Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added password prompt support for machinectl #4849

Merged
merged 5 commits into from
Jul 8, 2022
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
include review comments 2
  • Loading branch information
Louis9902 committed Jun 18, 2022
commit e1cc9a2d83abd79a3ba99451e72cfc67dac14ca6
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
minor_changes:
- machinectl become method can now be used with a password from a none root user, if a polkit rule is present.
- machinectl become plugin - can now be used with a password from another user than root, if a polkit rule is present (https://github.com/ansible-collections/community.general/pull/4849).
11 changes: 7 additions & 4 deletions plugins/become/machinectl.py
Original file line number Diff line number Diff line change
Expand Up @@ -67,13 +67,16 @@
- section: machinectl_become_plugin
key: password
notes:
- This plugin only works correctly with a polkit rule which will alter the behaviour of machinectl. This rule must
alter the prompt behaviour to ask directly for the user credentials, if the user is allowed to perform the
action (take a look at the examples section). If such a rule is not present the plugin only work if it is used
in context with the root user, because then no further prompt will be shown by machinectl.
- When not using this plugin with user C(root), it only works correctly with a polkit rule which will alter
the behaviour of machinectl. This rule must alter the prompt behaviour to ask directly for the user credentials,
if the user is allowed to perform the action (take a look at the examples section).
If such a rule is not present the plugin only work if it is used in context with the root user,
because then no further prompt will be shown by machinectl.
'''

EXAMPLES = r'''
# A polkit rule needed to use the module with a non-root user.
# See the Notes section for details.
60-machinectl-fast-user-auth.rules: |
polkit.addRule(function(action, subject) {
if(action.id == "org.freedesktop.machine1.host-shell" && subject.isInGroup("wheel")) {
Expand Down