External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-21 05:00:07 -03:30
Code Issues Packages Projects Releases Wiki Activity

adding 'become' privilege escalation on cred

Browse Source 
and on job template adding a flag for enabling 'become' escalation.
This commit is contained in:
Jared Tabor
2015-04-07 15:11:51 -04:00
parent f6827a1079
commit eb5e10aa5c
5 changed files with 40 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
awx/ui/static/js/controllers/Credentials.js
View File

@@ -136,7 +136,7 @@ CredentialsList.$inject = ['$scope', '$rootScope', '$location', '$log', '$routeP
export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $routeParams, CredentialForm, GenerateForm, Rest, Alert, export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $routeParams, CredentialForm, GenerateForm, Rest, Alert,
ProcessErrors, LoadBreadCrumbs, ReturnToCaller, ClearScope, GenerateList, SearchInit, PaginateInit, LookUpInit, UserList, TeamList, ProcessErrors, LoadBreadCrumbs, ReturnToCaller, ClearScope, GenerateList, SearchInit, PaginateInit, LookUpInit, UserList, TeamList,
GetBasePath, GetChoices, Empty, KindChange, OwnerChange, LoginMethodChange, FormSave) { GetBasePath, GetChoices, Empty, KindChange, OwnerChange, FormSave) {
ClearScope(); ClearScope();
@@ -158,20 +158,12 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $r
variable: 'credential_kind_options' variable: 'credential_kind_options'
}); });
// GetChoices({ GetChoices({
// scope: $scope, scope: $scope,
// url: defaultUrl, url: defaultUrl,
// field: 'become', field: 'become_method',
// variable: 'become_options' variable: 'become_options'
// }); });
$scope.become_options = [
{ value: 'sudo', label: 'Sudo' },
{ value: 'su', label: 'Su' },
{ value: 'pbrun', label: 'Pbrun'},
{ value: 'pfexec', label: 'Pfexec'},
{ value: 'runas', label: 'Runas'}
];
LookUpInit({ LookUpInit({
scope: $scope, scope: $scope,
@@ -224,16 +216,6 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $r
OwnerChange({ scope: $scope }); OwnerChange({ scope: $scope });
} }
if (!Empty($routeParams.su_username) || !Empty($routeParams.su_password)) {
$scope.login_method = 'su';
LoginMethodChange({ scope: $scope });
} else if (!Empty($routeParams.sudo_username) || !Empty($routeParams.sudo_password)) {
$scope.login_method = 'sudo';
LoginMethodChange({ scope: $scope });
} else {
$scope.login_method = '';
LoginMethodChange({ scope: $scope });
}
// Handle Kind change // Handle Kind change
$scope.kindChange = function () { $scope.kindChange = function () {
@@ -254,11 +236,6 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $r
OwnerChange({ scope: $scope }); OwnerChange({ scope: $scope });
}; };
// Handle Login Method change
$scope.loginMethodChange = function () {
LoginMethodChange({ scope: $scope });
};
// Reset defaults // Reset defaults
$scope.formReset = function () { $scope.formReset = function () {
//DebugForm({ scope: $scope, form: CredentialForm }); //DebugForm({ scope: $scope, form: CredentialForm });
@@ -309,13 +286,13 @@ export function CredentialsAdd($scope, $rootScope, $compile, $location, $log, $r
CredentialsAdd.$inject = ['$scope', '$rootScope', '$compile', '$location', '$log', '$routeParams', 'CredentialForm', 'GenerateForm', CredentialsAdd.$inject = ['$scope', '$rootScope', '$compile', '$location', '$log', '$routeParams', 'CredentialForm', 'GenerateForm',
'Rest', 'Alert', 'ProcessErrors', 'LoadBreadCrumbs', 'ReturnToCaller', 'ClearScope', 'generateList', 'SearchInit', 'PaginateInit', 'Rest', 'Alert', 'ProcessErrors', 'LoadBreadCrumbs', 'ReturnToCaller', 'ClearScope', 'generateList', 'SearchInit', 'PaginateInit',
'LookUpInit', 'UserList', 'TeamList', 'GetBasePath', 'GetChoices', 'Empty', 'KindChange', 'OwnerChange', 'LoginMethodChange', 'FormSave' 'LookUpInit', 'UserList', 'TeamList', 'GetBasePath', 'GetChoices', 'Empty', 'KindChange', 'OwnerChange', 'FormSave'
]; ];
export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $routeParams, CredentialForm, GenerateForm, Rest, Alert, export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $routeParams, CredentialForm, GenerateForm, Rest, Alert,
ProcessErrors, LoadBreadCrumbs, RelatedSearchInit, RelatedPaginateInit, ReturnToCaller, ClearScope, Prompt, GetBasePath, GetChoices, ProcessErrors, LoadBreadCrumbs, RelatedSearchInit, RelatedPaginateInit, ReturnToCaller, ClearScope, Prompt, GetBasePath, GetChoices,
KindChange, UserList, TeamList, LookUpInit, Empty, OwnerChange, LoginMethodChange, FormSave, Stream, Wait) { KindChange, UserList, TeamList, LookUpInit, Empty, OwnerChange, FormSave, Stream, Wait) {
ClearScope(); ClearScope();
@@ -329,13 +306,7 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $
generator.inject(form, { mode: 'edit', related: true, scope: $scope }); generator.inject(form, { mode: 'edit', related: true, scope: $scope });
generator.reset(); generator.reset();
$scope.id = id; $scope.id = id;
$scope.become_options = [
{ value: 'sudo', label: 'Sudo' },
{ value: 'su', label: 'Su' },
{ value: 'pbrun', label: 'Pbrun'},
{ value: 'pfexec', label: 'Pfexec'},
{ value: 'runas', label: 'Runas'}
];
function setAskCheckboxes() { function setAskCheckboxes() {
var fld, i; var fld, i;
for (fld in form.fields) { for (fld in form.fields) {
@@ -389,7 +360,6 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $
reset: false reset: false
}); });
OwnerChange({ scope: $scope }); OwnerChange({ scope: $scope });
LoginMethodChange({ scope: $scope });
Wait('stop'); Wait('stop');
}); });
@@ -429,14 +399,13 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $
} }
master.owner = $scope.owner; master.owner = $scope.owner;
if (!Empty($scope.su_username) || !Empty($scope.su_password)) { for (i = 0; i < $scope.become_options.length; i++) {
$scope.login_method = 'su'; if ($scope.become_options[i].value === data.become_method) {
} else if (!Empty($scope.sudo_username) || !Empty($scope.sudo_password)) { $scope.become_method = $scope.become_options[i];
$scope.login_method = 'sudo'; break;
} else { }
$scope.login_method = '';
} }
master.login_method = $scope.login_method; master.become_method = $scope.become_method;
for (i = 0; i < $scope.credential_kind_options.length; i++) { for (i = 0; i < $scope.credential_kind_options.length; i++) {
if ($scope.credential_kind_options[i].value === data.kind) { if ($scope.credential_kind_options[i].value === data.kind) {
@@ -488,6 +457,12 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $
callback: 'choicesReadyCredential' callback: 'choicesReadyCredential'
}); });
GetChoices({
scope: $scope,
url: defaultUrl,
field: 'become_method',
variable: 'become_options'
});
$scope.showActivity = function () { $scope.showActivity = function () {
Stream({ scope: $scope }); Stream({ scope: $scope });
}; };
@@ -506,11 +481,6 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $
OwnerChange({ scope: $scope }); OwnerChange({ scope: $scope });
}; };
// Handle Login Method change
$scope.loginMethodChange = function () {
LoginMethodChange({ scope: $scope });
};
// Handle Kind change // Handle Kind change
$scope.kindChange = function () { $scope.kindChange = function () {
KindChange({ scope: $scope, form: form, reset: true }); KindChange({ scope: $scope, form: form, reset: true });
@@ -525,7 +495,6 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $
setAskCheckboxes(); setAskCheckboxes();
KindChange({ scope: $scope, form: form, reset: false }); KindChange({ scope: $scope, form: form, reset: false });
OwnerChange({ scope: $scope }); OwnerChange({ scope: $scope });
LoginMethodChange({ scope: $scope });
}; };
// Related set: Add button // Related set: Add button
@@ -615,5 +584,5 @@ export function CredentialsEdit($scope, $rootScope, $compile, $location, $log, $
CredentialsEdit.$inject = ['$scope', '$rootScope', '$compile', '$location', '$log', '$routeParams', 'CredentialForm', CredentialsEdit.$inject = ['$scope', '$rootScope', '$compile', '$location', '$log', '$routeParams', 'CredentialForm',
'GenerateForm', 'Rest', 'Alert', 'ProcessErrors', 'LoadBreadCrumbs', 'RelatedSearchInit', 'RelatedPaginateInit', 'GenerateForm', 'Rest', 'Alert', 'ProcessErrors', 'LoadBreadCrumbs', 'RelatedSearchInit', 'RelatedPaginateInit',
'ReturnToCaller', 'ClearScope', 'Prompt', 'GetBasePath', 'GetChoices', 'KindChange', 'UserList', 'TeamList', 'LookUpInit', 'ReturnToCaller', 'ClearScope', 'Prompt', 'GetBasePath', 'GetChoices', 'KindChange', 'UserList', 'TeamList', 'LookUpInit',
'Empty', 'OwnerChange', 'LoginMethodChange', 'FormSave', 'Stream', 'Wait' 'Empty', 'OwnerChange', 'FormSave', 'Stream', 'Wait'
]; ];

18
awx/ui/static/js/forms/Credentials.js
View File

@@ -276,16 +276,20 @@ export default
}, },
"become_method": { "become_method": {
label: "Privilege Escalation", label: "Privilege Escalation",
hintText: "If your playbooks use privilege escalation (\"sudo: true\", \"su: true\", etc), you can specify the username to become, and the password to use here.", // hintText: "If your playbooks use privilege escalation (\"sudo: true\", \"su: true\", etc), you can specify the username to become, and the password to use here.",
type: 'select', type: 'select',
ngShow: "kind.value == 'ssh'", ngShow: "kind.value == 'ssh'",
ngChange: "loginMethodChange()", dataTitle: 'Privilege Escalation',
ngOptions: 'become.label for become in become_options track by become.value', ngOptions: 'become.label for become in become_options track by become.value',
awPopOver: "<p><b>Sudo:</b> Optionally specify a username for sudo operations. "+ awPopOver: "<p>Specify a username for 'become' operations. " +
"This is equivalent to specifying the <code>ansible-playbook --sudo-user</code> parameter.<br />" + "This is equivalent to specifying the <code>--become-method=BECOME_METHOD</code> parameter, where <code>BECOME_METHOD</code> could be "+
"<b>Su:</b> Optionally specify a username for su operations. This is equivalent to specifying the <code>ansible-playbook --su-user</code> parameter.<br/>"+ "<code>sudo | su | pbrun | pfexec | runas</code> <br>(defaults to <code>sudo</code>)</p>",
"<b>Pbrun:</b> Optionally specify a username for pbrun operations. This is equivalent to specifying the <code>ansible-playbook --become_method=pbrun</code> parameter."+
"Note that this option is only available with Tower instances using Ansible v1.9 or later (Current: Ansible v.{{ansible_version}})", // "<p><b>Sudo:</b> Optionally specify a username for sudo operations. "+
// "This is equivalent to specifying the <code>ansible-playbook --sudo-user</code> parameter.<br />" +
// "<b>Su:</b> Optionally specify a username for su operations. This is equivalent to specifying the <code>ansible-playbook --su-user</code> parameter.<br/>"+
// "<b>Pbrun:</b> Optionally specify a username for pbrun operations. This is equivalent to specifying the <code>ansible-playbook --become_method=pbrun</code> parameter."+
// "Note that this option is only available with Tower instances using Ansible v1.9 or later (Current: Ansible v.{{ansible_version}})",
dataPlacement: 'right', dataPlacement: 'right',
dataContainer: "body" dataContainer: "body"
}, },

4
awx/ui/static/js/forms/JobTemplates.js
View File

@@ -295,13 +295,11 @@ export default
// '<div class="error ng-hide" id="job-template-survey-error" ng-show="survey_enabled === true && survey_exists!==true">A survey is enabled but it does not exist. Create a survey or disable the survey. </div>' // '<div class="error ng-hide" id="job-template-survey-error" ng-show="survey_enabled === true && survey_exists!==true">A survey is enabled but it does not exist. Create a survey or disable the survey. </div>'
'<div class="error ng-hide" id="job-template-survey-error" ng-show="invalid_survey">A survey is enabled but it does not exist. Create a survey or uncheck the Enable Survey box to disable the survey. </div>' '<div class="error ng-hide" id="job-template-survey-error" ng-show="invalid_survey">A survey is enabled but it does not exist. Create a survey or uncheck the Enable Survey box to disable the survey. </div>'
}, },
become: { become_enabled: {
label: 'Enable Privilege Escalation', label: 'Enable Privilege Escalation',
type: 'checkbox', type: 'checkbox',
addRequired: false, addRequired: false,
editRequird: false, editRequird: false,
trueValue: 'true',
falseValue: 'false',
column: 2, column: 2,
awPopOver: "<p>If enabled, run this playbook as an administrator. This is the equivalent of passing the<code> --become</code> option to the <code> ansible-playbook</code> command. </p>", awPopOver: "<p>If enabled, run this playbook as an administrator. This is the equivalent of passing the<code> --become</code> option to the <code> ansible-playbook</code> command. </p>",
dataPlacement: 'right', dataPlacement: 'right',

33
awx/ui/static/js/helpers/Credentials.js
View File

@@ -122,12 +122,8 @@ angular.module('CredentialsHelper', ['Utilities'])
scope.ssh_key_data = null; scope.ssh_key_data = null;
scope.ssh_key_unlock = null; scope.ssh_key_unlock = null;
scope.ssh_key_unlock_confirm = null; scope.ssh_key_unlock_confirm = null;
scope.sudo_username = null; scope.become_username = null;
scope.sudo_password = null; scope.become_password = null;
scope.su_username = null;
scope.su_password = null;
scope.pbrun_username = null;
scope.pbrun_password = null;
} }
// Collapse or open help widget based on whether scm value is selected // Collapse or open help widget based on whether scm value is selected
@@ -168,29 +164,6 @@ angular.module('CredentialsHelper', ['Utilities'])
} }
]) ])
.factory('LoginMethodChange', [
function () {
return function (params) {
var scope = params.scope,
login_method = scope.login_method;
if (login_method !== 'sudo') {
scope.sudo_username = null;
scope.sudo_password = null;
}
if (login_method !== 'su') {
scope.su_username = null;
scope.su_password = null;
}
if (login_method !== 'pbrun') {
scope.pbrun_username = null;
scope.pbrun_password = null;
}
};
}
])
.factory('FormSave', ['$location', 'Alert', 'Rest', 'ProcessErrors', 'Empty', 'GetBasePath', 'CredentialForm', 'ReturnToCaller', 'Wait', .factory('FormSave', ['$location', 'Alert', 'Rest', 'ProcessErrors', 'Empty', 'GetBasePath', 'CredentialForm', 'ReturnToCaller', 'Wait',
function ($location, Alert, Rest, ProcessErrors, Empty, GetBasePath, CredentialForm, ReturnToCaller, Wait) { function ($location, Alert, Rest, ProcessErrors, Empty, GetBasePath, CredentialForm, ReturnToCaller, Wait) {
return function (params) { return function (params) {
@@ -219,7 +192,7 @@ angular.module('CredentialsHelper', ['Utilities'])
} }
data.kind = scope.kind.value; data.kind = scope.kind.value;
data.become_method = (scope.become_method.value) ? scope.become_method.value : "";
switch (data.kind) { switch (data.kind) {
case 'ssh': case 'ssh':
data.password = scope.ssh_password; data.password = scope.ssh_password;

10
awx/ui/static/js/helpers/JobSubmission.js
View File

@@ -844,14 +844,8 @@ function($compile, Rest, GetBasePath, TextareaResize,CreateDialog, GenerateForm,
if(data.ssh_key_unlock === "ASK"){ if(data.ssh_key_unlock === "ASK"){
passwords.push("ssh_key_unlock"); passwords.push("ssh_key_unlock");
} }
if(data.sudo_password === "ASK"){ if(data.become_password === "ASK"){
passwords.push("sudo_password"); passwords.push("become_password");
}
if(data.su_password === "ASK"){
passwords.push("su_password");
}
if(data.pbrun_password === "ASK"){
passwords.push("pbrun_password");
} }
if(data.vault_password === "ASK"){ if(data.vault_password === "ASK"){
passwords.push("vault_password"); passwords.push("vault_password");