Skip to content

Commit

Permalink
ansible_mitogen: Handle templated connection passwords and ansible_ss…
Browse files Browse the repository at this point in the history
…h_password

This switches `ansible_mitogen.transport_config.PlayContextSpec.password()` to
Ansible's plugin option framework. As a result
- The relatively recent `ansible_ssh_password` variable is now respected.
- The SSH connection password can be templated and specified as a play
  variable. Task variables will probably also work, but testing was blocked
  by mitogen-hq#1132.

There is a chance this change will cause a regression in another connection
plugin (e.g. mitogen_docker), but nothing turned up in the test suite.
I intend ot migrate other connection configuration to
`ansible_mitogen.transport_config.PlayContextSpec._connect_option()`, the next
candidate is the remote port.

fixes mitogen-hq#1106
  • Loading branch information
moreati committed Oct 6, 2024
1 parent 3bdd3e2 commit 551690e
Show file tree
Hide file tree
Showing 8 changed files with 72 additions and 22 deletions.
27 changes: 6 additions & 21 deletions ansible_mitogen/plugins/connection/mitogen_ssh.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,35 +32,20 @@
import os.path
import sys

from ansible.plugins.connection.ssh import (
DOCUMENTATION as _ansible_ssh_DOCUMENTATION,
)

DOCUMENTATION = """
name: mitogen_ssh
author: David Wilson <[email protected]>
connection: mitogen_ssh
short_description: Connect over SSH via Mitogen
description:
- This connects using an OpenSSH client controlled by the Mitogen for
Ansible extension. It accepts every option the vanilla ssh plugin
accepts.
version_added: "2.5"
options:
ssh_args:
type: str
vars:
- name: ssh_args
- name: ansible_ssh_args
- name: ansible_mitogen_ssh_args
ssh_common_args:
type: str
vars:
- name: ssh_args
- name: ansible_ssh_common_args
- name: ansible_mitogen_ssh_common_args
ssh_extra_args:
type: str
vars:
- name: ssh_args
- name: ansible_ssh_extra_args
- name: ansible_mitogen_ssh_extra_args
"""
""" + _ansible_ssh_DOCUMENTATION.partition('options:\n')[2]

try:
import ansible_mitogen
Expand Down
13 changes: 12 additions & 1 deletion ansible_mitogen/transport_config.py
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@
__metaclass__ = type

import abc
import logging
import os
import ansible.utils.shlex
import ansible.constants as C
Expand All @@ -74,6 +75,9 @@
import mitogen.core


LOG = logging.getLogger(__name__)


def run_interpreter_discovery_if_necessary(s, task_vars, action, rediscover_python):
"""
Triggers ansible python interpreter discovery if requested.
Expand Down Expand Up @@ -412,6 +416,13 @@ def __init__(self, connection, play_context, transport, inventory_name):
# used to run interpreter discovery
self._action = connection._action

def _connection_option(self, name):
try:
return self._connection.get_option(name, hostvars=self._task_vars)
except KeyError:
LOG.debug('Used PlayContext fallback for option=%r', name)
return getattr(self._play_context, name)

def transport(self):
return self._transport

Expand Down Expand Up @@ -449,7 +460,7 @@ def become_pass(self):
return optional_secret(become_pass)

def password(self):
return optional_secret(self._play_context.password)
return optional_secret(self._connection_option('password'))

def port(self):
return self._play_context.port
Expand Down
2 changes: 2 additions & 0 deletions docs/changelog.rst
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ To avail of fixes in an unreleased version, please download a ZIP file
Unreleased
----------

* :gh:issue:`1106` :mod:`ansible_mitogen`: Support for `ansible_ssh_password`
connection variable, and templated SSH connection password.


v0.3.11 (2024-10-30)
Expand Down
14 changes: 14 additions & 0 deletions tests/ansible/hosts/default.hosts
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,17 @@ ssh-common-args ansible_host=localhost ansible_user="{{ lookup('pipe', 'whoami')
[issue905:vars]
ansible_ssh_common_args=-o PermitLocalCommand=yes -o LocalCommand="touch {{ ssh_args_canary_file }}"
ssh_args_canary_file=/tmp/ssh_args_{{ inventory_hostname }}

[tt_targets_bare]
tt-bare

[tt_targets_bare:vars]
ansible_host=localhost
ansible_user=mitogen__has_sudo_nopw

[tt_targets_inventory]
tt-password ansible_password="{{ 'has_sudo_nopw_password' | trim }}"

[tt_targets_inventory:vars]
ansible_host=localhost
ansible_user=mitogen__has_sudo_nopw
2 changes: 2 additions & 0 deletions tests/ansible/integration/ssh/all.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,6 @@
- import_playbook: config.yml
- import_playbook: password.yml
- import_playbook: timeouts.yml
- import_playbook: templated_by_inv.yml
- import_playbook: templated_by_play_taskvar.yml
- import_playbook: variables.yml
7 changes: 7 additions & 0 deletions tests/ansible/integration/ssh/templated_by_inv.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
- name: integration/ssh/templated_by_inv.yml
hosts: tt_targets_inventory
gather_facts: false
tasks:
- meta: reset_connection
- name: Templated variables in inventory
ping:
10 changes: 10 additions & 0 deletions tests/ansible/integration/ssh/templated_by_play_taskvar.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
- name: integration/ssh/templated_by_play_taskvar.yml
hosts: tt_targets_bare
gather_facts: false
vars:
ansible_password: "{{ 'has_sudo_nopw_password' | trim }}"

tasks:
- meta: reset_connection
- name: Templated variables in play
ping:
19 changes: 19 additions & 0 deletions tests/ansible/templates/test-targets.j2
Original file line number Diff line number Diff line change
Expand Up @@ -37,3 +37,22 @@ ansible_user=mitogen__has_sudo_nopw
ansible_password=has_sudo_nopw_password
ansible_ssh_common_args=-o PermitLocalCommand=yes -o LocalCommand="touch {{ '{{' }} ssh_args_canary_file {{ '}}' }}"
ssh_args_canary_file=/tmp/ssh_args_{{ '{{' }} inventory_hostname {{ '}}' }}

{% set tt = containers[0] %}

[tt_targets_bare]
tt-bare

[tt_targets_bare:vars]
ansible_host={{ tt.hostname }}
ansible_port={{ tt.port }}
ansible_python_interpreter={{ tt.python_path }}
ansible_user=mitogen__has_sudo_nopw

[tt_targets_inventory]
tt-password ansible_password="{{ '{{' }} 'has_sudo_nopw_password' | trim {{ '}}' }}" ansible_port={{ tt.port }}

[tt_targets_inventory:vars]
ansible_host={{ tt.hostname }}
ansible_python_interpreter={{ tt.python_path }}
ansible_user=mitogen__has_sudo_nopw

0 comments on commit 551690e

Please sign in to comment.