diff options
| author | Marc A. Paradise <marc.paradise@gmail.com> | 2019-04-30 16:00:08 -0400 |
|---|---|---|
| committer | Marc A. Paradise <marc.paradise@gmail.com> | 2019-05-02 12:44:32 -0400 |
| commit | d0a9fd16d42a02cbc4b6ad73831a2521c6e7f0e4 (patch) | |
| tree | 4a186779c2cf3aa245f6538ca074227b7154793a | |
| parent | b4668dc854258ea65f2bbf71a31e19210d01ad95 (diff) | |
| download | chef-d0a9fd16d42a02cbc4b6ad73831a2521c6e7f0e4.tar.gz | |
Require 'net/ssh' before we reference it.
This also updates bootstrap to provide `non_interactive` as an option
to TrainConnector, instead of TrainConnector setting it behind the
scenes. Bootstrap uses non-interactive to ensure that we don't
get net/ssh prompts for password in case of password failure.
Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
| -rw-r--r-- | lib/chef/knife/bootstrap.rb | 3 | ||||
| -rw-r--r-- | spec/unit/knife/bootstrap_spec.rb | 12 |
2 files changed, 10 insertions, 5 deletions
diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb index e879c2e822..695d661fa0 100644 --- a/lib/chef/knife/bootstrap.rb +++ b/lib/chef/knife/bootstrap.rb @@ -562,6 +562,7 @@ class Chef opts = connection_opts.dup do_connect(opts) rescue Train::Error => e + require "net/ssh" if e.cause && e.cause.class == Net::SSH::AuthenticationFailed if connection.password_auth? raise @@ -578,7 +579,6 @@ class Chef end end - # TODO - maybe remove the footgun detection this was built on. # url values override CLI flags, if you provide both # we'll use the one that you gave in the URL. def connection_protocol @@ -795,6 +795,7 @@ class Chef def ssh_opts opts = {} return opts if connection_protocol == "winrm" + opts[:non_interactive] = true # Prevent password prompts from underlying net/ssh opts[:forward_agent] = (config_value(:ssh_forward_agent) === true) opts end diff --git a/spec/unit/knife/bootstrap_spec.rb b/spec/unit/knife/bootstrap_spec.rb index 5bef9c5659..995a2ef4c9 100644 --- a/spec/unit/knife/bootstrap_spec.rb +++ b/spec/unit/knife/bootstrap_spec.rb @@ -961,6 +961,7 @@ describe Chef::Knife::Bootstrap do sudo: false, verify_host_key: false, port: 9999, + non_interactive: true, } end @@ -1012,6 +1013,7 @@ describe Chef::Knife::Bootstrap do sudo: true, # ccli verify_host_key: false, # Config port: 12, # cli + non_interactive: true, } end @@ -1060,6 +1062,7 @@ describe Chef::Knife::Bootstrap do sudo_options: "-H", sudo_password: "blah", verify_host_key: true, + non_interactive: true, } end it "generates a config hash using the CLI options and pulling nothing from Chef::Config" do @@ -1079,6 +1082,7 @@ describe Chef::Knife::Bootstrap do keys_only: false, sudo: false, verify_host_key: true, + non_interactive: true, } end it "populates appropriate defaults" do @@ -1430,13 +1434,13 @@ describe Chef::Knife::Bootstrap do before do knife.config[:ssh_forward_agent] = true end - it "returns a configuration hash with forward_agent set to true" do - expect(knife.ssh_opts).to eq({ forward_agent: true }) + it "returns a configuration hash with forward_agent set to true. non-interactive is always true" do + expect(knife.ssh_opts).to eq({ forward_agent: true, non_interactive: true }) end end context "when ssh_forward_agent is not set" do - it "returns a configuration hash with forward_agent set to false" do - expect(knife.ssh_opts).to eq({ forward_agent: false }) + it "returns a configuration hash with forward_agent set to false. non-interactive is always true" do + expect(knife.ssh_opts).to eq({ forward_agent: false, non_interactive: true }) end end end |