diff --git a/lib/ansible/constants.py b/lib/ansible/constants.py index f277dac703..ce924e5120 100644 --- a/lib/ansible/constants.py +++ b/lib/ansible/constants.py @@ -276,7 +276,8 @@ BECOME_ERROR_STRINGS = { 'pfexec': '', 'doas': 'Permission denied', 'dzdo': '', - 'ksu': 'Password incorrect' + 'ksu': 'Password incorrect', + 'pmrun': 'You are not permitted to run this command' } # FIXME: deal with i18n BECOME_MISSING_STRINGS = { 'sudo': 'sorry, a password is required to run sudo', @@ -285,9 +286,10 @@ BECOME_MISSING_STRINGS = { 'pfexec': '', 'doas': 'Authorization required', 'dzdo': '', - 'ksu': 'No password given' + 'ksu': 'No password given', + 'pmrun': '' } # FIXME: deal with i18n -BECOME_METHODS = ['sudo', 'su', 'pbrun', 'pfexec', 'doas', 'dzdo', 'ksu', 'runas'] +BECOME_METHODS = ['sudo', 'su', 'pbrun', 'pfexec', 'doas', 'dzdo', 'ksu', 'runas', 'pmrun'] BECOME_ALLOW_SAME_USER = get_config(p, 'privilege_escalation', 'become_allow_same_user', 'ANSIBLE_BECOME_ALLOW_SAME_USER', False, value_type='boolean') DEFAULT_BECOME_METHOD = get_config(p, 'privilege_escalation', 'become_method', 'ANSIBLE_BECOME_METHOD', 'sudo' if DEFAULT_SUDO else 'su' if DEFAULT_SU else 'sudo').lower() @@ -297,7 +299,6 @@ DEFAULT_BECOME_EXE = get_config(p, 'privilege_escalation', 'become_exe', 'ANSIBL DEFAULT_BECOME_FLAGS = get_config(p, 'privilege_escalation', 'become_flags', 'ANSIBLE_BECOME_FLAGS', None) DEFAULT_BECOME_ASK_PASS = get_config(p, 'privilege_escalation', 'become_ask_pass', 'ANSIBLE_BECOME_ASK_PASS', False, value_type='boolean') - # PLUGINS # Modules that can optimize with_items loops into a single call. Currently diff --git a/lib/ansible/modules/commands/command.py b/lib/ansible/modules/commands/command.py index f7b4b0c9f3..0f5037e1d2 100644 --- a/lib/ansible/modules/commands/command.py +++ b/lib/ansible/modules/commands/command.py @@ -119,7 +119,7 @@ def check_command(commandline): 'mount': 'mount', 'rpm': 'yum, dnf or zypper', 'yum': 'yum', 'apt-get': 'apt', 'tar': 'unarchive', 'unzip': 'unarchive', 'sed': 'template or lineinfile', 'dnf': 'dnf', 'zypper': 'zypper' } - become = [ 'sudo', 'su', 'pbrun', 'pfexec', 'runas' ] + become = [ 'sudo', 'su', 'pbrun', 'pfexec', 'runas', 'pmrun' ] warnings = list() command = os.path.basename(commandline.split()[0]) if command in arguments: diff --git a/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py b/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py index ff796ceca3..7f87b1d622 100644 --- a/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py +++ b/lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py @@ -125,7 +125,7 @@ options: description: - Become method to Use for privledge escalation. required: False - choices: ["None", "sudo", "su", "pbrun", "pfexec"] + choices: ["None", "sudo", "su", "pbrun", "pfexec", "pmrun"] default: "None" become_username: description: diff --git a/lib/ansible/playbook/play_context.py b/lib/ansible/playbook/play_context.py index b8503f6ffa..51b2052d7f 100644 --- a/lib/ansible/playbook/play_context.py +++ b/lib/ansible/playbook/play_context.py @@ -587,6 +587,13 @@ class PlayContext(Base): else: becomecmd = '%s -u %s %s' % (exe, self.become_user, command) + elif self.become_method == 'pmrun': + + exe = self.become_exe or 'pmrun' + + prompt='Enter UPM user password:' + becomecmd = '%s %s %s' % (exe, flags, shlex_quote(command)) + else: raise AnsibleError("Privilege escalation method not found: %s" % self.become_method)