cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Ensure -k is set to delegated hosts without a pass (#71136) (#71168)

Browse source 
* Ensure -k is set to delegated hosts without a pass

* Fix up some broken tests

* Update task_executor.py

one possible fix, the other is updating winrm to normalize on 'password' like the other connection plugins

* Add alias for winrm and fix incorrect assumption

* Make sure aliases are used for keyword options

* Conditionally run test if sshpass is present, fix sanity

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
(cherry picked from commit 3f22f79e73)
This commit is contained in:
Jordan Borean 2020-08-28 03:57:24 +10:00 committed by GitHub
parent e95b45c5ec
commit 092ec680e6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 117 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/delegation_password.yml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- Ensure password passed in by -k is used on delegated hosts that do not have ansible_password set

21
lib/ansible/config/manager.py
View file

@ -429,10 +429,12 @@ class ConfigManager(object):
defs = self.get_configuration_definitions(plugin_type, plugin_name)
if config in defs:
aliases = defs[config].get('aliases', [])
# direct setting via plugin arguments, can set to None so we bypass rest of processing/defaults
direct_aliases = []
if direct:
direct_aliases = [direct[alias] for alias in defs[config].get('aliases', []) if alias in direct]
direct_aliases = [direct[alias] for alias in aliases if alias in direct]
if direct and config in direct:
value = direct[config]
origin = 'Direct'
@ -447,9 +449,20 @@ class ConfigManager(object):
origin = 'var: %s' % origin
# use playbook keywords if you have em
if value is None and keys and config in keys:
value, origin = keys[config], 'keyword'
origin = 'keyword: %s' % origin
if value is None and keys:
if config in keys:
value = keys[config]
keyword = config
elif aliases:
for alias in aliases:
if alias in keys:
value = keys[alias]
keyword = alias
break
if value is not None:
origin = 'keyword: %s' % keyword
# env vars are next precedence
if value is None and defs[config].get('env'):

3
lib/ansible/plugins/connection/psrp.py
View file

@ -39,7 +39,8 @@ options:
- name: ansible_password
- name: ansible_winrm_pass
- name: ansible_winrm_password
aliases: [ password ]
aliases:
- password # Needed for --ask-pass to come through on delegation
port:
description:
- The port for PSRP to connect on the remote target.

2
lib/ansible/plugins/connection/winrm.py
View file

@ -40,6 +40,8 @@ DOCUMENTATION = """
- name: ansible_winrm_pass
- name: ansible_winrm_password
type: str
aliases:
- password # Needed for --ask-pass to come through on delegation
port:
description:
- port for winrm to connect on remote target

12
test/integration/targets/connection_delegation/action_plugins/delegation_action.py Normal file
View file

@ -0,0 +1,12 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
from ansible.plugins.action import ActionBase
class ActionModule(ActionBase):
def run(self, tmp=None, task_vars=None):
return {
'remote_password': self._connection.get_option('remote_password'),
}

4
test/integration/targets/connection_delegation/aliases Normal file
View file

@ -0,0 +1,4 @@
shippable/posix/group1
skip/freebsd # No sshpass
skip/osx # No sshpass
skip/rhel # No sshpass

45
test/integration/targets/connection_delegation/connection_plugins/delegation_connection.py Normal file
View file

@ -0,0 +1,45 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = """
author: Ansible Core Team
connection: delegation_connection
short_description: Test connection for delegated host check
description:
- Some further description that you don't care about.
options:
remote_password:
description: The remote password
type: str
vars:
- name: ansible_password
# Tests that an aliased key gets the -k option which hardcodes the value to password
aliases:
- password
"""
from ansible.plugins.connection import ConnectionBase
class Connection(ConnectionBase):
transport = 'delegation_connection'
has_pipelining = True
def __init__(self, *args, **kwargs):
super(Connection, self).__init__(*args, **kwargs)
def _connect(self):
super(Connection, self)._connect()
def exec_command(self, cmd, in_data=None, sudoable=True):
super(Connection, self).exec_command(cmd, in_data, sudoable)
def put_file(self, in_path, out_path):
super(Connection, self).put_file(in_path, out_path)
def fetch_file(self, in_path, out_path):
super(Connection, self).fetch_file(in_path, out_path)
def close(self):
super(Connection, self).close()

1
test/integration/targets/connection_delegation/inventory.ini Normal file
View file

@ -0,0 +1 @@
my_host ansible_host=127.0.0.1 ansible_connection=delegation_connection

9
test/integration/targets/connection_delegation/runme.sh Executable file
View file

@ -0,0 +1,9 @@
#!/usr/bin/env bash
set -ux
echo "Checking if sshpass is present"
which sshpass 2>&1 || exit 0
echo "sshpass is present, continuing with test"
sshpass -p my_password ansible-playbook -i inventory.ini test.yml -k "$@"

23
test/integration/targets/connection_delegation/test.yml Normal file
View file

@ -0,0 +1,23 @@
---
- hosts: localhost
gather_facts: no
tasks:
- name: test connection receives -k from play_context when delegating
delegation_action:
delegate_to: my_host
register: result
- assert:
that:
- result.remote_password == 'my_password'
- name: ensure vars set for that host take precedence over -k
delegation_action:
delegate_to: my_host
vars:
ansible_password: other_password
register: result
- assert:
that:
- result.remote_password == 'other_password'