diff options
author | Toshio Kuratomi <toshio@fedoraproject.org> | 2015-09-09 08:46:11 -0700 |
---|---|---|
committer | Toshio Kuratomi <toshio@fedoraproject.org> | 2015-09-09 08:46:11 -0700 |
commit | b39c37a2fdeb7f661a6e056db146b6d941efc047 (patch) | |
tree | 2d0bf2db142f3b37a33f6eb10582f83abc5c78c6 | |
parent | 926f127245ee2870f862ee20ec6aead827d0786f (diff) | |
download | ansible-fix-password-lookup.tar.gz |
Fix problem with "=" in the initial file path.fix-password-lookup
-rw-r--r-- | lib/ansible/plugins/lookup/password.py | 89 |
1 files changed, 52 insertions, 37 deletions
diff --git a/lib/ansible/plugins/lookup/password.py b/lib/ansible/plugins/lookup/password.py index 49dc2ffe27..709ace4740 100644 --- a/lib/ansible/plugins/lookup/password.py +++ b/lib/ansible/plugins/lookup/password.py @@ -57,41 +57,56 @@ class LookupModule(LookupBase): salt_chars = ascii_letters + digits + './' return self.random_password(length=8, chars=salt_chars) + def _parse_parameters(self, term): + # Hacky parsing of params + # See #XXX and the first_found lookup For how we want to fix this later + first_split = term.split(' ', 1) + if len(first_split) <= 1: + # Only a single argument given, therefore it's a path + relpath = term + params = dict() + else: + relpath = first_split[0] + params = parse_kv(first_split[1]) + if '_raw_params' in params: + # Spaces in the path? + relpath = ' '.join((relpath, params['_raw_params'])) + del params['_raw_params'] + + # Check that we parsed the params correctly + if not term.startswith(relpath): + # Likely, the user had a non parameter following a parameter. + # Reject this as a user typo + raise AnsibleError('Unrecognized value after key=value parameters given to password lookup') + # No _raw_params means we already found the complete path when + # we split it initially + + invalid_params = frozenset(params.keys()).difference(VALID_PARAMS) + if invalid_params: + raise AnsibleError('Unrecognized parameter(s) given to password lookup: %s' % ', '.join(invalid_params)) + + length = int(params.get('length', DEFAULT_LENGTH)) + encrypt = params.get('encrypt', None) + + use_chars = params.get('chars', None) + if use_chars: + tmp_chars = [] + if ',,' in use_chars: + tmp_chars.append(',') + tmp_chars.extend(use_chars.replace(',,', ',').split(',')) + use_chars = tmp_chars + else: + # Default chars for password + use_chars = ['ascii_letters', 'digits', ".,:-_"] + + return relpath, dict(length=length, encrypt=encrypt, use_chars=use_chars) + def run(self, terms, variables, **kwargs): ret = [] for term in terms: - params = parse_kv(term) - if '_raw_params' in params: - relpath = params['_raw_params'] - del params['_raw_params'] - else: - relpath = params - - # Check that we parsed the params correctly - if not term.startswith(relpath): - # Likely, the user had a non parameter following a parameter. - # Reject this as a user typo - raise AnsibleError('Unrecognized value after key=value parameters given to password lookup') - - invalid_params = frozenset(params.keys()).difference(VALID_PARAMS) - if invalid_params: - raise AnsibleError('Unrecognized parameter(s) given to password lookup: %s' % ', '.join(invalid_params)) - - length = int(params.get('length', DEFAULT_LENGTH)) - encrypt = params.get('encrypt', None) - - use_chars = params.get('chars', None) - if use_chars: - tmp_chars = [] - if ',,' in use_chars: - tmp_chars.append(',') - tmp_chars.extend(use_chars.replace(',,', ',').split(',')) - use_chars = tmp_chars - else: - # Default chars for password - use_chars = ['ascii_letters', 'digits', ".,:-_"] + relpath, params = self._parse_parameters(term) # get password or create it if file doesn't exist path = self._loader.path_dwim(relpath) @@ -102,10 +117,10 @@ class LookupModule(LookupBase): except OSError as e: raise AnsibleError("cannot create the path for the password lookup: %s (error was %s)" % (pathdir, str(e))) - chars = "".join(getattr(string, c, c) for c in use_chars).replace('"', '').replace("'", '') - password = ''.join(random.choice(chars) for _ in range(length)) + chars = "".join(getattr(string, c, c) for c in params['use_chars']).replace('"', '').replace("'", '') + password = ''.join(random.choice(chars) for _ in range(params['length'])) - if encrypt is not None: + if params['encrypt'] is not None: salt = self.random_salt() content = '%s salt=%s' % (password, salt) else: @@ -125,20 +140,20 @@ class LookupModule(LookupBase): salt = None # crypt requested, add salt if missing - if (encrypt is not None and not salt): + if (params['encrypt'] is not None and not salt): salt = self.random_salt() content = '%s salt=%s' % (password, salt) with open(path, 'w') as f: os.chmod(path, 0o600) f.write(content + '\n') # crypt not requested, remove salt if present - elif (encrypt is None and salt): + elif (params['encrypt'] is None and salt): with open(path, 'w') as f: os.chmod(path, 0o600) f.write(password + '\n') - if encrypt: - password = do_encrypt(password, encrypt, salt=salt) + if params['encrypt']: + password = do_encrypt(password, params['encrypt'], salt=salt) ret.append(password) |