Add better error messages and checking to known_hosts (#38307)
This commit is contained in:
parent
02bc4c570f
commit
13aff08748
2 changed files with 39 additions and 2 deletions
|
@ -174,6 +174,11 @@ def sanity_check(module, host, key, sshkeygen):
|
||||||
|
|
||||||
# The approach is to write the key to a temporary file,
|
# The approach is to write the key to a temporary file,
|
||||||
# and then attempt to look up the specified host in that file.
|
# and then attempt to look up the specified host in that file.
|
||||||
|
|
||||||
|
if re.search(r'\S+(\s+)?,(\s+)?', host):
|
||||||
|
module.fail_json(msg="Comma separated list of names is not supported. "
|
||||||
|
"Please pass a single name to lookup in the known_hosts file.")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
outf = tempfile.NamedTemporaryFile(mode='w+')
|
outf = tempfile.NamedTemporaryFile(mode='w+')
|
||||||
outf.write(key)
|
outf.write(key)
|
||||||
|
@ -183,7 +188,7 @@ def sanity_check(module, host, key, sshkeygen):
|
||||||
(outf.name, to_native(e)))
|
(outf.name, to_native(e)))
|
||||||
|
|
||||||
sshkeygen_command = [sshkeygen, '-F', host, '-f', outf.name]
|
sshkeygen_command = [sshkeygen, '-F', host, '-f', outf.name]
|
||||||
rc, stdout, stderr = module.run_command(sshkeygen_command, check_rc=True)
|
rc, stdout, stderr = module.run_command(sshkeygen_command)
|
||||||
try:
|
try:
|
||||||
outf.close()
|
outf.close()
|
||||||
except:
|
except:
|
||||||
|
|
|
@ -17,7 +17,9 @@
|
||||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
- name: copy an existing file in place
|
- name: copy an existing file in place
|
||||||
copy: src=existing_known_hosts dest="{{output_dir|expanduser}}/known_hosts"
|
copy:
|
||||||
|
src: existing_known_hosts
|
||||||
|
dest: "{{ output_dir | expanduser }}/known_hosts"
|
||||||
|
|
||||||
# test addition
|
# test addition
|
||||||
|
|
||||||
|
@ -167,3 +169,33 @@
|
||||||
- 'not result.changed'
|
- 'not result.changed'
|
||||||
- 'result.diff.before == result.diff.after'
|
- 'result.diff.before == result.diff.after'
|
||||||
- 'known_hosts_v3.stdout == known_hosts_v4.stdout'
|
- 'known_hosts_v3.stdout == known_hosts_v4.stdout'
|
||||||
|
|
||||||
|
# test errors
|
||||||
|
|
||||||
|
- name: Try using a comma separated list of hosts
|
||||||
|
known_hosts:
|
||||||
|
name: example.org,acme.com
|
||||||
|
key: "{{ example_org_rsa_key }}"
|
||||||
|
path: "{{output_dir|expanduser}}/known_hosts"
|
||||||
|
ignore_errors: yes
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: Assert that error message was displayed
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- result is failed
|
||||||
|
- result.msg == 'Comma separated list of names is not supported. Please pass a single name to lookup in the known_hosts file.'
|
||||||
|
|
||||||
|
- name: Try using a name that does not match the key
|
||||||
|
known_hosts:
|
||||||
|
name: example.com
|
||||||
|
key: "{{ example_org_rsa_key }}"
|
||||||
|
path: "{{output_dir|expanduser}}/known_hosts"
|
||||||
|
ignore_errors: yes
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: Assert that name checking failed with error message
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- result is failed
|
||||||
|
- result.msg == 'Host parameter does not match hashed host field in supplied key'
|
||||||
|
|
Loading…
Reference in a new issue