Merge pull request #12294 from ansible/fix-password-lookup

Fix problem with "=" in the initial file path.
This commit is contained in:
Toshio Kuratomi 2015-09-09 11:48:30 -07:00
commit 25c97fff69
2 changed files with 192 additions and 37 deletions

View file

@ -36,6 +36,54 @@ DEFAULT_LENGTH = 20
VALID_PARAMS = frozenset(('length', 'encrypt', 'chars'))
def _parse_parameters(term):
# Hacky parsing of params
# See https://github.com/ansible/ansible-modules-core/issues/1968#issuecomment-136842156
# and the first_found lookup For how we want to fix this later
first_split = term.split(' ', 1)
if len(first_split) <= 1:
# Only a single argument given, therefore it's a path
relpath = term
params = dict()
else:
relpath = first_split[0]
params = parse_kv(first_split[1])
if '_raw_params' in params:
# Spaces in the path?
relpath = ' '.join((relpath, params['_raw_params']))
del params['_raw_params']
# Check that we parsed the params correctly
if not term.startswith(relpath):
# Likely, the user had a non parameter following a parameter.
# Reject this as a user typo
raise AnsibleError('Unrecognized value after key=value parameters given to password lookup')
# No _raw_params means we already found the complete path when
# we split it initially
# Check for invalid parameters. Probably a user typo
invalid_params = frozenset(params.keys()).difference(VALID_PARAMS)
if invalid_params:
raise AnsibleError('Unrecognized parameter(s) given to password lookup: %s' % ', '.join(invalid_params))
# Set defaults
params['length'] = int(params.get('length', DEFAULT_LENGTH))
params['encrypt'] = params.get('encrypt', None)
params['chars'] = params.get('chars', None)
if params['chars']:
tmp_chars = []
if ',,' in params['chars']:
tmp_chars.append(u',')
tmp_chars.extend(c for c in params['chars'].replace(',,', ',').split(',') if c)
params['chars'] = tmp_chars
else:
# Default chars for password
params['chars'] = ['ascii_letters', 'digits', ".,:-_"]
return relpath, params
class LookupModule(LookupBase):
def random_password(self, length=DEFAULT_LENGTH, chars=C.DEFAULT_PASSWORD_CHARS):
@ -62,36 +110,7 @@ class LookupModule(LookupBase):
ret = []
for term in terms:
params = parse_kv(term)
if '_raw_params' in params:
relpath = params['_raw_params']
del params['_raw_params']
else:
relpath = params
# Check that we parsed the params correctly
if not term.startswith(relpath):
# Likely, the user had a non parameter following a parameter.
# Reject this as a user typo
raise AnsibleError('Unrecognized value after key=value parameters given to password lookup')
invalid_params = frozenset(params.keys()).difference(VALID_PARAMS)
if invalid_params:
raise AnsibleError('Unrecognized parameter(s) given to password lookup: %s' % ', '.join(invalid_params))
length = int(params.get('length', DEFAULT_LENGTH))
encrypt = params.get('encrypt', None)
use_chars = params.get('chars', None)
if use_chars:
tmp_chars = []
if ',,' in use_chars:
tmp_chars.append(',')
tmp_chars.extend(use_chars.replace(',,', ',').split(','))
use_chars = tmp_chars
else:
# Default chars for password
use_chars = ['ascii_letters', 'digits', ".,:-_"]
relpath, params = _parse_parameters(term)
# get password or create it if file doesn't exist
path = self._loader.path_dwim(relpath)
@ -102,10 +121,10 @@ class LookupModule(LookupBase):
except OSError as e:
raise AnsibleError("cannot create the path for the password lookup: %s (error was %s)" % (pathdir, str(e)))
chars = "".join(getattr(string, c, c) for c in use_chars).replace('"', '').replace("'", '')
password = ''.join(random.choice(chars) for _ in range(length))
chars = "".join(getattr(string, c, c) for c in params['chars']).replace('"', '').replace("'", '')
password = ''.join(random.choice(chars) for _ in range(params['length']))
if encrypt is not None:
if params['encrypt'] is not None:
salt = self.random_salt()
content = '%s salt=%s' % (password, salt)
else:
@ -125,20 +144,20 @@ class LookupModule(LookupBase):
salt = None
# crypt requested, add salt if missing
if (encrypt is not None and not salt):
if (params['encrypt'] is not None and not salt):
salt = self.random_salt()
content = '%s salt=%s' % (password, salt)
with open(path, 'w') as f:
os.chmod(path, 0o600)
f.write(content + '\n')
# crypt not requested, remove salt if present
elif (encrypt is None and salt):
elif (params['encrypt'] is None and salt):
with open(path, 'w') as f:
os.chmod(path, 0o600)
f.write(password + '\n')
if encrypt:
password = do_encrypt(password, encrypt, salt=salt)
if params['encrypt']:
password = do_encrypt(password, params['encrypt'], salt=salt)
ret.append(password)