forked from ansible/ansible
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Ensure -k is set to delegated hosts without a pass (ansible#71136)
* Ensure -k is set to delegated hosts without a pass * Fix up some broken tests * Update task_executor.py one possible fix, the other is updating winrm to normalize on 'password' like the other connection plugins * Add alias for winrm and fix incorrect assumption * Make sure aliases are used for keyword options * Conditionally run test if sshpass is present, fix sanity Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
- Loading branch information
Showing
10 changed files
with
117 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
bugfixes: | ||
- Ensure password passed in by -k is used on delegated hosts that do not have ansible_password set |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
test/integration/targets/connection_delegation/action_plugins/delegation_action.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
from __future__ import (absolute_import, division, print_function) | ||
__metaclass__ = type | ||
|
||
from ansible.plugins.action import ActionBase | ||
|
||
|
||
class ActionModule(ActionBase): | ||
|
||
def run(self, tmp=None, task_vars=None): | ||
return { | ||
'remote_password': self._connection.get_option('remote_password'), | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
shippable/posix/group1 | ||
skip/freebsd # No sshpass | ||
skip/osx # No sshpass | ||
skip/rhel # No sshpass |
45 changes: 45 additions & 0 deletions
45
test/integration/targets/connection_delegation/connection_plugins/delegation_connection.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
from __future__ import (absolute_import, division, print_function) | ||
__metaclass__ = type | ||
|
||
DOCUMENTATION = """ | ||
author: Ansible Core Team | ||
connection: delegation_connection | ||
short_description: Test connection for delegated host check | ||
description: | ||
- Some further description that you don't care about. | ||
options: | ||
remote_password: | ||
description: The remote password | ||
type: str | ||
vars: | ||
- name: ansible_password | ||
# Tests that an aliased key gets the -k option which hardcodes the value to password | ||
aliases: | ||
- password | ||
""" | ||
|
||
from ansible.plugins.connection import ConnectionBase | ||
|
||
|
||
class Connection(ConnectionBase): | ||
|
||
transport = 'delegation_connection' | ||
has_pipelining = True | ||
|
||
def __init__(self, *args, **kwargs): | ||
super(Connection, self).__init__(*args, **kwargs) | ||
|
||
def _connect(self): | ||
super(Connection, self)._connect() | ||
|
||
def exec_command(self, cmd, in_data=None, sudoable=True): | ||
super(Connection, self).exec_command(cmd, in_data, sudoable) | ||
|
||
def put_file(self, in_path, out_path): | ||
super(Connection, self).put_file(in_path, out_path) | ||
|
||
def fetch_file(self, in_path, out_path): | ||
super(Connection, self).fetch_file(in_path, out_path) | ||
|
||
def close(self): | ||
super(Connection, self).close() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
my_host ansible_host=127.0.0.1 ansible_connection=delegation_connection |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -ux | ||
|
||
echo "Checking if sshpass is present" | ||
which sshpass 2>&1 || exit 0 | ||
echo "sshpass is present, continuing with test" | ||
|
||
sshpass -p my_password ansible-playbook -i inventory.ini test.yml -k "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
--- | ||
- hosts: localhost | ||
gather_facts: no | ||
tasks: | ||
- name: test connection receives -k from play_context when delegating | ||
delegation_action: | ||
delegate_to: my_host | ||
register: result | ||
|
||
- assert: | ||
that: | ||
- result.remote_password == 'my_password' | ||
|
||
- name: ensure vars set for that host take precedence over -k | ||
delegation_action: | ||
delegate_to: my_host | ||
vars: | ||
ansible_password: other_password | ||
register: result | ||
|
||
- assert: | ||
that: | ||
- result.remote_password == 'other_password' |