Docs: Add MD for partial-become rule (#2560)

* Docs: Add MD for partial-become rule * chore: auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * add warning Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Sorin Sbarnea <sorin.sbarnea@gmail.com>
ansible · Oct 6, 2022 · 654f842 · 654f842
1 parent dd29bc0
commit 654f842
Showing 1 changed file with 41 additions and 0 deletions.
diff --git a/src/ansiblelint/rules/partial_become.md b/src/ansiblelint/rules/partial_become.md
@@ -0,0 +1,41 @@
+# partial-become
+
+This rule checks that privilege escalation is activated when changing users.
+
+To perform an action as a different user with the `become_user` directive, you must set `become: true`.
+
+```{warning}
+While Ansible inherits have of `become` and `become_user` from upper levels,
+like play level or command line, we do not look at these values. This rule
+requires you to be explicit and always define both in the same place, mainly
+in order to prevent accidents when some tasks are moved from one location to
+another one.
+```
+
+## Problematic Code
+
+```yaml
+---
+- name: Example playbook
+  hosts: localhost
+  tasks:
+    - name: Start the httpd service as the apache user
+      ansible.builtin.service:
+        name: httpd
+        state: started
+        become_user: apache # <- Does not change the user because "become: true" is not set.
+```
+
+## Correct Code
+
+```yaml
+- name: Example playbook
+  hosts: localhost
+  tasks:
+    - name: Start the httpd service as the apache user
+      ansible.builtin.service:
+        name: httpd
+        state: started
+        become: true # <- Activates privilege escalation.
+        become_user: apache # <- Changes the user with the desired privileges.
+```