WIP

Author: moreati

ansible_mitogen/transport_config.py

@@ -475,11 +475,11 @@ def python_path(self, rediscover_python=False):
             rediscover_python=rediscover_python)
 
     def host_key_checking(self):
-        val = (
-            self._connection.get_task_var('ansible_ssh_host_key_checking')
-            or self._connection.get_task_var('ansible_host_key_checking')
-            or C.HOST_KEY_CHECKING
-        )
+        def candidates():
+            yield self._connection.get_task_var('ansible_ssh_host_key_checking')
+            yield self._connection.get_task_var('ansible_host_key_checking')
+            yield C.HOST_KEY_CHECKING
+        val = next(v for v in candidates() if v is not None)
         return ansible.module_utils.parsing.convert_bool.boolean(val)
 
     def private_key_file(self):
@@ -709,11 +709,11 @@ def python_path(self, rediscover_python=False):
             rediscover_python=rediscover_python)
 
     def host_key_checking(self):
-        val = (
-            self._host_vars.get('ansible_ssh_host_key_checking')
-            or self._host_vars.get('ansible_ssh_host_key_checking')
-            or C.HOST_KEY_CHECKING
-        )
+        def candidates():
+            yield self._host_vars.get('ansible_ssh_host_key_checking')
+            yield self._host_vars.get('ansible_host_key_checking')
+            yield C.HOST_KEY_CHECKING
+        val = next(v for v in candidates() if v is not None)
         return ansible.module_utils.parsing.convert_bool.boolean(val)
 
     def private_key_file(self):

tests/ansible/hosts/transport_config.hosts

@@ -13,6 +13,7 @@ tc_become
 tc_become_method
 tc_become_pass
 tc_become_user
+tc_host_key_checking
 tc_password
 tc_port
 tc_remote_addr
@@ -74,6 +75,11 @@ tc-become-pass-password ansible_become_password=apassword
 tc-become-pass-pass ansible_become_pass=apass
 tc-become-pass-both ansible_become_pass=bpass ansible_become_password=bpassword
 
+[tc_host_key_checking]
+tc-hkc-unset
+tc-hkc-host-key-checking ansible_host_key_checking=true
+tc-hkc-ssh-host-key-checking ansible_ssh_host_key_checking=true
+
 [tc_port]
 tc-port-unset
 tc-port-explicit-port ansible_port=1234

tests/ansible/integration/transport_config/all.yml

@@ -2,6 +2,7 @@
 - import_playbook: become_pass.yml
 - import_playbook: become_user.yml
 - import_playbook: become.yml
+- import_playbook: host_key_checking.yml
 - import_playbook: password.yml
 - import_playbook: port.yml
 - import_playbook: python_path.yml

tests/ansible/integration/transport_config/host_key_checking.yml

@@ -0,0 +1,94 @@
+# Each case is followed by mitogen_via= case to test hostvars method.
+
+- name: integration/transport_config/host_key_checking.yml
+  hosts: tc-hkc-unset
+  tasks:
+    - include_tasks: ../_mitogen_only.yml
+    - {mitogen_get_stack: {}, register: out}
+    - assert:
+        that:
+          - out.result | length == 1
+          - out.result[0].method == "ssh"
+          - out.result[0].kwargs.check_host_keys == "ignore"
+        fail_msg: out={{ out }}
+  tags:
+    - mitogen_only
+
+- hosts: tc-hkc-unset
+  vars:
+    mitogen_via: tc-hkc-host-key-checking
+  tasks:
+    - include_tasks: ../_mitogen_only.yml
+    - {mitogen_get_stack: {}, register: out}
+    - assert:
+        that:
+          - out.result | length == 2
+          - out.result[0].method == "ssh"
+          - out.result[0].kwargs.check_host_keys == "enforce"
+          - out.result[1].method == "ssh"
+          - out.result[1].kwargs.check_host_keys == "ignore"
+        fail_msg: out={{ out }}
+  tags:
+    - mitogen_only
+
+
+- hosts: tc-hkc-host-key-checking
+  tasks:
+    - include_tasks: ../_mitogen_only.yml
+    - {mitogen_get_stack: {}, register: out}
+    - assert:
+        that:
+          - out.result | length == 1
+          - out.result[0].method == "ssh"
+          - out.result[0].kwargs.check_host_keys == "enforce"
+        fail_msg: out={{ out }}
+  tags:
+    - mitogen_only
+
+- hosts: tc-hkc-host-key-checking
+  vars:
+    mitogen_via: tc-hkc-unset
+  tasks:
+    - include_tasks: ../_mitogen_only.yml
+    - {mitogen_get_stack: {}, register: out}
+    - assert:
+        that:
+          - out.result | length == 2
+          - out.result[0].method == "ssh"
+          - out.result[0].kwargs.check_host_keys == "ignore"
+          - out.result[1].method == "ssh"
+          - out.result[1].kwargs.check_host_keys == "enforce"
+        fail_msg: out={{ out }}
+  tags:
+    - mitogen_only
+
+
+- hosts: tc-hkc-ssh-host-key-checking
+  tasks:
+    - include_tasks: ../_mitogen_only.yml
+    - {mitogen_get_stack: {}, register: out}
+    - assert:
+        that:
+          - out.result | length == 1
+          - out.result[0].method == "ssh"
+          - out.result[0].kwargs.check_host_keys == "enforce"
+        fail_msg: out={{ out }}
+  tags:
+    - mitogen_only
+
+- hosts: tc-hkc-ssh-host-key-checking
+  vars:
+    mitogen_via: tc-hkc-unset
+  tasks:
+    - include_tasks: ../_mitogen_only.yml
+    - {mitogen_get_stack: {}, register: out}
+    - assert:
+        that:
+          - out.result | length == 2
+          - out.result[0].method == "ssh"
+          - out.result[0].kwargs.check_host_keys == "ignore"
+          - out.result[1].method == "ssh"
+          - out.result[1].kwargs.check_host_keys == "enforce"
+        fail_msg: out={{ out }}
+  tags:
+    - mitogen_only

tests/ansible/regression/issue_1066__add_host__host_key_checking.yml

@@ -6,7 +6,8 @@
     - name: Add hosts dynamically
       add_host:
         name: "{{ item.name }}"
-        ansible_host_key_checking:        "{{ item.host_key_checking }}"
+        ansible_host_key_checking:        "{{ item.host_key_checking | default(omit) }}"
+        ansible_ssh_host_key_checking:    "{{ item.host_ssh_key_checking | default(omit) }}"
         ansible_host:                     "{{ hostvars[inventory_hostname].ansible_host | default(omit) }}"
         ansible_password:                 "{{ hostvars[inventory_hostname].ansible_password | default(omit) }}"
         ansible_port:                     "{{ hostvars[inventory_hostname].ansible_port | default(omit) }}"
@@ -15,12 +16,14 @@
       loop:
         - {name: issue-1066-host-hkc-false,   host_key_checking: false}
         - {name: issue-1066-host-hkc-true,    host_key_checking: true}
+        - {name: issue-1066-host-hskc-false,  host_ssh_key_checking: false}
+        - {name: issue-1066-host-hskc-true,   host_ssh_key_checking: true}
       delegate_to: localhost
   tags:
     - issue_1066
 
 - name: regression/issue_1066__add_host__host_key_checking.yml
-  hosts: issue-1066-host-hkc-false,issue-1066-host-hkc-true
+  hosts: issue-1066-host-*
   gather_facts: false
   become: false
   serial: 1
@@ -47,19 +50,14 @@
     - name: Confirm dynamically added hosts are/are not reachable
       vars:
         expected:
-          # Host key checking explicitly disabled, therefore connection succeeds
-          issue-1066-host-hkc-false:
-            ansible_host_key_checking: false
-          # Host key checking explicitly enabled, therefore connection fails
-          issue-1066-host-hkc-true:
-            ansible_host_key_checking: true
-            unreachable: true
+          issue-1066-host-hkc-false:    {}
+          issue-1066-host-hkc-true:     {unreachable: true}
+          issue-1066-host-hskc-false:   {}
+          issue-1066-host-hskc-true:    {unreachable: true}
       assert:
         that:
           - issue_1066_ping.unreachable is defined == expected[inventory_hostname].unreachable is defined
           - issue_1066_ping.unreachable | default(42) == expected[inventory_hostname].unreachable | default(42)
-          - ansible_host_key_checking is defined
-          - ansible_host_key_checking == expected[inventory_hostname].ansible_host_key_checking
       # ansible_host_key_checking don't work on Vanilla Ansible 2.10, even for
       # static inventory hosts (ansible/ansible#49254, ansible/ansible#73708).
       when: