diff options
author | Abhijeet Kasurde <akasurde@redhat.com> | 2021-07-09 22:08:16 +0530 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-09 11:38:16 -0500 |
commit | e0cb0671afe4b4256914260a33929ffa8dc7b5c1 (patch) | |
tree | a35a9d8168183aa9a2dad4e05d5b8ebab1df16f2 | |
parent | 9e5091ab5cf3b69e0c9c3c6b07e62e16aa2301a4 (diff) | |
download | ansible-e0cb0671afe4b4256914260a33929ffa8dc7b5c1.tar.gz |
[bp-2.10] get_url - Allow checksum file to be local file:// (#75052)
This would be a partial solution for #69364 in that the
SHASUMS file can be downloaded and gpg verified but then
used from the downloaded location to verify the get_url's file.
* Make checksum url parsing more explicit
Use urlsplit to test if the checksum string has a (currently tested and) supported url scheme.
(cherry picked from commit eb8b3a8479ec82ad622f86ac46f3e9cc083952b8)
Co-authored-by: Edwin Hermans <edwin@madtech.cx>
-rw-r--r-- | changelogs/fragments/71205_get_url_allow_checksum_file_url.yml | 2 | ||||
-rw-r--r-- | lib/ansible/modules/get_url.py | 10 | ||||
-rw-r--r-- | test/integration/targets/get_url/tasks/main.yml | 13 |
3 files changed, 24 insertions, 1 deletions
diff --git a/changelogs/fragments/71205_get_url_allow_checksum_file_url.yml b/changelogs/fragments/71205_get_url_allow_checksum_file_url.yml new file mode 100644 index 0000000000..ac3b852cf8 --- /dev/null +++ b/changelogs/fragments/71205_get_url_allow_checksum_file_url.yml @@ -0,0 +1,2 @@ +minor_changes: + - get_url - allow checksum urls to point to file:// resources, moving scheme test to function diff --git a/lib/ansible/modules/get_url.py b/lib/ansible/modules/get_url.py index 9036b35438..501704034e 100644 --- a/lib/ansible/modules/get_url.py +++ b/lib/ansible/modules/get_url.py @@ -416,6 +416,14 @@ def extract_filename_from_headers(headers): return res +def is_url(checksum): + """ + Returns True if checksum value has supported URL scheme, else False.""" + supported_schemes = ('http', 'https', 'ftp', 'file') + + return urlsplit(checksum).scheme in supported_schemes + + # ============================================================== # main @@ -487,7 +495,7 @@ def main(): except ValueError: module.fail_json(msg="The checksum parameter has to be in format <algorithm>:<checksum>", **result) - if checksum.startswith('http://') or checksum.startswith('https://') or checksum.startswith('ftp://'): + if is_url(checksum): checksum_url = checksum # download checksum file to checksum_tmpsrc checksum_tmpsrc, checksum_info = url_get(module, checksum_url, dest, use_proxy, last_mod_time, force, timeout, headers, tmp_dest) diff --git a/test/integration/targets/get_url/tasks/main.yml b/test/integration/targets/get_url/tasks/main.yml index 052bde222a..6adb3db74c 100644 --- a/test/integration/targets/get_url/tasks/main.yml +++ b/test/integration/targets/get_url/tasks/main.yml @@ -407,15 +407,28 @@ path: "{{ remote_tmp_dir }}/27617sha256_with_dot.txt" register: stat_result_sha256_with_dot +- name: download src with sha256 checksum url with file scheme + get_url: + url: 'http://localhost:{{ http_port }}/27617.txt' + dest: '{{ remote_tmp_dir }}/27617sha256_with_file_scheme.txt' + checksum: 'sha256:file://{{ files_dir }}/sha256sum.txt' + register: result_sha256_with_file_scheme + +- stat: + path: "{{ remote_tmp_dir }}/27617sha256_with_dot.txt" + register: stat_result_sha256_with_file_scheme + - name: Assert that the file was downloaded assert: that: - result_sha1 is changed - result_sha256 is changed - result_sha256_with_dot is changed + - result_sha256_with_file_scheme is changed - "stat_result_sha1.stat.exists == true" - "stat_result_sha256.stat.exists == true" - "stat_result_sha256_with_dot.stat.exists == true" + - "stat_result_sha256_with_file_scheme.stat.exists == true" #https://github.com/ansible/ansible/issues/16191 - name: Test url split with no filename |