Clarify usage of encrypt arg (#43330)
According to the do_encrypt interface, encrypt arg should be the hash method name used for encrypting returning password. But in the doc and lookup code it's a boolean flag, correct it to string.
This commit is contained in:
parent
62d8c8fde6
commit
3a3869f4c8
2 changed files with 9 additions and 8 deletions
|
@ -28,11 +28,12 @@ DOCUMENTATION = """
|
||||||
required: True
|
required: True
|
||||||
encrypt:
|
encrypt:
|
||||||
description:
|
description:
|
||||||
- Whether the user requests that this password is returned encrypted or in plain text.
|
- Which hash scheme to encrypt the returning password, should be one hash scheme from C(passlib.hash).
|
||||||
- Note that the password is always stored as plain text.
|
- If not provided, the password will be returned in plain text.
|
||||||
|
- Note that the password is always stored as plain text, only the returning password is encrypted.
|
||||||
- Encrypt also forces saving the salt value for idempotence.
|
- Encrypt also forces saving the salt value for idempotence.
|
||||||
type: boolean
|
- Note that before 2.6 this option was incorrectly labeled as a boolean for a long time.
|
||||||
default: True
|
default: None
|
||||||
chars:
|
chars:
|
||||||
version_added: "1.4"
|
version_added: "1.4"
|
||||||
description:
|
description:
|
||||||
|
@ -234,13 +235,13 @@ def _parse_content(content):
|
||||||
return password, salt
|
return password, salt
|
||||||
|
|
||||||
|
|
||||||
def _format_content(password, salt, encrypt=True):
|
def _format_content(password, salt, encrypt=None):
|
||||||
"""Format the password and salt for saving
|
"""Format the password and salt for saving
|
||||||
:arg password: the plaintext password to save
|
:arg password: the plaintext password to save
|
||||||
:arg salt: the salt to use when encrypting a password
|
:arg salt: the salt to use when encrypting a password
|
||||||
:arg encrypt: Whether the user requests that this password is encrypted.
|
:arg encrypt: Which method the user requests that this password is encrypted.
|
||||||
Note that the password is saved in clear. Encrypt just tells us if we
|
Note that the password is saved in clear. Encrypt just tells us if we
|
||||||
must save the salt value for idempotence. Defaults to True.
|
must save the salt value for idempotence. Defaults to None.
|
||||||
:returns: a text string containing the formatted information
|
:returns: a text string containing the formatted information
|
||||||
|
|
||||||
.. warning:: Passwords are saved in clear. This is because the playbooks
|
.. warning:: Passwords are saved in clear. This is because the playbooks
|
||||||
|
|
|
@ -333,7 +333,7 @@ class TestFormatContent(unittest.TestCase):
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
password._format_content(password=u'hunter42',
|
password._format_content(password=u'hunter42',
|
||||||
salt=None,
|
salt=None,
|
||||||
encrypt=False),
|
encrypt=None),
|
||||||
u'hunter42')
|
u'hunter42')
|
||||||
|
|
||||||
def test_encrypt(self):
|
def test_encrypt(self):
|
||||||
|
|
Loading…
Reference in a new issue