mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-24 13:50:22 -07:00
Make password lookup treat /dev/null as a special case
I have from time to time a need of random password without wanting to write them down (one example is mailman list creation, that requires a password to be given to be sent to the list owner). But using /dev/null do not return null, but the empty string, which doesn't generate a password at all and so do not achieve my use case.
This commit is contained in:
parent
103ede26df
commit
6fae1d2bbf
3 changed files with 18 additions and 2 deletions
|
@ -52,6 +52,9 @@ a file at a given filepath.
|
||||||
If the file exists previously, it will retrieve its contents, behaving just like with_file. Usage of variables like "{{ inventory_hostname }}" in the filepath can be used to set
|
If the file exists previously, it will retrieve its contents, behaving just like with_file. Usage of variables like "{{ inventory_hostname }}" in the filepath can be used to set
|
||||||
up random passwords per host (which simplifies password management in 'host_vars' variables).
|
up random passwords per host (which simplifies password management in 'host_vars' variables).
|
||||||
|
|
||||||
|
A special case is using ``/dev/null`` as a path. The password lookup will generate a new random password each time, but will not write it to ``/dev/null``. This can be used when you need a password
|
||||||
|
without storing it on the controller.
|
||||||
|
|
||||||
Generated passwords contain a random mix of upper and lowercase ASCII letters, the
|
Generated passwords contain a random mix of upper and lowercase ASCII letters, the
|
||||||
numbers 0-9 and punctuation (". , : - _"). The default length of a generated password is 20 characters.
|
numbers 0-9 and punctuation (". , : - _"). The default length of a generated password is 20 characters.
|
||||||
This length can be changed by passing an extra parameter::
|
This length can be changed by passing an extra parameter::
|
||||||
|
|
|
@ -232,7 +232,8 @@ class LookupModule(LookupBase):
|
||||||
|
|
||||||
changed = False
|
changed = False
|
||||||
content = _read_password_file(b_path)
|
content = _read_password_file(b_path)
|
||||||
if content is None:
|
|
||||||
|
if content is None or b_path == to_bytes('/dev/null'):
|
||||||
plaintext_password = _random_password(params['length'], chars)
|
plaintext_password = _random_password(params['length'], chars)
|
||||||
salt = None
|
salt = None
|
||||||
changed = True
|
changed = True
|
||||||
|
@ -243,7 +244,7 @@ class LookupModule(LookupBase):
|
||||||
changed = True
|
changed = True
|
||||||
salt = _random_salt()
|
salt = _random_salt()
|
||||||
|
|
||||||
if changed:
|
if changed and b_path != to_bytes('/dev/null'):
|
||||||
content = _format_content(plaintext_password, salt, encrypt=params['encrypt'])
|
content = _format_content(plaintext_password, salt, encrypt=params['encrypt'])
|
||||||
_write_password_file(b_path, content)
|
_write_password_file(b_path, content)
|
||||||
|
|
||||||
|
|
|
@ -134,6 +134,18 @@
|
||||||
that:
|
that:
|
||||||
- "newpass == newpass2"
|
- "newpass == newpass2"
|
||||||
|
|
||||||
|
- name: verify that we can generate a 1st password without writing it
|
||||||
|
set_fact:
|
||||||
|
newpass: "{{ lookup('password', '/dev/null') }}"
|
||||||
|
|
||||||
|
- name: verify that we can generate a 2nd password without writing it
|
||||||
|
set_fact:
|
||||||
|
newpass2: "{{ lookup('password', '/dev/null') }}"
|
||||||
|
|
||||||
|
- name: verify lookup password behavior with /dev/null
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "newpass != newpass2"
|
||||||
|
|
||||||
# ENV LOOKUP
|
# ENV LOOKUP
|
||||||
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue