Make privilege escalation password configurable

Add parameter `become_password` into node list discovery and Ansible executor. Change-Id: Ifa3dc7c84a08171792bb4a18794cf37c2c658d8d
2017-09-05 17:03:06 +02:00 · 2017-09-05 17:03:06 +02:00 · da22323dfd
parent 8bdb893209
commit da22323dfd
3 changed files with 22 additions and 4 deletions
--- a/os_faults/ansible/executor.py
+++ b/os_faults/ansible/executor.py
@ -125,7 +125,7 @@ Options = collections.namedtuple(
 class AnsibleRunner(object):
    def __init__(self, remote_user='root', password=None, forks=100,
                 jump_host=None, jump_user=None, private_key_file=None,
-                 become=None, serial=None):
+                 become=None, become_password=None, serial=None):
        super(AnsibleRunner, self).__init__()

        ssh_common_args = SSH_COMMON_ARGS
@ -135,7 +135,7 @@ class AnsibleRunner(object):
                jump_user=jump_user or remote_user,
                private_key_file=private_key_file)

-        self.passwords = dict(conn_pass=password, become_pass=password)
+        self.passwords = dict(conn_pass=password, become_pass=become_password)
        self.options = Options(
            connection='smart',
            module_path=os.pathsep.join(get_module_paths()),
@ -275,7 +275,8 @@ class AnsibleRunner(object):
        return {
            'ansible_user': host.auth.get('username'),
            'ansible_ssh_pass': host.auth.get('password'),
-            'ansible_become': host.auth.get('sudo'),
+            'ansible_become': host.auth.get('become') or host.auth.get('sudo'),
+            'ansible_become_password': host.auth.get('become_password'),
            'ansible_ssh_private_key_file': host.auth.get('private_key_file'),
            'ansible_ssh_common_args': ssh_common_args,
        }
--- a/os_faults/drivers/nodes/node_list.py
+++ b/os_faults/drivers/nodes/node_list.py
@ -24,6 +24,8 @@ AUTH_SCHEMA = {
        'password': {'type': 'string'},
        'sudo': {'type': 'boolean'},
        'private_key_file': {'type': 'string'},
+        'become': {'type': 'boolean'},
+        'become_password': {'type': 'string'},
        'jump': {
            'type': 'object',
            'properties': {
@ -69,6 +71,8 @@ class NodeListDiscover(node_discover.NodeDiscover):
          - ip: 10.0.0.53
            mac: aa:bb:cc:dd:ee:03
            fqdn: node3.local
+            become: true
+            become_password: my_secret_password

    node parameters:

@ -81,6 +85,8 @@ class NodeListDiscover(node_discover.NodeDiscover):
        - **username** - SSH username (optional)
        - **password** - SSH password (optional)
        - **private_key_file** - SSH key file (optional)
+        - **become** - True if privilege escalation is used (optional)
+        - **become_password** - privilege escalation password (optional)
        - **jump** - SSH proxy parameters (optional):
            - **host** - SSH proxy host
            - **username** - SSH proxy user
--- a/os_faults/tests/unit/ansible/test_executor.py
+++ b/os_faults/tests/unit/ansible/test_executor.py
@ -133,7 +133,16 @@ class AnsibleRunnerTestCase(test.TestCase):
             remote_user='root', scp_extra_args=None, sftp_extra_args=None,
             ssh_common_args=executor.SSH_COMMON_ARGS,
             ssh_extra_args=None, verbosity=100),
-        dict(conn_pass='foobar', become_pass='foobar'),
+        dict(conn_pass='foobar', become_pass=None),
+    ), (
+        dict(remote_user='root', password='foobar', become_password='secret'),
+        dict(become=None, become_method='sudo', become_user='root',
+             check=False, connection='smart', forks=100,
+             private_key_file=None,
+             remote_user='root', scp_extra_args=None, sftp_extra_args=None,
+             ssh_common_args=executor.SSH_COMMON_ARGS,
+             ssh_extra_args=None, verbosity=100),
+        dict(conn_pass='foobar', become_pass='secret'),
    ), (
        dict(remote_user='root', jump_host='jhost.com',
             private_key_file='/path/my.key'),
@ -279,6 +288,7 @@ class AnsibleRunnerTestCase(test.TestCase):
                    'ansible_user': 'foo',
                    'ansible_ssh_pass': 'bar',
                    'ansible_become': True,
+                    'ansible_become_password': None,
                    'ansible_ssh_private_key_file': None,
                    'ansible_ssh_common_args': None,
                },
@ -286,6 +296,7 @@ class AnsibleRunnerTestCase(test.TestCase):
                    'ansible_user': None,
                    'ansible_ssh_pass': None,
                    'ansible_become': None,
+                    'ansible_become_password': None,
                    'ansible_ssh_private_key_file': None,
                    'ansible_ssh_common_args':
                        '-o UserKnownHostsFile=/dev/null '