External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-24 09:07:45 -02:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #44 from wenottingham/its-a-privilege

Browse Source 
Don't hardcode privilege escalation prompts if they're all of the same format.
This commit is contained in:
Bill Nottingham
2017-07-25 17:31:06 -04:00
committed by GitHub
parent a6f5686ef4 4276959dc2
commit c098754470
4 changed files with 18 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
awx/main/constants.py
View File

@@ -1,5 +1,8 @@
# Copyright (c) 2015 Ansible, Inc. # Copyright (c) 2015 Ansible, Inc.
# All Rights Reserved. # All Rights Reserved.
from django.utils.translation import ugettext_lazy as _
CLOUD_PROVIDERS = ('azure', 'azure_rm', 'ec2', 'gce', 'rax', 'vmware', 'openstack', 'satellite6', 'cloudforms') CLOUD_PROVIDERS = ('azure', 'azure_rm', 'ec2', 'gce', 'rax', 'vmware', 'openstack', 'satellite6', 'cloudforms')
SCHEDULEABLE_PROVIDERS = CLOUD_PROVIDERS + ('custom', 'scm',) SCHEDULEABLE_PROVIDERS = CLOUD_PROVIDERS + ('custom', 'scm',)
PRIVILEGE_ESCALATION_METHODS = [ ('sudo', _('Sudo')), ('su', _('Su')), ('pbrun', _('Pbrun')), ('pfexec', _('Pfexec')), ('dzdo', _('DZDO')), ('pmrun', _('Pmrun')), ('runas', _('Runas'))]

6
awx/main/migrations/0006_v320_release.py
View File

@@ -414,6 +414,12 @@ class Migration(migrations.Migration):
unique_together=set([('organization', 'name', 'credential_type')]), unique_together=set([('organization', 'name', 'credential_type')]),
), ),
migrations.AlterField(
model_name='credential',
name='become_method',
field=models.CharField(default=b'', help_text='Privilege escalation method.', max_length=32, blank=True, choices=[(b'', 'None'), (b'sudo', 'Sudo'), (b'su', 'Su'), (b'pbrun', 'Pbrun'), (b'pfexec', 'Pfexec'), (b'dzdo', 'DZDO'), (b'pmrun', 'Pmrun'), (b'runas', 'Runas')]),
),
# Connecting activity stream # Connecting activity stream
migrations.AddField( migrations.AddField(
model_name='activitystream', model_name='activitystream',

11
awx/main/models/credential.py
View File

@@ -19,6 +19,7 @@ from django.utils.encoding import force_text
# AWX # AWX
from awx.api.versioning import reverse from awx.api.versioning import reverse
from awx.main.constants import PRIVILEGE_ESCALATION_METHODS
from awx.main.fields import (ImplicitRoleField, CredentialInputField, from awx.main.fields import (ImplicitRoleField, CredentialInputField,
CredentialTypeInputField, CredentialTypeInputField,
CredentialTypeInjectorField) CredentialTypeInjectorField)
@@ -135,15 +136,7 @@ class V1Credential(object):
max_length=32, max_length=32,
blank=True, blank=True,
default='', default='',
choices=[ choices=[('', _('None'))] + PRIVILEGE_ESCALATION_METHODS,
('', _('None')),
('sudo', _('Sudo')),
('su', _('Su')),
('pbrun', _('Pbrun')),
('pfexec', _('Pfexec')),
('dzdo', _('DZDO')),
('pmrun', _('Pmrun')),
],
help_text=_('Privilege escalation method.') help_text=_('Privilege escalation method.')
), ),
'become_username': models.CharField( 'become_username': models.CharField(

36
awx/main/tasks.py
View File

@@ -44,7 +44,7 @@ from django.core.exceptions import ObjectDoesNotExist
# AWX # AWX
from awx import __version__ as tower_application_version from awx import __version__ as tower_application_version
from awx.main.constants import CLOUD_PROVIDERS from awx.main.constants import CLOUD_PROVIDERS, PRIVILEGE_ESCALATION_METHODS
from awx.main.models import * # noqa from awx.main.models import * # noqa
from awx.main.models.unified_jobs import ACTIVE_STATES from awx.main.models.unified_jobs import ACTIVE_STATES
from awx.main.queue import CallbackQueueDispatcher from awx.main.queue import CallbackQueueDispatcher
@@ -1115,20 +1115,9 @@ class RunJob(BaseTask):
d = super(RunJob, self).get_password_prompts() d = super(RunJob, self).get_password_prompts()
d[re.compile(r'Enter passphrase for .*:\s*?$', re.M)] = 'ssh_key_unlock' d[re.compile(r'Enter passphrase for .*:\s*?$', re.M)] = 'ssh_key_unlock'
d[re.compile(r'Bad passphrase, try again for .*:\s*?$', re.M)] = '' d[re.compile(r'Bad passphrase, try again for .*:\s*?$', re.M)] = ''
d[re.compile(r'sudo password.*:\s*?$', re.M)] = 'become_password' for method in PRIVILEGE_ESCALATION_METHODS:
d[re.compile(r'SUDO password.*:\s*?$', re.M)] = 'become_password' d[re.compile(r'%s password.*:\s*?$' % (method[0]), re.M)] = 'become_password'
d[re.compile(r'su password.*:\s*?$', re.M)] = 'become_password' d[re.compile(r'%s password.*:\s*?$' % (method[0].upper()), re.M)] = 'become_password'
d[re.compile(r'SU password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'PBRUN password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'pbrun password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'PMRUN password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'pmrun password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'PFEXEC password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'pfexec password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'RUNAS password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'runas password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'DZDO password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'dzdo password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'SSH password:\s*?$', re.M)] = 'ssh_password' d[re.compile(r'SSH password:\s*?$', re.M)] = 'ssh_password'
d[re.compile(r'Password:\s*?$', re.M)] = 'ssh_password' d[re.compile(r'Password:\s*?$', re.M)] = 'ssh_password'
d[re.compile(r'Vault password:\s*?$', re.M)] = 'vault_password' d[re.compile(r'Vault password:\s*?$', re.M)] = 'vault_password'
@@ -2068,20 +2057,9 @@ class RunAdHocCommand(BaseTask):
d = super(RunAdHocCommand, self).get_password_prompts() d = super(RunAdHocCommand, self).get_password_prompts()
d[re.compile(r'Enter passphrase for .*:\s*?$', re.M)] = 'ssh_key_unlock' d[re.compile(r'Enter passphrase for .*:\s*?$', re.M)] = 'ssh_key_unlock'
d[re.compile(r'Bad passphrase, try again for .*:\s*?$', re.M)] = '' d[re.compile(r'Bad passphrase, try again for .*:\s*?$', re.M)] = ''
d[re.compile(r'sudo password.*:\s*?$', re.M)] = 'become_password' for method in PRIVILEGE_ESCALATION_METHODS:
d[re.compile(r'SUDO password.*:\s*?$', re.M)] = 'become_password' d[re.compile(r'%s password.*:\s*?$' % (method[0]), re.M)] = 'become_password'
d[re.compile(r'su password.*:\s*?$', re.M)] = 'become_password' d[re.compile(r'%s password.*:\s*?$' % (method[0].upper()), re.M)] = 'become_password'
d[re.compile(r'SU password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'PBRUN password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'pbrun password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'PMRUN password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'pmrun password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'PFEXEC password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'pfexec password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'RUNAS password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'runas password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'DZDO password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'dzdo password.*:\s*?$', re.M)] = 'become_password'
d[re.compile(r'SSH password:\s*?$', re.M)] = 'ssh_password' d[re.compile(r'SSH password:\s*?$', re.M)] = 'ssh_password'
d[re.compile(r'Password:\s*?$', re.M)] = 'ssh_password' d[re.compile(r'Password:\s*?$', re.M)] = 'ssh_password'
return d return d