archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Clarify usage of encrypt arg (#43330)

Browse Source 
According to the do_encrypt interface, encrypt arg should be the hash method name used for encrypting returning password. But in the doc and lookup code it's a boolean flag, correct it to string.
pull/43614/merge
Zhikang Zhang 6 years ago committed by GitHub
parent 62d8c8fde6
commit 3a3869f4c8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File

15
lib/ansible/plugins/lookup/password.py
Unescape Escape View File

@ -28,11 +28,12 @@ DOCUMENTATION = """
required: True required: True
encrypt: encrypt:
description: description:
- Whether the user requests that this password is returned encrypted or in plain text. - Which hash scheme to encrypt the returning password, should be one hash scheme from C(passlib.hash).
- Note that the password is always stored as plain text. - If not provided, the password will be returned in plain text.
- Note that the password is always stored as plain text, only the returning password is encrypted.
- Encrypt also forces saving the salt value for idempotence. - Encrypt also forces saving the salt value for idempotence.
type: boolean - Note that before 2.6 this option was incorrectly labeled as a boolean for a long time.
default: True default: None
chars: chars:
version_added: "1.4" version_added: "1.4"
description: description:
@ -234,13 +235,13 @@ def _parse_content(content):
return password, salt return password, salt
def _format_content(password, salt, encrypt=True): def _format_content(password, salt, encrypt=None):
"""Format the password and salt for saving """Format the password and salt for saving
:arg password: the plaintext password to save :arg password: the plaintext password to save
:arg salt: the salt to use when encrypting a password :arg salt: the salt to use when encrypting a password
:arg encrypt: Whether the user requests that this password is encrypted. :arg encrypt: Which method the user requests that this password is encrypted.
Note that the password is saved in clear. Encrypt just tells us if we Note that the password is saved in clear. Encrypt just tells us if we
must save the salt value for idempotence. Defaults to True. must save the salt value for idempotence. Defaults to None.
:returns: a text string containing the formatted information :returns: a text string containing the formatted information
.. warning:: Passwords are saved in clear. This is because the playbooks .. warning:: Passwords are saved in clear. This is because the playbooks

2
test/units/plugins/lookup/test_password.py
Unescape Escape View File

@ -333,7 +333,7 @@ class TestFormatContent(unittest.TestCase):
self.assertEqual( self.assertEqual(
password._format_content(password=u'hunter42', password._format_content(password=u'hunter42',
salt=None, salt=None,
encrypt=False), encrypt=None),
u'hunter42') u'hunter42')
def test_encrypt(self): def test_encrypt(self):

Write Preview
Loading…
Cancel
Save