diff options
author | Jordan Borean <jborean93@gmail.com> | 2021-07-16 05:27:29 +1000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-15 12:27:29 -0700 |
commit | feed68f6f0d74a9665901644220c53e58a3d7d35 (patch) | |
tree | b3a04b3953ca5786c57e5313b8575cb2bf01b6a0 /lib/ansible/plugins/connection | |
parent | 61900c76723ad02b7fb34c7dc052d9bdb418016d (diff) | |
download | ansible-feed68f6f0d74a9665901644220c53e58a3d7d35.tar.gz |
winrm - Add explicit env vars to pass into kinit (#75256)
* winrm - Add explicit env vars to pass into kinit
* Add ini entry and don't override existing env vars
Diffstat (limited to 'lib/ansible/plugins/connection')
-rw-r--r-- | lib/ansible/plugins/connection/winrm.py | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/lib/ansible/plugins/connection/winrm.py b/lib/ansible/plugins/connection/winrm.py index 82bada26fc..b8d7353661 100644 --- a/lib/ansible/plugins/connection/winrm.py +++ b/lib/ansible/plugins/connection/winrm.py @@ -92,6 +92,21 @@ DOCUMENTATION = """ vars: - name: ansible_winrm_kinit_args version_added: '2.11' + kinit_env_vars: + description: + - A list of environment variables to pass through to C(kinit) when getting the Kerberos authentication ticket. + - By default no environment variables are passed through and C(kinit) is run with a blank slate. + - The environment variable C(KRB5CCNAME) cannot be specified here as it's used to store the temp Kerberos + ticket used by WinRM. + type: list + elements: str + default: [] + ini: + - section: winrm + key: kinit_env_vars + vars: + - name: ansible_winrm_kinit_env_vars + version_added: '2.12' kerberos_mode: description: - kerberos usage mode. @@ -306,6 +321,12 @@ class Connection(ConnectionBase): os.environ["KRB5CCNAME"] = krb5ccname krb5env = dict(KRB5CCNAME=krb5ccname) + # Add any explicit environment vars into the krb5env block + kinit_env_vars = self.get_option('kinit_env_vars') + for var in kinit_env_vars: + if var not in krb5env and var in os.environ: + krb5env[var] = os.environ[var] + # Stores various flags to call with kinit, these could be explicit args set by 'ansible_winrm_kinit_args' OR # '-f' if kerberos delegation is requested (ansible_winrm_kerberos_delegation). kinit_cmdline = [self._kinit_cmd] |