Add better error messages and checking to known_hosts (#38307)

2018-05-17 13:53:40 -04:00 · 2018-05-17 13:53:40 -04:00 · 13aff08748
commit 13aff08748
parent 02bc4c570f
2 changed files with 39 additions and 2 deletions
--- a/lib/ansible/modules/system/known_hosts.py
+++ b/lib/ansible/modules/system/known_hosts.py
@ -174,6 +174,11 @@ def sanity_check(module, host, key, sshkeygen):

    # The approach is to write the key to a temporary file,
    # and then attempt to look up the specified host in that file.
+
+    if re.search(r'\S+(\s+)?,(\s+)?', host):
+        module.fail_json(msg="Comma separated list of names is not supported. "
+                             "Please pass a single name to lookup in the known_hosts file.")
+
    try:
        outf = tempfile.NamedTemporaryFile(mode='w+')
        outf.write(key)
@ -183,7 +188,7 @@ def sanity_check(module, host, key, sshkeygen):
                             (outf.name, to_native(e)))

    sshkeygen_command = [sshkeygen, '-F', host, '-f', outf.name]
-    rc, stdout, stderr = module.run_command(sshkeygen_command, check_rc=True)
+    rc, stdout, stderr = module.run_command(sshkeygen_command)
    try:
        outf.close()
    except:
--- a/test/integration/targets/known_hosts/tasks/main.yml
+++ b/test/integration/targets/known_hosts/tasks/main.yml
@ -17,7 +17,9 @@
 # along with Ansible.  If not, see <http://www.gnu.org/licenses/>.

 - name: copy an existing file in place
-  copy: src=existing_known_hosts dest="{{output_dir|expanduser}}/known_hosts"
+  copy:
+    src: existing_known_hosts
+    dest: "{{ output_dir | expanduser }}/known_hosts"

 # test addition

@ -167,3 +169,33 @@
    - 'not result.changed'
    - 'result.diff.before == result.diff.after'
    - 'known_hosts_v3.stdout == known_hosts_v4.stdout'
+
+# test errors
+
+- name: Try using a comma separated list of hosts
+  known_hosts:
+    name: example.org,acme.com
+    key: "{{ example_org_rsa_key }}"
+    path: "{{output_dir|expanduser}}/known_hosts"
+  ignore_errors: yes
+  register: result
+
+- name: Assert that error message was displayed
+  assert:
+    that:
+      - result is failed
+      - result.msg == 'Comma separated list of names is not supported. Please pass a single name to lookup in the known_hosts file.'
+
+- name: Try using a name that does not match the key
+  known_hosts:
+    name: example.com
+    key: "{{ example_org_rsa_key }}"
+    path: "{{output_dir|expanduser}}/known_hosts"
+  ignore_errors: yes
+  register: result
+
+- name: Assert that name checking failed with error message
+  assert:
+    that:
+      - result is failed
+      - result.msg == 'Host parameter does not match hashed host field in supplied key'