mirror of
https://github.com/ansible/awx.git
synced 2026-01-13 02:50:02 -03:30
adding 'become' privilege escalation on cred
and on job template adding a flag for enabling 'become' escalation.
This commit is contained in:
Jared Tabor
parent
f6827a1079
commit
eb5e10aa5c
@ -136,7 +136,7 @@ CredentialsList.$inject = ['$scope', '$rootScope', '$location', '$log', '$routeP
|
||||
|
||||
export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $routeParams, CredentialForm, GenerateForm, Rest, Alert,
|
||||
ProcessErrors, LoadBreadCrumbs, ReturnToCaller, ClearScope, GenerateList, SearchInit, PaginateInit, LookUpInit, UserList, TeamList,
|
||||
GetBasePath, GetChoices, Empty, KindChange, OwnerChange, LoginMethodChange, FormSave) {
|
||||
GetBasePath, GetChoices, Empty, KindChange, OwnerChange, FormSave) {
|
||||
|
||||
ClearScope();
|
||||
|
||||
@ -158,20 +158,12 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $r
|
||||
variable: 'credential_kind_options'
|
||||
});
|
||||
|
||||
// GetChoices({
|
||||
// scope: $scope,
|
||||
// url: defaultUrl,
|
||||
// field: 'become',
|
||||
// variable: 'become_options'
|
||||
// });
|
||||
|
||||
$scope.become_options = [
|
||||
{ value: 'sudo', label: 'Sudo' },
|
||||
{ value: 'su', label: 'Su' },
|
||||
{ value: 'pbrun', label: 'Pbrun'},
|
||||
{ value: 'pfexec', label: 'Pfexec'},
|
||||
{ value: 'runas', label: 'Runas'}
|
||||
];
|
||||
GetChoices({
|
||||
scope: $scope,
|
||||
url: defaultUrl,
|
||||
field: 'become_method',
|
||||
variable: 'become_options'
|
||||
});
|
||||
|
||||
LookUpInit({
|
||||
scope: $scope,
|
||||
@ -224,16 +216,6 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $r
|
||||
OwnerChange({ scope: $scope });
|
||||
}
|
||||
|
||||
if (!Empty($routeParams.su_username) || !Empty($routeParams.su_password)) {
|
||||
$scope.login_method = 'su';
|
||||
LoginMethodChange({ scope: $scope });
|
||||
} else if (!Empty($routeParams.sudo_username) || !Empty($routeParams.sudo_password)) {
|
||||
$scope.login_method = 'sudo';
|
||||
LoginMethodChange({ scope: $scope });
|
||||
} else {
|
||||
$scope.login_method = '';
|
||||
LoginMethodChange({ scope: $scope });
|
||||
}
|
||||
|
||||
// Handle Kind change
|
||||
$scope.kindChange = function () {
|
||||
@ -254,11 +236,6 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $r
|
||||
OwnerChange({ scope: $scope });
|
||||
};
|
||||
|
||||
// Handle Login Method change
|
||||
$scope.loginMethodChange = function () {
|
||||
LoginMethodChange({ scope: $scope });
|
||||
};
|
||||
|
||||
// Reset defaults
|
||||
$scope.formReset = function () {
|
||||
//DebugForm({ scope: $scope, form: CredentialForm });
|
||||
@ -309,13 +286,13 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $r
|
||||
|
||||
CredentialsAdd.$inject = ['$scope', '$rootScope', '$compile', '$location', '$log', '$routeParams', 'CredentialForm', 'GenerateForm',
|
||||
'Rest', 'Alert', 'ProcessErrors', 'LoadBreadCrumbs', 'ReturnToCaller', 'ClearScope', 'generateList', 'SearchInit', 'PaginateInit',
|
||||
'LookUpInit', 'UserList', 'TeamList', 'GetBasePath', 'GetChoices', 'Empty', 'KindChange', 'OwnerChange', 'LoginMethodChange', 'FormSave'
|
||||
'LookUpInit', 'UserList', 'TeamList', 'GetBasePath', 'GetChoices', 'Empty', 'KindChange', 'OwnerChange', 'FormSave'
|
||||
];
|
||||
|
||||
|
||||
export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $routeParams, CredentialForm, GenerateForm, Rest, Alert,
|
||||
ProcessErrors, LoadBreadCrumbs, RelatedSearchInit, RelatedPaginateInit, ReturnToCaller, ClearScope, Prompt, GetBasePath, GetChoices,
|
||||
KindChange, UserList, TeamList, LookUpInit, Empty, OwnerChange, LoginMethodChange, FormSave, Stream, Wait) {
|
||||
KindChange, UserList, TeamList, LookUpInit, Empty, OwnerChange, FormSave, Stream, Wait) {
|
||||
|
||||
ClearScope();
|
||||
|
||||
@ -329,13 +306,7 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $
|
||||
generator.inject(form, { mode: 'edit', related: true, scope: $scope });
|
||||
generator.reset();
|
||||
$scope.id = id;
|
||||
$scope.become_options = [
|
||||
{ value: 'sudo', label: 'Sudo' },
|
||||
{ value: 'su', label: 'Su' },
|
||||
{ value: 'pbrun', label: 'Pbrun'},
|
||||
{ value: 'pfexec', label: 'Pfexec'},
|
||||
{ value: 'runas', label: 'Runas'}
|
||||
];
|
||||
|
||||
function setAskCheckboxes() {
|
||||
var fld, i;
|
||||
for (fld in form.fields) {
|
||||
@ -389,7 +360,6 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $
|
||||
reset: false
|
||||
});
|
||||
OwnerChange({ scope: $scope });
|
||||
LoginMethodChange({ scope: $scope });
|
||||
Wait('stop');
|
||||
});
|
||||
|
||||
@ -429,14 +399,13 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $
|
||||
}
|
||||
master.owner = $scope.owner;
|
||||
|
||||
if (!Empty($scope.su_username) || !Empty($scope.su_password)) {
|
||||
$scope.login_method = 'su';
|
||||
} else if (!Empty($scope.sudo_username) || !Empty($scope.sudo_password)) {
|
||||
$scope.login_method = 'sudo';
|
||||
} else {
|
||||
$scope.login_method = '';
|
||||
for (i = 0; i < $scope.become_options.length; i++) {
|
||||
if ($scope.become_options[i].value === data.become_method) {
|
||||
$scope.become_method = $scope.become_options[i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
master.login_method = $scope.login_method;
|
||||
master.become_method = $scope.become_method;
|
||||
|
||||
for (i = 0; i < $scope.credential_kind_options.length; i++) {
|
||||
if ($scope.credential_kind_options[i].value === data.kind) {
|
||||
@ -488,6 +457,12 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $
|
||||
callback: 'choicesReadyCredential'
|
||||
});
|
||||
|
||||
GetChoices({
|
||||
scope: $scope,
|
||||
url: defaultUrl,
|
||||
field: 'become_method',
|
||||
variable: 'become_options'
|
||||
});
|
||||
$scope.showActivity = function () {
|
||||
Stream({ scope: $scope });
|
||||
};
|
||||
@ -506,11 +481,6 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $
|
||||
OwnerChange({ scope: $scope });
|
||||
};
|
||||
|
||||
// Handle Login Method change
|
||||
$scope.loginMethodChange = function () {
|
||||
LoginMethodChange({ scope: $scope });
|
||||
};
|
||||
|
||||
// Handle Kind change
|
||||
$scope.kindChange = function () {
|
||||
KindChange({ scope: $scope, form: form, reset: true });
|
||||
@ -525,7 +495,6 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $
|
||||
setAskCheckboxes();
|
||||
KindChange({ scope: $scope, form: form, reset: false });
|
||||
OwnerChange({ scope: $scope });
|
||||
LoginMethodChange({ scope: $scope });
|
||||
};
|
||||
|
||||
// Related set: Add button
|
||||
@ -615,5 +584,5 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $
|
||||
CredentialsEdit.$inject = ['$scope', '$rootScope', '$compile', '$location', '$log', '$routeParams', 'CredentialForm',
|
||||
'GenerateForm', 'Rest', 'Alert', 'ProcessErrors', 'LoadBreadCrumbs', 'RelatedSearchInit', 'RelatedPaginateInit',
|
||||
'ReturnToCaller', 'ClearScope', 'Prompt', 'GetBasePath', 'GetChoices', 'KindChange', 'UserList', 'TeamList', 'LookUpInit',
|
||||
'Empty', 'OwnerChange', 'LoginMethodChange', 'FormSave', 'Stream', 'Wait'
|
||||
'Empty', 'OwnerChange', 'FormSave', 'Stream', 'Wait'
|
||||
];
|
||||
|
||||
@ -276,16 +276,20 @@ export default
|
||||
},
|
||||
"become_method": {
|
||||
label: "Privilege Escalation",
|
||||
hintText: "If your playbooks use privilege escalation (\"sudo: true\", \"su: true\", etc), you can specify the username to become, and the password to use here.",
|
||||
// hintText: "If your playbooks use privilege escalation (\"sudo: true\", \"su: true\", etc), you can specify the username to become, and the password to use here.",
|
||||
type: 'select',
|
||||
ngShow: "kind.value == 'ssh'",
|
||||
ngChange: "loginMethodChange()",
|
||||
dataTitle: 'Privilege Escalation',
|
||||
ngOptions: 'become.label for become in become_options track by become.value',
|
||||
awPopOver: "<p><b>Sudo:</b> Optionally specify a username for sudo operations. "+
|
||||
"This is equivalent to specifying the <code>ansible-playbook --sudo-user</code> parameter.<br />" +
|
||||
"<b>Su:</b> Optionally specify a username for su operations. This is equivalent to specifying the <code>ansible-playbook --su-user</code> parameter.<br/>"+
|
||||
"<b>Pbrun:</b> Optionally specify a username for pbrun operations. This is equivalent to specifying the <code>ansible-playbook --become_method=pbrun</code> parameter."+
|
||||
"Note that this option is only available with Tower instances using Ansible v1.9 or later (Current: Ansible v.{{ansible_version}})",
|
||||
awPopOver: "<p>Specify a username for 'become' operations. " +
|
||||
"This is equivalent to specifying the <code>--become-method=BECOME_METHOD</code> parameter, where <code>BECOME_METHOD</code> could be "+
|
||||
"<code>sudo | su | pbrun | pfexec | runas</code> <br>(defaults to <code>sudo</code>)</p>",
|
||||
|
||||
// "<p><b>Sudo:</b> Optionally specify a username for sudo operations. "+
|
||||
// "This is equivalent to specifying the <code>ansible-playbook --sudo-user</code> parameter.<br />" +
|
||||
// "<b>Su:</b> Optionally specify a username for su operations. This is equivalent to specifying the <code>ansible-playbook --su-user</code> parameter.<br/>"+
|
||||
// "<b>Pbrun:</b> Optionally specify a username for pbrun operations. This is equivalent to specifying the <code>ansible-playbook --become_method=pbrun</code> parameter."+
|
||||
// "Note that this option is only available with Tower instances using Ansible v1.9 or later (Current: Ansible v.{{ansible_version}})",
|
||||
dataPlacement: 'right',
|
||||
dataContainer: "body"
|
||||
},
|
||||
|
||||
@ -295,13 +295,11 @@ export default
|
||||
// '<div class="error ng-hide" id="job-template-survey-error" ng-show="survey_enabled === true && survey_exists!==true">A survey is enabled but it does not exist. Create a survey or disable the survey. </div>'
|
||||
'<div class="error ng-hide" id="job-template-survey-error" ng-show="invalid_survey">A survey is enabled but it does not exist. Create a survey or uncheck the Enable Survey box to disable the survey. </div>'
|
||||
},
|
||||
become: {
|
||||
become_enabled: {
|
||||
label: 'Enable Privilege Escalation',
|
||||
type: 'checkbox',
|
||||
addRequired: false,
|
||||
editRequird: false,
|
||||
trueValue: 'true',
|
||||
falseValue: 'false',
|
||||
column: 2,
|
||||
awPopOver: "<p>If enabled, run this playbook as an administrator. This is the equivalent of passing the<code> --become</code> option to the <code> ansible-playbook</code> command. </p>",
|
||||
dataPlacement: 'right',
|
||||
|
||||
@ -122,12 +122,8 @@ angular.module('CredentialsHelper', ['Utilities'])
|
||||
scope.ssh_key_data = null;
|
||||
scope.ssh_key_unlock = null;
|
||||
scope.ssh_key_unlock_confirm = null;
|
||||
scope.sudo_username = null;
|
||||
scope.sudo_password = null;
|
||||
scope.su_username = null;
|
||||
scope.su_password = null;
|
||||
scope.pbrun_username = null;
|
||||
scope.pbrun_password = null;
|
||||
scope.become_username = null;
|
||||
scope.become_password = null;
|
||||
}
|
||||
|
||||
// Collapse or open help widget based on whether scm value is selected
|
||||
@ -168,29 +164,6 @@ angular.module('CredentialsHelper', ['Utilities'])
|
||||
}
|
||||
])
|
||||
|
||||
|
||||
.factory('LoginMethodChange', [
|
||||
function () {
|
||||
return function (params) {
|
||||
var scope = params.scope,
|
||||
login_method = scope.login_method;
|
||||
if (login_method !== 'sudo') {
|
||||
scope.sudo_username = null;
|
||||
scope.sudo_password = null;
|
||||
}
|
||||
if (login_method !== 'su') {
|
||||
scope.su_username = null;
|
||||
scope.su_password = null;
|
||||
}
|
||||
if (login_method !== 'pbrun') {
|
||||
scope.pbrun_username = null;
|
||||
scope.pbrun_password = null;
|
||||
}
|
||||
};
|
||||
}
|
||||
])
|
||||
|
||||
|
||||
.factory('FormSave', ['$location', 'Alert', 'Rest', 'ProcessErrors', 'Empty', 'GetBasePath', 'CredentialForm', 'ReturnToCaller', 'Wait',
|
||||
function ($location, Alert, Rest, ProcessErrors, Empty, GetBasePath, CredentialForm, ReturnToCaller, Wait) {
|
||||
return function (params) {
|
||||
@ -219,7 +192,7 @@ angular.module('CredentialsHelper', ['Utilities'])
|
||||
}
|
||||
|
||||
data.kind = scope.kind.value;
|
||||
|
||||
data.become_method = (scope.become_method.value) ? scope.become_method.value : "";
|
||||
switch (data.kind) {
|
||||
case 'ssh':
|
||||
data.password = scope.ssh_password;
|
||||
|
||||
@ -844,14 +844,8 @@ function($compile, Rest, GetBasePath, TextareaResize,CreateDialog, GenerateForm,
|
||||
if(data.ssh_key_unlock === "ASK"){
|
||||
passwords.push("ssh_key_unlock");
|
||||
}
|
||||
if(data.sudo_password === "ASK"){
|
||||
passwords.push("sudo_password");
|
||||
}
|
||||
if(data.su_password === "ASK"){
|
||||
passwords.push("su_password");
|
||||
}
|
||||
if(data.pbrun_password === "ASK"){
|
||||
passwords.push("pbrun_password");
|
||||
if(data.become_password === "ASK"){
|
||||
passwords.push("become_password");
|
||||
}
|
||||
if(data.vault_password === "ASK"){
|
||||
passwords.push("vault_password");
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user