From f3c9d6d2d05556aafd62ac002cff805aee93f524 Mon Sep 17 00:00:00 2001 From: Marcus Meurs Date: Sat, 1 Dec 2018 04:11:05 +0100 Subject: [PATCH] Drop privilege at block level Apparently `local_action` and `delegate_to` handle `become: false` differently. The later ignored it when it was done at task level. --- tasks/authorize_node.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tasks/authorize_node.yml b/tasks/authorize_node.yml index afaaeca..e291655 100644 --- a/tasks/authorize_node.yml +++ b/tasks/authorize_node.yml @@ -9,6 +9,13 @@ set_fact: zerotier_node_id: "{{ nodeid.stdout }}" + when: + - zerotier_accesstoken is defined + - not ansible_check_mode + tags: + - configuration + +- block: - name: Authorize members to network uri: url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ zerotier_node_id }}" @@ -21,7 +28,6 @@ authorized: "{{ zerotier_authorize_member }}" body_format: json register: auth_apiresult - become: false delegate_to: "{{ zerotier_api_delegate }}" - name: Configure members in network @@ -37,7 +43,6 @@ ipAssignments: "{{ zerotier_member_ip_assignments | default([]) | list }}" body_format: json register: conf_apiresult - become: false delegate_to: "{{ zerotier_api_delegate }}" when: @@ -45,3 +50,4 @@ - not ansible_check_mode tags: - configuration + become: false