fix yum proxy username/password handling (#47435)

* fix yum proxy username/password handling

Fixes #46249

Signed-off-by: Adam Miller <admiller@redhat.com>
(cherry picked from commit e4a4357322)

* add backport changelog
This commit is contained in:
Adam Miller 2018-10-23 08:31:07 -05:00 committed by Toshio Kuratomi
parent c204214df4
commit 2d39ad036e
4 changed files with 114 additions and 6 deletions

View file

@ -0,0 +1,3 @@
---
minor_changes:
- "yum - properly handle proxy password and username embedded in url"

View file

@ -715,20 +715,27 @@ class YumModule(YumDnf):
# setting system proxy environment and saving old, if exists # setting system proxy environment and saving old, if exists
my = self.yum_base() my = self.yum_base()
namepass = "" namepass = ""
proxy_url = ""
scheme = ["http", "https"] scheme = ["http", "https"]
old_proxy_env = [os.getenv("http_proxy"), os.getenv("https_proxy")] old_proxy_env = [os.getenv("http_proxy"), os.getenv("https_proxy")]
try: try:
if my.conf.proxy: if my.conf.proxy:
if my.conf.proxy_username: if my.conf.proxy_username:
namepass = namepass + my.conf.proxy_username namepass = namepass + my.conf.proxy_username
proxy_url = my.conf.proxy
if my.conf.proxy_password: if my.conf.proxy_password:
namepass = namepass + ":" + my.conf.proxy_password namepass = namepass + ":" + my.conf.proxy_password
namepass = namepass + '@' elif '@' in my.conf.proxy:
for item in scheme: namepass = my.conf.proxy.split('@')[0].split('//')[-1]
os.environ[item + "_proxy"] = re.sub( proxy_url = my.conf.proxy.replace("{0}@".format(namepass), "")
r"(http://)",
r"\1" + namepass, my.conf.proxy if namepass:
) namepass = namepass + '@'
for item in scheme:
os.environ[item + "_proxy"] = re.sub(
r"(http://)",
r"\1" + namepass, proxy_url
)
yield yield
except yum.Errors.YumBaseError: except yum.Errors.YumBaseError:
raise raise

View file

@ -69,3 +69,5 @@
- include: 'yum_group_remove.yml' - include: 'yum_group_remove.yml'
when: when:
- (ansible_distribution in ['RedHat', 'CentOS', 'ScientificLinux'] and ansible_distribution_major_version|int > 6) - (ansible_distribution in ['RedHat', 'CentOS', 'ScientificLinux'] and ansible_distribution_major_version|int > 6)
- include: 'proxy.yml'

View file

@ -0,0 +1,96 @@
- name: test yum proxy settings
block:
- yum:
name: 'https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/yum/tinyproxy-1.10.0-3.el7.x86_64.rpm'
state: installed
- lineinfile:
path: /etc/tinyproxy/tinyproxy.conf
line: "BasicAuth testuser testpassword"
state: present
# systemd doesn't play nice with this in a container for some reason
- shell: tinyproxy
changed_when: false
- lineinfile:
path: /etc/yum.conf
line: "proxy=http://testuser:testpassword@127.0.0.1:8888"
state: present
- yum:
name: 'https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/yum/ninvaders-0.1.1-18.el7.x86_64.rpm'
state: installed
register: yum_proxy_result
- assert:
that:
- "yum_proxy_result.changed"
- "'msg' in yum_proxy_result"
- "'rc' in yum_proxy_result"
- yum:
name: ninvaders
state: absent
- lineinfile:
path: /etc/yum.conf
line: "proxy=http://testuser:testpassword@127.0.0.1:8888"
state: absent
- lineinfile:
path: /etc/yum.conf
line: "proxy=http://127.0.0.1:8888"
state: present
- lineinfile:
path: /etc/yum.conf
line: "proxy_username=testuser"
state: present
- lineinfile:
path: /etc/yum.conf
line: "proxy_password=testpassword"
state: present
- yum:
name: 'https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/yum/ninvaders-0.1.1-18.el7.x86_64.rpm'
state: installed
register: yum_proxy_result
- assert:
that:
- "yum_proxy_result.changed"
- "'msg' in yum_proxy_result"
- "'rc' in yum_proxy_result"
always:
- yum:
name: tinyproxy
state: absent
- yum:
name: ninvaders
state: absent
- lineinfile:
path: /etc/yum.conf
line: "proxy=http://testuser:testpassword@127.0.0.1:8888"
state: absent
- lineinfile:
path: /etc/yum.conf
line: "proxy=http://127.0.0.1:8888"
state: absent
- lineinfile:
path: /etc/yum.conf
line: "proxy_username=testuser"
state: absent
- lineinfile:
path: /etc/yum.conf
line: "proxy_password=testpassword"
state: absent
when:
- (ansible_distribution in ['RedHat', 'CentOS', 'ScientificLinux'] and ansible_distribution_major_version|int == 7)