debconf: set empty password value (#83217)

Fixes: #83214

---------
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
pull/83666/head
Abhijeet Kasurde 2 months ago committed by GitHub
parent fb7fd51b93
commit 79e8c4c26c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

@ -0,0 +1,3 @@
---
bugfixes:
- debconf - set empty password values (https://github.com/ansible/ansible/issues/83214).

@ -134,20 +134,23 @@ def get_password_value(module, pkg, question, vtype):
cmd = [getsel] cmd = [getsel]
rc, out, err = module.run_command(cmd) rc, out, err = module.run_command(cmd)
if rc != 0: if rc != 0:
module.fail_json(msg="Failed to get the value '%s' from '%s'" % (question, pkg)) module.fail_json(msg=f"Failed to get the value '{question}' from '{pkg}': {err}")
desired_line = None
for line in out.split("\n"): for line in out.split("\n"):
if line.startswith(pkg): if not line.startswith(pkg):
desired_line = line continue
break
if not desired_line: # line is a collection of tab separated values
module.fail_json(msg="Failed to find the value '%s' from '%s'" % (question, pkg)) fields = line.split('\t')
if len(fields) <= 3:
(dpkg, dquestion, dvtype, dvalue) = desired_line.split() # No password found, return a blank password
if dquestion == question and dvtype == vtype: return ''
return dvalue try:
if fields[1] == question and fields[2] == vtype:
# If correct question and question type found, return password value
return fields[3]
except IndexError:
# Fail safe
return '' return ''

@ -1,21 +1,7 @@
# Test code for the debconf module. # Test code for the debconf module.
# (c) 2017, James Tanner <tanner.jc@gmail.com> # Copyright: (c) 2017, James Tanner <tanner.jc@gmail.com>
# Copyright: Contributors to the Ansible project
# This file is part of Ansible # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
## ##
## debconf query ## debconf query
## ##
@ -46,6 +32,7 @@
question: ddclient/password question: ddclient/password
value: "MySecretValue" value: "MySecretValue"
vtype: password vtype: password
no_log: false
register: debconf_test1 register: debconf_test1
- name: validate results for test 1 - name: validate results for test 1
@ -59,7 +46,7 @@
question: ddclient/password question: ddclient/password
value: "MySecretValue" value: "MySecretValue"
vtype: password vtype: password
no_log: yes no_log: false
register: debconf_test2 register: debconf_test2
- name: validate results for test 1 - name: validate results for test 1
@ -67,6 +54,62 @@
that: that:
- not debconf_test2.changed - not debconf_test2.changed
- name: Check if empty password is set
debconf:
name: ddclient2
question: ddclient/password
value: ""
vtype: password
no_log: false
register: debconf_test1
- name: validate if password is set to empty value
assert:
that:
- debconf_test1.changed
- name: Change empty password again (idempotency)
debconf:
name: ddclient2
question: ddclient/password
value: "MySecretValue"
vtype: password
no_log: false
register: debconf_test2
- name: validate if the empty password is changed to the given value
assert:
that:
- debconf_test2.changed
- name: Set different question for same package name
debconf:
name: ddclient2
question: ddclient/password1
value: "Sample"
vtype: password
no_log: false
register: debconf_test1
- name: validate if different question for same package name is set
assert:
that:
- debconf_test1.changed
- name: Set different question for same package name again (idempotency)
debconf:
name: ddclient2
question: ddclient/password1
value: "Sample"
vtype: password
no_log: false
register: debconf_test2
- name: validate if different question for same package name is set (idempotency)
assert:
that:
- not debconf_test2.changed
- name: Multiselect value - name: Multiselect value
debconf: debconf:
name: libnss-ldapd name: libnss-ldapd

@ -0,0 +1,63 @@
# Copyright: Contributors to the Ansible project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import annotations
import pytest
from ansible.modules.debconf import get_password_value
password_testdata = [
pytest.param(
(
"ddclient2 ddclient/password1 password Sample",
"ddclient2",
"ddclient/password1",
"password",
),
"Sample",
id="valid_password",
),
pytest.param(
(
"ddclient2 ddclient/password1 password",
"ddclient2",
"ddclient/password1",
"password",
),
'',
id="invalid_password",
),
pytest.param(
(
"ddclient2 ddclient/password password",
"ddclient2",
"ddclient/password1",
"password",
),
'',
id="invalid_password_none",
),
pytest.param(
(
"ddclient2 ddclient/password",
"ddclient2",
"ddclient/password",
"password",
),
'',
id="invalid_line",
),
]
@pytest.mark.parametrize("test_input,expected", password_testdata)
def test_get_password_value(mocker, test_input, expected):
module = mocker.MagicMock()
mocker.patch.object(
module, "get_bin_path", return_value="/usr/bin/debconf-get-selections"
)
mocker.patch.object(module, "run_command", return_value=(0, test_input[0], ""))
res = get_password_value(module, *test_input[1:])
assert res == expected
Loading…
Cancel
Save