Relative ansible cfg lookup #17115
Relative ansible cfg lookup #17115
Conversation
| path_list.append(path0) | ||
|
|
||
| # Get config file location from CWD | ||
| # FIXME: Needs deprecation? See: https://github.com/ansible/ansible/issues/11175#issuecomment-109386699 |
There was a problem hiding this comment.
From the conversation further down the issue thread, I think this is staying.
|
|
||
| for path in [path0, path1, path2, path3]: | ||
| for path in path_list: | ||
| if path is not None and os.path.exists(path): | ||
| try: | ||
| p.read(path) |
There was a problem hiding this comment.
Reading the linked feature report, I think this the spec we're trying to implement: #11175 (comment)
So we're missing a warning here if the directory is world writable. I think that looks something like:
import stat
[...]
cfg_directory = os.path.dirname(path)
cfg_directory_stat = os.stat(cfg_directory)
if cfg_directory_stat[stat.ST_MODE] & stat.S_IWOTH:
display.warning('Reading ansible config file from a world readable directory (%s). This can be a security risk. If this is the intended location, please change permissions on the directory.' % cfg_directory)
|
Hi @akamensky sorry it's taken a while to look at this feature request. Right now is the prime time to get new features into Ansible (for the 2.3.x release). I've commented on this and if you're interested in fixing it up I'll get it in. If not, let me know and I'll try to get it the rest of the way. If you update and I don't appear to have seen it, please feel free to get in touch with me on IRC. I'm abadger1999 in #ansible-devel on irc.freenode.net. |
|
I've taken a quick look at the cli code... I think I agree with you about there being a need for a large reworking of the code to make that a clean change. I think it could be done uncleanly with just a few things changed but it would be fragile. Future devs would have to know that use of constants and parsing args were being done in a particular order and a particular style out of necessity but that wouldn't be obvious from just reading the code. What's being worked on here seems like it is good enough for now and we can work on other fixes if there's a need later. |
ansibot
added
affects_2.3
ansibot
added
needs_rebase
|
Do we have any updates on this? I would file really useful if ansible would detect the location of the ansible.cfg by looking for the parent folders. This would allow people to keep playbooks inside subfolders of their repos without having to be extremely careful from which CWD they are running a playbook. |
|
ansible/proposals#35 will provide this 'feature' in a saner way |
That and having e.g |
ansibot
added
the
stale_ci
ansibot
added
the
support:core
gundalow
changed the title
|
Hi! Thanks very much for your submission to Ansible. It sincerely means a lot to us that you've taken time to contribute. Unfortunately, we're not sure if we want this feature in the program, and I don't want this to seem confrontational. Our reasons for this are: We are closing this in favor of a future implementation, noted in the comment regarding proposal 35. However, we're absolutely always up for discussion. Since this is a really busy project, we don't always see comments on closed tickets, but want to encourage open dialog. You can stop by the development list, and we'd be glad to talk about it - and we might even be persuaded otherwise! https://groups.google.com/forum/#!forum/ansible-devel Thank you once again for this and your interest in Ansible! |
ISSUE TYPE
COMPONENT NAME
constants.py / locating config
ANSIBLE VERSION
SUMMARY
Fixes #11175 allowing to traverse from playbook file location towards the root in order to find ansible.cfg