Have remote_expanduser honor sudo and su users.

Fixes #9663

5 files changed, 57 insertions, 1 deletions

diff --git a/lib/ansible/runner/__init__.py b/lib/ansible/runner/__init__.py
index f0de42764a..4d2bd66016 100644
--- a/lib/ansible/runner/__init__.py
+++ b/lib/ansible/runner/__init__.py
@@ -1196,8 +1196,16 @@ class Runner(object):
         ''' takes a remote path and performs tilde expansion on the remote host '''
         if not path.startswith('~'):
             return path
+
         split_path = path.split(os.path.sep, 1)
-        cmd = conn.shell.expand_user(split_path[0])
+        expand_path = split_path[0]
+        if expand_path == '~':
+            if self.sudo and self.sudo_user:
+                expand_path = '~%s' % self.sudo_user
+            elif self.su and self.su_user:
+                expand_path = '~%s' % self.su_user
+
+        cmd = conn.shell.expand_user(expand_path)
         data = self._low_level_exec_command(conn, cmd, tmp, sudoable=False, su=False)
         initial_fragment = utils.last_non_blank_line(data['stdout'])
 
diff --git a/test/integration/destructive.yml b/test/integration/destructive.yml
index 07e86e36f2..ec6946baea 100644
--- a/test/integration/destructive.yml
+++ b/test/integration/destructive.yml
@@ -1,6 +1,8 @@
 - hosts: testhost
   gather_facts: True
   roles:
+    # In destructive because it creates and removes a user
+    - { role: test_sudo, tags: test_sudo}
     - { role: test_service, tags: test_service }
     # Current pip unconditionally uses md5.  We can re-enable if pip switches
     # to a different hash or allows us to not check md5
diff --git a/test/integration/roles/test_sudo/tasks/main.yml b/test/integration/roles/test_sudo/tasks/main.yml
new file mode 100644
index 0000000000..0460486d0c
--- /dev/null
+++ b/test/integration/roles/test_sudo/tasks/main.yml
@@ -0,0 +1,44 @@
+- include_vars: default.yml
+
+- name: Create test user
+  user:
+    name: "{{ sudo_test_user }}"
+
+- name: tilde expansion honors sudo in file
+  sudo: True
+  sudo_user: "{{ sudo_test_user }}"
+  file:
+    path: "~/foo.txt"
+    state: touch
+
+- name: check that the path in the user's home dir was created
+  stat:
+    path: "~{{ sudo_test_user }}/foo.txt"
+  register: results
+
+- assert:
+    that:
+      - "results.stat.exists == True"
+
+- name: tilde expansion honors sudo in template
+  sudo: True
+  sudo_user: "{{ sudo_test_user }}"
+  template:
+    src: "bar.j2"
+    dest: "~/bar.txt"
+
+- name: check that the path in the user's home dir was created
+  stat:
+    path: "~{{ sudo_test_user }}/bar.txt"
+  register: results
+
+- assert:
+    that:
+      - "results.stat.exists == True"
+
+- name: Remove test user and their home dir
+  user:
+    name: "{{ sudo_test_user }}"
+    state: "absent"
+    remove: "yes"
+
diff --git a/test/integration/roles/test_sudo/templates/bar.j2 b/test/integration/roles/test_sudo/templates/bar.j2
new file mode 100644
index 0000000000..6f184d1814
--- /dev/null
+++ b/test/integration/roles/test_sudo/templates/bar.j2
@@ -0,0 +1 @@
+{{ sudo_test_user }}
diff --git a/test/integration/roles/test_sudo/vars/default.yml b/test/integration/roles/test_sudo/vars/default.yml
new file mode 100644
index 0000000000..f2f7b728b2
--- /dev/null
+++ b/test/integration/roles/test_sudo/vars/default.yml
@@ -0,0 +1 @@
+sudo_test_user: ansibletest1