From 922b5c8109df38096f951482214a583ae2e9d72c Mon Sep 17 00:00:00 2001 From: RedRampage Date: Mon, 28 Sep 2015 23:28:01 +0300 Subject: [PATCH] Removed deletion of salt by 'password' lookup Removed deletion of salt param from lookup file by 'password' lookup_filter. Old behaviour leads to constant changed status when two tasks uses same lookup, one with 'encrypt' parameter, and other without. For example: tasks: - name: Create user user: password: "{{ lookup('password', inventory_dir + '/creds/user/pass' ncrypt=sha512_crypt) }}" ... # Lookup file 'creds/user/pass' now contain password with salt - name: Create htpasswd htpasswd: password: "{{ lookup('password', inventory_dir + '/creds/user/pass') }}" ... # Salt gets deleted from lookup file 'creds/user/pass' # Next run of "Create user" task will create it again and will have 'changed' status --- lib/ansible/plugins/lookup/password.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/ansible/plugins/lookup/password.py b/lib/ansible/plugins/lookup/password.py index 7cfecb5e6a7..1c0fc5c2a57 100644 --- a/lib/ansible/plugins/lookup/password.py +++ b/lib/ansible/plugins/lookup/password.py @@ -150,11 +150,6 @@ class LookupModule(LookupBase): with open(path, 'w') as f: os.chmod(path, 0o600) f.write(content + '\n') - # crypt not requested, remove salt if present - elif (params['encrypt'] is None and salt): - with open(path, 'w') as f: - os.chmod(path, 0o600) - f.write(password + '\n') if params['encrypt']: password = do_encrypt(password, params['encrypt'], salt=salt)