hybrid_platforms_conductor 32.4.2 → 32.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 544df1af20b12202d76519a9ebb2a7ea824e676fca1d04af0b546baa759d97ae
-  data.tar.gz: 19aa74c8d6f634d1b8618ba5b701c2b4dfb4457db8f69b2db84a8f08563bc891
+  metadata.gz: 834a3af157221b88e6a150738b146f90fdf832c43fe5e8471619879c47a22d5b
+  data.tar.gz: c4f54b879fbfba923fda2a8aee1b299cb846ed9478ca9bd81535f220ec622f69
 SHA512:
-  metadata.gz: c7aeb4324286b216d36b0b3f205af58dd3a92d1655d74d05275de1c911cf0137198dda7e3c23d226e0b0a5c0b127eeef4e79a22bc1f585d4058cb2f31abfc09f
-  data.tar.gz: 84493300be870ee61c7f154b92eee7b27cbcbcd8af7c7fe4cbeed0f853c982e00587aa6294230552a2526bd57e76716a7b8d157097ce33c254d6f2206a9c3fa9
+  metadata.gz: 42ae65da627c812b096c0e9f9b4bb8c9ac4dde3185e1f6cf8d1405acbab960d5c5c88050c25e3d45906acb6054c73fd7ec29b2e5751b1ec38734f83a33f34bef
+  data.tar.gz: 41e641381b34d9d0841770974c4401612bfc3a4d11a5ec2fe85969f40ab1bfce0952cb4bbf5b7d2fce5420d9090a4962e278b9fb84d4251e0f13ee84db405e6c

data/lib/hybrid_platforms_conductor/deployer.rb

@@ -480,6 +480,7 @@ module HybridPlatformsConductor
       outputs = @actions_executor.execute_actions(
         Hash[services.map do |node, node_services|
           image_id = @nodes_handler.get_image_of(node)
+          sudo = (ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(node)} ")
           # Install My_company corporate certificates if present
           certificate_actions =
             if @local_environment && ENV['hpc_certificates']
@@ -489,20 +490,20 @@ module HybridPlatformsConductor
                 when 'debian_9', 'debian_10'
                   [
                     {
-                      remote_bash: "#{ssh_user == 'root' ? '' : 'sudo '}apt update && #{ssh_user == 'root' ? '' : 'sudo '}apt install -y ca-certificates"
+                      remote_bash: "#{sudo}apt update && #{sudo}apt install -y ca-certificates"
                     },
                     {
                       scp: {
                         ENV['hpc_certificates'] => '/usr/local/share/ca-certificates',
                         :sudo => ssh_user != 'root'
                       },
-                      remote_bash: "#{ssh_user == 'root' ? '' : 'sudo '}update-ca-certificates"
+                      remote_bash: "#{sudo}update-ca-certificates"
                     }
                   ]
                 when 'centos_7'
                   [
                     {
-                      remote_bash: "#{ssh_user == 'root' ? '' : 'sudo '}yum install -y ca-certificates"
+                      remote_bash: "#{sudo}yum install -y ca-certificates"
                     },
                     {
                       scp: Hash[Dir.glob("#{ENV['hpc_certificates']}/*.crt").map do |cert_file|
@@ -512,8 +513,8 @@ module HybridPlatformsConductor
                         ]
                       end].merge(sudo: ssh_user != 'root'),
                       remote_bash: [
-                        "#{ssh_user == 'root' ? '' : 'sudo '}update-ca-trust enable",
-                        "#{ssh_user == 'root' ? '' : 'sudo '}update-ca-trust extract"
+                        "#{sudo}update-ca-trust enable",
+                        "#{sudo}update-ca-trust extract"
                       ]
                     }
                   ]
@@ -532,7 +533,7 @@ module HybridPlatformsConductor
               # Install the mutex lock and acquire it
               {
                 scp: { "#{__dir__}/mutex_dir" => '.' },
-                remote_bash: "while ! #{ssh_user == 'root' ? '' : 'sudo '}./mutex_dir lock /tmp/hybrid_platforms_conductor_deploy_lock \"$(ps -o ppid= -p $$)\"; do echo -e 'Another deployment is running on #{node}. Waiting for it to finish to continue...' ; sleep 5 ; done"
+                remote_bash: "while ! #{sudo}./mutex_dir lock /tmp/hybrid_platforms_conductor_deploy_lock \"$(ps -o ppid= -p $$)\"; do echo -e 'Another deployment is running on #{node}. Waiting for it to finish to continue...' ; sleep 5 ; done"
               }
             ] +
               certificate_actions +
@@ -548,7 +549,7 @@ module HybridPlatformsConductor
         Hash[services.keys.map do |node|
           [
             node,
-            { remote_bash: "#{ssh_user == 'root' ? '' : 'sudo '}./mutex_dir unlock /tmp/hybrid_platforms_conductor_deploy_lock" }
+            { remote_bash: "#{ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(node)} "}./mutex_dir unlock /tmp/hybrid_platforms_conductor_deploy_lock" }
           ]
         end],
         timeout: 10,
@@ -595,7 +596,7 @@ module HybridPlatformsConductor
               [
                 node,
                 {
-                  remote_bash: "#{ssh_user == 'root' ? '' : 'sudo '}mkdir -p /var/log/deployments",
+                  remote_bash: "#{ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(node)} "}mkdir -p /var/log/deployments",
                   scp: {
                     log_file => '/var/log/deployments',
                     :sudo => ssh_user != 'root',

data/lib/hybrid_platforms_conductor/hpc_plugins/connector/ssh.rb

@@ -272,7 +272,7 @@ module HybridPlatformsConductor
               #{File.basename(from)} | \
             #{ssh_exec} \
               #{ssh_url} \
-              \"#{sudo ? 'sudo ' : ''}tar \
+              \"#{sudo ? "#{@nodes_handler.sudo_on(@node)} " : ''}tar \
                 --extract \
                 --gunzip \
                 --file - \

data/lib/hybrid_platforms_conductor/hpc_plugins/provisioner/proxmox.rb

@@ -404,7 +404,7 @@ module HybridPlatformsConductor
                 {
                   proxmox_test_info[:sync_node] => {
                     remote_bash: {
-                      commands: "#{@actions_executor.connector(:ssh).ssh_user == 'root' ? '' : 'sudo -E '}./proxmox/#{cmd}",
+                      commands: "#{@actions_executor.connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(proxmox_test_info[:sync_node])} -E "}./proxmox/#{cmd}",
                       env: {
                         'hpc_user_for_proxmox' => user,
                         'hpc_password_for_proxmox' => password,

data/lib/hybrid_platforms_conductor/hpc_plugins/test/deploy_freshness.rb

@@ -15,7 +15,7 @@ module HybridPlatformsConductor
         def test_on_node
           now = Time.now
           {
-            'sudo ls -t /var/log/deployments' => proc do |stdout|
+            "#{@nodes_handler.sudo_on(@node)} ls -t /var/log/deployments" => proc do |stdout|
               if stdout.empty?
                 error 'Node has never been deployed using deploy (/var/log/deployments is empty)'
               elsif stdout.first =~ /No such file or directory/

data/lib/hybrid_platforms_conductor/hpc_plugins/test/file_system.rb

@@ -17,7 +17,7 @@ module HybridPlatformsConductor
           Hash[
             @config.aggregate_files_rules(@nodes_handler, @node).map do |path, rule_info|
               [
-                "if sudo /bin/bash -c '[[ -d \"#{path}\" ]]' ; then echo 1 ; else echo 0 ; fi",
+                "if #{@nodes_handler.sudo_on(@node)} /bin/bash -c '[[ -d \"#{path}\" ]]' ; then echo 1 ; else echo 0 ; fi",
                 {
                   validator: proc do |stdout, stderr|
                     case stdout.last

data/lib/hybrid_platforms_conductor/hpc_plugins/test/hostname.rb

@@ -10,7 +10,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            'sudo hostname -s' => proc do |stdout|
+            "#{@nodes_handler.sudo_on(@node)} hostname -s" => proc do |stdout|
               assert_equal stdout.first, @node, "Expected hostname to be #{@node}, but got #{stdout.first} instead."
             end
           }

data/lib/hybrid_platforms_conductor/hpc_plugins/test/ip.rb

@@ -10,7 +10,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            'sudo hostname -I' => proc do |stdout|
+            "#{@nodes_handler.sudo_on(@node)} hostname -I" => proc do |stdout|
               if stdout.first.nil?
                 error 'No IP returned by "hostname -I"'
               else

data/lib/hybrid_platforms_conductor/hpc_plugins/test/local_users.rb

@@ -57,7 +57,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            "sudo cat /etc/passwd" => proc do |stdout|
+            "#{@nodes_handler.sudo_on(@node)} cat /etc/passwd" => proc do |stdout|
               passwd_users = stdout.map { |passwd_line| passwd_line.split(':').first }
               missing_users = @nodes_handler.
                 select_confs_for_node(@node, @config.users_that_should_be_present).

data/lib/hybrid_platforms_conductor/hpc_plugins/test/mounts.rb

@@ -61,7 +61,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            'sudo mount' => proc do |stdout|
+            "#{@nodes_handler.sudo_on(@node)} mount" => proc do |stdout|
               mounts_info = stdout.map do |line|
                 fields = line.split
                 {

data/lib/hybrid_platforms_conductor/hpc_plugins/test/orphan_files.rb

@@ -50,7 +50,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            "sudo /usr/bin/find / \\( #{@nodes_handler.
+            "#{@nodes_handler.sudo_on(@node)} /usr/bin/find / \\( #{@nodes_handler.
               select_confs_for_node(@node, @config.ignored_orphan_files_paths).
               inject(DIRECTORIES_TO_ALWAYS_IGNORE) { |merged_paths, paths_to_ignore_info| merged_paths + paths_to_ignore_info[:ignored_paths] }.
               uniq.

data/lib/hybrid_platforms_conductor/hpc_plugins/test/spectre.rb

@@ -13,16 +13,15 @@ module HybridPlatformsConductor
           'CVE-2017-5754' => 'Meltdown'
         }
 
-        SPECTRE_CMD = <<~EOS
-          sudo /bin/bash <<'EOAction'
-          #{File.read("#{__dir__}/spectre-meltdown-checker.sh")}
-          EOAction
-        EOS
-
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
+          spectre_cmd = <<~EOS
+            #{@nodes_handler.sudo_on(@node)} /bin/bash <<'EOAction'
+            #{File.read("#{__dir__}/spectre-meltdown-checker.sh")}
+            EOAction
+          EOS
           {
-            SPECTRE_CMD => {
+            spectre_cmd => {
               validator: proc do |stdout|
                 VULNERABILITIES_TO_CHECK.each do |id, name|
                   id_regexp = /#{Regexp.escape(id)}/

data/lib/hybrid_platforms_conductor/hpc_plugins/test/vulnerabilities.rb

@@ -54,6 +54,7 @@ module HybridPlatformsConductor
                   current_url
                 end
               )
+              sudo = @nodes_handler.sudo_on(@node)
               Hash[urls.map do |url|
                 # 1. Get the OVAL file on the node to be tested (uncompress it if needed)
                 # 2. Make sure oscap is installed
@@ -74,9 +75,9 @@ module HybridPlatformsConductor
                   #{
                     case image
                     when :centos_7
-                      "sudo yum install -y wget openscap-scanner #{packages_to_install.join(' ')}"
+                      "#{sudo} yum install -y wget openscap-scanner #{packages_to_install.join(' ')}"
                     when :debian_9
-                      "sudo apt install -y wget libopenscap8 #{packages_to_install.join(' ')}"
+                      "#{sudo} apt install -y wget libopenscap8 #{packages_to_install.join(' ')}"
                     when :debian_10
                       # On Debian 10 we have to compile it from sources, as the packaged official version has core dumps.
                       # cf https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1688223.html
@@ -86,13 +87,13 @@ module HybridPlatformsConductor
                           rm -rf openscap
                           git clone --recurse-submodules https://github.com/OpenSCAP/openscap.git
                           cd openscap
-                          sudo apt install -y cmake libdbus-1-dev libdbus-glib-1-dev libcurl4-openssl-dev libgcrypt20-dev libselinux1-dev libxslt1-dev libgconf2-dev libacl1-dev libblkid-dev libcap-dev libxml2-dev libldap2-dev libpcre3-dev python-dev swig libxml-parser-perl libxml-xpath-perl libperl-dev libbz2-dev librpm-dev g++ libapt-pkg-dev libyaml-dev
+                          #{sudo} apt install -y cmake libdbus-1-dev libdbus-glib-1-dev libcurl4-openssl-dev libgcrypt20-dev libselinux1-dev libxslt1-dev libgconf2-dev libacl1-dev libblkid-dev libcap-dev libxml2-dev libldap2-dev libpcre3-dev python-dev swig libxml-parser-perl libxml-xpath-perl libperl-dev libbz2-dev librpm-dev g++ libapt-pkg-dev libyaml-dev
                           cd build
                           cmake ../
                           make
-                          sudo make install
+                          #{sudo} make install
                         fi
-                        sudo apt install -y wget #{packages_to_install.join(' ')}
+                        #{sudo} apt install -y wget #{packages_to_install.join(' ')}
                       EOS2
                     else
                       raise "Non supported image: #{image}. Please adapt this test's code."
@@ -103,7 +104,7 @@ module HybridPlatformsConductor
                   cd hpc_vulnerabilities_test
                   wget -N #{url}
                   #{uncompress_cmds.join("\n")}
-                  sudo oscap oval eval --skip-valid --results "#{local_oval_file}.results.xml" "#{local_oval_file}"
+                  #{sudo} oscap oval eval --skip-valid --results "#{local_oval_file}.results.xml" "#{local_oval_file}"
                   echo "===== RESULTS ====="
                   cat "#{local_oval_file}.results.xml"
                   cd ..

data/lib/hybrid_platforms_conductor/nodes_handler.rb

@@ -18,9 +18,20 @@ module HybridPlatformsConductor
       # Array< Hash<Symbol, Object> >
       attr_reader :cmdb_masters
 
+      # List of sudo methods. Each info has the following properties:
+      # * *nodes_selectors_stack* (Array<Object>): Stack of nodes selectors impacted by this rule.
+      # * *sudo_proc* (Proc): Code giving the sudo line for a given user
+      #   Parameters::
+      #   * *user* (String): User for which we want sudo
+      #   Result::
+      #   * String: Corresponding sudo string
+      # Array< Hash<Symbol, Object> >
+      attr_reader :sudo_procs
+
       # Mixin initializer
       def init_nodes_handler_config
         @cmdb_masters = []
+        @sudo_procs = []
       end
 
       # Set CMDB masters
@@ -34,6 +45,17 @@ module HybridPlatformsConductor
         }
       end
 
+      # Set a sudo proc
+      #
+      # Parameters::
+      # * *sudo_proc* (Proc): The sudo proc (see #sudo_procs doc to know the signature)
+      def sudo_for(&sudo_proc)
+        @sudo_procs << {
+          nodes_selectors_stack: current_nodes_selectors_stack,
+          sudo_proc: sudo_proc
+        }
+      end
+
     end
 
     Config.extend_config_dsl_with ConfigDSLExtension, :init_nodes_handler_config
@@ -568,6 +590,21 @@ module HybridPlatformsConductor
       nodes_selector_stack.inject(known_nodes) { |selected_nodes, nodes_selector| selected_nodes & select_nodes(nodes_selector) }
     end
 
+    # Get the sudo command for a given user on a given node
+    #
+    # Parameters::
+    # * *node* (String): Node on which we need sudo
+    # * *user* (String): User for which we need sudo [default = 'root']
+    # Result::
+    # * String: The corresponding sudo string
+    def sudo_on(node, user = 'root')
+      sudo = nil
+      select_confs_for_node(node, @config.sudo_procs).each do |sudo_proc_info|
+        sudo = sudo_proc_info[:sudo_proc].call(user)
+      end
+      sudo.nil? ? "sudo -u #{user}" : sudo
+    end
+
     private
 
     # Get the CMDB master for a given property.

data/lib/hybrid_platforms_conductor/version.rb

@@ -1,5 +1,5 @@
 module HybridPlatformsConductor
 
-  VERSION = '32.4.2'
+  VERSION = '32.5.0'
 
 end

data/spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/ssh/remote_actions_spec.rb

@@ -92,7 +92,7 @@ describe HybridPlatformsConductor::ActionsExecutor do
         with_test_platform_for_remote_testing(
           expected_cmds: [
             [
-              /cd \/path\/to && tar\s+--create\s+--gzip\s+--file -\s+src.file \| \/.+\/ssh\s+test_user@hpc\.node\s+"sudo tar\s+--extract\s+--gunzip\s+--file -\s+--directory \/remote_path\/to\/dst.dir\s+--owner root\s+"/,
+              /cd \/path\/to && tar\s+--create\s+--gzip\s+--file -\s+src.file \| \/.+\/ssh\s+test_user@hpc\.node\s+"sudo -u root tar\s+--extract\s+--gunzip\s+--file -\s+--directory \/remote_path\/to\/dst.dir\s+--owner root\s+"/,
               proc { [0, '', ''] }
             ]
           ]
@@ -101,6 +101,20 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'copies files remotely with a different sudo' do
+        with_test_platform_for_remote_testing(
+          expected_cmds: [
+            [
+              /cd \/path\/to && tar\s+--create\s+--gzip\s+--file -\s+src.file \| \/.+\/ssh\s+test_user@hpc\.node\s+"other_sudo --user root tar\s+--extract\s+--gunzip\s+--file -\s+--directory \/remote_path\/to\/dst.dir\s+--owner root\s+"/,
+              proc { [0, '', ''] }
+            ]
+          ],
+          additional_config: 'sudo_for { |user| "other_sudo --user #{user}" }'
+        ) do
+          test_connector.remote_copy('/path/to/src.file', '/remote_path/to/dst.dir', sudo: true)
+        end
+      end
+
       it 'copies files remotely with a different owner' do
         with_test_platform_for_remote_testing(
           expected_cmds: [

data/spec/hybrid_platforms_conductor_test/api/nodes_handler/common_spec.rb

@@ -124,4 +124,32 @@ describe HybridPlatformsConductor::NodesHandler do
     end
   end
 
+    it 'computes the correct sudo for different nodes' do
+      with_test_platform(
+        {
+          nodes: {
+            'node1' => {},
+            'node2' => {},
+            'node3' => {}
+          }
+        },
+        false,
+        '
+          for_nodes(%w[node1 node2]) do
+            sudo_for { |user| "alt_sudo1 -p #{user}" }
+          end
+          for_nodes(\'node2\') do
+            sudo_for { |user| "alt_sudo2 -q #{user}" }
+          end
+        '
+      ) do
+        expect(test_nodes_handler.sudo_on('node1')).to eq 'alt_sudo1 -p root'
+        expect(test_nodes_handler.sudo_on('node1', 'test_user')).to eq 'alt_sudo1 -p test_user'
+        expect(test_nodes_handler.sudo_on('node2')).to eq 'alt_sudo2 -q root'
+        expect(test_nodes_handler.sudo_on('node2', 'test_user')).to eq 'alt_sudo2 -q test_user'
+        expect(test_nodes_handler.sudo_on('node3')).to eq 'sudo -u root'
+        expect(test_nodes_handler.sudo_on('node3', 'test_user')).to eq 'sudo -u test_user'
+      end
+    end
+
 end

data/spec/hybrid_platforms_conductor_test/api/nodes_handler/config_spec.rb

@@ -0,0 +1,71 @@
+describe HybridPlatformsConductor::NodesHandler do
+
+  context 'checking config DSL' do
+
+    it 'adds helpers for master cmdbs' do
+      with_test_platform(
+        {
+          nodes: {
+            'node1' => {},
+            'node2' => {},
+            'node3' => {}
+          }
+        },
+        false,
+        '
+          master_cmdbs(
+            test_cmdb: :property1,
+            test_cmdb2: :property2
+          )
+          for_nodes(\'node2\') do
+            master_cmdbs(test_cmdb: :property3)
+          end
+        '
+      ) do
+        register_test_cmdb(%i[test_cmdb test_cmdb2])
+        expect(test_config.cmdb_masters).to eq [
+          {
+            nodes_selectors_stack: [],
+            cmdb_masters: {
+              test_cmdb: [:property1],
+              test_cmdb2: [:property2]
+            }
+          },
+          {
+            nodes_selectors_stack: ['node2'],
+            cmdb_masters: {
+              test_cmdb: [:property3]
+            }
+          }
+        ]
+      end
+    end
+
+    it 'adds helpers for configurable sudo' do
+      with_test_platform(
+        {
+          nodes: {
+            'node1' => {},
+            'node2' => {},
+            'node3' => {}
+          }
+        },
+        false,
+        '
+          sudo_for { |user| "alt_sudo1 -p #{user}" }
+          for_nodes(\'node2\') do
+            sudo_for { |user| "alt_sudo2 -q #{user}" }
+          end
+        '
+      ) do
+        expect(test_config.sudo_procs.size).to eq 2
+        expect(test_config.sudo_procs[0][:nodes_selectors_stack]). to eq []
+        expect(test_config.sudo_procs[0][:sudo_proc].call('test_user')). to eq 'alt_sudo1 -p test_user'
+        expect(test_config.sudo_procs[1][:nodes_selectors_stack]). to eq ['node2']
+        expect(test_config.sudo_procs[1][:sudo_proc].call('test_user')). to eq 'alt_sudo2 -q test_user'
+      end
+    end
+
+  end
+
+end

data/spec/hybrid_platforms_conductor_test/helpers/connector_ssh_helpers.rb

@@ -94,9 +94,17 @@ module HybridPlatformsConductorTest
       # * *expected_stderr* (String): Expected stderr after client code execution [default: '']
       # * *timeout* (Integer or nil): Timeout to prepare the connector for [default: nil]
       # * *password* (String or nil): Password to set for the node, or nil for none [default: nil]
+      # * *additional_config* (String): Additional config [default: '']
       # * Proc: Client code to execute testing
-      def with_test_platform_for_remote_testing(expected_cmds: [], expected_stdout: '', expected_stderr: '', timeout: nil, password: nil)
-        with_test_platform(nodes: { 'node' => { meta: { host_ip: '192.168.42.42' } } }) do
+      def with_test_platform_for_remote_testing(
+        expected_cmds: [],
+        expected_stdout: '',
+        expected_stderr: '',
+        timeout: nil,
+        password: nil,
+        additional_config: ''
+      )
+        with_test_platform({ nodes: { 'node' => { meta: { host_ip: '192.168.42.42' } } } }, false, additional_config) do
           with_cmd_runner_mocked(
             [
               ['which env', proc { [0, "/usr/bin/env\n", ''] }],

data/spec/hybrid_platforms_conductor_test/helpers/deployer_helpers.rb

@@ -9,12 +9,12 @@ module HybridPlatformsConductorTest
       # Parameters::
       # * *action* (Hash<Symbol,Object>): The action to check
       # * *node* (String): The concerned node
-      # * *sudo* (Boolean): Is sudo supposed to be used? [default: true]
-      def expect_action_to_lock_node(action, node, sudo: true)
+      # * *sudo* (String or nil): sudo supposed to be used, or nil if none [default: 'sudo -u root']
+      def expect_action_to_lock_node(action, node, sudo: 'sudo -u root')
         expect(action[:scp].size).to eq 1
         expect(action[:scp].first[0]).to match /^.+\/mutex_dir$/
         expect(action[:scp].first[1]).to eq '.'
-        expect(action[:remote_bash]).to eq "while ! #{sudo ? 'sudo ' : ''}./mutex_dir lock /tmp/hybrid_platforms_conductor_deploy_lock \"$(ps -o ppid= -p $$)\"; do echo -e 'Another deployment is running on #{node}. Waiting for it to finish to continue...' ; sleep 5 ; done"
+        expect(action[:remote_bash]).to eq "while ! #{sudo ? "#{sudo} " : ''}./mutex_dir lock /tmp/hybrid_platforms_conductor_deploy_lock \"$(ps -o ppid= -p $$)\"; do echo -e 'Another deployment is running on #{node}. Waiting for it to finish to continue...' ; sleep 5 ; done"
       end
 
       # Expect a given action to be releasing the mutex on a given node
@@ -22,9 +22,9 @@ module HybridPlatformsConductorTest
       # Parameters::
       # * *action* (Hash<Symbol,Object>): The action to check
       # * *node* (String): The concerned node
-      # * *sudo* (Boolean): Is sudo supposed to be used? [default: true]
-      def expect_action_to_unlock_node(action, node, sudo: true)
-        expect(action).to eq(remote_bash: "#{sudo ? 'sudo ' : ''}./mutex_dir unlock /tmp/hybrid_platforms_conductor_deploy_lock")
+      # * *sudo* (String or nil): sudo supposed to be used, or nil if none [default: 'sudo -u root']
+      def expect_action_to_unlock_node(action, node, sudo: 'sudo -u root')
+        expect(action).to eq(remote_bash: "#{sudo ? "#{sudo} " : ''}./mutex_dir unlock /tmp/hybrid_platforms_conductor_deploy_lock")
       end
 
       # Expect a given set of actions to be a deployment
@@ -33,12 +33,12 @@ module HybridPlatformsConductorTest
       # * *actions* (Object): Actions
       # * *nodes* (String or Array<String>): Node (or list of nodes) that should be checked
       # * *check* (Boolean): Is the deploy only a check? [default: false]
-      # * *sudo* (Boolean): Is sudo supposed to be used? [default: true]
+      # * *sudo* (String or nil): sudo supposed to be used, or nil if none [default: 'sudo -u root']
       # * *expected_actions* (Array<Object>): Additional expected actions [default: []]
       # * *mocked_result* (Hash<String, [Object, String, String]>): Expected result of the actions, per node, or nil for success [default: nil]
       # Result::
       # * Hash<String, [Integer or Symbol, String, String] >: Expected result of those expected actions
-      def expect_actions_to_deploy_on(actions, nodes, check: false, sudo: true, expected_actions: [], mocked_result: nil)
+      def expect_actions_to_deploy_on(actions, nodes, check: false, sudo: 'sudo -u root', expected_actions: [], mocked_result: nil)
         nodes = [nodes] if nodes.is_a?(String)
         mocked_result = Hash[nodes.map { |node| [node, [0, "#{check ? 'Check' : 'Deploy'} successful", '']] }] if mocked_result.nil?
         expect(actions.size).to eq nodes.size
@@ -57,8 +57,8 @@ module HybridPlatformsConductorTest
       # Parameters::
       # * *actions* (Object): Actions
       # * *nodes* (String or Array<String>): Node (or list of nodes) that should be checked
-      # * *sudo* (Boolean): Is sudo supposed to be used? [default: true]
-      def expect_actions_to_unlock(actions, nodes, sudo: true)
+      # * *sudo* (String or nil): sudo supposed to be used, or nil if none [default: 'sudo -u root']
+      def expect_actions_to_unlock(actions, nodes, sudo: 'sudo -u root')
         nodes = [nodes] if nodes.is_a?(String)
         expect(actions.size).to eq nodes.size
         nodes.each do |node|
@@ -73,17 +73,17 @@ module HybridPlatformsConductorTest
       # Parameters::
       # * *actions* (Object): Actions
       # * *nodes* (String or Array<String>): Node (or list of nodes) that should be checked
-      # * *sudo* (Boolean): Is sudo supposed to be used? [default: true]
-      def expect_actions_to_upload_logs(actions, nodes, sudo: true)
+      # * *sudo* (String or nil): sudo supposed to be used, or nil if none [default: 'sudo -u root']
+      def expect_actions_to_upload_logs(actions, nodes, sudo: 'sudo -u root')
         nodes = [nodes] if nodes.is_a?(String)
         expect(actions.size).to eq nodes.size
         nodes.each do |node|
           expect(actions.key?(node)).to eq true
-          expect(actions[node][:remote_bash]).to eq "#{sudo ? 'sudo ' : ''}mkdir -p /var/log/deployments"
+          expect(actions[node][:remote_bash]).to eq "#{sudo ? "#{sudo} " : ''}mkdir -p /var/log/deployments"
           expect(actions[node][:scp].first[1]).to eq '/var/log/deployments'
           expect(actions[node][:scp][:group]).to eq 'root'
           expect(actions[node][:scp][:owner]).to eq 'root'
-          expect(actions[node][:scp][:sudo]).to eq sudo
+          expect(actions[node][:scp][:sudo]).to eq (!sudo.nil?)
         end
         Hash[nodes.map { |node| [node, [0, 'Logs uploaded', '']] }]
       end

data/spec/hybrid_platforms_conductor_test/helpers/deployer_test_helpers.rb

@@ -20,7 +20,7 @@ module HybridPlatformsConductorTest
           #
           # Parameters::
           # * *services* (Hash<String, Array<String> >): Expected nodes that should be deployed, with their corresponding services [default: { 'node' => %w[service] }]
-          # * *sudo* (Boolean): Do we expect sudo to be used in commands? [default: true]
+          # * *sudo* (String or nil): sudo supposed to be used, or nil if none [default: 'sudo -u root']
           # * *check_mode* (Boolean): Are we testing in check mode? [default: @check_mode]
           # * *mocked_deploy_result* (Hash or nil): Mocked result of the deployment actions, or nil to use the helper's default [default: nil]
           # * *additional_expected_actions* (Array): Additional expected actions [default: []]
@@ -28,7 +28,7 @@ module HybridPlatformsConductorTest
           # * *expect_actions_timeout* (Integer or nil): Expected timeout in actions, or nil for none [default: nil]
           def expected_actions_for_deploy_on(
             services: { 'node' => %w[service] },
-            sudo: true,
+            sudo: 'sudo -u root',
             check_mode: @check_mode,
             mocked_deploy_result: nil,
             additional_expected_actions: [],
@@ -82,7 +82,7 @@ module HybridPlatformsConductorTest
           # * *expect_prepare_for_deploy* (Boolean): Should we expect calls to prepare for deploy? [default: true]
           # * *expect_connections_to_nodes* (Boolean): Should we expect connections to nodes? [default: true]
           # * *expect_default_actions* (Boolean): Should we expect default actions? [default: true]
-          # * *expect_sudo* (Boolean): Do we expect sudo to be used in commands? [default: true]
+          # * *expect_sudo* (String or nil): Expected sudo command, or nil if none [default: 'sudo -u root']
           # * *expect_secrets* (Hash): Secrets to be expected during deployment [default: {}]
           # * *expect_local_environment* (Boolean): Expected local environment flag [default: false]
           # * *expect_additional_actions* (Array): Additional expected actions [default: []]
@@ -99,7 +99,7 @@ module HybridPlatformsConductorTest
             expect_prepare_for_deploy: true,
             expect_connections_to_nodes: true,
             expect_default_actions: true,
-            expect_sudo: true,
+            expect_sudo: 'sudo -u root',
             expect_secrets: {},
             expect_local_environment: false,
             expect_additional_actions: [],
@@ -201,12 +201,21 @@ module HybridPlatformsConductorTest
           end
 
           it 'deploys on 1 node using root' do
-            with_platform_to_deploy(expect_sudo: false) do
+            with_platform_to_deploy(expect_sudo: nil) do
               test_actions_executor.connector(:ssh).ssh_user = 'root'
               expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
             end
           end
 
+          it 'deploys on 1 node using an alternate sudo' do
+            with_platform_to_deploy(
+              expect_sudo: 'other_sudo --user root',
+              additional_config: 'sudo_for { |user| "other_sudo --user #{user}" }'
+            ) do
+              expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+            end
+          end
+
           it 'deploys on 1 node using 1 secret' do
             with_platform_to_deploy(expect_secrets: { 'secret1' => 'password1' }) do
               test_deployer.secrets = [{ 'secret1' => 'password1' }]
@@ -227,9 +236,9 @@ module HybridPlatformsConductorTest
                 nodes_info: { nodes: { 'node' => { meta: { image: 'debian_9' }, services: %w[service] } } },
                 expect_local_environment: true,
                 expect_additional_actions: [
-                  { remote_bash: 'sudo apt update && sudo apt install -y ca-certificates' },
+                  { remote_bash: 'sudo -u root apt update && sudo -u root apt install -y ca-certificates' },
                   {
-                    remote_bash: 'sudo update-ca-certificates',
+                    remote_bash: 'sudo -u root update-ca-certificates',
                     scp:  {
                       certs_dir => '/usr/local/share/ca-certificates',
                       :sudo => true
@@ -244,6 +253,31 @@ module HybridPlatformsConductorTest
             end
           end
 
+          it 'deploys on 1 node in local environment with certificates to install using hpc_certificates on Debian and an alternate sudo' do
+            with_certs_dir do |certs_dir|
+              with_platform_to_deploy(
+                nodes_info: { nodes: { 'node' => { meta: { image: 'debian_9' }, services: %w[service] } } },
+                expect_sudo: 'other_sudo --user root',
+                expect_local_environment: true,
+                expect_additional_actions: [
+                  { remote_bash: 'other_sudo --user root apt update && other_sudo --user root apt install -y ca-certificates' },
+                  {
+                    remote_bash: 'other_sudo --user root update-ca-certificates',
+                    scp:  {
+                      certs_dir => '/usr/local/share/ca-certificates',
+                      :sudo => true
+                    }
+                  }
+                ],
+                additional_config: 'sudo_for { |user| "other_sudo --user #{user}" }'
+              ) do
+                ENV['hpc_certificates'] = certs_dir
+                test_deployer.local_environment = true
+                expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+              end
+            end
+          end
+
           it 'deploys on 1 node with certificates to install using hpc_certificates on Debian but ignores them in non-local environment' do
             with_certs_dir do |certs_dir|
               with_platform_to_deploy(nodes_info: { nodes: { 'node' => { meta: { image: 'debian_9' }, services: %w[service] } } }) do
@@ -257,7 +291,7 @@ module HybridPlatformsConductorTest
             with_certs_dir do |certs_dir|
               with_platform_to_deploy(
                 nodes_info: { nodes: { 'node' => { meta: { image: 'debian_9' }, services: %w[service] } } },
-                expect_sudo: false,
+                expect_sudo: nil,
                 expect_local_environment: true,
                 expect_additional_actions: [
                   { remote_bash: 'apt update && apt install -y ca-certificates' },
@@ -284,9 +318,9 @@ module HybridPlatformsConductorTest
                 nodes_info: { nodes: { 'node' => { meta: { image: 'centos_7' }, services: %w[service] } } },
                 expect_local_environment: true,
                 expect_additional_actions: [
-                  { remote_bash: 'sudo yum install -y ca-certificates' },
+                  { remote_bash: 'sudo -u root yum install -y ca-certificates' },
                   {
-                    remote_bash: ['sudo update-ca-trust enable', 'sudo update-ca-trust extract'],
+                    remote_bash: ['sudo -u root update-ca-trust enable', 'sudo -u root update-ca-trust extract'],
                     scp: {
                       "#{certs_dir}/test_cert.crt" => '/etc/pki/ca-trust/source/anchors',
                       :sudo => true
@@ -301,11 +335,36 @@ module HybridPlatformsConductorTest
             end
           end
 
+          it 'deploys on 1 node with certificates to install using hpc_certificates on CentOS and an alternate sudo' do
+            with_certs_dir do |certs_dir|
+              with_platform_to_deploy(
+                nodes_info: { nodes: { 'node' => { meta: { image: 'centos_7' }, services: %w[service] } } },
+                expect_sudo: 'other_sudo --user root',
+                expect_local_environment: true,
+                expect_additional_actions: [
+                  { remote_bash: 'other_sudo --user root yum install -y ca-certificates' },
+                  {
+                    remote_bash: ['other_sudo --user root update-ca-trust enable', 'other_sudo --user root update-ca-trust extract'],
+                    scp: {
+                      "#{certs_dir}/test_cert.crt" => '/etc/pki/ca-trust/source/anchors',
+                      :sudo => true
+                    }
+                  }
+                ],
+                additional_config: 'sudo_for { |user| "other_sudo --user #{user}" }'
+              ) do
+                ENV['hpc_certificates'] = certs_dir
+                test_deployer.local_environment = true
+                expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+              end
+            end
+          end
+
           it 'deploys on 1 node with certificates to install using hpc_certificates on CentOS using root' do
             with_certs_dir do |certs_dir|
               with_platform_to_deploy(
                 nodes_info: { nodes: { 'node' => { meta: { image: 'centos_7' }, services: %w[service] } } },
-                expect_sudo: false,
+                expect_sudo: nil,
                 expect_local_environment: true,
                 expect_additional_actions: [
                   { remote_bash: 'yum install -y ca-certificates' },

data/spec/hybrid_platforms_conductor_test/helpers/provisioner_proxmox_helpers.rb

@@ -330,7 +330,7 @@ module HybridPlatformsConductorTest
             expect(actions).to eq({
               'node' => {
                 remote_bash: {
-                  commands: "#{expected_sudo ? 'sudo -E ' : ''}./proxmox/reserve_proxmox_container --create ./proxmox/create/create_#{expected_file_id}.json --config ./proxmox/config/config_#{expected_file_id}.json",
+                  commands: "#{expected_sudo ? 'sudo -u root -E ' : ''}./proxmox/reserve_proxmox_container --create ./proxmox/create/create_#{expected_file_id}.json --config ./proxmox/config/config_#{expected_file_id}.json",
                   env: {
                     'hpc_user_for_proxmox' => proxmox_user,
                     'hpc_password_for_proxmox' => proxmox_password,
@@ -382,7 +382,7 @@ module HybridPlatformsConductorTest
               expect(actions).to eq({
                 'node' => {
                   remote_bash: {
-                    commands: "#{expected_sudo ? 'sudo -E ' : ''}./proxmox/reserve_proxmox_container --destroy ./proxmox/destroy/destroy_#{expected_file_id}.json --config ./proxmox/config/config_#{expected_file_id}.json",
+                    commands: "#{expected_sudo ? 'sudo -u root -E ' : ''}./proxmox/reserve_proxmox_container --destroy ./proxmox/destroy/destroy_#{expected_file_id}.json --config ./proxmox/config/config_#{expected_file_id}.json",
                     env: {
                       'hpc_user_for_proxmox' => proxmox_user,
                       'hpc_password_for_proxmox' => proxmox_password,

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hybrid_platforms_conductor
 version: !ruby/object:Gem::Version
-  version: 32.4.2
+  version: 32.5.0
 platform: ruby
 authors:
 - Muriel Salvan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-05 00:00:00.000000000 Z
+date: 2021-03-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: range_operators
@@ -463,6 +463,7 @@ files:
 - spec/hybrid_platforms_conductor_test/api/nodes_handler/cmdbs/platform_handlers_spec.rb
 - spec/hybrid_platforms_conductor_test/api/nodes_handler/cmdbs_plugins_api_spec.rb
 - spec/hybrid_platforms_conductor_test/api/nodes_handler/common_spec.rb
+- spec/hybrid_platforms_conductor_test/api/nodes_handler/config_spec.rb
 - spec/hybrid_platforms_conductor_test/api/nodes_handler/git_diff_impacts_spec.rb
 - spec/hybrid_platforms_conductor_test/api/nodes_handler/nodes_selectors_spec.rb
 - spec/hybrid_platforms_conductor_test/api/nodes_handler/platform_handlers_plugins_api_spec.rb