From 3a3869f4c845418da04a174e35ef3e6f9311ad20 Mon Sep 17 00:00:00 2001 From: Zhikang Zhang Date: Thu, 2 Aug 2018 14:03:49 -0400 Subject: [PATCH] Clarify usage of encrypt arg (#43330) According to the do_encrypt interface, encrypt arg should be the hash method name used for encrypting returning password. But in the doc and lookup code it's a boolean flag, correct it to string. --- lib/ansible/plugins/lookup/password.py | 15 ++++++++------- test/units/plugins/lookup/test_password.py | 2 +- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/lib/ansible/plugins/lookup/password.py b/lib/ansible/plugins/lookup/password.py index e1bb9f52bf..746e7d003e 100644 --- a/lib/ansible/plugins/lookup/password.py +++ b/lib/ansible/plugins/lookup/password.py @@ -28,11 +28,12 @@ DOCUMENTATION = """ required: True encrypt: description: - - Whether the user requests that this password is returned encrypted or in plain text. - - Note that the password is always stored as plain text. + - Which hash scheme to encrypt the returning password, should be one hash scheme from C(passlib.hash). + - If not provided, the password will be returned in plain text. + - Note that the password is always stored as plain text, only the returning password is encrypted. - Encrypt also forces saving the salt value for idempotence. - type: boolean - default: True + - Note that before 2.6 this option was incorrectly labeled as a boolean for a long time. + default: None chars: version_added: "1.4" description: @@ -234,13 +235,13 @@ def _parse_content(content): return password, salt -def _format_content(password, salt, encrypt=True): +def _format_content(password, salt, encrypt=None): """Format the password and salt for saving :arg password: the plaintext password to save :arg salt: the salt to use when encrypting a password - :arg encrypt: Whether the user requests that this password is encrypted. + :arg encrypt: Which method the user requests that this password is encrypted. Note that the password is saved in clear. Encrypt just tells us if we - must save the salt value for idempotence. Defaults to True. + must save the salt value for idempotence. Defaults to None. :returns: a text string containing the formatted information .. warning:: Passwords are saved in clear. This is because the playbooks diff --git a/test/units/plugins/lookup/test_password.py b/test/units/plugins/lookup/test_password.py index b19e3460fa..17da1373ba 100644 --- a/test/units/plugins/lookup/test_password.py +++ b/test/units/plugins/lookup/test_password.py @@ -333,7 +333,7 @@ class TestFormatContent(unittest.TestCase): self.assertEqual( password._format_content(password=u'hunter42', salt=None, - encrypt=False), + encrypt=None), u'hunter42') def test_encrypt(self):