ansible_mitogen: Correct ansible_become_pass/ansible_become_password …

…precendence

Until Ansible 2.9 it looks like ansible_become_password had higher priority.
From Ansible 2.10 ansible_become_pass has higher priority [1]. Mitogen was not
respecting this.

I may need to rework this further, instatiating the become plugin may have
slowed down execution.

[1] Based on testing with

```
[ubuntus]
become-pass-pass ansible_become_pass=1234
become-pass-password ansible_become_password=1234
become-pass-both ansible_become_password=wrong ansible_become_pass=1234

[ubuntus:vars]
ansible_host=ubuntu2004.local
ansible_user=ubuntu
```
```
- hosts: ubuntus
  gather_facts: false
  become: true
  tasks:
    - ping:
```

ansible_mitogen/loaders.py

@@ -39,6 +39,7 @@
 
 __all__ = [
     'action_loader',
+    'become_loader',
     'connection_loader',
     'module_loader',
     'module_utils_loader',
@@ -90,6 +91,7 @@ def assert_supported_release():
 
 
 from ansible.plugins.loader import action_loader
+from ansible.plugins.loader import become_loader
 from ansible.plugins.loader import connection_loader
 from ansible.plugins.loader import module_loader
 from ansible.plugins.loader import module_utils_loader

ansible_mitogen/transport_config.py

@@ -79,6 +79,7 @@
 except ImportError:
     from ansible.vars.unsafe_proxy import AnsibleUnsafeText
 
+import ansible_mitogen.loaders
 import mitogen.core
 
 
@@ -435,7 +436,10 @@ def become_user(self):
         return self._play_context.become_user
 
     def become_pass(self):
-        return optional_secret(self._play_context.become_pass)
+        become_method = self.become_method()
+        become_plugin = ansible_mitogen.loaders.become_loader.get(become_method)
+        become_pass = become_plugin.get_option('become_pass', hostvars=self._task_vars)
+        return optional_secret(become_pass)
 
     def password(self):
         return optional_secret(self._play_context.password)
@@ -652,8 +656,8 @@ def become_user(self):
 
     def become_pass(self):
         return optional_secret(
-            self._host_vars.get('ansible_become_password') or
-            self._host_vars.get('ansible_become_pass')
+            self._host_vars.get('ansible_become_pass') or
+            self._host_vars.get('ansible_become_password')
         )
 
     def password(self):

tests/ansible/hosts/transport_config.hosts

@@ -47,7 +47,7 @@ tc-become-user-set ansible_become_user=ansi-become-user
 tc-become-pass-unset
 tc-become-pass-password ansible_become_password=apassword
 tc-become-pass-pass ansible_become_pass=apass
-tc-become-pass-both ansible_become_password=a.b.c ansible_become_pass=c.b.a
+tc-become-pass-both ansible_become_pass=bpass ansible_become_password=bpassword
 
 # port()
 tc-port-unset

tests/ansible/integration/transport_config/become_pass.yml

@@ -119,9 +119,6 @@
       fail_msg: out={{out}}
 
 
-
-# ansible_become_pass & ansible_become_password set, password used to take precedence
-# but it's possible since https://github.com/ansible/ansible/pull/69629/files#r428376864, now it doesn't
 - hosts: tc-become-pass-both
   become: true
   tasks:
@@ -132,7 +129,9 @@
       - out.result|length == 2
       - out.result[0].method == "ssh"
       - out.result[1].method == "sudo"
-      - out.result[1].kwargs.password == "c.b.a"
+      # Ansible >= 2.10 builtin become plugins (e.g. sudo, su) give priority
+      # to ansible_become_pass over ansible_become_password.
+      - out.result[1].kwargs.password == "bpass"
       fail_msg: out={{out}}
 
 
@@ -147,6 +146,6 @@
       - out.result|length == 3
       - out.result[0].method == "ssh"
       - out.result[1].method == "sudo"
-      - out.result[1].kwargs.password == "a.b.c"
+      - out.result[1].kwargs.password == "bpass"
       - out.result[2].method == "ssh"
       fail_msg: out={{out}}