archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

winrm - Add explicit env vars to pass into kinit (#75256)

Browse Source 
* winrm - Add explicit env vars to pass into kinit

* Add ini entry and don't override existing env vars
pull/75277/head
Jordan Borean 4 years ago committed by GitHub
parent 61900c7672
commit feed68f6f0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
changelogs/fragments/winrm-kinit-env.yml
Unescape Escape View File

@ -0,0 +1,2 @@
minor_changes:
- winrm - Allow explicit environment variables to be passed through to the ``kinit`` call for Kerberos authentication

21
lib/ansible/plugins/connection/winrm.py
Unescape Escape View File

@ -92,6 +92,21 @@ DOCUMENTATION = """
vars: vars:
- name: ansible_winrm_kinit_args - name: ansible_winrm_kinit_args
version_added: '2.11' version_added: '2.11'
kinit_env_vars:
description:
- A list of environment variables to pass through to C(kinit) when getting the Kerberos authentication ticket.
- By default no environment variables are passed through and C(kinit) is run with a blank slate.
- The environment variable C(KRB5CCNAME) cannot be specified here as it's used to store the temp Kerberos
ticket used by WinRM.
type: list
elements: str
default: []
ini:
- section: winrm
key: kinit_env_vars
vars:
- name: ansible_winrm_kinit_env_vars
version_added: '2.12'
kerberos_mode: kerberos_mode:
description: description:
- kerberos usage mode. - kerberos usage mode.
@ -306,6 +321,12 @@ class Connection(ConnectionBase):
os.environ["KRB5CCNAME"] = krb5ccname os.environ["KRB5CCNAME"] = krb5ccname
krb5env = dict(KRB5CCNAME=krb5ccname) krb5env = dict(KRB5CCNAME=krb5ccname)
# Add any explicit environment vars into the krb5env block
kinit_env_vars = self.get_option('kinit_env_vars')
for var in kinit_env_vars:
if var not in krb5env and var in os.environ:
krb5env[var] = os.environ[var]
# Stores various flags to call with kinit, these could be explicit args set by 'ansible_winrm_kinit_args' OR # Stores various flags to call with kinit, these could be explicit args set by 'ansible_winrm_kinit_args' OR
# '-f' if kerberos delegation is requested (ansible_winrm_kerberos_delegation). # '-f' if kerberos delegation is requested (ansible_winrm_kerberos_delegation).
kinit_cmdline = [self._kinit_cmd] kinit_cmdline = [self._kinit_cmd]

Write Preview
Loading…
Cancel
Save