deprecate hash_hostname in favor of hash_known_hosts

Fixes saltstack#27201, saltstack#27610. saltstack#27201 was incomplete in its deprecation of hash_hostname.
jfindlay · Oct 6, 2015 · b6ee16b · b6ee16b
1 parent 0918399
commit b6ee16b
Showing 1 changed file with 22 additions and 9 deletions.
diff --git a/salt/modules/ssh.py b/salt/modules/ssh.py
@@ -663,7 +663,11 @@ def get_known_host(user, hostname, config=None, port=None):
 
 
 @decorators.which('ssh-keyscan')
-def recv_known_host(hostname, enc=None, port=None, hash_hostname=False):
+def recv_known_host(hostname,
+                    enc=None,
+                    port=None,
+                    hash_hostname=True,
+                    hash_known_hosts=True):
     '''
     Retrieve information about host public key from remote server
 
@@ -673,6 +677,15 @@ def recv_known_host(hostname, enc=None, port=None, hash_hostname=False):
 
         salt '*' ssh.recv_known_host <hostname> enc=<enc> port=<port>
     '''
+
+    if not hash_hostname:
+        salt.utils.warn_until(
+            'Carbon',
+            'The hash_hostname parameter is misleading as ssh-keygen can only '
+            'hash the whole known hosts file, not entries for individual'
+            'hosts. Please use hash_known_hosts=False instead.')
+        hash_known_hosts = hash_hostname
+
     # The following list of OSes have an old version of openssh-clients
     # and thus require the '-t' option for ssh-keyscan
     need_dash_t = ['CentOS-5']
@@ -684,7 +697,7 @@ def recv_known_host(hostname, enc=None, port=None, hash_hostname=False):
         chunks += ['-t', str(enc)]
     if not enc and __grains__.get('osfinger') in need_dash_t:
         chunks += ['-t', 'rsa']
-    if hash_hostname:
+    if hash_known_hosts:
         chunks.append('-H')
     chunks.append(str(hostname))
     cmd = ' '.join(chunks)
@@ -832,11 +845,6 @@ def set_known_host(user=None,
         return {'status': 'error',
                 'error': 'hostname argument required'}
 
-    if port is not None and port != DEFAULT_SSH_PORT and hash_hostname:
-        return {'status': 'error',
-                'error': 'argument port can not be used in '
-                'conjunction with argument hash_hostname'}
-
     if not hash_hostname:
         salt.utils.warn_until(
             'Carbon',
@@ -845,6 +853,11 @@ def set_known_host(user=None,
             'hosts. Please use hash_known_hosts=False instead.')
         hash_known_hosts = hash_hostname
 
+    if port is not None and port != DEFAULT_SSH_PORT and hash_known_hosts:
+        return {'status': 'error',
+                'error': 'argument port can not be used in '
+                'conjunction with argument hash_known_hosts'}
+
     update_required = False
     stored_host = get_known_host(user, hostname, config, port)
 
@@ -862,7 +875,7 @@ def set_known_host(user=None,
         remote_host = recv_known_host(hostname,
                                       enc=enc,
                                       port=port,
-                                      hash_hostname=hash_hostname)
+                                      hash_known_hosts=hash_known_hosts)
         if not remote_host:
             return {'status': 'error',
                     'error': 'Unable to receive remote host key'}
@@ -884,7 +897,7 @@ def set_known_host(user=None,
     if key:
         remote_host = {'hostname': hostname, 'enc': enc, 'key': key}
 
-    if hash_hostname or port == DEFAULT_SSH_PORT:
+    if hash_known_hosts or port == DEFAULT_SSH_PORT:
         line = '{hostname} {enc} {key}\n'.format(**remote_host)
     else:
         remote_host['port'] = port