Add better error messages and checking to known_hosts (#38307)

This commit is contained in:
Sam Doran 2018-05-17 13:53:40 -04:00 committed by ansibot
parent 02bc4c570f
commit 13aff08748
2 changed files with 39 additions and 2 deletions

View file

@ -174,6 +174,11 @@ def sanity_check(module, host, key, sshkeygen):
# The approach is to write the key to a temporary file, # The approach is to write the key to a temporary file,
# and then attempt to look up the specified host in that file. # and then attempt to look up the specified host in that file.
if re.search(r'\S+(\s+)?,(\s+)?', host):
module.fail_json(msg="Comma separated list of names is not supported. "
"Please pass a single name to lookup in the known_hosts file.")
try: try:
outf = tempfile.NamedTemporaryFile(mode='w+') outf = tempfile.NamedTemporaryFile(mode='w+')
outf.write(key) outf.write(key)
@ -183,7 +188,7 @@ def sanity_check(module, host, key, sshkeygen):
(outf.name, to_native(e))) (outf.name, to_native(e)))
sshkeygen_command = [sshkeygen, '-F', host, '-f', outf.name] sshkeygen_command = [sshkeygen, '-F', host, '-f', outf.name]
rc, stdout, stderr = module.run_command(sshkeygen_command, check_rc=True) rc, stdout, stderr = module.run_command(sshkeygen_command)
try: try:
outf.close() outf.close()
except: except:

View file

@ -17,7 +17,9 @@
# along with Ansible. If not, see <http://www.gnu.org/licenses/>. # along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: copy an existing file in place - name: copy an existing file in place
copy: src=existing_known_hosts dest="{{output_dir|expanduser}}/known_hosts" copy:
src: existing_known_hosts
dest: "{{ output_dir | expanduser }}/known_hosts"
# test addition # test addition
@ -167,3 +169,33 @@
- 'not result.changed' - 'not result.changed'
- 'result.diff.before == result.diff.after' - 'result.diff.before == result.diff.after'
- 'known_hosts_v3.stdout == known_hosts_v4.stdout' - 'known_hosts_v3.stdout == known_hosts_v4.stdout'
# test errors
- name: Try using a comma separated list of hosts
known_hosts:
name: example.org,acme.com
key: "{{ example_org_rsa_key }}"
path: "{{output_dir|expanduser}}/known_hosts"
ignore_errors: yes
register: result
- name: Assert that error message was displayed
assert:
that:
- result is failed
- result.msg == 'Comma separated list of names is not supported. Please pass a single name to lookup in the known_hosts file.'
- name: Try using a name that does not match the key
known_hosts:
name: example.com
key: "{{ example_org_rsa_key }}"
path: "{{output_dir|expanduser}}/known_hosts"
ignore_errors: yes
register: result
- name: Assert that name checking failed with error message
assert:
that:
- result is failed
- result.msg == 'Host parameter does not match hashed host field in supplied key'