Add transfer checksum verification in copy module (#35367)

* Add transfer checksum verification in copy module, to ensure that the file was transferred to the remote successfully. Fixes #35029

* Guard on no checksum

* Add version_added
pull/35401/head
Matt Martz 7 years ago committed by Adam Miller
parent e8633b7a22
commit de2427beaf

@ -83,6 +83,11 @@ options:
type: bool type: bool
default: 'yes' default: 'yes'
version_added: "2.4" version_added: "2.4"
checksum:
description:
- SHA1 checksum of the file being transferred. Used to valdiate that the copy of the file was successful.
- If this is not provided, ansible will use the local calculated checksum of the src file.
version_added: '2.5'
extends_documentation_fragment: extends_documentation_fragment:
- files - files
- validate - validate
@ -265,6 +270,7 @@ def main():
directory_mode=dict(type='raw'), directory_mode=dict(type='raw'),
remote_src=dict(type='bool'), remote_src=dict(type='bool'),
local_follow=dict(type='bool'), local_follow=dict(type='bool'),
checksum=dict(),
), ),
add_file_common_args=True, add_file_common_args=True,
supports_check_mode=True, supports_check_mode=True,
@ -281,6 +287,7 @@ def main():
follow = module.params['follow'] follow = module.params['follow']
mode = module.params['mode'] mode = module.params['mode']
remote_src = module.params['remote_src'] remote_src = module.params['remote_src']
checksum = module.params['checksum']
if not os.path.exists(b_src): if not os.path.exists(b_src):
module.fail_json(msg="Source %s not found" % (src)) module.fail_json(msg="Source %s not found" % (src))
@ -299,6 +306,13 @@ def main():
changed = False changed = False
if checksum and checksum_src != checksum:
module.fail_json(
msg='Copied file does not match the expected checksum. Transfer failed.',
checksum=checksum_src,
expected_checksum=checksum
)
# Special handling for recursive copy - create intermediate dirs # Special handling for recursive copy - create intermediate dirs
if original_basename and dest.endswith(os.sep): if original_basename and dest.endswith(os.sep):
dest = os.path.join(dest, original_basename) dest = os.path.join(dest, original_basename)

@ -291,6 +291,9 @@ class ActionModule(ActionBase):
original_basename=source_rel, original_basename=source_rel,
) )
) )
if not self._task.args.get('checksum'):
new_module_args['checksum'] = local_checksum
if lmode: if lmode:
new_module_args['mode'] = lmode new_module_args['mode'] = lmode

Loading…
Cancel
Save