From 9bef06ccd962593d85665ba62950a1ced58a195e Mon Sep 17 00:00:00 2001 From: Sam Doran Date: Tue, 22 May 2018 12:42:39 -0400 Subject: [PATCH] Add better error messages and checking to known_hosts (#38307) (#40502) (cherry picked from commit 13aff08748167b761c1a61fbd517032e7ac1511c) --- .../fragments/known_hosts-error-message.yaml | 2 ++ lib/ansible/modules/system/known_hosts.py | 7 +++- .../targets/known_hosts/tasks/main.yml | 34 ++++++++++++++++++- 3 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/known_hosts-error-message.yaml diff --git a/changelogs/fragments/known_hosts-error-message.yaml b/changelogs/fragments/known_hosts-error-message.yaml new file mode 100644 index 00000000000..2e2f7fe5a87 --- /dev/null +++ b/changelogs/fragments/known_hosts-error-message.yaml @@ -0,0 +1,2 @@ +bugfixes: + - known_hosts - add better checking and error reporting to the host field (https://github.com/ansible/ansible/pull/38307) diff --git a/lib/ansible/modules/system/known_hosts.py b/lib/ansible/modules/system/known_hosts.py index 91d9994a470..87a0f2f07f5 100644 --- a/lib/ansible/modules/system/known_hosts.py +++ b/lib/ansible/modules/system/known_hosts.py @@ -179,6 +179,11 @@ def sanity_check(module, host, key, sshkeygen): # The approach is to write the key to a temporary file, # and then attempt to look up the specified host in that file. + + if re.search(r'\S+(\s+)?,(\s+)?', host): + module.fail_json(msg="Comma separated list of names is not supported. " + "Please pass a single name to lookup in the known_hosts file.") + try: outf = tempfile.NamedTemporaryFile(mode='w+') outf.write(key) @@ -188,7 +193,7 @@ def sanity_check(module, host, key, sshkeygen): (outf.name, to_native(e))) sshkeygen_command = [sshkeygen, '-F', host, '-f', outf.name] - rc, stdout, stderr = module.run_command(sshkeygen_command, check_rc=True) + rc, stdout, stderr = module.run_command(sshkeygen_command) try: outf.close() except: diff --git a/test/integration/targets/known_hosts/tasks/main.yml b/test/integration/targets/known_hosts/tasks/main.yml index 607f534b9bd..cac0f5580bc 100644 --- a/test/integration/targets/known_hosts/tasks/main.yml +++ b/test/integration/targets/known_hosts/tasks/main.yml @@ -17,7 +17,9 @@ # along with Ansible. If not, see . - name: copy an existing file in place - copy: src=existing_known_hosts dest="{{output_dir|expanduser}}/known_hosts" + copy: + src: existing_known_hosts + dest: "{{ output_dir | expanduser }}/known_hosts" # test addition @@ -167,3 +169,33 @@ - 'not result.changed' - 'result.diff.before == result.diff.after' - 'known_hosts_v3.stdout == known_hosts_v4.stdout' + +# test errors + +- name: Try using a comma separated list of hosts + known_hosts: + name: example.org,acme.com + key: "{{ example_org_rsa_key }}" + path: "{{output_dir|expanduser}}/known_hosts" + ignore_errors: yes + register: result + +- name: Assert that error message was displayed + assert: + that: + - result is failed + - result.msg == 'Comma separated list of names is not supported. Please pass a single name to lookup in the known_hosts file.' + +- name: Try using a name that does not match the key + known_hosts: + name: example.com + key: "{{ example_org_rsa_key }}" + path: "{{output_dir|expanduser}}/known_hosts" + ignore_errors: yes + register: result + +- name: Assert that name checking failed with error message + assert: + that: + - result is failed + - result.msg == 'Host parameter does not match hashed host field in supplied key'