archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ansible-pull now handles all secret files CLI options (#82009)

Browse Source 
* ansible-pull added missing pasthrough for secrets

 Both become and connection password file options were missing.
 Also added test
pull/82030/head
Brian Coca 1 year ago committed by GitHub
parent 9ee603d1c5
commit 99e0d25857
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File

2
changelogs/fragments/pull_file_secrets.yml
Unescape Escape View File

@ -0,0 +1,2 @@
bugfixes:
- ansible-pull will now correctly handle become and connection password file options for ansible-playbook.

7
lib/ansible/cli/pull.py
Unescape Escape View File

@ -274,8 +274,15 @@ class PullCLI(CLI):
for vault_id in context.CLIARGS['vault_ids']: for vault_id in context.CLIARGS['vault_ids']:
cmd += " --vault-id=%s" % vault_id cmd += " --vault-id=%s" % vault_id
if context.CLIARGS['become_password_file']:
cmd += " --become-password-file=%s" % context.CLIARGS['become_password_file']
if context.CLIARGS['connection_password_file']:
cmd += " --connection-password-file=%s" % context.CLIARGS['connection_password_file']
for ev in context.CLIARGS['extra_vars']: for ev in context.CLIARGS['extra_vars']:
cmd += ' -e %s' % shlex.quote(ev) cmd += ' -e %s' % shlex.quote(ev)
if context.CLIARGS['become_ask_pass']: if context.CLIARGS['become_ask_pass']:
cmd += ' --ask-become-pass' cmd += ' --ask-become-pass'
if context.CLIARGS['skip_tags']: if context.CLIARGS['skip_tags']:

12
test/integration/targets/ansible-pull/pull-integration-test/conn_secret.yml
Unescape Escape View File

@ -0,0 +1,12 @@
- hosts: localhost
gather_facts: false
tasks:
- ping: data='{{ansible_password}}'
register: dumb
vars:
ansible_python_interpreter: '{{ansible_playbook_python}}'
- name: If we got here, password was passed!
assert:
that:
- "dumb.ping == 'Testing123'"

1
test/integration/targets/ansible-pull/pull-integration-test/secret_connection_password
Unescape Escape View File

@ -0,0 +1 @@
Testing123

5
test/integration/targets/ansible-pull/runme.sh
Unescape Escape View File

@ -36,7 +36,8 @@ function pass_tests {
fi fi
# test for https://github.com/ansible/ansible/issues/13681 # test for https://github.com/ansible/ansible/issues/13681
if grep -E '127\.0\.0\.1.*ok' "${temp_log}"; then # match play default output stats, was matching limit + docker
if grep -E '127\.0\.0\.1\s*: ok=' "${temp_log}"; then
cat "${temp_log}" cat "${temp_log}"
echo "Found host 127.0.0.1 in output. Only localhost should be present." echo "Found host 127.0.0.1 in output. Only localhost should be present."
exit 1 exit 1
@ -85,3 +86,5 @@ pass_tests
ANSIBLE_CONFIG='' ansible-pull -d "${pull_dir}" -U "${repo_dir}" "$@" multi_play_1.yml multi_play_2.yml | tee "${temp_log}" ANSIBLE_CONFIG='' ansible-pull -d "${pull_dir}" -U "${repo_dir}" "$@" multi_play_1.yml multi_play_2.yml | tee "${temp_log}"
pass_tests_multi pass_tests_multi
ANSIBLE_CONFIG='' ansible-pull -d "${pull_dir}" -U "${repo_dir}" conn_secret.yml --connection-password-file "${repo_dir}/secret_connection_password" "$@"

Write Preview
Loading…
Cancel
Save