Set accept_hostkey to False by default in the git module and fail

early if the key is unknown
pull/5586/head
James Tanner 11 years ago
parent 8665b0638a
commit eeee1e1c5a

@ -2,16 +2,16 @@ def add_git_host_key(module, url, accept_hostkey=True):
""" idempotently add a git url hostkey """ """ idempotently add a git url hostkey """
if accept_hostkey:
fqdn = get_fqdn(module.params['repo']) fqdn = get_fqdn(module.params['repo'])
if fqdn: if fqdn:
known_host = check_hostkey(module, fqdn) known_host = check_hostkey(module, fqdn)
if not known_host: if not known_host and accept_hostkey:
rc, out, err = add_host_key(module, fqdn) rc, out, err = add_host_key(module, fqdn)
if rc != 0: if rc != 0:
module.fail_json(msg="failed to add %s hostkey: %s" % (fqdn, out + err)) module.fail_json(msg="failed to add %s hostkey: %s" % (fqdn, out + err))
else:
module.fail_json(msg="%s has an unknown hostkey. Set accept_hostkey to True or manually add the hostkey prior to running the git module" % fqdn)
def get_fqdn(repo_url): def get_fqdn(repo_url):

@ -45,7 +45,7 @@ options:
branch name, or a tag name. branch name, or a tag name.
accept_hostkey: accept_hostkey:
required: false required: false
default: true default: false
version_added: "1.5" version_added: "1.5"
description: description:
- Add the hostkey for the repo url if not already added. - Add the hostkey for the repo url if not already added.
@ -359,7 +359,7 @@ def main():
force=dict(default='yes', type='bool'), force=dict(default='yes', type='bool'),
depth=dict(default=None, type='int'), depth=dict(default=None, type='int'),
update=dict(default='yes', type='bool'), update=dict(default='yes', type='bool'),
accept_hostkey=dict(default='yes', type='bool'), accept_hostkey=dict(default='no', type='bool'),
executable=dict(default=None), executable=dict(default=None),
bare=dict(default='no', type='bool'), bare=dict(default='no', type='bool'),
), ),
@ -378,8 +378,8 @@ def main():
git_path = module.params['executable'] or module.get_bin_path('git', True) git_path = module.params['executable'] or module.get_bin_path('git', True)
# add the git repo's hostkey # add the git repo's hostkey
if module.params['accept_hostkey']: #if module.params['accept_hostkey']:
add_git_host_key(module, repo, accept_hostkey=True) add_git_host_key(module, repo, accept_hostkey=module.params['accept_hostkey'])
if bare: if bare:
gitconfig = os.path.join(dest, 'config') gitconfig = os.path.join(dest, 'config')

Loading…
Cancel
Save