Add better error messages and checking to known_hosts (#38307) (#40502)

(cherry picked from commit 13aff08748)
pull/40552/head
Sam Doran 7 years ago committed by GitHub
parent 7df6df9017
commit 9bef06ccd9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -0,0 +1,2 @@
bugfixes:
- known_hosts - add better checking and error reporting to the host field (https://github.com/ansible/ansible/pull/38307)

@ -179,6 +179,11 @@ def sanity_check(module, host, key, sshkeygen):
# The approach is to write the key to a temporary file,
# and then attempt to look up the specified host in that file.
if re.search(r'\S+(\s+)?,(\s+)?', host):
module.fail_json(msg="Comma separated list of names is not supported. "
"Please pass a single name to lookup in the known_hosts file.")
try:
outf = tempfile.NamedTemporaryFile(mode='w+')
outf.write(key)
@ -188,7 +193,7 @@ def sanity_check(module, host, key, sshkeygen):
(outf.name, to_native(e)))
sshkeygen_command = [sshkeygen, '-F', host, '-f', outf.name]
rc, stdout, stderr = module.run_command(sshkeygen_command, check_rc=True)
rc, stdout, stderr = module.run_command(sshkeygen_command)
try:
outf.close()
except:

@ -17,7 +17,9 @@
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: copy an existing file in place
copy: src=existing_known_hosts dest="{{output_dir|expanduser}}/known_hosts"
copy:
src: existing_known_hosts
dest: "{{ output_dir | expanduser }}/known_hosts"
# test addition
@ -167,3 +169,33 @@
- 'not result.changed'
- 'result.diff.before == result.diff.after'
- 'known_hosts_v3.stdout == known_hosts_v4.stdout'
# test errors
- name: Try using a comma separated list of hosts
known_hosts:
name: example.org,acme.com
key: "{{ example_org_rsa_key }}"
path: "{{output_dir|expanduser}}/known_hosts"
ignore_errors: yes
register: result
- name: Assert that error message was displayed
assert:
that:
- result is failed
- result.msg == 'Comma separated list of names is not supported. Please pass a single name to lookup in the known_hosts file.'
- name: Try using a name that does not match the key
known_hosts:
name: example.com
key: "{{ example_org_rsa_key }}"
path: "{{output_dir|expanduser}}/known_hosts"
ignore_errors: yes
register: result
- name: Assert that name checking failed with error message
assert:
that:
- result is failed
- result.msg == 'Host parameter does not match hashed host field in supplied key'

Loading…
Cancel
Save