Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use parse_kv to correctly parse parameters from password lookup #12256

Merged
merged 1 commit into from
Sep 4, 2015
Merged

Use parse_kv to correctly parse parameters from password lookup #12256

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
70 changes: 35 additions & 35 deletions lib/ansible/plugins/lookup/password.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
__metaclass__ = type

import os
import errno
import string
import random

Expand All @@ -29,10 +28,13 @@
from ansible import constants as C
from ansible.errors import AnsibleError
from ansible.plugins.lookup import LookupBase
from ansible.parsing.splitter import parse_kv
from ansible.utils.encrypt import do_encrypt
from ansible.utils.path import makedirs_safe

DEFAULT_LENGTH = 20
VALID_PARAMS = frozenset(('length', 'encrypt', 'chars'))


class LookupModule(LookupBase):

Expand Down Expand Up @@ -60,37 +62,36 @@ def run(self, terms, variables, **kwargs):
ret = []

for term in terms:
# you can't have escaped spaces in yor pathname
params = term.split()
relpath = params[0]

paramvals = {
'length': DEFAULT_LENGTH,
'encrypt': None,
'chars': ['ascii_letters','digits',".,:-_"],
}

# get non-default parameters if specified
try:
for param in params[1:]:
name, value = param.split('=')
assert(name in paramvals)
if name == 'length':
paramvals[name] = int(value)
elif name == 'chars':
use_chars=[]
if ",," in value:
use_chars.append(',')
use_chars.extend(value.replace(',,',',').split(','))
paramvals['chars'] = use_chars
else:
paramvals[name] = value
except (ValueError, AssertionError) as e:
raise AnsibleError(e)

length = paramvals['length']
encrypt = paramvals['encrypt']
use_chars = paramvals['chars']
params = parse_kv(term)
if '_raw_params' in params:
relpath = params['_raw_params']
del params['_raw_params']
else:
relpath = params

# Check that we parsed the params correctly
if not term.startswith(relpath):
# Likely, the user had a non parameter following a parameter.
# Reject this as a user typo
raise AnsibleError('Unrecognized value after key=value parameters given to password lookup')

invalid_params = frozenset(params.keys()).difference(VALID_PARAMS)
if invalid_params:
raise AnsibleError('Unrecognized parameter(s) given to password lookup: %s' % ', '.join(invalid_params))

length = int(params.get('length', DEFAULT_LENGTH))
encrypt = params.get('encrypt', None)

use_chars = params.get('chars', None)
if use_chars:
tmp_chars = []
if ',,' in use_chars:
tmp_chars.append(',')
tmp_chars.extend(use_chars.replace(',,', ',').split(','))
use_chars = tmp_chars
else:
# Default chars for password
use_chars = ['ascii_letters', 'digits', ".,:-_"]

# get password or create it if file doesn't exist
path = self._loader.path_dwim(relpath)
Expand All @@ -101,7 +102,7 @@ def run(self, terms, variables, **kwargs):
except OSError as e:
raise AnsibleError("cannot create the path for the password lookup: %s (error was %s)" % (pathdir, str(e)))

chars = "".join([getattr(string,c,c) for c in use_chars]).replace('"','').replace("'",'')
chars = "".join(getattr(string, c, c) for c in use_chars).replace('"', '').replace("'", '')
password = ''.join(random.choice(chars) for _ in range(length))

if encrypt is not None:
Expand All @@ -118,7 +119,7 @@ def run(self, terms, variables, **kwargs):

if sep >= 0:
password = content[:sep]
salt = content[sep+1:].split('=')[1]
salt = content[sep + 1:].split('=')[1]
else:
password = content
salt = None
Expand All @@ -142,4 +143,3 @@ def run(self, terms, variables, **kwargs):
ret.append(password)

return ret