cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Removed deletion of salt by 'password' lookup

Browse source 
Removed deletion of salt param from lookup file by 'password' lookup_filter.
Old behaviour leads to constant changed status when two tasks uses same lookup,
one with 'encrypt' parameter, and other without.

For example:

    tasks:
      - name: Create user
        user:
          password: "{{ lookup('password', inventory_dir + '/creds/user/pass' ncrypt=sha512_crypt) }}"
          ...
    # Lookup file 'creds/user/pass' now contain password with salt
      - name: Create htpasswd
        htpasswd:
          password: "{{ lookup('password', inventory_dir + '/creds/user/pass') }}"
          ...
    # Salt gets deleted from lookup file 'creds/user/pass'
    # Next run of "Create user" task will create it again and will have 'changed' status
This commit is contained in:
RedRampage 2015-09-28 23:28:01 +03:00
parent 12a2585e84
commit 922b5c8109
1 changed files with 0 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/ansible/plugins/lookup/password.py
View file

@ -150,11 +150,6 @@ class LookupModule(LookupBase):
with open(path, 'w') as f: with open(path, 'w') as f:
os.chmod(path, 0o600) os.chmod(path, 0o600)
f.write(content + '\n') f.write(content + '\n')
# crypt not requested, remove salt if present
elif (params['encrypt'] is None and salt):
with open(path, 'w') as f:
os.chmod(path, 0o600)
f.write(password + '\n')
if params['encrypt']: if params['encrypt']:
password = do_encrypt(password, params['encrypt'], salt=salt) password = do_encrypt(password, params['encrypt'], salt=salt)