ansible_mitogen: Fix ansible_host_key_checking combined with add_host

fixes mitogen-hq#1066 Co-authored-by: Philippe Kueck <bqobccy6ejnq2bqvmebqiwqha4cs4@protected32.unixadm.org>
moreati · May 7, 2024 · be709c1 · be709c1
1 parent 524ff9d
commit be709c1
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 1 deletion.
diff --git a/ansible_mitogen/connection.py b/ansible_mitogen/connection.py
@@ -119,7 +119,7 @@ def _connect_ssh(spec):
     """
     Return ContextService arguments for an SSH connection.
     """
-    if C.HOST_KEY_CHECKING:
+    if spec.host_key_checking():
         check_host_keys = 'enforce'
     else:
         check_host_keys = 'ignore'

diff --git a/ansible_mitogen/transport_config.py b/ansible_mitogen/transport_config.py
@@ -63,6 +63,8 @@
 
 import abc
 import os
+
+import ansible.module_utils.parsing.convert_bool
 import ansible.utils.shlex
 import ansible.constants as C
 
@@ -245,6 +247,12 @@ def python_path(self):
         Path to the Python interpreter on the target machine.
         """
 
+    @abc.abstractmethod
+    def host_key_checking(self):
+        """
+        Whether or not to check the keys of the target machine
+        """
+
     @abc.abstractmethod
     def private_key_file(self):
         """
@@ -466,6 +474,14 @@ def python_path(self, rediscover_python=False):
             action=self._action,
             rediscover_python=rediscover_python)
 
+    def host_key_checking(self):
+        val = (
+            self._connection.get_task_var('ansible_ssh_host_key_checking')
+            or self._connection.get_task_var('ansible_host_key_checking')
+            or C.HOST_KEY_CHECKING
+        )
+        return ansible.module_utils.parsing.convert_bool.boolean(val)
+
     def private_key_file(self):
         return self._play_context.private_key_file
 
@@ -692,6 +708,14 @@ def python_path(self, rediscover_python=False):
             action=self._action,
             rediscover_python=rediscover_python)
 
+    def host_key_checking(self):
+        val = (
+            self._host_vars.get('ansible_ssh_host_key_checking')
+            or self._host_vars.get('ansible_ssh_host_key_checking')
+            or C.HOST_KEY_CHECKING
+        )
+        return ansible.module_utils.parsing.convert_bool.boolean(val)
+
     def private_key_file(self):
         # TODO: must come from PlayContext too.
         return (

diff --git a/docs/changelog.rst b/docs/changelog.rst
@@ -24,6 +24,8 @@ Unreleased
 * :gh:issue:`952` Fix Ansible `--ask-become-pass`, add test coverage
 * :gh:issue:`957` Fix Ansible exception when executing against 10s of hosts
   "ValueError: filedescriptor out of range in select()"
+* :gh:issue:`1066` Allow Ansible host key checking to be overridden by
+   `ansible_host_key_checking` & `ansible_ssh_host_key_checking`
 
 
 v0.3.7 (2024-04-08)