Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] [2.8] connection/docker: add support for privilege escalation #56277

Merged
merged 2 commits into from May 21, 2019
Merged

[WIP] [2.8] connection/docker: add support for privilege escalation #56277

merged 2 commits into from May 21, 2019
+54 −3

Conversation

felixfontein
Copy link
Contributor

@felixfontein felixfontein commented May 9, 2019
edited

SUMMARY

Backport of #55816 and #56288 to stable-2.8. Fixes privilege escalation for docker connection plugin if a passphrase is required.

CC @larsks

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

lib/ansible/plugins/connection/docker.py

@larsks @felixfontein
connection/docker: add privilege escalation support (ansible#55816)
0c1c64f 
As described in ansible#53385 (and ansible#31759), the docker connection driver did
not support privilege escalation. This commit is a shameless
cut-and-paste of the privilege escalation support from the `local`
connection plugin into the `docker` plugin.

Closes: ansible#53385
(cherry picked from commit 61e476b)
@ansibot
Copy link
Contributor

ansibot commented May 9, 2019

cc @DBendit @WojciechowskiPiotr @akshay196 @danihodovic @dariko @jwitko @kassiansun @tbouvet
click here for bot help

@ansibot ansibot added affects_2.8 This issue/PR affects Ansible v2.8 backport This PR does not target the devel branch. bug This issue/PR relates to a bug. cloud community_review In order to be merged, this PR must follow the community review workflow. docker needs_triage Needs a first human triage before being processed. support:community This issue/PR relates to code supported by the Ansible community. labels May 9, 2019
@felixfontein felixfontein changed the title [2.8] connection/docker: add support for privilege escalation [WIP] [2.8] connection/docker: add support for privilege escalation May 9, 2019
@ansibot ansibot added the WIP This issue/PR is a work in progress. Nevertheless it was shared for getting input from peers. label May 9, 2019
felixfontein
felixfontein commented May 9, 2019
View reviewed changes
lib/ansible/plugins/connection/docker.py Outdated
for key, event in events:
if key.fileobj == p.stdout:
chunk = p.stdout.read()
break
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this break should be there (and I guess I missed it in the original PR). It's not in local.py, either. @larsks where does it come from?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Huh, I haven't the foggiest idea. I didn't do any editing of that content that I recall. Funny that it works. I guess we submit a patch and fix it in the backports? Funny that everything still works. I wish this was all handled in one place...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've created #56288 and will include it in this backport once it is merged.

Your stable-2.7 does not have this code included though...

@ansibot ansibot added the stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. label May 18, 2019
@felixfontein
docker connection plugin: make privilege escalation code more similar…
56aa522 
… to local.py (ansible#56288)

* Make more similar to local.py

* Fix typo.

(cherry picked from commit 708bda0)
@ansibot ansibot removed the stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. label May 19, 2019
@abadger abadger merged commit 3fbe6e9 into ansible:stable-2.8 May 21, 2019
@abadger
Copy link
Contributor

abadger commented May 21, 2019

Merged for 2.8.1

@felixfontein felixfontein deleted the backport/2.8/55816 branch May 21, 2019 04:16
@sivel sivel removed the needs_triage Needs a first human triage before being processed. label May 22, 2019
@ansible ansible locked and limited conversation to collaborators Aug 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@larsks larsks larsks left review comments

Assignees
No one assigned
Labels
affects_2.8 This issue/PR affects Ansible v2.8 backport This PR does not target the devel branch. bug This issue/PR relates to a bug. cloud community_review In order to be merged, this PR must follow the community review workflow. docker support:community This issue/PR relates to code supported by the Ansible community. WIP This issue/PR is a work in progress. Nevertheless it was shared for getting input from peers.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@felixfontein @ansibot @abadger @larsks @sivel