I wrote a new rbac-playbook a while back but it never got deployed. Before going any farther on that front, I'd like to have the code reviewed to make sure that it can't give users any more privileges than intended.
The code is available at: https://bitbucket.org/tflink/ansible_utils
Some possible changes to make:
{{{ commit 50a7047beaf84666e5392e283c15fe0736b34fd8 Author: Ralph Bean rbean@redhat.com Date: Thu Jan 29 16:47:30 2015 -0500
Typofix?
diff --git a/ansible_utils/rbac_playbook.py b/ansible_utils/rbac_playbook.py index 7bf0d09..ec4095f 100755 --- a/ansible_utils/rbac_playbook.py +++ b/ansible_utils/rbac_playbook.py @@ -283,7 +283,7 @@ def rbac_playbook(playbook_name, options):
# make sure there are no wildcards in the playbook if '*' in playbook_name:
notify(generate_message('FAILURE', username, playbook_name, options, checksum)) raise RbacException("Wildcards are not allowed in the playbook filename.")
# if we're to this point, auth and sanity checking are good
commit 49c99a394a4b5b37585ce0b2753d79d562e74234 Author: Ralph Bean rbean@redhat.com Date: Thu Jan 29 16:47:22 2015 -0500
I think this is adding sudo to the args twice and that doesn't seem correct.
diff --git a/ansible_utils/rbac_playbook.py b/ansible_utils/rbac_playbook.py index 30c67f7..7bf0d09 100755 --- a/ansible_utils/rbac_playbook.py +++ b/ansible_utils/rbac_playbook.py @@ -203,7 +203,7 @@ def run_sudo_command(playbook_file, playbook_args): print "EXECV: %s" % ' '.join(args) else: print "EXECV: %s" % ' '.join(args) - os.execv('/usr/bin/sudo', args) + os.execv(args)
def can_run(acl, groups, playbook_file):
commit 66ea1f74794d445cb4f540f3d470ce097347e39b Author: Ralph Bean rbean@redhat.com Date: Thu Jan 29 16:44:48 2015 -0500
Wrap email contents with kitchen's to_bytes() This ensures that someone doesn't try to pass in oddly encoded characters as arguments and cause the mail-sending to fault. They wouldn't actually get anywhere since a mail gets sent before rbac tries to run any playbook work. But at least with this, we'll get error emails if someone is messing around. to_bytes works by trying as best it can to massage a value from unicode to utf-8 (if it isn't bytes already) and it tries to gracefully handle/hide all encoding/decoding errors to you just "get a byte string" at the end. I found that this was necessary to wrap around ``smtplib`` stuff via my work on FMN to avoid tracebacks in wild-encoding situations.
diff --git a/ansible_utils/rbac_playbook.py b/ansible_utils/rbac_playbook.py index d67d8ec..30c67f7 100755 --- a/ansible_utils/rbac_playbook.py +++ b/ansible_utils/rbac_playbook.py @@ -41,6 +41,8 @@ import copy
from pprint import pprint
+from kitchen.text.converters import to_bytes +
# local checkout dir first, then system wide dir$ CONF_DIRS = ['/etc/ansible-utils'] @@ -119,11 +121,11 @@ def email_notify(message): to send via email """ s = smtplib.SMTP(config['config']['SMTP_HOST']) - msg = MIMEText(message['body']) - msg['Subject'] = message['subject'] - msg['From'] = 'root@{0}'.format(socket.getfqdn()) + msg = MIMEText(to_bytes(message['body'])) + msg['Subject'] = to_bytes(message['subject']) + msg['From'] = to_bytes('root@{0}'.format(socket.getfqdn())) msg['To'] = config['config']['NOTIFY_ADDRESS'] - s.sendmail(msg['From'], [msg['To']], msg.as_string()) + s.sendmail(msg['From'], [msg['To']], to_bytes(msg.as_string())) s.quit()
}}}
Those all look good to me, the kitchen patch will need some mucking with the specfile and setup.py for deps but that's minor.
Are there any other suggestions/concerns? If not, any objections to trying this out once f22 alpha freeze is over?
No objections here. ;)
Same. Looks good here.
ok, we are out of freeze. Can we deploy this now?
Not sure where the latest version is...
This is now deployed. ;)
Login to comment on this ticket.