From 1a4583864110f64b23668b753dffa0ff1bd70943 Mon Sep 17 00:00:00 2001
From: emrocha <38505425+emrocha@users.noreply.github.com>
Date: Fri, 13 Sep 2024 22:27:56 -0300
Subject: [PATCH 1/2] the api task should be with explicit become false

Undo some changes of commit 5480ff750bc9dd9133cce7156e229853923761e9

The community.zabbix.zabbix_host module with the delegate_to parameter should not be executed with "become true" if the role zabbix_agent is applied with "become true".

It is possible that the user executing the ansible script has sudo permission on the remote computer that the zabbix_agent role will be executed on, but does not have sudo permission on the local computer from which the ansible script is initially executed.

The same applies to the other modules of this task.
---
 roles/zabbix_agent/tasks/api.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/zabbix_agent/tasks/api.yml b/roles/zabbix_agent/tasks/api.yml
index 543cda23a..c5dcc4a82 100644
--- a/roles/zabbix_agent/tasks/api.yml
+++ b/roles/zabbix_agent/tasks/api.yml
@@ -9,6 +9,7 @@
   until: zabbix_api_hostgroup_created is succeeded
   retries: 10
   delegate_to: "{{ zabbix_api_server_host }}"
+  become: false
   tags:
     - api
 
@@ -43,6 +44,7 @@
   until: zabbix_api_host_created is succeeded
   retries: 10
   delegate_to: "{{ zabbix_api_server_host }}"
+  become: false
   changed_when: false
   tags:
     - api
@@ -61,5 +63,6 @@
   retries: 10
   no_log: "{{ ansible_verbosity < 3 }}"
   delegate_to: "{{ zabbix_api_server_host }}"
+  become: false
   tags:
     - api

From 63efd45c0a9c3fddd2c0fb8ac43b83bf9f55dc1b Mon Sep 17 00:00:00 2001
From: emrocha <38505425+emrocha@users.noreply.github.com>
Date: Sat, 14 Sep 2024 15:11:05 -0300
Subject: [PATCH 2/2] Create a changelog fragment for PR

---
 ...3-fix-api-tasks-in-zabbix-agent-role-to-run-without-sudo.yml | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 changelogs/fragments/1393-fix-api-tasks-in-zabbix-agent-role-to-run-without-sudo.yml

diff --git a/changelogs/fragments/1393-fix-api-tasks-in-zabbix-agent-role-to-run-without-sudo.yml b/changelogs/fragments/1393-fix-api-tasks-in-zabbix-agent-role-to-run-without-sudo.yml
new file mode 100644
index 000000000..dab355b17
--- /dev/null
+++ b/changelogs/fragments/1393-fix-api-tasks-in-zabbix-agent-role-to-run-without-sudo.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - zabbix_agent Role - Set become parameter explicitly to false for API tasks to run without sudo on the local computer.