Update docs and semantics of become key#4905
Open
happz wants to merge 3 commits into
Open
Conversation
happz
added
step | provision
![graphite-app[bot]](https://avatars.githubusercontent.com/in/158384?s=60&v=4){kind=small}
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request refactors the handling of elevated privileges by replacing hardcoded 'sudo' commands with 'guest.facts.sudo_prefix' and updating the documentation for the '--become' option. Feedback includes using 'PHASE.parent.name' in filename templates to avoid potential AttributeErrors and ensuring environment variables are preserved when using 'sudo_prefix' in shell scripts.
happz
changed the title
behave keybecome key
Instead of promising all scripts and tests would be running with `sudo`, it now states that user-provided scripts and tests would be invoked with superuser privileges. This makes the intent clearer, and gives us easier job: add `sudo` only when not already a superuser.
LecrisUT
reviewed
May 21, 2026
Comment on lines
+1296
to
+1297
| privileges. If the access plugin has is not a superuser | ||
| already, passwordless ``sudo`` will be used. |
Member
There was a problem hiding this comment.
Suggested change
| privileges. If the access plugin has is not a superuser | |
| already, passwordless ``sudo`` will be used. | |
| privileges via passwordless ``sudo`` if necessary. |
| """ | ||
|
|
||
| template += '-{{ PHASE.safe_name }}-{{ GUEST.safe_name }}' | ||
| template += '-{{ PHASE.parent.name }}-{{ PHASE.safe_name }}-{{ GUEST.safe_name }}' |
| ) | ||
|
|
||
| if self.become: | ||
| if self.become and not self.facts.is_superuser: |
Member
There was a problem hiding this comment.
I guess this is to be consistent with the other calls? sudo_prefix should already have the is_superuser check embedded in it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Instead of promising all scripts and tests would be running with
sudo, it now states that user-provided scripts and tests would be invoked with superuser privileges. This makes the intent clearer, and gives us easier job: addsudoonly when not already a superuser.Pull Request Checklist