From b4218d3ec0d1fe06ec0e1e1ade799ed20123d144 Mon Sep 17 00:00:00 2001 From: Oli Date: Sat, 23 Sep 2023 20:31:07 +0000 Subject: [PATCH] ansible-lint recommendations activate privilege escalation when changing users --- roles/bastion/tasks/ssh.yml | 3 ++- roles/bastion/tasks/terraform.yml | 6 ++++-- roles/postgresql/tasks/postgresql.yml | 3 ++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/bastion/tasks/ssh.yml b/roles/bastion/tasks/ssh.yml index 8b614d5..161d510 100644 --- a/roles/bastion/tasks/ssh.yml +++ b/roles/bastion/tasks/ssh.yml @@ -1,9 +1,10 @@ --- - name: Copy SSH config/keys + become: true + become_user: "{{ main_user }}" copy: src: "ssh/" dest: "~/.ssh/" mode: "0600" directory_mode: true - become_user: "{{ main_user }}" diff --git a/roles/bastion/tasks/terraform.yml b/roles/bastion/tasks/terraform.yml index ebe706f..e490753 100644 --- a/roles/bastion/tasks/terraform.yml +++ b/roles/bastion/tasks/terraform.yml @@ -1,16 +1,18 @@ --- - name: Create .tfvars_token_dtsv + become: true + become_user: "{{ main_user }}" template: src: "tfvars_token.j2" dest: "~/.tfvars_token_dtsv" mode: "0640" - become_user: "{{ main_user }}" - name: Add .tfvars_token to .bash_profile + become: true + become_user: "{{ main_user }}" lineinfile: path: "~/.bash_profile" create: true line: "source ~/.tfvars_token_dtsv" mode: "0644" - become_user: "{{ main_user }}" diff --git a/roles/postgresql/tasks/postgresql.yml b/roles/postgresql/tasks/postgresql.yml index b4d76af..e544473 100644 --- a/roles/postgresql/tasks/postgresql.yml +++ b/roles/postgresql/tasks/postgresql.yml @@ -27,10 +27,11 @@ cache_valid_time: 3600 - name: Set PostgreSQL parameters + become: true + become_user: postgres community.postgresql.postgresql_set: name: "{{ item.name }}" value: "{{ item.value }}" - become_user: postgres register: postgresql_set loop: "{{ pgsql_config }}" notify: Restart postgresql