diff --git a/changelogs/fragments/password_hash_encrypt.yml b/changelogs/fragments/password_hash_encrypt.yml new file mode 100644 index 00000000000..5cbdfa7c053 --- /dev/null +++ b/changelogs/fragments/password_hash_encrypt.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - encrypt - check datatype of salt_size in password_hash filter. diff --git a/lib/ansible/utils/encrypt.py b/lib/ansible/utils/encrypt.py index 9f44394403a..016ab76a466 100644 --- a/lib/ansible/utils/encrypt.py +++ b/lib/ansible/utils/encrypt.py @@ -99,6 +99,8 @@ class PasslibHash(BaseHash): salt = self._clean_salt(salt) rounds = self._clean_rounds(rounds) ident = self._clean_ident(ident) + if salt_size is not None and not isinstance(salt_size, int): + raise TypeError("salt_size must be an integer") return self._hash(secret, salt=salt, salt_size=salt_size, rounds=rounds, ident=ident) def _clean_ident(self, ident): diff --git a/test/integration/targets/filter_core/tasks/main.yml b/test/integration/targets/filter_core/tasks/main.yml index e812eec6ac6..c11b21c40c6 100644 --- a/test/integration/targets/filter_core/tasks/main.yml +++ b/test/integration/targets/filter_core/tasks/main.yml @@ -384,6 +384,7 @@ that: - '"%Y-%m-%d"|strftime(1585247522) == "2020-03-26"' - '"%Y-%m-%d"|strftime("1585247522.0") == "2020-03-26"' + - '"%Y-%m-%d"|strftime("1585247522.0", utc=True) == "2020-03-26"' - '("%Y"|strftime(None)).startswith("20")' # Current date, can't check much there. - strftime_fail is failed - '"Invalid value for epoch value" in strftime_fail.msg' @@ -538,15 +539,11 @@ ignore_errors: yes register: password_hash_2 -- name: Verify password_hash - assert: - that: - - "'what in the WORLD is up?'|password_hash|length in (120, 106)" - # This throws a vastly different error on py2 vs py3, so we just check - # that it's a failure, not a substring of the exception. - - password_hash_1 is failed - - password_hash_2 is failed - - "'is not in the list of supported passlib algorithms' in password_hash_2.msg" +- name: Verify password_hash throws on weird rounds + set_fact: + foo: '{{ "hey" | password_hash(rounds=1) }}' + ignore_errors: yes + register: password_hash_3 - name: test using passlib with an unsupported hash type set_fact: @@ -554,8 +551,16 @@ ignore_errors: yes register: unsupported_hash_type -- assert: +- name: Verify password_hash + assert: that: + - "'what in the WORLD is up?'|password_hash|length in (120, 106)" + - password_hash_1 is failed + - "'salt_size must be an integer' in password_hash_1.msg" + - password_hash_2 is failed + - "'is not in the list of supported passlib algorithms' in password_hash_2.msg" + - password_hash_3 is failed + - "'Could not hash the secret' in password_hash_3.msg" - "'msdcc is not in the list of supported passlib algorithms' in unsupported_hash_type.msg" - name: Verify to_uuid throws on weird namespace @@ -832,3 +837,26 @@ splitty: - "1,2,3" - "4,5,6" + +- name: test to_yaml and to_nice_yaml + include_tasks: to_yaml.yml + +- name: test to_json and to_nice_json + include_tasks: to_json.yml + +- name: commonpath filter + set_fact: + msg: "{{ ['/foo/bar/foobar','/foo/bar'] | commonpath }}" + register: commonpath_01 + +- name: commonpath filter raises exception + set_fact: + msg: "{{ '/foo/bar/foobar' | commonpath }}" + register: commonpath_02 + ignore_errors: yes + +- name: Check if commonpath works + assert: + that: + - '"/foo/bar" in commonpath_01.ansible_facts.msg' + - "'|commonpath expects' in commonpath_02.msg" diff --git a/test/integration/targets/filter_core/tasks/to_json.yml b/test/integration/targets/filter_core/tasks/to_json.yml new file mode 100644 index 00000000000..b902a7a8853 --- /dev/null +++ b/test/integration/targets/filter_core/tasks/to_json.yml @@ -0,0 +1,28 @@ +# Copyright: Contributors to the Ansible project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +- name: Check if to_json works + set_fact: + msg: "{{ list_one | to_json }}" + vars: + list_one: + - one + - two + register: json_01 + +- name: Check if to_nice_json works + set_fact: + msg: "{{ list_one | to_json }}" + vars: + list_one: + - one + - two + register: json_02 + +- name: Assert + assert: + that: + - not json_01.failed + - json_01.ansible_facts.msg == "[\"one\", \"two\"]" + - not json_02.failed + - json_02.ansible_facts.msg == "[\"one\", \"two\"]" diff --git a/test/integration/targets/filter_core/tasks/to_yaml.yml b/test/integration/targets/filter_core/tasks/to_yaml.yml new file mode 100644 index 00000000000..f26f80c4639 --- /dev/null +++ b/test/integration/targets/filter_core/tasks/to_yaml.yml @@ -0,0 +1,27 @@ +# Copyright: Contributors to the Ansible project +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +- name: Check to_yaml exception handling + set_fact: + msg: "{{ 'thing' | to_yaml(nonexistent_argument=True) }}" + register: yaml_test_01 + ignore_errors: yes + +- name: Check default_style + set_fact: + msg: "{{ 'thing' | to_yaml(default_style='|') }}" + register: yaml_test_02 + ignore_errors: yes + +- name: Check canonical + set_fact: + msg: "{{ 'thing' | to_yaml(canonical=True) }}" + register: yaml_test_03 + ignore_errors: yes + +- name: Test to_yaml + assert: + that: + - yaml_test_01.failed + - yaml_test_02.ansible_facts.msg == "|-\n thing\n" + - yaml_test_03.ansible_facts.msg == "---\n!!str \"thing\"\n"