Handle no-sudo in stage-output

The stage-output role had two assumptions:

1) The zuul_copy_output variable would always be defined
2) The role would be able to sudo on the remote node

To make it easier for users who want to use this in a base job,
remove both of those assumptions.

1) We now supply a default empty dict if the variable is not defined
so that the role does not fail with an error.

2) We check to see if we can sudo on the remote node, and if we can,
we do when copying files; otherwise we don't, and assume that the
user will only specify files they have access to (if they don't then
the copy will fail).

Change-Id: I5428c44adfafac4872342b59a92de311f41687b6

roles/stage-output/tasks/main.yaml

@@ -1,12 +1,20 @@
 - name: Register sources
   stat:
     path: "{{ zj_source.key }}"
-  loop: "{{ zuul_copy_output|dict2items }}"
+  loop: "{{ zuul_copy_output | default({}) | dict2items }}"
   loop_control:
     loop_var: zj_source
   register: sources
   no_log: true
 
+# See if we're running with sudo; if so, we'll set 'become' later so
+# we can copy root-owned files; if not, we'll just be able to copy
+# user files.
+- name: Check sudo
+  command: sudo -n true
+  failed_when: false
+  register: sudo_result
+
 - name: Build the extensions list from a dict (or empty)
   set_fact:
     extension_list: >
@@ -50,7 +58,7 @@
     all_sources: "{{ results.results | selectattr('ansible_facts', 'defined') | map(attribute='ansible_facts') | list }}"
 
 - name: Ensure target folders exist
-  become: true
+  become: "{{ sudo_result.rc == 0 }}"
   file:
     path: "{{ stage_dir }}/{{ zj_output_dirs }}"
     state: directory
@@ -67,7 +75,7 @@
   # remote_src copy does not work recursively, synchronise is restricted by
   # zuul, using command
   command: cp -pRL {{ zj_source.source }} {{ stage_dir }}/{{ zj_source.dest }}
-  become: true
+  become: "{{ sudo_result.rc == 0 }}"
   with_items: "{{ all_sources }}"
   loop_control:
     loop_var: zj_source
@@ -78,7 +86,7 @@
     dest: "{{ stage_dir }}/logs"
     mode: u=rwX,g=rX,o=rX
     recurse: yes
-  become: yes
+  become: "{{ sudo_result.rc == 0 }}"
 
 - name: Discover log files that match extension_list
   find:

test-playbooks/stage-output.yaml

@@ -0,0 +1,21 @@
+- hosts: all
+  tasks:
+    - name: Write a test file
+      copy:
+        content: "Test file"
+        dest: "/tmp/test-output.txt"
+    - name: Test stage-output with a file
+      include_role:
+        name: stage-output
+      vars:
+        zuul_copy_output:
+          /tmp/test-output.txt: logs
+    - name: Test stage-output with no input
+      include_role:
+        name: stage-output
+    - name: Remove sudo
+      include_role:
+        name: revoke-sudo
+    - name: Test stage-output without sudo
+      include_role:
+        name: stage-output

zuul-tests.d/general-roles-jobs.yaml

@@ -688,6 +688,14 @@
       - test-playbooks/update-json-file.yaml
       - roles/update-json-file/.*
 
+- job:
+    name: zuul-jobs-test-stage-output
+    description: Test the state-output role
+    run: test-playbooks/stage-output.yaml
+    files:
+      - test-playbooks/stage-output.yaml
+      - roles/stage-output/.*
+
 # -* AUTOGENERATED *-
 #  The following project section is autogenerated by
 #    tox -e update-test-platforms
@@ -742,6 +750,7 @@
         - zuul-jobs-test-shake-build
         - zuul-jobs-test-ensure-zookeeper
         - zuul-jobs-test-update-json-file
+        - zuul-jobs-test-stage-output
     gate:
       jobs: &id001
         - zuul-jobs-test-add-authorized-keys
@@ -787,5 +796,6 @@
         - zuul-jobs-test-shake-build
         - zuul-jobs-test-ensure-zookeeper
         - zuul-jobs-test-update-json-file
+        - zuul-jobs-test-stage-output
     periodic-weekly:
       jobs: *id001