From eeee1e1c5aa9dd4f84175966e0f9e467fd7fc600 Mon Sep 17 00:00:00 2001
From: James Tanner <tanner.jc@gmail.com>
Date: Sat, 11 Jan 2014 11:02:01 -0500
Subject: [PATCH] Set accept_hostkey to False by default in the git module and
 fail early if the key is unknown

---
 lib/ansible/module_utils/known_hosts.py | 20 ++++++++++----------
 library/source_control/git              |  8 ++++----
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/lib/ansible/module_utils/known_hosts.py b/lib/ansible/module_utils/known_hosts.py
index 9b00af0660f..846965107fb 100644
--- a/lib/ansible/module_utils/known_hosts.py
+++ b/lib/ansible/module_utils/known_hosts.py
@@ -2,16 +2,16 @@ def add_git_host_key(module, url, accept_hostkey=True):
 
     """ idempotently add a git url hostkey """
 
-    if accept_hostkey:
-
-        fqdn = get_fqdn(module.params['repo'])
-
-        if fqdn:
-            known_host = check_hostkey(module, fqdn)
-            if not known_host:
-                rc, out, err = add_host_key(module, fqdn)
-                if rc != 0:
-                    module.fail_json(msg="failed to add %s hostkey: %s" % (fqdn, out + err))
+    fqdn = get_fqdn(module.params['repo'])
+
+    if fqdn:
+        known_host = check_hostkey(module, fqdn)
+        if not known_host and accept_hostkey:
+            rc, out, err = add_host_key(module, fqdn)
+            if rc != 0:
+                module.fail_json(msg="failed to add %s hostkey: %s" % (fqdn, out + err))
+        else:
+            module.fail_json(msg="%s has an unknown hostkey. Set accept_hostkey to True or manually add the hostkey prior to running the git module" % fqdn)                    
 
 def get_fqdn(repo_url):
 
diff --git a/library/source_control/git b/library/source_control/git
index 320414a35cf..41cf53133d5 100644
--- a/library/source_control/git
+++ b/library/source_control/git
@@ -45,7 +45,7 @@ options:
               branch name, or a tag name.
     accept_hostkey:
         required: false
-        default: true
+        default: false
         version_added: "1.5"
         description:
             - Add the hostkey for the repo url if not already added.
@@ -359,7 +359,7 @@ def main():
             force=dict(default='yes', type='bool'),
             depth=dict(default=None, type='int'),
             update=dict(default='yes', type='bool'),
-            accept_hostkey=dict(default='yes', type='bool'),
+            accept_hostkey=dict(default='no', type='bool'),
             executable=dict(default=None),
             bare=dict(default='no', type='bool'),
         ),
@@ -378,8 +378,8 @@ def main():
     git_path  = module.params['executable'] or module.get_bin_path('git', True)
 
     # add the git repo's hostkey 
-    if module.params['accept_hostkey']:
-        add_git_host_key(module, repo, accept_hostkey=True)
+    #if module.params['accept_hostkey']:
+    add_git_host_key(module, repo, accept_hostkey=module.params['accept_hostkey'])
 
     if bare:
         gitconfig = os.path.join(dest, 'config')