cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
17378 commits 47 branches 390 tags 440 MiB
Commit graph

84 commits

Author SHA1 Message Date
Toshio Kuratomi
a3fd4817ef Unicode and other fixes for vault 2015-08-25 12:43:09 -07:00
Brian Coca
144da7e7d1 Merge pull request #11765 from ldx/vault_pbkdf2hmac 
Use PBKDF2HMAC() from cryptography for vault keys.
 2015-08-21 11:06:00 -04:00
Brian Coca
7a4a156d91 changed local_action to alias to connection=local vs delegate_to=localhost 
fixes #11998, but still leaves issue of delegate_to: localhost not working
 2015-08-18 18:31:29 -04:00
James Cammarata
eb381bd522 Add one more search path to path_dwim_relative 2015-08-13 09:53:09 -04:00
James Cammarata
d9833f227f Make sure cached data from file loads isn't impacted by modifications 
Fixes #11893
 2015-08-12 14:30:43 -04:00
Toshio Kuratomi
e8452c864e Restore the relative path handling portion of #11865 2015-08-06 07:28:22 -07:00
Brian Coca
b9433650d1 Revert "Path of group_vars and host_vars were getting the basedir added twice." 
in view of simpler solution incomming from james
This reverts commit bae7a02be5.
 2015-08-06 10:09:43 -04:00
Toshio Kuratomi
bae7a02be5 Path of group_vars and host_vars were getting the basedir added twice. 
Fix inventory so this won't happen and fix DataLoader so that it will
test relative paths relative to self._basedir

Fixes #11789
 2015-08-05 17:41:17 -07:00
Chris Church
6969b5ac8b Make sure raw doesn't eat key=value arguments. 2015-08-02 11:57:32 -04:00
Vilmos Nebehaj
58cccce384 Use PBKDF2HMAC() from cryptography for vault keys. 
When stretching the key for vault files, use PBKDF2HMAC() from the
cryptography package instead of pycrypto. This will speed up the opening
of vault files by ~10x.

The problem is here in lib/ansible/utils/vault.py:

    hash_function = SHA256

    # make two keys and one iv
    pbkdf2_prf = lambda p, s: HMAC.new(p, s, hash_function).digest()

    derivedkey = PBKDF2(password, salt, dkLen=(2 * keylength) + ivlength,
                        count=10000, prf=pbkdf2_prf)

`PBKDF2()` calls a Python callback function (`pbkdf2_pr()`) 10000 times.
If one has several vault files, this will cause excessive start times
with `ansible` or `ansible-playbook` (we experience ~15 second startup
times).

Testing the original implementation in 1.9.2 with a vault file:

In [2]: %timeit v.decrypt(encrypted_data)
1 loops, best of 3: 265 ms per loop

Having a recent OpenSSL version and using the vault.py changes in this commit:

In [2]: %timeit v.decrypt(encrypted_data)
10 loops, best of 3: 23.2 ms per loop
 2015-07-28 14:51:36 +02:00
Pablo Figue
f8bf2ba1bd Encrypt the vault file after editing only if the contents changed 2015-07-26 14:41:34 +05:30
James Cammarata
73aa5686cc Remove octal escapes from unicode escape handling 
Fixes #11673
 2015-07-25 16:30:11 -04:00
James Cammarata
e526743b4f Allowing args: "{{some_var}}" for task params again 
This is unsafe and we debated re-adding it to the v2/2.0 codebase,
however it is a common-enough feature that we will simply mark it
as deprecated for now and remove it at some point in the future.

Fixes #11718
 2015-07-24 10:33:12 -04:00
Brian Coca
b9050ecf18 fixed file lookup pathing in dwim functinos, now does specific paths and priorities and is commented 
fixes #11672 as cwd is now not part of thos paths:
if full path is supplied, used that
 2015-07-22 20:58:24 -04:00
Brian Coca
827b0443c8 now dataloader checkis that you get at least a valid string as a file name 2015-07-21 08:47:13 -04:00
James Cammarata
165fff8a1e Fixing module arg parsing splitting when action is a variable 
Fixes #11122
 2015-07-15 12:03:02 -04:00
James Cammarata
f40b66d841 Make sure the basedir is unicode 
Fixes #10773
 2015-07-12 16:40:00 -04:00
Brian Coca
e4097ed279 simplified ansible errors, moved md5 hash import with notes to be more prominent 2015-07-11 14:24:00 -04:00
Toshio Kuratomi
ddac6fa9f3 Update exception handling to be python3 compat 2015-07-08 08:59:42 -07:00
Toshio Kuratomi
49e17b8ff6 Get rid of an unused import so that we don't have circular imports 2015-07-06 14:19:13 -07:00
Toshio Kuratomi
f44f9569e1 Test unquote works as expected and fix two bugs: 
* escaped end quote
* a single quote character
 2015-07-06 13:16:42 -07:00
James Cammarata
bddadc9565 Fix bug in relative path determination 2015-07-04 23:18:54 -04:00
Brian Coca
b76dbb01cc generalized prereqs check 
added vaultfile class for action and lookup plugin usage
 2015-06-16 09:20:15 -04:00
Toshio Kuratomi
c3caff5eeb Fix for six version 1.1.0 (rhel6). 2015-06-03 10:25:07 -07:00
Toshio Kuratomi
d8c8ca11cf Add compatibility for old version of six (present on rhel7) 2015-06-03 08:45:36 -07:00
Brian Coca
5622fc23bc fixed frozen set, missing iterable 2015-06-02 23:35:15 -04:00
Brian Coca
48c0d6388f moved RAW var to class and as a frozenset 2015-06-02 23:35:15 -04:00
Brian Coca
e0ef217f97 Revert "Adding raw module to list of modules allowing raw params" 
This reverts commit bc041ffea0.
same fix x2 does not fix it 'more'
 2015-06-02 13:33:33 -04:00
James Cammarata
bc041ffea0 Adding raw module to list of modules allowing raw params 
Fixes #11119
 2015-06-02 08:42:24 -05:00
Brian Coca
e251e70178 added raw to 'raw' modules 2015-06-02 08:54:37 -04:00
James Cammarata
4bc7703db3 Fixing some small bugs related to integration tests (v2) 2015-06-01 16:42:10 -05:00
James Cammarata
b94e2a1f4e Fixing bugs related to parsing and fixing up parsing integration tests (v2) 2015-05-13 11:27:12 -05:00
Toshio Kuratomi
3a87b2727d Fix format strings for python2.6 2015-05-08 13:11:04 -07:00
James Cammarata
ce3ef7f4c1 Making the switch to v2 2015-05-03 21:47:26 -05:00