feat: sudoers module supports runas parameter with default of root (#4380) (#4399)

* feat: sudoers module supports runas parameter with default of root * fix: sudoers tests now pass * chore: add changelog fragment for 4380 * fix: runas feature now a non-breaking change wh no def with no default * fix: no trailing space in sudoers.py * Update plugins/modules/system/sudoers.py Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit 17fe813c18) Co-authored-by: doubletwist13 <doubletwist@fearthepenguin.net>
2026-05-08 14:22:46 +00:00 · 2022-03-24 06:44:48 +00:00
parent 743e9c851f
commit e9b3705809
3 changed files with 40 additions and 1 deletions
--- a/tests/integration/targets/sudoers/tasks/main.yml
+++ b/tests/integration/targets/sudoers/tasks/main.yml
@@ -102,6 +102,21 @@
    src: "{{ alt_sudoers_path }}/my-sudo-rule-5"
  register: rule_5_contents

+- name: Create rule to runas another user
+  community.general.sudoers:
+    name: my-sudo-rule-6
+    state: present
+    user: alice
+    commands: /usr/local/bin/command
+    runas: bob
+    sudoers_path: "{{ sudoers_path }}"
+  register: rule_6
+
+- name: Grab contents of my-sudo-rule-6 (in alternative directory)
+  ansible.builtin.slurp:
+    src: "{{ sudoers_path }}/my-sudo-rule-6"
+  register: rule_6_contents
+

 - name: Revoke rule 1
  community.general.sudoers:
@@ -133,6 +148,7 @@
      - "rule_3_contents['content'] | b64decode == 'alice ALL= /usr/local/bin/command\n'"
      - "rule_4_contents['content'] | b64decode == '%students ALL=NOPASSWD: /usr/local/bin/command\n'"
      - "rule_5_contents['content'] | b64decode == 'alice ALL=NOPASSWD: /usr/local/bin/command\n'"
+      - "rule_6_contents['content'] | b64decode == 'alice ALL=(bob)NOPASSWD: /usr/local/bin/command\n'"

 - name: Check stats
  ansible.builtin.assert: