archive
/
mitogen
mirror of https://github.com/mitogen-hq/mitogen.git
1
0
Fork 0
Code Releases Activity

tests/ansible: Spec.password() test, document interactive pw limitation.

Browse Source
pull/564/head
David Wilson 6 years ago
parent 21ad299d7b
commit d1cadf8ac8
7 changed files with 137 additions and 9 deletions
Show Stats Download Patch File Download Diff File

1
ansible_mitogen/connection.py
Unescape Escape View File

@ -568,6 +568,7 @@ class Connection(ansible.plugins.connection.ConnectionBase):
via_vars = self.host_vars[inventory_name] via_vars = self.host_vars[inventory_name]
return ansible_mitogen.transport_config.MitogenViaSpec( return ansible_mitogen.transport_config.MitogenViaSpec(
inventory_name=inventory_name, inventory_name=inventory_name,
play_context=self._play_context,
host_vars=dict(via_vars), # TODO: make it lazy host_vars=dict(via_vars), # TODO: make it lazy
become_method=become_method or None, become_method=become_method or None,
become_user=become_user or None, become_user=become_user or None,

26
ansible_mitogen/transport_config.py
Unescape Escape View File

@ -430,12 +430,33 @@ class MitogenViaSpec(Spec):
having a configruation problem with connection delegation, the answer to having a configruation problem with connection delegation, the answer to
your problem lies in the method implementations below! your problem lies in the method implementations below!
""" """
def __init__(self, inventory_name, host_vars, def __init__(self, inventory_name, host_vars, become_method, become_user,
become_method, become_user): play_context):
"""
:param str inventory_name:
The inventory name of the intermediary machine, i.e. not the target
machine.
:param dict host_vars:
The HostVars magic dictionary provided by Ansible in task_vars.
:param str become_method:
If the mitogen_via= spec included a become method, the method it
specifies.
:param str become_user:
If the mitogen_via= spec included a become user, the user it
specifies.
:param PlayContext play_context:
For some global values **only**, the PlayContext used to describe
the real target machine. Values from this object are **strictly
restricted** to values that are Ansible-global, e.g. the passwords
specified interactively.
"""
self._inventory_name = inventory_name self._inventory_name = inventory_name
self._host_vars = host_vars self._host_vars = host_vars
self._become_method = become_method self._become_method = become_method
self._become_user = become_user self._become_user = become_user
# Dangerous! You may find a variable you want in this object, but it's
# almost certainly for the wrong machine!
self._dangerous_play_context = play_context
def transport(self): def transport(self):
return ( return (
@ -479,7 +500,6 @@ class MitogenViaSpec(Spec):
def password(self): def password(self):
return optional_secret( return optional_secret(
# TODO: Might have to come from PlayContext.
self._host_vars.get('ansible_ssh_pass') or self._host_vars.get('ansible_ssh_pass') or
self._host_vars.get('ansible_password') self._host_vars.get('ansible_password')
) )

5
docs/ansible.rst
Unescape Escape View File

@ -246,6 +246,11 @@ container.
as duplicate connections between hops, due to not perfectly replicating as duplicate connections between hops, due to not perfectly replicating
the configuration Ansible would normally use for the intermediary. the configuration Ansible would normally use for the intermediary.
* Intermediary machines cannot use login and become passwords that were
supplied to Ansible interactively. If an intermediary requires a
password, it must be supplied via ``ansible_ssh_pass``,
``ansible_password``, or ``ansible_become_pass`` inventory variables.
* Automatic tunnelling of SSH-dependent actions, such as the * Automatic tunnelling of SSH-dependent actions, such as the
``synchronize`` module, is not yet supported. This will be added in the ``synchronize`` module, is not yet supported. This will be added in the
0.3 series. 0.3 series.

8
docs/changelog.rst
Unescape Escape View File

@ -136,6 +136,14 @@ Fixes
repair ``delegate_to`` handling broke default ``ansible_python_interpreter`` repair ``delegate_to`` handling broke default ``ansible_python_interpreter``
handling. Test coverage was added. handling. Test coverage was added.
* `748f5f67 <https://github.com/dw/mitogen/commit/748f5f67>`_: the
``ansible_ssh_host`` parameter is respected when ``mitogen_via=`` is active.
* `21ad299d <https://github.com/dw/mitogen/commit/21ad299d>`_: the
precedence of ``ansible_ssh_user`` and ``ansible_user`` was corrected when
when ``mitogen_via=`` is active.
Thanks! Thanks!
~~~~~~~ ~~~~~~~

11
tests/ansible/hosts/transport_config.hosts
Unescape Escape View File

@ -18,9 +18,8 @@ tc-remote-addr-explicit-ssh ansible_ssh_host=ansi.ssh.host
tc-remote-addr-explicit-host ansible_host=ansi.host tc-remote-addr-explicit-host ansible_host=ansi.host
tc-remote-addr-explicit-both ansible_ssh_host=a.b.c ansible_host=b.c.d tc-remote-addr-explicit-both ansible_ssh_host=a.b.c ansible_host=b.c.d
# remote_addr() # password()
tc-remote-user-unset # defaults to C.DEFAULT_REMOTE_USER tc-password-unset
tc-remote-user-explicit-ssh ansible_ssh_user=ansi-ssh-user tc-password-explicit-ssh ansible_ssh_pass=ansi-ssh-pass
tc-remote-user-explicit-user ansible_user=ansi-user tc-password-explicit-user ansible_password=ansi-pass
tc-remote-user-explicit-both ansible_user=a.b.c ansible_ssh_user=c.b.a tc-password-explicit-both ansible_password=a.b.c ansible_ssh_pass=c.b.a

1
tests/ansible/integration/transport_config/all.yml
Unescape Escape View File

@ -1,3 +1,4 @@
- include: password.yml
- include: python_path.yml - include: python_path.yml
- include: remote_addr.yml - include: remote_addr.yml
- include: remote_user.yml - include: remote_user.yml

94
tests/ansible/integration/transport_config/password.yml
Unescape Escape View File

@ -0,0 +1,94 @@
# Each case is followed by mitogen_via= case to test hostvars method.
# When no ansible_ssh_pass/ansible_password= is set, password comes via
# interactive input.
- name: integration/transport_config/password.yml
hosts: tc-password-unset
tasks:
- include: ../_mitogen_only.yml
- {mitogen_get_stack: {}, register: out}
- assert_equal:
left: out.result[0].kwargs.password
right: "" # actually null, but assert_equal limitation
- hosts: tc-password-unset
vars: {mitogen_via: tc-password-explicit-ssh}
tasks:
- include: ../_mitogen_only.yml
- {mitogen_get_stack: {}, register: out}
- assert_equal:
left: out.result[0].kwargs.password
right: "ansi-ssh-pass"
- assert_equal:
left: out.result[1].kwargs.password
right: ""
# ansible_ssh_user=
- hosts: tc-password-explicit-ssh
tasks:
- include: ../_mitogen_only.yml
- {mitogen_get_stack: {}, register: out}
- assert_equal:
left: out.result[0].kwargs.password
right: "ansi-ssh-pass"
- hosts: tc-password-explicit-ssh
vars: {mitogen_via: tc-password-unset}
tasks:
- include: ../_mitogen_only.yml
- {mitogen_get_stack: {}, register: out}
- assert_equal:
left: out.result[0].kwargs.password
right: ""
- assert_equal:
left: out.result[1].kwargs.password
right: "ansi-ssh-pass"
# ansible_user=
- hosts: tc-password-explicit-pass
tasks:
- include: ../_mitogen_only.yml
- {mitogen_get_stack: {}, register: out}
- assert_equal:
left: out.result[0].kwargs.password
right: "ansi-pass"
- hosts: tc-password-explicit-pass
vars: {mitogen_via: tc-password-unset}
tasks:
- include: ../_mitogen_only.yml
- {mitogen_get_stack: {}, register: out}
- assert_equal:
left: out.result[0].kwargs.password
right: ""
- assert_equal:
left: out.result[1].kwargs.password
right: "ansi-pass"
# both; ansible_ssh_user= takes precedence according to play_context.py.
- hosts: tc-password-explicit-both
tasks:
- include: ../_mitogen_only.yml
- {mitogen_get_stack: {}, register: out}
- assert_equal:
left: out.result[0].kwargs.password
right: "c.b.a"
- hosts: tc-password-explicit-both
vars: {mitogen_via: tc-password-unset}
tasks:
- include: ../_mitogen_only.yml
- {mitogen_get_stack: {}, register: out}
- assert_equal:
left: out.result[0].kwargs.password
right: ""
- assert_equal:
left: out.result[1].kwargs.password
right: "c.b.a"
Write Preview
Loading…
Cancel
Save