diff options
| author | Sam Doran <sdoran@redhat.com> | 2018-05-17 13:53:40 -0400 |
|---|---|---|
| committer | ansibot <ansibot@users.noreply.github.com> | 2018-05-17 13:53:40 -0400 |
| commit | 13aff08748167b761c1a61fbd517032e7ac1511c (patch) | |
| tree | 0784b4a4cd7f01549c1dbece22580252bcd33228 | |
| parent | 02bc4c570fe0e57b721db0b1c662a590f175585a (diff) | |
| download | ansible-13aff08748167b761c1a61fbd517032e7ac1511c.tar.gz | |
Add better error messages and checking to known_hosts (#38307)
| -rw-r--r-- | lib/ansible/modules/system/known_hosts.py | 7 | ||||
| -rw-r--r-- | test/integration/targets/known_hosts/tasks/main.yml | 34 |
2 files changed, 39 insertions, 2 deletions
diff --git a/lib/ansible/modules/system/known_hosts.py b/lib/ansible/modules/system/known_hosts.py index 5721ad3206..38688d59c1 100644 --- a/lib/ansible/modules/system/known_hosts.py +++ b/lib/ansible/modules/system/known_hosts.py @@ -174,6 +174,11 @@ def sanity_check(module, host, key, sshkeygen): # The approach is to write the key to a temporary file, # and then attempt to look up the specified host in that file. + + if re.search(r'\S+(\s+)?,(\s+)?', host): + module.fail_json(msg="Comma separated list of names is not supported. " + "Please pass a single name to lookup in the known_hosts file.") + try: outf = tempfile.NamedTemporaryFile(mode='w+') outf.write(key) @@ -183,7 +188,7 @@ def sanity_check(module, host, key, sshkeygen): (outf.name, to_native(e))) sshkeygen_command = [sshkeygen, '-F', host, '-f', outf.name] - rc, stdout, stderr = module.run_command(sshkeygen_command, check_rc=True) + rc, stdout, stderr = module.run_command(sshkeygen_command) try: outf.close() except: diff --git a/test/integration/targets/known_hosts/tasks/main.yml b/test/integration/targets/known_hosts/tasks/main.yml index 607f534b9b..cac0f5580b 100644 --- a/test/integration/targets/known_hosts/tasks/main.yml +++ b/test/integration/targets/known_hosts/tasks/main.yml @@ -17,7 +17,9 @@ # along with Ansible. If not, see <http://www.gnu.org/licenses/>. - name: copy an existing file in place - copy: src=existing_known_hosts dest="{{output_dir|expanduser}}/known_hosts" + copy: + src: existing_known_hosts + dest: "{{ output_dir | expanduser }}/known_hosts" # test addition @@ -167,3 +169,33 @@ - 'not result.changed' - 'result.diff.before == result.diff.after' - 'known_hosts_v3.stdout == known_hosts_v4.stdout' + +# test errors + +- name: Try using a comma separated list of hosts + known_hosts: + name: example.org,acme.com + key: "{{ example_org_rsa_key }}" + path: "{{output_dir|expanduser}}/known_hosts" + ignore_errors: yes + register: result + +- name: Assert that error message was displayed + assert: + that: + - result is failed + - result.msg == 'Comma separated list of names is not supported. Please pass a single name to lookup in the known_hosts file.' + +- name: Try using a name that does not match the key + known_hosts: + name: example.com + key: "{{ example_org_rsa_key }}" + path: "{{output_dir|expanduser}}/known_hosts" + ignore_errors: yes + register: result + +- name: Assert that name checking failed with error message + assert: + that: + - result is failed + - result.msg == 'Host parameter does not match hashed host field in supplied key' |