-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix ec2_win_password to allow blank key_passphrase #28791
Conversation
I'm not a user of this module but the code looks like it does what is described. |
I can validate this broke between 2.3.2 and 2.4 |
@carpnick are you able to validate the fix works for you? |
@willthames I can confirm that this does fix the issue. I installed 2.4, validated it failed, applied the patch, everything works. |
@crazycoop74 FYI |
rebuild_merge Thanks @carpnick for verifying the PR and @jonjozwiak for the implementation |
@willthames I'm guessing this should be cherry-picked to stable-2.4 for the 2.4.1 release. Let me know if you don't want this to happen. |
@jborean93 I'm fine with it being cherry picked |
(cherry picked from commit 74f9509)
Thanks @willthames, cherry-picked under 60e98a3 for 2.4.1. |
The bugfix that required installation of dev ansible version (ansible/ansible#28791) made it to the pypi release.
The bugfix that required installation of dev ansible version (ansible/ansible#28791) made it to the pypi release.
SUMMARY
There was a change between ansible 2.3.2 and ansible 2.4.0 that broke the ec2_win_password module if using a key without a passphrase. The below task worked in 2.3.2 and fails in 2.4.0:
In 2.4.0 this returns a failure indicating the private key is given a passphrase, but the key isn't encrypted.
The full traceback is:
File "/tmp/ansible_6K5Q9I/ansible_module_ec2_win_password.py", line 167, in main
key = load_pem_private_key(f.read(), b_key_passphrase, BACKEND)
File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/primitives/serialization.py", line 20, in load_pem_private_key
return backend.load_pem_private_key(data, password)
File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1006, in load_pem_private_key
password,
File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1231, in _load_key
"Password was given but private key is not encrypted.")
This can be fixed by passing a None as the passphrase if one isn't defined
ISSUE TYPE
COMPONENT NAME
modules/cloud/amazon/ec2_win_password.py
ANSIBLE VERSION
ADDITIONAL INFORMATION