From b6e9382273e3d47d6801947bf6d0a0faf5d6440b Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Fri, 3 Apr 2015 13:57:33 -0400 Subject: [PATCH] Refactor pbexpect string matches to submit become password --- awx/main/tasks.py | 56 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 41 insertions(+), 15 deletions(-) diff --git a/awx/main/tasks.py b/awx/main/tasks.py index 73a855f50c..5b66dcf0a7 100644 --- a/awx/main/tasks.py +++ b/awx/main/tasks.py @@ -713,6 +713,12 @@ class RunJob(BaseTask): d[re.compile(r'^SUDO password.*:\s*?$', re.M)] = 'become_password' d[re.compile(r'^su password.*:\s*?$', re.M)] = 'become_password' d[re.compile(r'^SU password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^PBRUN password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^pbrun password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^PFEXEC password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^pfexec password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^RUNAS password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^runas password.*:\s*?$', re.M)] = 'become_password' d[re.compile(r'^SSH password:\s*?$', re.M)] = 'ssh_password' d[re.compile(r'^Password:\s*?$', re.M)] = 'ssh_password' d[re.compile(r'^Vault password:\s*?$', re.M)] = 'vault_password' @@ -1173,7 +1179,7 @@ class RunAdHocCommand(BaseTask): passwords = super(RunAdHocCommand, self).build_passwords(ad_hoc_command, **kwargs) creds = ad_hoc_command.credential if creds: - for field in ('ssh_key_unlock', 'ssh_password', 'sudo_password', 'su_password'): + for field in ('ssh_key_unlock', 'ssh_password', 'become_password'): if field == 'ssh_password': value = kwargs.get(field, decrypt_field(creds, 'password')) else: @@ -1221,8 +1227,11 @@ class RunAdHocCommand(BaseTask): ssh_username, sudo_username, su_username = '', '', '' if creds: ssh_username = kwargs.get('username', creds.username) - sudo_username = kwargs.get('sudo_username', creds.sudo_username) - su_username = kwargs.get('su_username', creds.su_username) + become_method = kwargs.get('become_method', creds.become_method) + become_username = kwargs.get('become_username', creds.become_username) + else: + become_method = None + become_username = "" # Always specify the normal SSH user as root by default. Since this # task is normally running in the background under a service account, # it doesn't make sense to rely on ansible's default of using the @@ -1238,14 +1247,25 @@ class RunAdHocCommand(BaseTask): args.append('--ask-pass') # We only specify sudo/su user and password if explicitly given by the # credential. Credential should never specify both sudo and su. - if su_username: - args.extend(['-R', su_username]) - if 'su_password' in kwargs.get('passwords', {}): - args.append('--ask-su-pass') - if sudo_username: - args.extend(['-U', sudo_username]) - if 'sudo_password' in kwargs.get('passwords', {}): - args.append('--ask-sudo-pass') + try: + if Version(kwargs['ansible_version']) < Version('1.9'): + if become_method and become_method == "sudo" and become_username != "": + args.extend(['-U', become_username]) + if become_method and become_method == "sudo" and "become_password" in kwargs.get("passwords", {}): + args.append("--ask-sudo-pass") + if become_method and become_method == "su" and become_username != "": + args.extend(['-R', become_username]) + if become_method and become_method == "su" and "become_password" in kwargs.get("passwords", {}): + args.append("--ask-su-pass") + else: + if become_method: + args.extend(['--become-method', become_method]) + if become_username: + args.extend(['--become-user', become_username]) + if 'become_password' in kwargs.get('passwords', {}): + args.append('--ask-become-pass') + except ValueError: + pass if ad_hoc_command.privilege_escalation == 'sudo': args.append('--sudo') elif ad_hoc_command.privilege_escalation == 'su': @@ -1276,10 +1296,16 @@ class RunAdHocCommand(BaseTask): d = super(RunAdHocCommand, self).get_password_prompts() d[re.compile(r'^Enter passphrase for .*:\s*?$', re.M)] = 'ssh_key_unlock' d[re.compile(r'^Bad passphrase, try again for .*:\s*?$', re.M)] = '' - d[re.compile(r'^sudo password.*:\s*?$', re.M)] = 'sudo_password' - d[re.compile(r'^SUDO password.*:\s*?$', re.M)] = 'sudo_password' - d[re.compile(r'^su password.*:\s*?$', re.M)] = 'su_password' - d[re.compile(r'^SU password.*:\s*?$', re.M)] = 'su_password' + d[re.compile(r'^sudo password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^SUDO password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^su password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^SU password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^PBRUN password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^pbrun password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^PFEXEC password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^pfexec password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^RUNAS password.*:\s*?$', re.M)] = 'become_password' + d[re.compile(r'^runas password.*:\s*?$', re.M)] = 'become_password' d[re.compile(r'^SSH password:\s*?$', re.M)] = 'ssh_password' d[re.compile(r'^Password:\s*?$', re.M)] = 'ssh_password' return d