mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Auth to become (#33319)
* terminal.on_(de)?authorize -> terminal.on_(un)?become * Update network_cli * Readd on_(de)?authorize as wrappers * Update tests
This commit is contained in:
parent
53d9f9ffae
commit
a1da3dc997
11 changed files with 35 additions and 23 deletions
|
@ -144,11 +144,11 @@ class Connection(ConnectionBase):
|
|||
messages = ['updating play_context for connection']
|
||||
if self._play_context.become is False and play_context.become is True:
|
||||
auth_pass = play_context.become_pass
|
||||
self._terminal.on_authorize(passwd=auth_pass)
|
||||
self._terminal.on_become(passwd=auth_pass)
|
||||
messages.append('authorizing connection')
|
||||
|
||||
elif self._play_context.become is True and not play_context.become:
|
||||
self._terminal.on_deauthorize()
|
||||
self._terminal.on_unbecome()
|
||||
messages.append('deauthorizing connection')
|
||||
|
||||
self._play_context = play_context
|
||||
|
@ -196,9 +196,9 @@ class Connection(ConnectionBase):
|
|||
self._terminal.on_open_shell()
|
||||
|
||||
if self._play_context.become and self._play_context.become_method == 'enable':
|
||||
display.vvvv('firing event: on_authorize', host=self._play_context.remote_addr)
|
||||
display.vvvv('firing event: on_become', host=self._play_context.remote_addr)
|
||||
auth_pass = self._play_context.become_pass
|
||||
self._terminal.on_authorize(passwd=auth_pass)
|
||||
self._terminal.on_become(passwd=auth_pass)
|
||||
|
||||
display.vvvv('ssh connection has completed successfully', host=self._play_context.remote_addr)
|
||||
self._connected = True
|
||||
|
|
|
@ -91,7 +91,7 @@ class TerminalBase(with_metaclass(ABCMeta, object)):
|
|||
"""
|
||||
pass
|
||||
|
||||
def on_authorize(self, passwd=None):
|
||||
def on_become(self, passwd=None):
|
||||
"""Called when privilege escalation is requested
|
||||
|
||||
:kwarg passwd: String containing the password
|
||||
|
@ -103,7 +103,7 @@ class TerminalBase(with_metaclass(ABCMeta, object)):
|
|||
"""
|
||||
pass
|
||||
|
||||
def on_deauthorize(self):
|
||||
def on_unbecome(self):
|
||||
"""Called when privilege deescalation is requested
|
||||
|
||||
This method is called when the privilege changed from escalated
|
||||
|
@ -111,3 +111,15 @@ class TerminalBase(with_metaclass(ABCMeta, object)):
|
|||
of this method to actually perform the deauthorization procedure
|
||||
"""
|
||||
pass
|
||||
|
||||
def on_authorize(self, passwd=None):
|
||||
"""Deprecated method for privilege escalation
|
||||
|
||||
:kwarg passwd: String containing the password
|
||||
"""
|
||||
return self.on_become(passwd)
|
||||
|
||||
def on_deauthorize(self):
|
||||
"""Deprecated method for privilege deescalation
|
||||
"""
|
||||
return self.on_unbecome()
|
||||
|
|
|
@ -50,7 +50,7 @@ class TerminalModule(TerminalBase):
|
|||
except AnsibleConnectionFailure:
|
||||
raise AnsibleConnectionFailure('unable to disable terminal pager')
|
||||
|
||||
def on_authorize(self, passwd=None):
|
||||
def on_become(self, passwd=None):
|
||||
if self._get_prompt().strip().endswith(b'#'):
|
||||
return
|
||||
|
||||
|
|
|
@ -53,7 +53,7 @@ class TerminalModule(TerminalBase):
|
|||
except AnsibleConnectionFailure:
|
||||
raise AnsibleConnectionFailure('unable to set terminal parameters')
|
||||
|
||||
def on_authorize(self, passwd=None):
|
||||
def on_become(self, passwd=None):
|
||||
if self._get_prompt().endswith(b'#'):
|
||||
return
|
||||
|
||||
|
@ -67,7 +67,7 @@ class TerminalModule(TerminalBase):
|
|||
except AnsibleConnectionFailure:
|
||||
raise AnsibleConnectionFailure('unable to elevate privilege to enable mode')
|
||||
|
||||
def on_deauthorize(self):
|
||||
def on_unbecome(self):
|
||||
prompt = self._get_prompt()
|
||||
if prompt is None:
|
||||
# if prompt is None most likely the terminal is hung up at a prompt
|
||||
|
|
|
@ -42,7 +42,7 @@ class TerminalModule(TerminalBase):
|
|||
re.compile(br"'[^']' +returned error code: ?\d+"),
|
||||
]
|
||||
|
||||
def on_authorize(self, passwd=None):
|
||||
def on_become(self, passwd=None):
|
||||
if self._get_prompt().endswith('#'):
|
||||
return
|
||||
|
||||
|
@ -60,7 +60,7 @@ class TerminalModule(TerminalBase):
|
|||
except AnsibleConnectionFailure:
|
||||
raise AnsibleConnectionFailure('unable to set terminal parameters')
|
||||
|
||||
def on_deauthorize(self):
|
||||
def on_unbecome(self):
|
||||
prompt = self._get_prompt()
|
||||
if prompt is None:
|
||||
# if prompt is None most likely the terminal is hung up at a prompt
|
||||
|
|
|
@ -51,7 +51,7 @@ class TerminalModule(TerminalBase):
|
|||
except AnsibleConnectionFailure:
|
||||
raise AnsibleConnectionFailure('unable to set terminal parameters')
|
||||
|
||||
def on_authorize(self, passwd=None):
|
||||
def on_become(self, passwd=None):
|
||||
if self._get_prompt().endswith(b'#'):
|
||||
return
|
||||
|
||||
|
@ -65,7 +65,7 @@ class TerminalModule(TerminalBase):
|
|||
except AnsibleConnectionFailure:
|
||||
raise AnsibleConnectionFailure('unable to elevate privilege to enable mode')
|
||||
|
||||
def on_deauthorize(self):
|
||||
def on_unbecome(self):
|
||||
prompt = self._get_prompt()
|
||||
if prompt is None:
|
||||
# if prompt is None most likely the terminal is hung up at a prompt
|
||||
|
|
|
@ -67,7 +67,7 @@ class TerminalModule(TerminalBase):
|
|||
except AnsibleConnectionFailure:
|
||||
raise AnsibleConnectionFailure('unable to set terminal parameters')
|
||||
|
||||
def on_authorize(self, passwd=None):
|
||||
def on_become(self, passwd=None):
|
||||
if self._get_prompt().endswith(b'#'):
|
||||
return
|
||||
|
||||
|
@ -87,7 +87,7 @@ class TerminalModule(TerminalBase):
|
|||
msg = 'unable to elevate privilege to enable mode'
|
||||
raise AnsibleConnectionFailure(msg)
|
||||
|
||||
def on_deauthorize(self):
|
||||
def on_unbecome(self):
|
||||
prompt = self._get_prompt()
|
||||
if prompt is None:
|
||||
# if prompt is None most likely the terminal is hung up at a prompt
|
||||
|
|
|
@ -55,7 +55,7 @@ class TerminalModule(TerminalBase):
|
|||
except AnsibleConnectionFailure:
|
||||
raise AnsibleConnectionFailure('unable to set terminal parameters')
|
||||
|
||||
def on_authorize(self, passwd=None):
|
||||
def on_become(self, passwd=None):
|
||||
if self._get_prompt().endswith(b'#'):
|
||||
return
|
||||
|
||||
|
@ -69,7 +69,7 @@ class TerminalModule(TerminalBase):
|
|||
except AnsibleConnectionFailure:
|
||||
raise AnsibleConnectionFailure('unable to elevate privilege to enable mode')
|
||||
|
||||
def on_deauthorize(self):
|
||||
def on_unbecome(self):
|
||||
prompt = self._get_prompt()
|
||||
if prompt is None:
|
||||
# if prompt is None most likely the terminal is hung up at a prompt
|
||||
|
|
|
@ -52,7 +52,7 @@ class TerminalModule(TerminalBase):
|
|||
except AnsibleConnectionFailure:
|
||||
raise AnsibleConnectionFailure('unable to set terminal parameters')
|
||||
|
||||
def on_authorize(self, passwd=None):
|
||||
def on_become(self, passwd=None):
|
||||
if self._get_prompt().endswith(b'#'):
|
||||
return
|
||||
|
||||
|
@ -68,7 +68,7 @@ class TerminalModule(TerminalBase):
|
|||
except AnsibleConnectionFailure:
|
||||
raise AnsibleConnectionFailure('unable to elevate privilege to enable mode')
|
||||
|
||||
def on_deauthorize(self):
|
||||
def on_unbecome(self):
|
||||
prompt = self._get_prompt()
|
||||
if prompt is None:
|
||||
# if prompt is None most likely the terminal is hung up at a prompt
|
||||
|
|
|
@ -48,7 +48,7 @@ class TerminalModule(TerminalBase):
|
|||
except AnsibleConnectionFailure:
|
||||
raise AnsibleConnectionFailure('unable to disable terminal pager')
|
||||
|
||||
def on_authorize(self, passwd=None):
|
||||
def on_become(self, passwd=None):
|
||||
if self._get_prompt().strip().endswith(b'#'):
|
||||
return
|
||||
|
||||
|
@ -64,7 +64,7 @@ class TerminalModule(TerminalBase):
|
|||
except AnsibleConnectionFailure:
|
||||
raise AnsibleConnectionFailure('unable to elevate privilege to enable mode')
|
||||
|
||||
def on_deauthorize(self):
|
||||
def on_unbecome(self):
|
||||
prompt = self._get_prompt()
|
||||
if prompt is None:
|
||||
# if prompt is None most likely the terminal is hung up at a prompt
|
||||
|
|
|
@ -74,7 +74,7 @@ class TestConnectionClass(unittest.TestCase):
|
|||
|
||||
conn._connect()
|
||||
self.assertTrue(conn._terminal.on_open_shell.called)
|
||||
self.assertFalse(conn._terminal.on_authorize.called)
|
||||
self.assertFalse(conn._terminal.on_become.called)
|
||||
|
||||
conn._play_context.become = True
|
||||
conn._play_context.become_method = 'enable'
|
||||
|
@ -82,7 +82,7 @@ class TestConnectionClass(unittest.TestCase):
|
|||
conn._connected = False
|
||||
|
||||
conn._connect()
|
||||
conn._terminal.on_authorize.assert_called_with(passwd='password')
|
||||
conn._terminal.on_become.assert_called_with(passwd='password')
|
||||
|
||||
@patch("ansible.plugins.connection.paramiko_ssh.Connection.close")
|
||||
def test_network_cli_close(self, mocked_super):
|
||||
|
|
Loading…
Reference in a new issue