From 57498453249c4c938fb9c3e6c45b9051f7e5ed47 Mon Sep 17 00:00:00 2001 From: Alex Willmer Date: Mon, 6 May 2024 18:16:19 +0100 Subject: [PATCH] ansible_mitogen: Fix ansible_host_key_checking combined with add_host fixes #1066 Co-authored-by: Philippe Kueck --- ansible_mitogen/connection.py | 2 +- ansible_mitogen/transport_config.py | 24 ++++++++++++++++++++++++ docs/changelog.rst | 2 ++ 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/ansible_mitogen/connection.py b/ansible_mitogen/connection.py index dfc3aec40..6bdf11baf 100644 --- a/ansible_mitogen/connection.py +++ b/ansible_mitogen/connection.py @@ -119,7 +119,7 @@ def _connect_ssh(spec): """ Return ContextService arguments for an SSH connection. """ - if C.HOST_KEY_CHECKING: + if spec.host_key_checking(): check_host_keys = 'enforce' else: check_host_keys = 'ignore' diff --git a/ansible_mitogen/transport_config.py b/ansible_mitogen/transport_config.py index 1fc1e80a1..b0f126172 100644 --- a/ansible_mitogen/transport_config.py +++ b/ansible_mitogen/transport_config.py @@ -63,6 +63,8 @@ import abc import os + +import ansible.module_utils.parsing.convert_bool import ansible.utils.shlex import ansible.constants as C @@ -245,6 +247,12 @@ def python_path(self): Path to the Python interpreter on the target machine. """ + @abc.abstractmethod + def host_key_checking(self): + """ + Whether or not to check the keys of the target machine + """ + @abc.abstractmethod def private_key_file(self): """ @@ -466,6 +474,14 @@ def python_path(self, rediscover_python=False): action=self._action, rediscover_python=rediscover_python) + def host_key_checking(self): + def candidates(): + yield self._connection.get_task_var('ansible_ssh_host_key_checking') + yield self._connection.get_task_var('ansible_host_key_checking') + yield C.HOST_KEY_CHECKING + val = next(v for v in candidates() if v is not None) + return ansible.module_utils.parsing.convert_bool.boolean(val) + def private_key_file(self): return self._play_context.private_key_file @@ -692,6 +708,14 @@ def python_path(self, rediscover_python=False): action=self._action, rediscover_python=rediscover_python) + def host_key_checking(self): + def candidates(): + yield self._host_vars.get('ansible_ssh_host_key_checking') + yield self._host_vars.get('ansible_host_key_checking') + yield C.HOST_KEY_CHECKING + val = next(v for v in candidates() if v is not None) + return ansible.module_utils.parsing.convert_bool.boolean(val) + def private_key_file(self): # TODO: must come from PlayContext too. return ( diff --git a/docs/changelog.rst b/docs/changelog.rst index 407a8c78e..726a83ac7 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -24,6 +24,8 @@ Unreleased * :gh:issue:`952` Fix Ansible `--ask-become-pass`, add test coverage * :gh:issue:`957` Fix Ansible exception when executing against 10s of hosts "ValueError: filedescriptor out of range in select()" +* :gh:issue:`1066` Allow Ansible host key checking to be overridden by + `ansible_host_key_checking` & `ansible_ssh_host_key_checking` v0.3.7 (2024-04-08)