mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Make ansible doesn't parse template-like password in user's input (#42275)
NOTE: 1. Use unsafe decorator but not builtin escape wrapper in jinja2 since ansible will try parse ssh password twice, the builtin escape wrapper will be removed during the first parse. 2. Use class AnsibleUnsafeText but not '!unsafe' syntax since passwords are not loaded by YAML env, '!unsafe' syntax doesn't work for them.
This commit is contained in:
parent
d962611528
commit
de40ac02a5
1 changed files with 3 additions and 2 deletions
|
@ -38,6 +38,7 @@ from ansible.errors import AnsibleOptionsError, AnsibleError
|
||||||
from ansible.inventory.manager import InventoryManager
|
from ansible.inventory.manager import InventoryManager
|
||||||
from ansible.module_utils.six import with_metaclass, string_types
|
from ansible.module_utils.six import with_metaclass, string_types
|
||||||
from ansible.module_utils._text import to_bytes, to_text
|
from ansible.module_utils._text import to_bytes, to_text
|
||||||
|
from ansible.utils.unsafe_proxy import AnsibleUnsafeText
|
||||||
from ansible.parsing.dataloader import DataLoader
|
from ansible.parsing.dataloader import DataLoader
|
||||||
from ansible.release import __version__
|
from ansible.release import __version__
|
||||||
from ansible.utils.path import unfrackpath
|
from ansible.utils.path import unfrackpath
|
||||||
|
@ -329,7 +330,7 @@ class CLI(with_metaclass(ABCMeta, object)):
|
||||||
sshpass = getpass.getpass(prompt="SSH password: ")
|
sshpass = getpass.getpass(prompt="SSH password: ")
|
||||||
become_prompt = "%s password[defaults to SSH password]: " % become_prompt_method
|
become_prompt = "%s password[defaults to SSH password]: " % become_prompt_method
|
||||||
if sshpass:
|
if sshpass:
|
||||||
sshpass = to_bytes(sshpass, errors='strict', nonstring='simplerepr')
|
sshpass = AnsibleUnsafeText(to_bytes(sshpass, errors='strict', nonstring='simplerepr'))
|
||||||
else:
|
else:
|
||||||
become_prompt = "%s password: " % become_prompt_method
|
become_prompt = "%s password: " % become_prompt_method
|
||||||
|
|
||||||
|
@ -338,7 +339,7 @@ class CLI(with_metaclass(ABCMeta, object)):
|
||||||
if op.ask_pass and becomepass == '':
|
if op.ask_pass and becomepass == '':
|
||||||
becomepass = sshpass
|
becomepass = sshpass
|
||||||
if becomepass:
|
if becomepass:
|
||||||
becomepass = to_bytes(becomepass)
|
becomepass = AnsibleUnsafeText(to_bytes(becomepass))
|
||||||
except EOFError:
|
except EOFError:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue