Add support for host restriction in sudoers module #5703
Conversation
|
cc @JonEllis @JonEllis0 |
ansibullbot
added
feature
Docs Build 📝Thank you for contribution!✨ This PR has been merged and your docs changes will be incorporated when they are next published. |
There was a problem hiding this comment.
Thanks for your contribution! Could you please add a changelog fragment? Thanks.
|
Thanks @loz-hurst, I've not used the host option myself, but as the value defaults to ALL as it did before, it seems a safe addition. |
Co-authored-by: Felix Fontein <[email protected]>
Done and thanks for the version added, I wasn't sure what to use there so left it out. |
Hi @loz-hurst Maybe you are missing one git push: The changelog fragment is not in the PR yet. It would be nice to have one or two tests to demonstrate the use of the new parameter, but the change is very straightforward, so not having new tests will not stop the PR from being merged. |
My bad, committed that one to main not patch-1 on my fork. Should be in there now.
I'll will try and do this but pushed for time... |
I can't see any existing tests for the sudoers module - can someone more familiar with this codebase confirm that before I go ahead and create a new test_sudoers unit? Edit: I think I might open a separate issue for the lack of tests, if that is the case - creating tests for the entire module being a bigger task than adding one for this small piece of functionality. |
|
There are tests, see tests/integration/targets/sudoers/tasks/main.yml. |
felixfontein
added
check-before-release
Sorry about that, this is my first foray into contributing to anything Ansible related. I've added a test for this functionality to that suite, CI seems happy (which I presume has run the test, not sure which tasks do the integration tests?). |
|
Thanks for adding tests! You can see which group this test runs in in - so it's group2. You can see your task in one of the runs here: https://dev.azure.com/ansible/community.general/_build/results?buildId=63547&view=logs&j=40c88692-9fb4-5c35-6b69-5e083fc3f5c6&t=899bb9b2-728c-552d-02b1-ac8a85b01cba&l=382
|
Backport to stable-6: 💚 backport PR created✅ Backport PR branch: Backported as #5716 🤖 @patchback |
* Add support to restrict privileges by host * Missing comma * Making linter happy. * Add version 6.2.0 as when sudoers host parameter added Co-authored-by: Felix Fontein <[email protected]> * Changelog fragment for PR #5703 * Test for sudoers host-based restriction Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit 77fde03)
|
@loz-hurst thanks for your contribution! |
Thank you, I'm learning so much about |
…on in sudoers module (#5716) Add support for host restriction in sudoers module (#5703) * Add support to restrict privileges by host * Missing comma * Making linter happy. * Add version 6.2.0 as when sudoers host parameter added Co-authored-by: Felix Fontein <[email protected]> * Changelog fragment for PR #5703 * Test for sudoers host-based restriction Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit 77fde03) Co-authored-by: Laurence <[email protected]>
felixfontein
removed
the
check-before-release
SUMMARY
Implementation of my feature request: Fixes #5702
ISSUE TYPE
COMPONENT NAME
sudoers
ADDITIONAL INFORMATION
Adds ability to set host-based restrictions on privilege escalation managed via sudoers modules. Default behaviour (via default value to new parameter) maintains current behaviour of using the magic
ALLvalue (i.e. no restriction).