1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Find a file
Matthias Fuchs 7871027c9d Share the implementation of hashing for both vars_prompt and password_hash (#21215)
* Share the implementation of hashing for both vars_prompt and password_hash.
* vars_prompt with encrypt does not require passlib for the algorithms
  supported by crypt.
* Additional checks ensure that there is always a result.
  This works around issues in the crypt.crypt python function that returns
  None for algorithms it does not know.
  Some modules (like user module) interprets None as no password at all,
  which is misleading.
* The password_hash filter supports all parameters of passlib.
  This allows users to provide a rounds parameter, fixing #15326.
* password_hash is not restricted to the subset provided by crypt.crypt,
  fixing one half of #17266.
* Updated documentation fixes other half of #17266.
* password_hash does not hard-code the salt-length, which fixes bcrypt
  in connection with passlib.
  bcrypt requires a salt with length 22, which fixes #25347
* Salts are only generated by ansible when using crypt.crypt.
  Otherwise passlib generates them.
* Avoids deprecated functionality of passlib with newer library versions.
* When no rounds are specified for sha256/sha256_crypt and sha512/sha512_crypt
  always uses the default values used by crypt, i.e. 5000 rounds.
  Before when installed passlibs' defaults were used.
  passlib changes its defaults with newer library versions, leading to non
  idempotent behavior.

  NOTE: This will lead to the recalculation of existing hashes generated
        with passlib and without a rounds parameter.
        Yet henceforth the hashes will remain the same.
        No matter the installed passlib version.
        Making these hashes idempotent.

Fixes #15326
Fixes #17266
Fixes #25347 except bcrypt still uses 2a, instead of the suggested 2b.

* random_salt is solely handled by encrypt.py.
  There is no _random_salt function there anymore.
  Also the test moved to test_encrypt.py.
* Uses pytest.skip when passlib is not available, instead of a silent return.
* More checks are executed when passlib is not available.

* Moves tests that require passlib into their own test-function.

* Uses the six library to reraise the exception.

* Fixes integration test.

When no rounds are provided the defaults of crypt are used.
In that case the rounds are not part of the resulting MCF output.
2018-08-27 08:40:41 -07:00
.github Clean up BOTMETA.yml (#44574) 2018-08-24 19:43:35 -04:00
bin Prevent data being truncated over persistent connection socket (#43885) 2018-08-10 09:26:58 -04:00
changelogs Share the implementation of hashing for both vars_prompt and password_hash (#21215) 2018-08-27 08:40:41 -07:00
contrib Update vault-keyring to ConfigManager internals (#41967) 2018-08-22 13:09:22 -04:00
docs Share the implementation of hashing for both vars_prompt and password_hash (#21215) 2018-08-27 08:40:41 -07:00
examples Surround top-level function and class definitions with two blank lines. 2018-07-31 12:06:56 -07:00
hacking sns_topic boto3 port (#39292) 2018-08-23 21:04:18 -04:00
lib/ansible Share the implementation of hashing for both vars_prompt and password_hash (#21215) 2018-08-27 08:40:41 -07:00
licenses Create a short license for PSF and MIT. (#32212) 2017-11-06 10:25:30 -08:00
packaging Remove use of simplejson throughout code base (#43548) 2018-08-10 11:13:29 -05:00
test Share the implementation of hashing for both vars_prompt and password_hash (#21215) 2018-08-27 08:40:41 -07:00
.cherry_picker.toml 🚸 🐍 🍒 ⛏ Integrate cherry picker (#41403) 2018-07-12 19:34:02 +03:00
.coveragerc AnsiballZ improvements 2018-07-26 20:07:25 -07:00
.gitattributes 2.6 changelog gen/version/root dir cleanup (#40421) 2018-05-21 16:14:53 -07:00
.gitignore Implement new changelog generator. 2018-06-05 19:08:15 -07:00
.mailmap Fix syntax typo 2017-12-24 12:16:17 +01:00
CODING_GUIDELINES.md Fix some broken links (#42079) 2018-06-29 11:12:01 -07:00
COPYING license file should be in source tree 2012-03-15 20:24:22 -04:00
docsite_requirements.txt Fixes the build issue pertaining to sphinx-build which is required to build ansible (#22480) 2017-03-14 14:19:46 -07:00
Makefile Fix some broken links (#42079) 2018-06-29 11:12:01 -07:00
MANIFEST.in fix MANIFEST.in to include CHANGELOG stub for devel 2018-05-30 17:40:50 -07:00
MODULE_GUIDELINES.md Use https for links to ansible.com domains. 2018-04-23 11:33:56 -07:00
README.rst Update readme info (#44394) 2018-08-21 09:58:16 -05:00
requirements.txt Cyptography pr 20566 rebase (#25560) 2017-06-27 06:00:15 -07:00
setup.py add missing entry to package_data (#44585) 2018-08-23 14:00:22 -05:00
shippable.yml Update Shippable integration test groups. (#43118) 2018-07-23 20:46:22 -07:00
tox.ini Convert ansible-test compile into a sanity test. 2018-01-25 09:45:36 -08:00

|PyPI version| |Docs badge| |Build Status|

*******
Ansible
*******

Ansible is a radically simple IT automation system. It handles
configuration-management, application deployment, cloud provisioning,
ad-hoc task-execution, and multinode orchestration -- including
trivializing things like zero-downtime rolling updates with load
balancers.

Read the documentation and more at https://ansible.com/

You can find installation instructions
`here <https://docs.ansible.com/intro_getting_started.html>`_ for a
variety of platforms.

Most users should probably install a released version of Ansible from ``pip``, a package manager or
our `release repository <https://releases.ansible.com/ansible/>`_. `Officially supported
<https://www.ansible.com/ansible-engine>`_ builds of Ansible are also available. Some power users
run directly from the development branch - while significant efforts are made to ensure that
``devel`` is reasonably stable, you're more likely to encounter breaking changes when running
Ansible this way.

Design Principles
=================

*  Have a dead simple setup process and a minimal learning curve
*  Manage machines very quickly and in parallel
*  Avoid custom-agents and additional open ports, be agentless by
   leveraging the existing SSH daemon
*  Describe infrastructure in a language that is both machine and human
   friendly
*  Focus on security and easy auditability/review/rewriting of content
*  Manage new remote machines instantly, without bootstrapping any
   software
*  Allow module development in any dynamic language, not just Python
*  Be usable as non-root
*  Be the easiest IT automation system to use, ever.

Get Involved
============

*  Read `Community
   Information <https://docs.ansible.com/community.html>`_ for all
   kinds of ways to contribute to and interact with the project,
   including mailing list information and how to submit bug reports and
   code to Ansible.
*  All code submissions are done through pull requests. Take care to
   make sure no merge commits are in the submission, and use
   ``git rebase`` vs ``git merge`` for this reason. If submitting a
   large code change (other than modules), it's probably a good idea to
   join ansible-devel and talk about what you would like to do or add
   first to avoid duplicate efforts. This not only helps everyone
   know what's going on, it also helps save time and effort if we decide
   some changes are needed.
*  Users list:
   `ansible-project <https://groups.google.com/group/ansible-project>`_
*  Development list:
   `ansible-devel <https://groups.google.com/group/ansible-devel>`_
*  Announcement list:
   `ansible-announce <https://groups.google.com/group/ansible-announce>`_
   -- read only
*  irc.freenode.net: #ansible

Branch Info
===========

*  Releases are named after Led Zeppelin songs. (Releases prior to 2.0
   were named after Van Halen songs.)
*  The devel branch corresponds to the release actively under
   development.
*  Various release-X.Y branches exist for previous releases.
*  We'd love to have your contributions, read `Community
   Information <https://docs.ansible.com/community.html>`_ for notes on
   how to get started.

Roadmap
=======

Based on team and community feedback, an initial roadmap will be published for a major or minor version (ex: 2.0, 2.1).
Subminor versions will generally not have roadmaps published.

Ansible 2.1 was the first release which published this and asked for feedback in this manner.
Feedback on the roadmap and the new process is quite welcome.
The team is aiming for further transparency and better inclusion of both community desires and submissions.

These are the team's *best guess* roadmaps based on the Ansible team's experience and are also based on requests and feedback from the community.
There are things that may not make it due to time constraints, lack of community maintainers, etc.
Each roadmap is published both as an idea of what is upcoming in Ansible, and as a medium for seeking further feedback from the community.

There are multiple places for you to submit feedback:

- Add to the agenda of an IRC `Core Team Meeting <https://github.com/ansible/community/blob/master/meetings/README.md>`_ (preferred)
- Ansible's google-group: ansible-devel
- AnsibleFest conferences
- IRC Freenode channel: #ansible-devel (this one may have things lost in lots of conversation)

For additional details consult the published `Ansible Roadmap <https://docs.ansible.com/ansible/devel/roadmap/>`_.

Authors
=======

Ansible was created by `Michael DeHaan <https://github.com/mpdehaan>`_
(michael.dehaan/gmail/com) and has contributions from over 3700 users
(and growing). Thanks everyone!

`Ansible <https://www.ansible.com>`_ is sponsored by `Red Hat, Inc.
<https://www.redhat.com>`_

License
=======

GNU General Public License v3.0

See `COPYING <COPYING>`_ to see the full text.

.. |PyPI version| image:: https://img.shields.io/pypi/v/ansible.svg
   :target: https://pypi.org/project/ansible
.. |Docs badge| image:: https://img.shields.io/badge/docs-latest-brightgreen.svg
   :target: https://docs.ansible.com/ansible
.. |Build Status| image:: https://api.shippable.com/projects/573f79d02a8192902e20e34b/badge?branch=devel
   :target: https://app.shippable.com/projects/573f79d02a8192902e20e34b