From eb5e10aa5ca7ea925e83fc798de2d564670557d4 Mon Sep 17 00:00:00 2001 From: Jared Tabor Date: Tue, 7 Apr 2015 15:11:51 -0400 Subject: [PATCH] adding 'become' privilege escalation on cred and on job template adding a flag for enabling 'become' escalation. --- awx/ui/static/js/controllers/Credentials.js | 77 ++++++--------------- awx/ui/static/js/forms/Credentials.js | 18 +++-- awx/ui/static/js/forms/JobTemplates.js | 4 +- awx/ui/static/js/helpers/Credentials.js | 33 +-------- awx/ui/static/js/helpers/JobSubmission.js | 10 +-- 5 files changed, 40 insertions(+), 102 deletions(-) diff --git a/awx/ui/static/js/controllers/Credentials.js b/awx/ui/static/js/controllers/Credentials.js index cb2a355cef..dab1960d79 100644 --- a/awx/ui/static/js/controllers/Credentials.js +++ b/awx/ui/static/js/controllers/Credentials.js @@ -136,7 +136,7 @@ CredentialsList.$inject = ['$scope', '$rootScope', '$location', '$log', '$routeP export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $routeParams, CredentialForm, GenerateForm, Rest, Alert, ProcessErrors, LoadBreadCrumbs, ReturnToCaller, ClearScope, GenerateList, SearchInit, PaginateInit, LookUpInit, UserList, TeamList, - GetBasePath, GetChoices, Empty, KindChange, OwnerChange, LoginMethodChange, FormSave) { + GetBasePath, GetChoices, Empty, KindChange, OwnerChange, FormSave) { ClearScope(); @@ -158,20 +158,12 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $r variable: 'credential_kind_options' }); - // GetChoices({ - // scope: $scope, - // url: defaultUrl, - // field: 'become', - // variable: 'become_options' - // }); - - $scope.become_options = [ - { value: 'sudo', label: 'Sudo' }, - { value: 'su', label: 'Su' }, - { value: 'pbrun', label: 'Pbrun'}, - { value: 'pfexec', label: 'Pfexec'}, - { value: 'runas', label: 'Runas'} - ]; + GetChoices({ + scope: $scope, + url: defaultUrl, + field: 'become_method', + variable: 'become_options' + }); LookUpInit({ scope: $scope, @@ -224,16 +216,6 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $r OwnerChange({ scope: $scope }); } - if (!Empty($routeParams.su_username) || !Empty($routeParams.su_password)) { - $scope.login_method = 'su'; - LoginMethodChange({ scope: $scope }); - } else if (!Empty($routeParams.sudo_username) || !Empty($routeParams.sudo_password)) { - $scope.login_method = 'sudo'; - LoginMethodChange({ scope: $scope }); - } else { - $scope.login_method = ''; - LoginMethodChange({ scope: $scope }); - } // Handle Kind change $scope.kindChange = function () { @@ -254,11 +236,6 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $r OwnerChange({ scope: $scope }); }; - // Handle Login Method change - $scope.loginMethodChange = function () { - LoginMethodChange({ scope: $scope }); - }; - // Reset defaults $scope.formReset = function () { //DebugForm({ scope: $scope, form: CredentialForm }); @@ -309,13 +286,13 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $r CredentialsAdd.$inject = ['$scope', '$rootScope', '$compile', '$location', '$log', '$routeParams', 'CredentialForm', 'GenerateForm', 'Rest', 'Alert', 'ProcessErrors', 'LoadBreadCrumbs', 'ReturnToCaller', 'ClearScope', 'generateList', 'SearchInit', 'PaginateInit', - 'LookUpInit', 'UserList', 'TeamList', 'GetBasePath', 'GetChoices', 'Empty', 'KindChange', 'OwnerChange', 'LoginMethodChange', 'FormSave' + 'LookUpInit', 'UserList', 'TeamList', 'GetBasePath', 'GetChoices', 'Empty', 'KindChange', 'OwnerChange', 'FormSave' ]; export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $routeParams, CredentialForm, GenerateForm, Rest, Alert, ProcessErrors, LoadBreadCrumbs, RelatedSearchInit, RelatedPaginateInit, ReturnToCaller, ClearScope, Prompt, GetBasePath, GetChoices, - KindChange, UserList, TeamList, LookUpInit, Empty, OwnerChange, LoginMethodChange, FormSave, Stream, Wait) { + KindChange, UserList, TeamList, LookUpInit, Empty, OwnerChange, FormSave, Stream, Wait) { ClearScope(); @@ -329,13 +306,7 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $ generator.inject(form, { mode: 'edit', related: true, scope: $scope }); generator.reset(); $scope.id = id; - $scope.become_options = [ - { value: 'sudo', label: 'Sudo' }, - { value: 'su', label: 'Su' }, - { value: 'pbrun', label: 'Pbrun'}, - { value: 'pfexec', label: 'Pfexec'}, - { value: 'runas', label: 'Runas'} - ]; + function setAskCheckboxes() { var fld, i; for (fld in form.fields) { @@ -389,7 +360,6 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $ reset: false }); OwnerChange({ scope: $scope }); - LoginMethodChange({ scope: $scope }); Wait('stop'); }); @@ -429,14 +399,13 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $ } master.owner = $scope.owner; - if (!Empty($scope.su_username) || !Empty($scope.su_password)) { - $scope.login_method = 'su'; - } else if (!Empty($scope.sudo_username) || !Empty($scope.sudo_password)) { - $scope.login_method = 'sudo'; - } else { - $scope.login_method = ''; + for (i = 0; i < $scope.become_options.length; i++) { + if ($scope.become_options[i].value === data.become_method) { + $scope.become_method = $scope.become_options[i]; + break; + } } - master.login_method = $scope.login_method; + master.become_method = $scope.become_method; for (i = 0; i < $scope.credential_kind_options.length; i++) { if ($scope.credential_kind_options[i].value === data.kind) { @@ -488,6 +457,12 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $ callback: 'choicesReadyCredential' }); + GetChoices({ + scope: $scope, + url: defaultUrl, + field: 'become_method', + variable: 'become_options' + }); $scope.showActivity = function () { Stream({ scope: $scope }); }; @@ -506,11 +481,6 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $ OwnerChange({ scope: $scope }); }; - // Handle Login Method change - $scope.loginMethodChange = function () { - LoginMethodChange({ scope: $scope }); - }; - // Handle Kind change $scope.kindChange = function () { KindChange({ scope: $scope, form: form, reset: true }); @@ -525,7 +495,6 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $ setAskCheckboxes(); KindChange({ scope: $scope, form: form, reset: false }); OwnerChange({ scope: $scope }); - LoginMethodChange({ scope: $scope }); }; // Related set: Add button @@ -615,5 +584,5 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $ CredentialsEdit.$inject = ['$scope', '$rootScope', '$compile', '$location', '$log', '$routeParams', 'CredentialForm', 'GenerateForm', 'Rest', 'Alert', 'ProcessErrors', 'LoadBreadCrumbs', 'RelatedSearchInit', 'RelatedPaginateInit', 'ReturnToCaller', 'ClearScope', 'Prompt', 'GetBasePath', 'GetChoices', 'KindChange', 'UserList', 'TeamList', 'LookUpInit', - 'Empty', 'OwnerChange', 'LoginMethodChange', 'FormSave', 'Stream', 'Wait' + 'Empty', 'OwnerChange', 'FormSave', 'Stream', 'Wait' ]; diff --git a/awx/ui/static/js/forms/Credentials.js b/awx/ui/static/js/forms/Credentials.js index ab5c578b50..cef7c0ce70 100644 --- a/awx/ui/static/js/forms/Credentials.js +++ b/awx/ui/static/js/forms/Credentials.js @@ -276,16 +276,20 @@ export default }, "become_method": { label: "Privilege Escalation", - hintText: "If your playbooks use privilege escalation (\"sudo: true\", \"su: true\", etc), you can specify the username to become, and the password to use here.", + // hintText: "If your playbooks use privilege escalation (\"sudo: true\", \"su: true\", etc), you can specify the username to become, and the password to use here.", type: 'select', ngShow: "kind.value == 'ssh'", - ngChange: "loginMethodChange()", + dataTitle: 'Privilege Escalation', ngOptions: 'become.label for become in become_options track by become.value', - awPopOver: "

Sudo: Optionally specify a username for sudo operations. "+ - "This is equivalent to specifying the ansible-playbook --sudo-user parameter.
" + - "Su: Optionally specify a username for su operations. This is equivalent to specifying the ansible-playbook --su-user parameter.
"+ - "Pbrun: Optionally specify a username for pbrun operations. This is equivalent to specifying the ansible-playbook --become_method=pbrun parameter."+ - "Note that this option is only available with Tower instances using Ansible v1.9 or later (Current: Ansible v.{{ansible_version}})", + awPopOver: "

Specify a username for 'become' operations. " + + "This is equivalent to specifying the --become-method=BECOME_METHOD parameter, where BECOME_METHOD could be "+ + "sudo | su | pbrun | pfexec | runas
(defaults to sudo)

", + + // "

Sudo: Optionally specify a username for sudo operations. "+ + // "This is equivalent to specifying the ansible-playbook --sudo-user parameter.
" + + // "Su: Optionally specify a username for su operations. This is equivalent to specifying the ansible-playbook --su-user parameter.
"+ + // "Pbrun: Optionally specify a username for pbrun operations. This is equivalent to specifying the ansible-playbook --become_method=pbrun parameter."+ + // "Note that this option is only available with Tower instances using Ansible v1.9 or later (Current: Ansible v.{{ansible_version}})", dataPlacement: 'right', dataContainer: "body" }, diff --git a/awx/ui/static/js/forms/JobTemplates.js b/awx/ui/static/js/forms/JobTemplates.js index a6cb174afe..a87c88e5b9 100644 --- a/awx/ui/static/js/forms/JobTemplates.js +++ b/awx/ui/static/js/forms/JobTemplates.js @@ -295,13 +295,11 @@ export default // '

A survey is enabled but it does not exist. Create a survey or disable the survey.
' '
A survey is enabled but it does not exist. Create a survey or uncheck the Enable Survey box to disable the survey.
' }, - become: { + become_enabled: { label: 'Enable Privilege Escalation', type: 'checkbox', addRequired: false, editRequird: false, - trueValue: 'true', - falseValue: 'false', column: 2, awPopOver: "

If enabled, run this playbook as an administrator. This is the equivalent of passing the --become option to the ansible-playbook command.

", dataPlacement: 'right', diff --git a/awx/ui/static/js/helpers/Credentials.js b/awx/ui/static/js/helpers/Credentials.js index b2160e483b..1df3258801 100644 --- a/awx/ui/static/js/helpers/Credentials.js +++ b/awx/ui/static/js/helpers/Credentials.js @@ -122,12 +122,8 @@ angular.module('CredentialsHelper', ['Utilities']) scope.ssh_key_data = null; scope.ssh_key_unlock = null; scope.ssh_key_unlock_confirm = null; - scope.sudo_username = null; - scope.sudo_password = null; - scope.su_username = null; - scope.su_password = null; - scope.pbrun_username = null; - scope.pbrun_password = null; + scope.become_username = null; + scope.become_password = null; } // Collapse or open help widget based on whether scm value is selected @@ -168,29 +164,6 @@ angular.module('CredentialsHelper', ['Utilities']) } ]) - -.factory('LoginMethodChange', [ - function () { - return function (params) { - var scope = params.scope, - login_method = scope.login_method; - if (login_method !== 'sudo') { - scope.sudo_username = null; - scope.sudo_password = null; - } - if (login_method !== 'su') { - scope.su_username = null; - scope.su_password = null; - } - if (login_method !== 'pbrun') { - scope.pbrun_username = null; - scope.pbrun_password = null; - } - }; -} -]) - - .factory('FormSave', ['$location', 'Alert', 'Rest', 'ProcessErrors', 'Empty', 'GetBasePath', 'CredentialForm', 'ReturnToCaller', 'Wait', function ($location, Alert, Rest, ProcessErrors, Empty, GetBasePath, CredentialForm, ReturnToCaller, Wait) { return function (params) { @@ -219,7 +192,7 @@ angular.module('CredentialsHelper', ['Utilities']) } data.kind = scope.kind.value; - + data.become_method = (scope.become_method.value) ? scope.become_method.value : ""; switch (data.kind) { case 'ssh': data.password = scope.ssh_password; diff --git a/awx/ui/static/js/helpers/JobSubmission.js b/awx/ui/static/js/helpers/JobSubmission.js index f5f3594942..6ed18ef02d 100644 --- a/awx/ui/static/js/helpers/JobSubmission.js +++ b/awx/ui/static/js/helpers/JobSubmission.js @@ -844,14 +844,8 @@ function($compile, Rest, GetBasePath, TextareaResize,CreateDialog, GenerateForm, if(data.ssh_key_unlock === "ASK"){ passwords.push("ssh_key_unlock"); } - if(data.sudo_password === "ASK"){ - passwords.push("sudo_password"); - } - if(data.su_password === "ASK"){ - passwords.push("su_password"); - } - if(data.pbrun_password === "ASK"){ - passwords.push("pbrun_password"); + if(data.become_password === "ASK"){ + passwords.push("become_password"); } if(data.vault_password === "ASK"){ passwords.push("vault_password");