From ca6c36e1ac2f6f4b72ec7167903d578468f28261 Mon Sep 17 00:00:00 2001 From: Javier Candeira Date: Fri, 8 Mar 2013 20:08:28 +1100 Subject: [PATCH] password lookup plugin, with working tests and documentation --- docsite/rst/playbooks2.rst | 46 +++++++++++-- lib/ansible/runner/lookup_plugins/password.py | 66 +++++++++++++++++++ test/TestPlayBook.py | 16 ++--- test/lookup_plugins.yml | 22 +++++++ 4 files changed, 138 insertions(+), 12 deletions(-) create mode 100644 lib/ansible/runner/lookup_plugins/password.py diff --git a/docsite/rst/playbooks2.rst b/docsite/rst/playbooks2.rst index 0aa8e52fec..afeb2cbd25 100644 --- a/docsite/rst/playbooks2.rst +++ b/docsite/rst/playbooks2.rst @@ -209,14 +209,14 @@ some other options, but otherwise works equivalently:: prompt: "Product release version" private: no -If `Passlib `_ is installed, vars_prompt can also crypt the +If `Passlib `_ is installed, vars_prompt can also crypt the entered value so you can use it, for instance, with the user module to define a password:: vars_prompt: - name: "my_password2" prompt: "Enter password2" private: yes - encrypt: "md5_crypt" + encrypt: "md5_crypt" confirm: yes salt_size: 7 @@ -241,7 +241,7 @@ You can use any crypt scheme supported by `Passlib +# (c) 2013, Javie Candeira +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +from ansible import utils, errors +import os +import errno +import random +from string import ascii_uppercase, ascii_lowercase, digits + + +class LookupModule(object): + + LENGTH = 20 + + def __init__(self, length=None, basedir=None, **kwargs): + self.basedir = basedir + + def run(self, terms, **kwargs): + if isinstance(terms, basestring): + terms = [ terms ] + ret = [] + + for term in terms: + # you can't have escaped spaces in yor pathname + params = term.split() + relpath = params[0] + length = LookupModule.LENGTH + + # get non-default length parameter if specified + if len(params) > 1: + try: + name, length = params[1].split('=') + assert(name.startswith("length")) + length = int(length) + except (ValueError, AssertionError) as e: + raise errors.AnsibleError(e) + + # get password or create it if file doesn't exist + path = utils.path_dwim(self.basedir, relpath) + if not os.path.exists(path): + pathdir = os.path.dirname(path) + if not os.path.isdir(pathdir): + os.makedirs(pathdir) + chars = ascii_uppercase + ascii_lowercase + digits + ".,:-_" + password = ''.join(random.choice(chars) for _ in range(length)) + with open(path, 'w') as f: + f.write(password) + ret.append(open(path).read().rstrip()) + + return ret + diff --git a/test/TestPlayBook.py b/test/TestPlayBook.py index 1403edb8f3..4d070a8d53 100644 --- a/test/TestPlayBook.py +++ b/test/TestPlayBook.py @@ -172,20 +172,20 @@ class TestPlaybook(unittest.TestCase): print utils.jsonify(actual, format=True) expected = { "localhost": { - "changed": 9, + "changed": 16, "failures": 0, - "ok": 14, + "ok": 21, "skipped": 1, "unreachable": 0 - } - } + } + } print "**EXPECTED**" print utils.jsonify(expected, format=True) assert utils.jsonify(expected, format=True) == utils.jsonify(actual,format=True) print "len(EVENTS) = %d" % len(EVENTS) - assert len(EVENTS) == 60 + assert len(EVENTS) == 74 def test_includes(self): pb = os.path.join(self.test_dir, 'playbook-includer.yml') @@ -201,14 +201,14 @@ class TestPlaybook(unittest.TestCase): "ok": 10, "skipped": 0, "unreachable": 0 - } - } + } + } print "**EXPECTED**" print utils.jsonify(expected, format=True) assert utils.jsonify(expected, format=True) == utils.jsonify(actual,format=True) - def test_playbook_vars(self): + def test_playbook_vars(self): test_callbacks = TestCallbacks() playbook = ansible.playbook.PlayBook( playbook=os.path.join(self.test_dir, 'test_playbook_vars', 'playbook.yml'), diff --git a/test/lookup_plugins.yml b/test/lookup_plugins.yml index ae73552ab6..7d2141cc0d 100644 --- a/test/lookup_plugins.yml +++ b/test/lookup_plugins.yml @@ -55,3 +55,25 @@ action: copy src=sample.j2 dest=/tmp/ansible-test-with_lines-data - name: cleanup test file action: file path=/tmp/ansible-test-with_lines-data state=absent + +# password lookup plugin + - name: ensure test file doesn't exist + # command because file will return differently + action: command rm -f /tmp/ansible-test-with_password + - name: test LOOKUP and PASSWORD with non existing password file + action: command test "$LOOKUP(password, /tmp/ansible-test-with_password)" = "$PASSWORD(/tmp/ansible-test-with_password)" + - name: test LOOKUP and PASSWORD with existing password file + action: command test "$LOOKUP(password, /tmp/ansible-test-with_password)" = "$PASSWORD(/tmp/ansible-test-with_password)" + - name: now test existing password via $item and with_password + action: command test "$PASSWORD(/tmp/ansible-test-with_password)" = "$item" + with_password: + - /tmp/ansible-test-with_password + - name: cleanup test file + action: file path=/tmp/ansible-test-with_password state=absent + - name: now test a password of non-default length (default=20, but here length=8) + action: command test "$PASSWORD(/tmp/ansible-test-with_password length=8)" = "$LOOKUP(password, /tmp/ansible-test-with_password)" + # - name: did we really create a password of length=8? + # action: command test "`expr length $PASSWORD(/tmp/ansible-test-with_password)`" = "8" + - name: cleanup test file, again + action: file path=/tmp/ansible-test-with_password state=absent +