Merge pull request #42603 from twangboy/win_fix_runas

Add runas_passwd as a global for states
2025-04-17 10:10:20 +00:00 · 2017-07-31 14:49:48 -05:00 · 2017-07-31 14:49:48 -05:00 · fb81e78f71
commit fb81e78f71
parent 75ba23c253 0c9e40012b
3 changed files with 34 additions and 1 deletions
--- a/doc/ref/states/requisites.rst
+++ b/doc/ref/states/requisites.rst
@ -519,7 +519,8 @@ runas

 .. versionadded:: 2017.7.0

-The ``runas`` global option is used to set the user which will be used to run the command in the ``cmd.run`` module.
+The ``runas`` global option is used to set the user which will be used to run
+the command in the ``cmd.run`` module.

 .. code-block:: yaml

@ -532,6 +533,26 @@ The ``runas`` global option is used to set the user which will be used to run th

 In the above state, the pip command run by ``cmd.run`` will be run by the daniel user.

+runas_password
+~~~~~~~~~~~~~~
+
+.. versionadded:: 2017.7.2
+
+The ``runas_password`` global option is used to set the password used by the
+runas global option. This is required by ``cmd.run`` on Windows when ``runas``
+is specified. It will be set when ``runas_password`` is defined in the state.
+
+.. code-block:: yaml
+
+    run_script:
+      cmd.run:
+        - name: Powershell -NonInteractive -ExecutionPolicy Bypass -File C:\\Temp\\script.ps1
+        - runas: frank
+        - runas_password: supersecret
+
+In the above state, the Powershell script run by ``cmd.run`` will be run by the
+frank user with the password ``supersecret``.
+
 .. _requisites-require-in:
 .. _requisites-watch-in:
 .. _requisites-onchanges-in:
--- a/salt/modules/cmdmod.py
+++ b/salt/modules/cmdmod.py
@ -294,6 +294,9 @@ def _run(cmd,
    if runas is None and '__context__' in globals():
        runas = __context__.get('runas')

+    if password is None and '__context__' in globals():
+        password = __context__.get('runas_password')
+
    # Set the default working directory to the home directory of the user
    # salt-minion is running as. Defaults to home directory of user under which
    # the minion is running.
--- a/salt/state.py
+++ b/salt/state.py
@ -97,6 +97,7 @@ STATE_RUNTIME_KEYWORDS = frozenset([
    'reload_grains',
    'reload_pillar',
    'runas',
+    'runas_password',
    'fire_event',
    'saltenv',
    'use',
@ -1752,6 +1753,11 @@ class State(object):

        self.state_con['runas'] = low.get('runas', None)

+        if low['state'] == 'cmd' and 'password' in low:
+            self.state_con['runas_password'] = low['password']
+        else:
+            self.state_con['runas_password'] = low.get('runas_password', None)
+
        if not low.get('__prereq__'):
            log.info(
                'Executing state {0}.{1} for [{2}]'.format(
@ -1864,6 +1870,9 @@ class State(object):
                sys.modules[self.states[cdata['full']].__module__].__opts__[
                    'test'] = test

+            self.state_con.pop('runas')
+            self.state_con.pop('runas_password')
+
        # If format_call got any warnings, let's show them to the user
        if 'warnings' in cdata:
            ret.setdefault('warnings', []).extend(cdata['warnings'])