[WIP] Cli password fixin #42645
Open
[WIP] Cli password fixin #42645
+65
−25
Conversation
The test
The test
The test
The test
The test
The test
The test
The test
|
We should have designed this so that post-validate and the rest of the code here assigned semantic meaning to tokens that were parsed from the playbook. Unfortunately, we combined that semantic meaning with the live playbook objects that are used by the rest of the program. So in post_validate we can get information that may not have come from the playbook. This is important because all playbook strings are text strings. But strings from other parts of the code may be byte strings instead. So we need to throw an error if we cannot convert the byte string into a text string. If we don't do that, we would silently mangle the string in the convdersion and pass it on. That would cause issues later on, for instance, passwords that don't work with ssh or become. Additionally, add a comment that to_text() is really here to convert from non-string types into text. For instance, from int and float. If we get to the point where we are only dealing with text strings at this point, we will still have to keep the to_text() to convert other types.
With regular jinja, * ascii bytes will get mangled on Python3 (text: "b'test'") * nonascii bytes will cause a traceback in Python2 With NativeTypes jinja: * non-ascii bytes will cause a traceback in jinja2 if it's mixed with text type on Python2 * any bytes will be mangled if they're mixed with text strings on Python3
Become and ssh pass can be read in from a password prompt. When that happens, we get a byte string. Just like vault passwords, we want these password prompts to remain byte strings all the way through the code so that we don't lose any information from the user.
This way we can tell which scenario failed and test all three scenarios even if one of the early ones failed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
SUMMARY
When prompted for passwords at the CLI, we want those passwords to pass through the system as untemplated byte strings.
ISSUE TYPE
COMPONENT NAME
ANSIBLE VERSION
ADDITIONAL INFORMATION