From 14a858fd9c66b1630ca54394daa80a74e547269d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Fri, 10 Oct 2025 19:08:16 +0200 Subject: [PATCH] random_string: replace random.SystemRandom() with secrets.SystemRandom() (#10893) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * random_string: replace random.SystemRandom() with secrets.SystemRandom() Signed-off-by: Thomas Sjögren * add the forgotten blank line Signed-off-by: Thomas Sjögren * Update changelogs/fragments/replace-random-with-secrets.yml Co-authored-by: Felix Fontein * readd the description Signed-off-by: Thomas Sjögren * Update changelogs/fragments/replace-random-with-secrets.yml Co-authored-by: Felix Fontein --------- Signed-off-by: Thomas Sjögren Co-authored-by: Felix Fontein --- changelogs/fragments/replace-random-with-secrets.yml | 4 ++++ plugins/lookup/random_string.py | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/replace-random-with-secrets.yml diff --git a/changelogs/fragments/replace-random-with-secrets.yml b/changelogs/fragments/replace-random-with-secrets.yml new file mode 100644 index 0000000000..b82e59e7e9 --- /dev/null +++ b/changelogs/fragments/replace-random-with-secrets.yml @@ -0,0 +1,4 @@ +bugfixes: + - random_string lookup plugin - replace ``random.SystemRandom()`` with ``secrets.SystemRandom()`` when + generating strings. This has no practical effect, as both are the same + (https://github.com/ansible-collections/community.general/pull/10893). diff --git a/plugins/lookup/random_string.py b/plugins/lookup/random_string.py index 881c13dab6..c74713fecc 100644 --- a/plugins/lookup/random_string.py +++ b/plugins/lookup/random_string.py @@ -16,7 +16,7 @@ short_description: Generates random string version_added: '3.2.0' description: - Generates random string based upon the given constraints. - - Uses L(random.SystemRandom,https://docs.python.org/3/library/random.html#random.SystemRandom), so should be strong enough + - Uses L(secrets.SystemRandom,https://docs.python.org/3/library/secrets.html#secrets.SystemRandom), so should be strong enough for cryptographic purposes. options: length: @@ -169,6 +169,7 @@ _raw: import base64 import random +import secrets import string from ansible.errors import AnsibleLookupError @@ -209,7 +210,7 @@ class LookupModule(LookupBase): seed = self.get_option("seed") if seed is None: - random_generator = random.SystemRandom() + random_generator = secrets.SystemRandom() else: random_generator = random.Random(seed)