extra_vars', 'ask_variables_on_launch', 'job_tags', 'skip_tags', @@ -714,7 +714,7 @@ class JobStartCancelTest(BaseJobTestMixin, django.test.LiveServerTestCase): self.assertFalse(response['can_start']) response = self.post(url, {}, expect=405) - # Test with a job that prompts for SSH and sudo passwords. + # Test with a job that prompts for SSH and sudo become passwords. #job = self.job_sup_run job = self.make_job(self.jt_sup_run, self.user_sue, 'new') url = reverse('api:job_start', args=(job.pk,)) @@ -722,12 +722,12 @@ class JobStartCancelTest(BaseJobTestMixin, django.test.LiveServerTestCase): response = self.get(url) self.assertTrue(response['can_start']) self.assertEqual(set(response['passwords_needed_to_start']), - set(['ssh_password', 'sudo_password'])) + set(['ssh_password', 'become_password'])) data = dict() response = self.post(url, data, expect=400) data['ssh_password'] = 'sshpass' response = self.post(url, data, expect=400) - data2 = dict(sudo_password='sudopass') + data2 = dict(become_password='sudopass') response = self.post(url, data2, expect=400) data.update(data2) response = self.post(url, data, expect=202) @@ -796,12 +796,12 @@ class JobStartCancelTest(BaseJobTestMixin, django.test.LiveServerTestCase): with self.current_user(self.user_sue): response = self.get(url) self.assertEqual(set(response['passwords_needed_to_start']), - set(['ssh_password', 'sudo_password'])) + set(['ssh_password', 'become_password'])) data = dict() response = self.post(url, data, expect=400) data['ssh_password'] = 'sshpass' response = self.post(url, data, expect=400) - data2 = dict(sudo_password='sudopass') + data2 = dict(become_password='sudopass') response = self.post(url, data2, expect=400) data.update(data2) response = self.post(url, data, expect=202) diff --git a/awx/main/tests/tasks.py b/awx/main/tests/tasks.py index 66dbd4ac95..cfbb0bd401 100644 --- a/awx/main/tests/tasks.py +++ b/awx/main/tests/tasks.py @@ -935,9 +935,10 @@ class RunJobTest(BaseJobExecutionTest): self.check_job_result(job, 'successful') self.assertTrue('"--ask-pass"' in job.job_args) - def test_sudo_username_and_password(self): - self.create_test_credential(sudo_username='sudouser', - sudo_password='sudopass') + def test_become_username_and_password(self): + self.create_test_credential(become_method='sudo', + become_username='sudouser', + become_password='sudopass') self.create_test_project(TEST_PLAYBOOK) job_template = self.create_test_job_template() job = self.create_test_job(job_template=job_template) @@ -945,77 +946,65 @@ class RunJobTest(BaseJobExecutionTest): self.assertFalse(job.passwords_needed_to_start) self.assertTrue(job.signal_start()) job = Job.objects.get(pk=job.pk) - # Job may fail if current user doesn't have password-less sudo + # Job may fail if current user doesn't have password-less become # privileges, but we're mainly checking the command line arguments. self.check_job_result(job, ('successful', 'failed')) - self.assertTrue('"-U"' in job.job_args) - self.assertTrue('"--ask-sudo-pass"' in job.job_args) - self.assertFalse('"-s"' in job.job_args) - self.assertFalse('"-R"' in job.job_args) - self.assertFalse('"--ask-su-pass"' in job.job_args) - self.assertFalse('"-S"' in job.job_args) + self.assertTrue('"--become-user"' in job.job_args) + self.assertTrue('"--become-method"' in job.job_args) + self.assertTrue('"--ask-become-pass"' in job.job_args) - def test_sudo_ask_password(self): - self.create_test_credential(sudo_password='ASK') + def test_become_ask_password(self): + self.create_test_credential(become_password='ASK') self.create_test_project(TEST_PLAYBOOK) job_template = self.create_test_job_template() job = self.create_test_job(job_template=job_template) self.assertEqual(job.status, 'new') self.assertTrue(job.passwords_needed_to_start) - self.assertTrue('sudo_password' in job.passwords_needed_to_start) - self.assertFalse('su_password' in job.passwords_needed_to_start) + self.assertTrue('become_password' in job.passwords_needed_to_start) self.assertFalse(job.signal_start()) - self.assertTrue(job.signal_start(sudo_password='sudopass')) + self.assertTrue(job.signal_start(become_password='sudopass')) job = Job.objects.get(pk=job.pk) - # Job may fail if current user doesn't have password-less sudo + # Job may fail if current user doesn't have password-less become # privileges, but we're mainly checking the command line arguments. self.assertTrue(job.status in ('successful', 'failed')) - self.assertTrue('"--ask-sudo-pass"' in job.job_args) - self.assertFalse('"-s"' in job.job_args) - self.assertFalse('"-R"' in job.job_args) - self.assertFalse('"--ask-su-pass"' in job.job_args) - self.assertFalse('"-S"' in job.job_args) + self.assertTrue('"--ask-become-pass"' in job.job_args) + self.assertFalse('"--become-user"' in job.job_args) + self.assertFalse('"--become-method"' in job.job_args) - def test_su_username_and_password(self): - self.create_test_credential(su_username='suuser', - su_password='supass') + def test_job_template_become_enabled(self): self.create_test_project(TEST_PLAYBOOK) - job_template = self.create_test_job_template() + job_template = self.create_test_job_template(become_enabled=True) job = self.create_test_job(job_template=job_template) self.assertEqual(job.status, 'new') self.assertFalse(job.passwords_needed_to_start) self.assertTrue(job.signal_start()) job = Job.objects.get(pk=job.pk) - # Job may fail, but we're mainly checking the command line arguments. - self.check_job_result(job, ('successful', 'failed')) - self.assertTrue('"-R"' in job.job_args) - self.assertTrue('"--ask-su-pass"' in job.job_args) - self.assertFalse('"-S"' in job.job_args) - self.assertFalse('"-U"' in job.job_args) - self.assertFalse('"--ask-sudo-pass"' in job.job_args) - self.assertFalse('"-s"' in job.job_args) + # Job may fail if current user doesn't have password-less become + # privileges, but we're mainly checking the command line arguments. + self.assertTrue(job.status in ('successful', 'failed')) + self.assertTrue('"--become"' in job.job_args) + self.assertFalse('"--become-user"' in job.job_args) + self.assertFalse('"--become-method"' in job.job_args) - def test_su_ask_password(self): - self.create_test_credential(su_password='ASK') + def test_become_enabled_with_username_and_password(self): + self.create_test_credential(become_method='sudo', + become_username='sudouser', + become_password='sudopass') self.create_test_project(TEST_PLAYBOOK) - job_template = self.create_test_job_template() + job_template = self.create_test_job_template(become_enabled=True) job = self.create_test_job(job_template=job_template) self.assertEqual(job.status, 'new') - self.assertTrue(job.passwords_needed_to_start) - self.assertTrue('su_password' in job.passwords_needed_to_start) - self.assertFalse('sudo_password' in job.passwords_needed_to_start) - self.assertFalse(job.signal_start()) - self.assertTrue(job.signal_start(su_password='supass')) + self.assertFalse(job.passwords_needed_to_start) + self.assertTrue(job.signal_start()) job = Job.objects.get(pk=job.pk) - # Job may fail, but we're mainly checking the command line arguments. - self.assertTrue(job.status in ('successful', 'failed')) - self.assertTrue('"--ask-su-pass"' in job.job_args) - self.assertFalse('"-S"' in job.job_args) - self.assertFalse('"-R"' in job.job_args) - self.assertFalse('"-U"' in job.job_args) - self.assertFalse('"--ask-sudo-pass"' in job.job_args) - self.assertFalse('"-s"' in job.job_args) - + # Job may fail if current user doesn't have password-less become + # privileges, but we're mainly checking the command line arguments. + self.check_job_result(job, ('successful', 'failed')) + self.assertTrue('"--become-user"' in job.job_args) + self.assertTrue('"--become-method"' in job.job_args) + self.assertTrue('"--ask-become-pass"' in job.job_args) + self.assertTrue('"--become"' in job.job_args) + def test_unlocked_ssh_key(self): self.create_test_credential(ssh_key_data=TEST_SSH_KEY_DATA) self.create_test_project(TEST_PLAYBOOK)