hybrid_platforms_conductor 33.5.0 → 33.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: daf46892dd3b5a79ff0e54f16d6881b80519e8fe926e9952ad7faafd1706c31e
-  data.tar.gz: 84f9ee06afb8141f140a8754d0961217ceb14b3f8d2d1d2577792be420d42aa2
+  metadata.gz: a1e882e48d05f919ad5818c9251e045f941d78a9eacc16824f3fd49e787d91b5
+  data.tar.gz: b685a6a1ca1f6f40714da2443ad7de95d78e90489f15a4b8499e153f4d84945a
 SHA512:
-  metadata.gz: 7b1355694d9c7dbc5b2d2f9f6555972c25033d11bd07b14dfc728c94b2965ac1a852c91cb6ed4f20a26bc41cceb12f437a8b599177331cbf544e38ebc387cd4a
-  data.tar.gz: 8636507ef5724bd9f0b3ffbb1f08c3efd1a48d39fe7161a4421350b4a03a9afff279b5522175418742ba87f7daca4dcdb4382e10f3283c39f9816eceba04bdc3
+  metadata.gz: f9386d953b2e652fd453656a21a935470099ba3f935a82229829d5777408e93149833883d7acd277da6cf2f08ba5ca49c8c62d43d3207b34113c347299335e5f
+  data.tar.gz: 9066d78f77fed46560b1884bade1074055da61547bd196c2a6479cf9412ba30f9d7518f91e05244307b703ebd241a620985e59f93a7911cd353543af26ae3699

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+# [v33.5.1](https://github.com/sweet-delights/hybrid-platforms-conductor/compare/v33.5.0...v33.5.1) (2021-07-07 12:01:32)
+
+### Patches
+
+* [[Bugfix] [#87] Make sure local nodes and root accounts are taken into account when getting sudo prefixes](https://github.com/sweet-delights/hybrid-platforms-conductor/commit/cb626f1c99a6f1a95c9c884c03bf3fd71045259c)
+
 # [v33.5.0](https://github.com/sweet-delights/hybrid-platforms-conductor/compare/v33.4.0...v33.5.0) (2021-07-07 11:03:01)
 
 ### Features

data/lib/hybrid_platforms_conductor/actions_executor.rb

@@ -53,7 +53,8 @@ module HybridPlatformsConductor
             logger_stderr: @logger_stderr,
             config: @config,
             cmd_runner: @cmd_runner,
-            nodes_handler: @nodes_handler
+            nodes_handler: @nodes_handler,
+            actions_executor: self
           )
         end
       )
@@ -246,6 +247,33 @@ module HybridPlatformsConductor
       @connector_plugins[connector_name]
     end
 
+    # Is the access to a given node privileged?
+    # Take into account if remote actions are executed on a local node, and configurable sudos.
+    #
+    # Parameters::
+    # * *node* (String): Node on which we want privileged access
+    # Result::
+    # * Boolean: Is the access privileged?
+    def privileged_access?(node)
+      (@nodes_handler.get_local_node_of(node) ? @cmd_runner.whoami : connector(:ssh).ssh_user) == 'root'
+    end
+
+    # Get the sudo prefix to get privileged access.
+    # Take into account if remote actions are executed on a local node, and configurable sudos.
+    #
+    # Parameters::
+    # * *node* (String): Node on which we want privileged access
+    # * *forward_env* (Boolean): Do we need to forward environment in case of sudo? [default: false]
+    # Result::
+    # * String: Sudo prefix to be used (can be empty if root is being used)
+    def sudo_prefix(node, forward_env: false)
+      if privileged_access?(node)
+        ''
+      else
+        "#{@nodes_handler.sudo_on(node)} #{forward_env ? '-E ' : ''}"
+      end
+    end
+
     private
 
     # Execute a list of actions for a node, and return exit codes, stdout and stderr of those actions.

data/lib/hybrid_platforms_conductor/connector.rb

@@ -14,16 +14,19 @@ module HybridPlatformsConductor
     # * *config* (Config): Config to be used. [default: Config.new]
     # * *cmd_runner* (CmdRunner): Command executor to be used. [default: CmdRunner.new]
     # * *nodes_handler* (NodesHandler): NodesHandler to be used. [default: NodesHandler.new]
+    # * *actions_executor* (ActionsExecutor): ActionsExecutor to be used. [default: ActionsExecutor.new]
     def initialize(
       logger: Logger.new($stdout),
       logger_stderr: Logger.new($stderr),
       config: Config.new,
       cmd_runner: CmdRunner.new,
-      nodes_handler: NodesHandler.new
+      nodes_handler: NodesHandler.new,
+      actions_executor: ActionsExecutor.new
     )
       super(logger: logger, logger_stderr: logger_stderr, config: config)
       @cmd_runner = cmd_runner
       @nodes_handler = nodes_handler
+      @actions_executor = actions_executor
       # If the connector has an initializer, use it
       init if respond_to?(:init)
     end

data/lib/hybrid_platforms_conductor/deployer.rb

@@ -544,15 +544,13 @@ module HybridPlatformsConductor
     # Result::
     # * Hash<String, [Integer or Symbol, String, String]>: Exit status code (or Symbol in case of error or dry run), standard output and error for each node.
     def deploy(services)
-      # Get the ssh user directly from the connector
-      ssh_user = @actions_executor.connector(:ssh).ssh_user
-
       # Deploy for real
       @nodes_handler.prefetch_metadata_of services.keys, :image
       outputs = @actions_executor.execute_actions(
         services.map do |node, node_services|
           image_id = @nodes_handler.get_image_of(node)
-          sudo = (ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(node)} ")
+          need_sudo = !@actions_executor.privileged_access?(node)
+          sudo = @actions_executor.sudo_prefix(node)
           # Install corporate certificates if present
           certificate_actions =
             if @local_environment && ENV['hpc_certificates']
@@ -568,7 +566,7 @@ module HybridPlatformsConductor
                   {
                     scp: {
                       ENV['hpc_certificates'] => '/usr/local/share/ca-certificates',
-                      :sudo => ssh_user != 'root'
+                      :sudo => need_sudo
                     },
                     remote_bash: "#{sudo}update-ca-certificates"
                   }
@@ -584,7 +582,7 @@ module HybridPlatformsConductor
                         cert_file,
                         '/etc/pki/ca-trust/source/anchors'
                       ]
-                    end.to_h.merge(sudo: ssh_user != 'root'),
+                    end.to_h.merge(sudo: need_sudo),
                     remote_bash: [
                       "#{sudo}update-ca-trust enable",
                       "#{sudo}update-ca-trust extract"
@@ -619,7 +617,7 @@ module HybridPlatformsConductor
         services.keys.map do |node|
           [
             node,
-            { remote_bash: "#{ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(node)} "}./mutex_dir unlock /tmp/hybrid_platforms_conductor_deploy_lock" }
+            { remote_bash: "#{@actions_executor.sudo_prefix(node)}./mutex_dir unlock /tmp/hybrid_platforms_conductor_deploy_lock" }
           ]
         end.to_h,
         timeout: 10,

data/lib/hybrid_platforms_conductor/hpc_plugins/connector/local.rb

@@ -77,8 +77,8 @@ module HybridPlatformsConductor
         def remote_copy(from, to, sudo: false, owner: nil, group: nil)
           # If the destination is a relative path, prepend the workspace dir to it.
           to = "#{workspace_for(@node)}/#{to}" unless to.start_with?('/')
-          if sudo
-            run_cmd "#{@nodes_handler.sudo_on(@node)} cp -r \"#{from}\" \"#{to}\""
+          if sudo && !@actions_executor.privileged_access?(@node)
+            run_cmd "#{@actions_executor.sudo_prefix(@node)}cp -r \"#{from}\" \"#{to}\""
           else
             FileUtils.cp_r from, to unless @cmd_runner.dry_run
           end

data/lib/hybrid_platforms_conductor/hpc_plugins/connector/ssh.rb

@@ -310,13 +310,14 @@ module HybridPlatformsConductor
         # * *owner* (String or nil): Owner to be used when copying the files, or nil for current one [default: nil]
         # * *group* (String or nil): Group to be used when copying the files, or nil for current one [default: nil]
         def remote_copy(from, to, sudo: false, owner: nil, group: nil)
+          need_sudo = sudo && !@actions_executor.privileged_access?(@node)
           if @nodes_handler.get_ssh_session_exec_of(@node) == false
             # We don't have ExecSession, so don't use ssh, but scp instead.
-            if sudo
+            if need_sudo
               # We need to first copy the file in an accessible directory, and then sudo mv
               remote_bash('mkdir -p hpc_tmp_scp')
               run_cmd "scp -S #{ssh_exec} #{from} #{ssh_url}:./hpc_tmp_scp"
-              remote_bash("#{@nodes_handler.sudo_on(@node)} mv ./hpc_tmp_scp/#{File.basename(from)} #{to}")
+              remote_bash("#{@actions_executor.sudo_prefix(@node)}mv ./hpc_tmp_scp/#{File.basename(from)} #{to}")
             else
               run_cmd "scp -S #{ssh_exec} #{from} #{ssh_url}:#{to}"
             end
@@ -332,7 +333,7 @@ module HybridPlatformsConductor
                 #{File.basename(from)} | \
               #{ssh_exec} \
                 #{ssh_url} \
-                \"#{sudo ? "#{@nodes_handler.sudo_on(@node)} " : ''}tar \
+                \"#{need_sudo ? @actions_executor.sudo_prefix(@node) : ''}tar \
                   --extract \
                   --gunzip \
                   --file - \

data/lib/hybrid_platforms_conductor/hpc_plugins/log/remote_fs.rb

@@ -29,10 +29,9 @@ module HybridPlatformsConductor
         # Result::
         # * Array< Hash<Symbol,Object> >: List of actions to be done
         def actions_to_save_logs(node, services, deployment_info, exit_status, stdout, stderr)
-          # Create a log file to be scp with all relevant info
-          ssh_user = @actions_executor.connector(:ssh).ssh_user
-          sudo_prefix = ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(node)} "
-          log_file = "#{Dir.tmpdir}/hpc_deploy_logs/#{node}_#{Time.now.utc.strftime('%F_%H%M%S')}_#{ssh_user}"
+          # Create a log file to be scp-ed with all relevant info
+          sudo_prefix = @actions_executor.sudo_prefix(node)
+          log_file = "#{Dir.tmpdir}/hpc_deploy_logs/#{node}_#{Time.now.utc.strftime('%F_%H%M%S')}_#{@actions_executor.connector(:ssh).ssh_user}"
           [
             {
               ruby: proc do
@@ -56,7 +55,7 @@ module HybridPlatformsConductor
             {
               scp: {
                 log_file => '/var/log/deployments',
-                :sudo => ssh_user != 'root',
+                :sudo => !@actions_executor.privileged_access?(node),
                 :owner => 'root',
                 :group => 'root'
               }
@@ -85,7 +84,7 @@ module HybridPlatformsConductor
         # Result::
         # * Array< Hash<Symbol,Object> >: List of actions to be done
         def actions_to_read_logs(node)
-          sudo_prefix = @actions_executor.connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(node)} "
+          sudo_prefix = @actions_executor.sudo_prefix(node)
           [
             { remote_bash: "#{sudo_prefix}cat /var/log/deployments/`#{sudo_prefix}ls -t /var/log/deployments/ | head -1`" }
           ]

data/lib/hybrid_platforms_conductor/hpc_plugins/platform_handler/serverless_chef.rb

@@ -263,7 +263,7 @@ module HybridPlatformsConductor
             raise "Missing file #{chef_versions_file} specifying the Chef Infra Client version to be deployed" unless File.exist?(chef_versions_file)
 
             required_chef_client_version = YAML.load_file(chef_versions_file)['client']
-            sudo = (@actions_executor.connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(node)} -E ")
+            sudo = @actions_executor.sudo_prefix(node, forward_env: true)
             [
               {
                 # Install dependencies

data/lib/hybrid_platforms_conductor/hpc_plugins/provisioner/proxmox.rb

@@ -436,7 +436,7 @@ module HybridPlatformsConductor
                 {
                   proxmox_test_info[:sync_node] => {
                     remote_bash: {
-                      commands: "#{@actions_executor.connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(proxmox_test_info[:sync_node])} -E "}./proxmox/#{cmd}",
+                      commands: "#{@actions_executor.sudo_prefix(proxmox_test_info[:sync_node], forward_env: true)}./proxmox/#{cmd}",
                       env: {
                         'hpc_user_for_proxmox' => user,
                         'hpc_password_for_proxmox' => password,

data/lib/hybrid_platforms_conductor/hpc_plugins/test/file_system.rb

@@ -17,7 +17,7 @@ module HybridPlatformsConductor
           # Flatten the paths rules so that we can spot inconsistencies in configuration
           @config.aggregate_files_rules(@nodes_handler, @node).map do |path, rule_info|
             [
-              "if #{@nodes_handler.sudo_on(@node)} /bin/bash -c '[[ -d \"#{path}\" ]]' ; then echo 1 ; else echo 0 ; fi",
+              "if #{@actions_executor.sudo_prefix(@node)}/bin/bash -c '[[ -d \"#{path}\" ]]' ; then echo 1 ; else echo 0 ; fi",
               {
                 validator: proc do |stdout, stderr|
                   case stdout.last

data/lib/hybrid_platforms_conductor/hpc_plugins/test/hostname.rb

@@ -12,8 +12,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            # TODO: Access the user correctly when the user notion will be moved out of the ssh connector
-            "#{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}hostname -s" => proc do |stdout|
+            "#{@actions_executor.sudo_prefix(@node)}hostname -s" => proc do |stdout|
               assert_equal stdout.first, @node, "Expected hostname to be #{@node}, but got #{stdout.first} instead."
             end
           }

data/lib/hybrid_platforms_conductor/hpc_plugins/test/ip.rb

@@ -12,8 +12,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            # TODO: Access the user correctly when the user notion will be moved out of the ssh connector
-            "#{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}hostname -I" => proc do |stdout|
+            "#{@actions_executor.sudo_prefix(@node)}hostname -I" => proc do |stdout|
               if stdout.first.nil?
                 error 'No IP returned by "hostname -I"'
               else

data/lib/hybrid_platforms_conductor/hpc_plugins/test/local_users.rb

@@ -59,8 +59,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            # TODO: Access the user correctly when the user notion will be moved out of the ssh connector
-            "#{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}cat /etc/passwd" => proc do |stdout|
+            "#{@actions_executor.sudo_prefix(@node)}cat /etc/passwd" => proc do |stdout|
               passwd_users = stdout.map { |passwd_line| passwd_line.split(':').first }
               missing_users = @nodes_handler.
                 select_confs_for_node(@node, @config.users_that_should_be_present).

data/lib/hybrid_platforms_conductor/hpc_plugins/test/mounts.rb

@@ -63,8 +63,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            # TODO: Access the user correctly when the user notion will be moved out of the ssh connector
-            "#{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}mount" => proc do |stdout|
+            "#{@actions_executor.sudo_prefix(@node)}mount" => proc do |stdout|
               mounts_info = stdout.map do |line|
                 fields = line.split
                 {

data/lib/hybrid_platforms_conductor/hpc_plugins/test/orphan_files.rb

@@ -52,8 +52,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           {
-            # TODO: Access the user correctly when the user notion will be moved out of the ssh connector
-            "#{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}/usr/bin/find / \\( #{
+            "#{@actions_executor.sudo_prefix(@node)}/usr/bin/find / \\( #{
               @nodes_handler.
                 select_confs_for_node(@node, @config.ignored_orphan_files_paths).
                 inject(DIRECTORIES_TO_ALWAYS_IGNORE) { |merged_paths, paths_to_ignore_info| merged_paths + paths_to_ignore_info[:ignored_paths] }.

data/lib/hybrid_platforms_conductor/hpc_plugins/test/spectre.rb

@@ -18,7 +18,7 @@ module HybridPlatformsConductor
         # Check my_test_plugin.rb.sample documentation for signature details.
         def test_on_node
           spectre_cmd = <<~EO_BASH
-            #{@deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "}/bin/bash <<'EOAction'
+            #{@actions_executor.sudo_prefix(@node)}/bin/bash <<'EOAction'
             #{File.read("#{__dir__}/spectre-meltdown-checker.sh")}
             EOAction
           EO_BASH

data/lib/hybrid_platforms_conductor/hpc_plugins/test/vulnerabilities.rb

@@ -56,8 +56,7 @@ module HybridPlatformsConductor
                   current_url
                 end
               )
-              # TODO: Access the user correctly when the user notion will be moved out of the ssh connector
-              sudo = @deployer.instance_variable_get(:@actions_executor).connector(:ssh).ssh_user == 'root' ? '' : "#{@nodes_handler.sudo_on(@node)} "
+              sudo = @actions_executor.sudo_prefix(@node)
               urls.map do |url|
                 # 1. Get the OVAL file on the node to be tested (uncompress it if needed)
                 # 2. Make sure oscap is installed

data/lib/hybrid_platforms_conductor/test.rb

@@ -36,20 +36,34 @@ module HybridPlatformsConductor
     # Constructor
     #
     # Parameters::
-    # * *logger* (Logger): Logger to be used
-    # * *logger_stderr* (Logger): Logger to be used for stderr
-    # * *config* (Config): Config to be used.
-    # * *cmd_runner* (CmdRunner): CmdRunner that can be used by tests
-    # * *nodes_handler* (NodesHandler): Nodes handler that can be used by tests
-    # * *deployer* (Deployer): Deployer that can be used by tests
+    # * *logger* (Logger): Logger to be used [default: Logger.new($stdout)]
+    # * *logger_stderr* (Logger): Logger to be used for stderr [default: Logger.new($stderr)]
+    # * *config* (Config): Config to be used. [default: Config.new]
+    # * *cmd_runner* (CmdRunner): Command executor to be used. [default: CmdRunner.new]
+    # * *nodes_handler* (NodesHandler): Nodes handler to be used. [default: NodesHandler.new]
+    # * *actions_executor* (ActionsExecutor): Actions Executor to be used. [default: ActionsExecutor.new]
+    # * *deployer* (Deployer): Deployer that can be used by tests [default: Deployer.new]
     # * *name* (String): Name of the test being instantiated [default: 'unknown_test']
     # * *platform* (PlatformHandler): Platform handler for which the test is instantiated, or nil if global or node specific [default: nil]
     # * *node* (String): Node name for which the test is instantiated, or nil if global or platform specific [default: nil]
     # * *expected_failure* (String or nil): Expected failure, or nil if not expected to fail [default: nil]
-    def initialize(logger, logger_stderr, config, cmd_runner, nodes_handler, deployer, name: 'unknown_test', platform: nil, node: nil, expected_failure: nil)
+    def initialize(
+      logger: Logger.new($stdout),
+      logger_stderr: Logger.new($stderr),
+      config: Config.new,
+      cmd_runner: CmdRunner.new,
+      nodes_handler: NodesHandler.new,
+      actions_executor: ActionsExecutor.new,
+      deployer: Deployer.new,
+      name: 'unknown_test',
+      platform: nil,
+      node: nil,
+      expected_failure: nil
+    )
       super(logger: logger, logger_stderr: logger_stderr, config: config)
       @cmd_runner = cmd_runner
       @nodes_handler = nodes_handler
+      @actions_executor = actions_executor
       @deployer = deployer
       @name = name
       @platform = platform

data/lib/hybrid_platforms_conductor/tests_runner.rb

@@ -274,12 +274,13 @@ module HybridPlatformsConductor
     # * Test: Corresponding test
     def new_test(test_name, platform: nil, node: nil, ignore_expected_failure: false)
       (test_name.nil? ? Test : @tests_plugins[test_name]).new(
-        @logger,
-        @logger_stderr,
-        @config,
-        @cmd_runner,
-        @nodes_handler,
-        @deployer,
+        logger: @logger,
+        logger_stderr: @logger_stderr,
+        config: @config,
+        cmd_runner: @cmd_runner,
+        nodes_handler: @nodes_handler,
+        actions_executor: @actions_executor,
+        deployer: @deployer,
         name: test_name.nil? ? :global : test_name,
         platform: platform,
         node: node,

data/lib/hybrid_platforms_conductor/version.rb

@@ -1,5 +1,5 @@
 module HybridPlatformsConductor
 
-  VERSION = '33.5.0'
+  VERSION = '33.5.1'
 
 end

data/spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/local/remote_actions_spec.rb

@@ -107,6 +107,10 @@ describe HybridPlatformsConductor::ActionsExecutor do
       it 'copies files remotely with sudo' do
         with_test_platform_for_remote_testing(
           expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'test_user', ''] }
+            ],
             [
               'sudo -u root cp -r "/path/to/src.file" "/remote_path/to/dst.dir"',
               proc { [0, '', ''] }
@@ -117,9 +121,27 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'copies files remotely with sudo when being root' do
+        with_test_platform_for_remote_testing(
+          expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'root', ''] }
+            ]
+          ]
+        ) do
+          expect(FileUtils).to receive(:cp_r).with('/path/to/src.file', '/remote_path/to/dst.dir')
+          test_connector.remote_copy('/path/to/src.file', '/remote_path/to/dst.dir', sudo: true)
+        end
+      end
+
       it 'copies files remotely with a different sudo' do
         with_test_platform_for_remote_testing(
           expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'test_user', ''] }
+            ],
             [
               'other_sudo --user root cp -r "/path/to/src.file" "/remote_path/to/dst.dir"',
               proc { [0, '', ''] }
@@ -133,6 +155,23 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'copies files remotely with a different sudo when being root' do
+        with_test_platform_for_remote_testing(
+          expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'root', ''] }
+            ]
+          ],
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          expect(FileUtils).to receive(:cp_r).with('/path/to/src.file', '/remote_path/to/dst.dir')
+          test_connector.remote_copy('/path/to/src.file', '/remote_path/to/dst.dir', sudo: true)
+        end
+      end
+
       it 'copies files remotely with timeout' do
         with_test_platform_for_remote_testing(
           timeout: 5
@@ -152,6 +191,10 @@ describe HybridPlatformsConductor::ActionsExecutor do
       it 'copies relative files remotely with sudo' do
         with_test_platform_for_remote_testing(
           expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'test_user', ''] }
+            ],
             [
               'sudo -u root cp -r "/path/to/src.file" "/tmp/hpc_local_workspaces/node/to/dst.dir"',
               proc { [0, '', ''] }
@@ -162,9 +205,27 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'copies relative files remotely with sudo when being root' do
+        with_test_platform_for_remote_testing(
+          expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'root', ''] }
+            ]
+          ]
+        ) do
+          expect(FileUtils).to receive(:cp_r).with('/path/to/src.file', '/tmp/hpc_local_workspaces/node/to/dst.dir')
+          test_connector.remote_copy('/path/to/src.file', 'to/dst.dir', sudo: true)
+        end
+      end
+
       it 'copies relative files remotely with a different sudo' do
         with_test_platform_for_remote_testing(
           expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'test_user', ''] }
+            ],
             [
               'other_sudo --user root cp -r "/path/to/src.file" "/tmp/hpc_local_workspaces/node/to/dst.dir"',
               proc { [0, '', ''] }
@@ -178,6 +239,23 @@ describe HybridPlatformsConductor::ActionsExecutor do
         end
       end
 
+      it 'copies relative files remotely with a different sudo when being root' do
+        with_test_platform_for_remote_testing(
+          expected_cmds: [
+            [
+              'whoami',
+              proc { [0, 'root', ''] }
+            ]
+          ],
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          expect(FileUtils).to receive(:cp_r).with('/path/to/src.file', '/tmp/hpc_local_workspaces/node/to/dst.dir')
+          test_connector.remote_copy('/path/to/src.file', 'to/dst.dir', sudo: true)
+        end
+      end
+
     end
 
   end

data/spec/hybrid_platforms_conductor_test/api/actions_executor/helpers_spec.rb

@@ -0,0 +1,195 @@
+describe HybridPlatformsConductor::ActionsExecutor do
+
+  context 'when checking helpers' do
+
+    it 'gives access to connectors' do
+      with_test_platform({}) do
+        expect(test_actions_executor.connector(:ssh)).not_to be_nil
+      end
+    end
+
+    it 'returns if a user has privileged access on a node' do
+      with_test_platform({ nodes: { 'node' => {} } }) do
+        test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+        expect(test_actions_executor.privileged_access?('node')).to eq false
+      end
+    end
+
+    it 'returns if a user has privileged access on a node when connecting with root' do
+      with_test_platform({ nodes: { 'node' => {} } }) do
+        test_actions_executor.connector(:ssh).ssh_user = 'root'
+        expect(test_actions_executor.privileged_access?('node')).to eq true
+      end
+    end
+
+    it 'returns if a user has privileged access on a local node' do
+      with_test_platform({ nodes: { 'node' => { meta: { local_node: true } } } }) do
+        with_cmd_runner_mocked [
+          ['whoami', proc { [0, 'test_user', ''] }]
+        ] do
+          test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+          expect(test_actions_executor.privileged_access?('node')).to eq false
+        end
+      end
+    end
+
+    it 'returns if a user has privileged access on a local node when local user is root' do
+      with_test_platform({ nodes: { 'node' => { meta: { local_node: true } } } }) do
+        with_cmd_runner_mocked [
+          ['whoami', proc { [0, 'root', ''] }]
+        ] do
+          test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+          expect(test_actions_executor.privileged_access?('node')).to eq true
+        end
+      end
+    end
+
+    context 'with connection on a remote node' do
+
+      it 'returns the correct sudo prefix' do
+        with_test_platform({ nodes: { 'node' => {} } }) do
+          test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+          expect(test_actions_executor.sudo_prefix('node')).to eq 'sudo -u root '
+        end
+      end
+
+      it 'returns the correct sudo prefix with env forwarding' do
+        with_test_platform({ nodes: { 'node' => {} } }) do
+          test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+          expect(test_actions_executor.sudo_prefix('node', forward_env: true)).to eq 'sudo -u root -E '
+        end
+      end
+
+      it 'returns the correct sudo prefix when connecting as root' do
+        with_test_platform({ nodes: { 'node' => {} } }) do
+          test_actions_executor.connector(:ssh).ssh_user = 'root'
+          expect(test_actions_executor.sudo_prefix('node')).to eq ''
+        end
+      end
+
+      it 'returns the correct sudo prefix with a different sudo' do
+        with_test_platform(
+          { nodes: { 'node' => {} } },
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+          expect(test_actions_executor.sudo_prefix('node')).to eq 'other_sudo --user root '
+        end
+      end
+
+      it 'returns the correct sudo prefix with a different sudo and env forwarding' do
+        with_test_platform(
+          { nodes: { 'node' => {} } },
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+          expect(test_actions_executor.sudo_prefix('node', forward_env: true)).to eq 'other_sudo --user root -E '
+        end
+      end
+
+      it 'returns the correct sudo prefix with a different sudo when connecting as root' do
+        with_test_platform(
+          { nodes: { 'node' => {} } },
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          test_actions_executor.connector(:ssh).ssh_user = 'root'
+          expect(test_actions_executor.sudo_prefix('node')).to eq ''
+        end
+      end
+
+    end
+
+    context 'with connection on a local node' do
+
+      it 'returns the correct sudo prefix' do
+        with_test_platform({ nodes: { 'node' => { meta: { local_node: true } } } }) do
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'test_user', ''] }]
+          ] do
+            test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+            expect(test_actions_executor.sudo_prefix('node')).to eq 'sudo -u root '
+          end
+        end
+      end
+
+      it 'returns the correct sudo prefix with env forwarding' do
+        with_test_platform({ nodes: { 'node' => { meta: { local_node: true } } } }) do
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'test_user', ''] }]
+          ] do
+            test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+            expect(test_actions_executor.sudo_prefix('node', forward_env: true)).to eq 'sudo -u root -E '
+          end
+        end
+      end
+
+      it 'returns the correct sudo prefix when connecting as root' do
+        with_test_platform({ nodes: { 'node' => { meta: { local_node: true } } } }) do
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'root', ''] }]
+          ] do
+            test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+            expect(test_actions_executor.sudo_prefix('node')).to eq ''
+          end
+        end
+      end
+
+      it 'returns the correct sudo prefix with a different sudo' do
+        with_test_platform(
+          { nodes: { 'node' => { meta: { local_node: true } } } },
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'test_user', ''] }]
+          ] do
+            test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+            expect(test_actions_executor.sudo_prefix('node')).to eq 'other_sudo --user root '
+          end
+        end
+      end
+
+      it 'returns the correct sudo prefix with a different sudo and env forwarding' do
+        with_test_platform(
+          { nodes: { 'node' => { meta: { local_node: true } } } },
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'test_user', ''] }]
+          ] do
+            test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+            expect(test_actions_executor.sudo_prefix('node', forward_env: true)).to eq 'other_sudo --user root -E '
+          end
+        end
+      end
+
+      it 'returns the correct sudo prefix with a different sudo when connecting as root' do
+        with_test_platform(
+          { nodes: { 'node' => { meta: { local_node: true } } } },
+          additional_config: <<~'EO_CONFIG'
+            sudo_for { |user| "other_sudo --user #{user}" }
+          EO_CONFIG
+        ) do
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'root', ''] }]
+          ] do
+            test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+            expect(test_actions_executor.sudo_prefix('node')).to eq ''
+          end
+        end
+      end
+
+    end
+
+  end
+
+end

data/spec/hybrid_platforms_conductor_test/api/deployer/log_plugins/remote_fs_spec.rb

@@ -129,6 +129,127 @@ describe HybridPlatformsConductor::Deployer do
         end
       end
 
+      it 'returns actions to save logs on a local node' do
+        with_test_platform({ nodes: { 'node' => { meta: { local_node: true }, services: %w[service1 service2] } } }, additional_config: 'send_logs_to :remote_fs') do
+          test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+          expect_services_handler_to_deploy('node' => %w[service1 service2])
+          expect_actions_executor_runs [
+            # First run, we expect the mutex to be setup, and the deployment actions to be run
+            proc do |actions_per_nodes|
+              expect_actions_to_deploy_on(
+                actions_per_nodes,
+                'node',
+                mocked_result: { 'node' => [0, 'Deploy successful stdout', 'Deploy successful stderr'] }
+              )
+            end,
+            # Second run, we expect the mutex to be released
+            proc { |actions_per_nodes| expect_actions_to_unlock(actions_per_nodes, 'node') },
+            # Third run, we expect logs to be uploaded on the node
+            proc do |actions_per_nodes|
+              expect(actions_per_nodes['node'].size).to eq 3
+              expect(actions_per_nodes['node'][0].keys.sort).to eq %i[ruby remote_bash].sort
+              expect(actions_per_nodes['node'][0][:remote_bash]).to eq 'sudo -u root mkdir -p /var/log/deployments && sudo -u root chmod 600 /var/log/deployments'
+              expect(actions_per_nodes['node'][1].keys.sort).to eq %i[scp].sort
+              expect(actions_per_nodes['node'][1][:scp].delete(:sudo)).to eq true
+              expect(actions_per_nodes['node'][1][:scp].delete(:owner)).to eq 'root'
+              expect(actions_per_nodes['node'][1][:scp].delete(:group)).to eq 'root'
+              expect(actions_per_nodes['node'][1][:scp].size).to eq 1
+              tmp_log_file = actions_per_nodes['node'][1][:scp].first[0]
+              expect(actions_per_nodes['node'][1][:scp].first[1]).to eq '/var/log/deployments'
+              expect(actions_per_nodes['node'][2].keys.sort).to eq %i[ruby remote_bash].sort
+              expect(actions_per_nodes['node'][2][:remote_bash]).to eq "sudo -u root chmod 600 /var/log/deployments/#{File.basename(tmp_log_file)}"
+              # Call the Ruby codes to be tested
+              actions_per_nodes['node'][0][:ruby].call
+              expect(File.exist?(tmp_log_file)).to eq true
+              file_content_regexp = Regexp.new <<~EOREGEXP
+                repo_name_0: platform
+                commit_id_0: 123456
+                commit_message_0: Test commit for node: service1, service2
+                date: \\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}
+                user: test_user
+                debug: No
+                services: service1, service2
+                exit_status: 0
+                ===== STDOUT =====
+                Deploy successful stdout
+                ===== STDERR =====
+                Deploy successful stderr
+              EOREGEXP
+              expect(File.read(tmp_log_file)).to match file_content_regexp
+              actions_per_nodes['node'][2][:ruby].call
+              # Check temporary log file gets deleted for security reasons
+              expect(File.exist?(tmp_log_file)).to eq false
+            end
+          ]
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'test_user', ''] }]
+          ] do
+            expect(test_deployer.deploy_on('node')).to eq('node' => [0, 'Deploy successful stdout', 'Deploy successful stderr'])
+          end
+        end
+      end
+
+      it 'returns actions to save logs on a local node as root' do
+        with_test_platform({ nodes: { 'node' => { meta: { local_node: true }, services: %w[service1 service2] } } }, additional_config: 'send_logs_to :remote_fs') do
+          test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+          expect_services_handler_to_deploy('node' => %w[service1 service2])
+          expect_actions_executor_runs [
+            # First run, we expect the mutex to be setup, and the deployment actions to be run
+            proc do |actions_per_nodes|
+              expect_actions_to_deploy_on(
+                actions_per_nodes,
+                'node',
+                sudo: nil,
+                mocked_result: { 'node' => [0, 'Deploy successful stdout', 'Deploy successful stderr'] }
+              )
+            end,
+            # Second run, we expect the mutex to be released
+            proc { |actions_per_nodes| expect_actions_to_unlock(actions_per_nodes, 'node', sudo: nil) },
+            # Third run, we expect logs to be uploaded on the node
+            proc do |actions_per_nodes|
+              expect(actions_per_nodes['node'].size).to eq 3
+              expect(actions_per_nodes['node'][0].keys.sort).to eq %i[ruby remote_bash].sort
+              expect(actions_per_nodes['node'][0][:remote_bash]).to eq 'mkdir -p /var/log/deployments && chmod 600 /var/log/deployments'
+              expect(actions_per_nodes['node'][1].keys.sort).to eq %i[scp].sort
+              expect(actions_per_nodes['node'][1][:scp].delete(:sudo)).to eq false
+              expect(actions_per_nodes['node'][1][:scp].delete(:owner)).to eq 'root'
+              expect(actions_per_nodes['node'][1][:scp].delete(:group)).to eq 'root'
+              expect(actions_per_nodes['node'][1][:scp].size).to eq 1
+              tmp_log_file = actions_per_nodes['node'][1][:scp].first[0]
+              expect(actions_per_nodes['node'][1][:scp].first[1]).to eq '/var/log/deployments'
+              expect(actions_per_nodes['node'][2].keys.sort).to eq %i[ruby remote_bash].sort
+              expect(actions_per_nodes['node'][2][:remote_bash]).to eq "chmod 600 /var/log/deployments/#{File.basename(tmp_log_file)}"
+              # Call the Ruby codes to be tested
+              actions_per_nodes['node'][0][:ruby].call
+              expect(File.exist?(tmp_log_file)).to eq true
+              file_content_regexp = Regexp.new <<~EOREGEXP
+                repo_name_0: platform
+                commit_id_0: 123456
+                commit_message_0: Test commit for node: service1, service2
+                date: \\d{4}-\\d{2}-\\d{2} \\d{2}:\\d{2}:\\d{2}
+                user: test_user
+                debug: No
+                services: service1, service2
+                exit_status: 0
+                ===== STDOUT =====
+                Deploy successful stdout
+                ===== STDERR =====
+                Deploy successful stderr
+              EOREGEXP
+              expect(File.read(tmp_log_file)).to match file_content_regexp
+              actions_per_nodes['node'][2][:ruby].call
+              # Check temporary log file gets deleted for security reasons
+              expect(File.exist?(tmp_log_file)).to eq false
+            end
+          ]
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'root', ''] }]
+          ] do
+            expect(test_deployer.deploy_on('node')).to eq('node' => [0, 'Deploy successful stdout', 'Deploy successful stderr'])
+          end
+        end
+      end
+
       it 'reads logs' do
         with_test_platform_for_remote_fs do
           expect_actions_executor_runs [
@@ -216,6 +337,100 @@ describe HybridPlatformsConductor::Deployer do
         end
       end
 
+      it 'reads logs on a local node' do
+        with_test_platform({ nodes: { 'node' => { meta: { local_node: true }, services: %w[service1 service2] } } }, additional_config: 'send_logs_to :remote_fs') do
+          expect_actions_executor_runs [
+            # Expect the actions to get log files
+            proc do |actions_per_nodes|
+              expect(actions_per_nodes).to eq('node' => [{ remote_bash: 'sudo -u root cat /var/log/deployments/`sudo -u root ls -t /var/log/deployments/ | head -1`' }])
+              { 'node' => [0, <<~EO_STDOUT, ''] }
+                repo_name_0: platform
+                commit_id_0: 123456
+                commit_message_0: Test commit for node: service1, service2
+                diff_files_0: file1, file2, file3
+                date: 2017-11-23 18:43:01
+                user: test_user
+                debug: Yes
+                services: service1, service2, service3
+                exit_status: 0
+                ===== STDOUT =====
+                Deploy successful stdout
+                ===== STDERR =====
+                Deploy successful stderr
+              EO_STDOUT
+            end
+          ]
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'test_user', ''] }]
+          ] do
+            expect(test_deployer.deployment_info_from('node')).to eq(
+              'node' => {
+                deployment_info: {
+                  repo_name_0: 'platform',
+                  commit_id_0: '123456',
+                  commit_message_0: 'Test commit for node: service1, service2',
+                  diff_files_0: %w[file1 file2 file3],
+                  date: Time.parse('2017-11-23 18:43:01 UTC'),
+                  debug: true,
+                  user: 'test_user'
+                },
+                exit_status: 0,
+                services: %w[service1 service2 service3],
+                stderr: 'Deploy successful stderr',
+                stdout: 'Deploy successful stdout'
+              }
+            )
+          end
+        end
+      end
+
+      it 'reads logs on a local node as root' do
+        with_test_platform({ nodes: { 'node' => { meta: { local_node: true }, services: %w[service1 service2] } } }, additional_config: 'send_logs_to :remote_fs') do
+          expect_actions_executor_runs [
+            # Expect the actions to get log files
+            proc do |actions_per_nodes|
+              expect(actions_per_nodes).to eq('node' => [{ remote_bash: 'cat /var/log/deployments/`ls -t /var/log/deployments/ | head -1`' }])
+              { 'node' => [0, <<~EO_STDOUT, ''] }
+                repo_name_0: platform
+                commit_id_0: 123456
+                commit_message_0: Test commit for node: service1, service2
+                diff_files_0: file1, file2, file3
+                date: 2017-11-23 18:43:01
+                user: test_user
+                debug: Yes
+                services: service1, service2, service3
+                exit_status: 0
+                ===== STDOUT =====
+                Deploy successful stdout
+                ===== STDERR =====
+                Deploy successful stderr
+              EO_STDOUT
+            end
+          ]
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'root', ''] }]
+          ] do
+            expect(test_deployer.deployment_info_from('node')).to eq(
+              'node' => {
+                deployment_info: {
+                  repo_name_0: 'platform',
+                  commit_id_0: '123456',
+                  commit_message_0: 'Test commit for node: service1, service2',
+                  diff_files_0: %w[file1 file2 file3],
+                  date: Time.parse('2017-11-23 18:43:01 UTC'),
+                  debug: true,
+                  user: 'test_user'
+                },
+                exit_status: 0,
+                services: %w[service1 service2 service3],
+                stderr: 'Deploy successful stderr',
+                stdout: 'Deploy successful stdout'
+              }
+            )
+          end
+        end
+      end
+
     end
 
   end

data/spec/hybrid_platforms_conductor_test/api/platform_handlers/serverless_chef/services_deployment_spec.rb

@@ -256,6 +256,44 @@ describe HybridPlatformsConductor::HpcPlugins::PlatformHandler::ServerlessChef d
 
     end
 
+    context 'with a platform having 1 local node' do
+
+      it 'returns actions to deploy on this node' do
+        with_serverless_chef_platforms('1_local_node') do |platform, repository|
+          mock_package(repository)
+          platform.prepare_for_deploy(
+            services: { 'node' => %w[test_policy] },
+            secrets: {},
+            local_environment: false,
+            why_run: false
+          )
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'test_user', ''] }]
+          ] do
+            expect(platform.actions_to_deploy_on('node', 'test_policy', use_why_run: false)).to eq expected_actions_to_deploy_chef(repository)
+          end
+        end
+      end
+
+      it 'returns actions to deploy on this node as root' do
+        with_serverless_chef_platforms('1_local_node') do |platform, repository|
+          mock_package(repository)
+          platform.prepare_for_deploy(
+            services: { 'node' => %w[test_policy] },
+            secrets: {},
+            local_environment: false,
+            why_run: false
+          )
+          with_cmd_runner_mocked [
+            ['whoami', proc { [0, 'root', ''] }]
+          ] do
+            expect(platform.actions_to_deploy_on('node', 'test_policy', use_why_run: false)).to eq expected_actions_to_deploy_chef(repository, sudo: '')
+          end
+        end
+      end
+
+    end
+
     context 'with a platform having several nodes' do
 
       it 'deploys services declared on 1 node on another node if asked' do

data/spec/hybrid_platforms_conductor_test/serverless_chef_repositories/1_local_node/chef_versions.yml

@@ -0,0 +1,3 @@
+---
+workstation: '21.5'
+client: '17.0'

data/spec/hybrid_platforms_conductor_test/serverless_chef_repositories/1_local_node/nodes/node.json

@@ -0,0 +1,15 @@
+{
+  "name": "node",
+  "normal": {
+    "description": "Single test node",
+    "image": "debian_9",
+    "private_ips": ["172.16.0.1"],
+    "local_node": true,
+    "property_1": {
+      "property_11": "value11"
+    },
+    "property_2": "value2"
+  },
+  "policy_name": "test_policy",
+  "policy_group": "test_group"
+}

data/spec/hybrid_platforms_conductor_test/serverless_chef_repositories/1_local_node/policyfiles/test_policy.rb

@@ -0,0 +1,3 @@
+name File.basename(__FILE__, '.rb')
+default_source :supermarket
+run_list 'recipe[test_cookbook]'

data/spec/hybrid_platforms_conductor_test/shared_examples/deployer.rb

@@ -46,6 +46,30 @@ shared_examples 'a deployer' do
     end
   end
 
+  it 'deploys on 1 local node' do
+    with_platform_to_deploy(nodes_info: { nodes: { 'node' => { meta: { local_node: true }, services: %w[service] } } }) do
+      # Make sure the ssh_user is ignored in this case
+      test_actions_executor.connector(:ssh).ssh_user = 'root'
+      with_cmd_runner_mocked [
+        ['whoami', proc { [0, 'test_user', ''] }]
+      ] do
+        expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+      end
+    end
+  end
+
+  it 'deploys on 1 local node as root' do
+    with_platform_to_deploy(nodes_info: { nodes: { 'node' => { meta: { local_node: true }, services: %w[service] } } }, expect_sudo: nil) do
+      # Make sure the ssh_user is ignored in this case
+      test_actions_executor.connector(:ssh).ssh_user = 'test_user'
+      with_cmd_runner_mocked [
+        ['whoami', proc { [0, 'root', ''] }]
+      ] do
+        expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+      end
+    end
+  end
+
   it 'deploys on 1 node using 1 secret' do
     with_platform_to_deploy(expect_secrets: { 'secret1' => 'password1' }) do
       test_deployer.override_secrets('secret1' => 'password1')
@@ -137,6 +161,61 @@ shared_examples 'a deployer' do
     end
   end
 
+  it 'deploys on 1 local node in local environment with certificates to install using hpc_certificates on Debian' do
+    with_certs_dir do |certs_dir|
+      with_platform_to_deploy(
+        nodes_info: { nodes: { 'node' => { meta: { local_node: true, image: 'debian_9' }, services: %w[service] } } },
+        expect_local_environment: true,
+        expect_additional_actions: [
+          { remote_bash: 'sudo -u root apt update && sudo -u root apt install -y ca-certificates' },
+          {
+            remote_bash: 'sudo -u root update-ca-certificates',
+            scp: {
+              certs_dir => '/usr/local/share/ca-certificates',
+              :sudo => true
+            }
+          }
+        ]
+      ) do
+        ENV['hpc_certificates'] = certs_dir
+        test_deployer.local_environment = true
+        with_cmd_runner_mocked [
+          ['whoami', proc { [0, 'test_user', ''] }]
+        ] do
+          expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+        end
+      end
+    end
+  end
+
+  it 'deploys on 1 local node in local environment with certificates to install using hpc_certificates on Debian as root' do
+    with_certs_dir do |certs_dir|
+      with_platform_to_deploy(
+        nodes_info: { nodes: { 'node' => { meta: { local_node: true, image: 'debian_9' }, services: %w[service] } } },
+        expect_sudo: nil,
+        expect_local_environment: true,
+        expect_additional_actions: [
+          { remote_bash: 'apt update && apt install -y ca-certificates' },
+          {
+            remote_bash: 'update-ca-certificates',
+            scp: {
+              certs_dir => '/usr/local/share/ca-certificates',
+              :sudo => false
+            }
+          }
+        ]
+      ) do
+        ENV['hpc_certificates'] = certs_dir
+        test_deployer.local_environment = true
+        with_cmd_runner_mocked [
+          ['whoami', proc { [0, 'root', ''] }]
+        ] do
+          expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+        end
+      end
+    end
+  end
+
   it 'deploys on 1 node with certificates to install using hpc_certificates on CentOS' do
     with_certs_dir do |certs_dir|
       with_platform_to_deploy(
@@ -212,6 +291,61 @@ shared_examples 'a deployer' do
     end
   end
 
+  it 'deploys on 1 local node with certificates to install using hpc_certificates on CentOS' do
+    with_certs_dir do |certs_dir|
+      with_platform_to_deploy(
+        nodes_info: { nodes: { 'node' => { meta: { local_node: true, image: 'centos_7' }, services: %w[service] } } },
+        expect_local_environment: true,
+        expect_additional_actions: [
+          { remote_bash: 'sudo -u root yum install -y ca-certificates' },
+          {
+            remote_bash: ['sudo -u root update-ca-trust enable', 'sudo -u root update-ca-trust extract'],
+            scp: {
+              "#{certs_dir}/test_cert.crt" => '/etc/pki/ca-trust/source/anchors',
+              :sudo => true
+            }
+          }
+        ]
+      ) do
+        ENV['hpc_certificates'] = certs_dir
+        test_deployer.local_environment = true
+        with_cmd_runner_mocked [
+          ['whoami', proc { [0, 'test_user', ''] }]
+        ] do
+          expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+        end
+      end
+    end
+  end
+
+  it 'deploys on 1 local node with certificates to install using hpc_certificates on CentOS as root' do
+    with_certs_dir do |certs_dir|
+      with_platform_to_deploy(
+        nodes_info: { nodes: { 'node' => { meta: { local_node: true, image: 'centos_7' }, services: %w[service] } } },
+        expect_sudo: nil,
+        expect_local_environment: true,
+        expect_additional_actions: [
+          { remote_bash: 'yum install -y ca-certificates' },
+          {
+            remote_bash: ['update-ca-trust enable', 'update-ca-trust extract'],
+            scp: {
+              "#{certs_dir}/test_cert.crt" => '/etc/pki/ca-trust/source/anchors',
+              :sudo => false
+            }
+          }
+        ]
+      ) do
+        ENV['hpc_certificates'] = certs_dir
+        test_deployer.local_environment = true
+        with_cmd_runner_mocked [
+          ['whoami', proc { [0, 'root', ''] }]
+        ] do
+          expect(test_deployer.deploy_on('node')).to eq('node' => expected_deploy_result)
+        end
+      end
+    end
+  end
+
   it 'deploys on several nodes' do
     with_platform_to_deploy(
       nodes_info: {

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hybrid_platforms_conductor
 version: !ruby/object:Gem::Version
-  version: 33.5.0
+  version: 33.5.1
 platform: ruby
 authors:
 - Muriel Salvan
@@ -866,6 +866,7 @@ files:
 - spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/ssh/global_helpers_spec.rb
 - spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/ssh/node_helpers_spec.rb
 - spec/hybrid_platforms_conductor_test/api/actions_executor/connectors/ssh/remote_actions_spec.rb
+- spec/hybrid_platforms_conductor_test/api/actions_executor/helpers_spec.rb
 - spec/hybrid_platforms_conductor_test/api/actions_executor/logging_spec.rb
 - spec/hybrid_platforms_conductor_test/api/actions_executor/parallel_spec.rb
 - spec/hybrid_platforms_conductor_test/api/actions_executor/timeout_spec.rb
@@ -982,6 +983,9 @@ files:
 - spec/hybrid_platforms_conductor_test/platform_handler_plugins/test_2.rb
 - spec/hybrid_platforms_conductor_test/report_plugin.rb
 - spec/hybrid_platforms_conductor_test/rubocop_spec.rb
+- spec/hybrid_platforms_conductor_test/serverless_chef_repositories/1_local_node/chef_versions.yml
+- spec/hybrid_platforms_conductor_test/serverless_chef_repositories/1_local_node/nodes/node.json
+- spec/hybrid_platforms_conductor_test/serverless_chef_repositories/1_local_node/policyfiles/test_policy.rb
 - spec/hybrid_platforms_conductor_test/serverless_chef_repositories/1_node/chef_versions.yml
 - spec/hybrid_platforms_conductor_test/serverless_chef_repositories/1_node/nodes/node.json
 - spec/hybrid_platforms_conductor_test/serverless_chef_repositories/1_node/policyfiles/test_policy.rb