ansible_mitogen: Fix ansible_host_key_checking combined with add_host

fixes #1066

Co-authored-by: Philippe Kueck <[email protected]>

Author: moreati

ansible_mitogen/connection.py

@@ -119,7 +119,7 @@ def _connect_ssh(spec):
     """
     Return ContextService arguments for an SSH connection.
     """
-    if C.HOST_KEY_CHECKING:
+    if spec.host_key_checking():
         check_host_keys = 'enforce'
     else:
         check_host_keys = 'ignore'

ansible_mitogen/transport_config.py

@@ -63,6 +63,8 @@
 
 import abc
 import os
+
+import ansible.module_utils.parsing.convert_bool
 import ansible.utils.shlex
 import ansible.constants as C
 
@@ -245,6 +247,12 @@ def python_path(self):
         Path to the Python interpreter on the target machine.
         """
 
+    @abc.abstractmethod
+    def host_key_checking(self):
+        """
+        Whether or not to check the keys of the target machine
+        """
+
     @abc.abstractmethod
     def private_key_file(self):
         """
@@ -466,6 +474,14 @@ def python_path(self, rediscover_python=False):
             action=self._action,
             rediscover_python=rediscover_python)
 
+    def host_key_checking(self):
+        def candidates():
+            yield self._connection.get_task_var('ansible_ssh_host_key_checking')
+            yield self._connection.get_task_var('ansible_host_key_checking')
+            yield C.HOST_KEY_CHECKING
+        val = next(v for v in candidates() if v is not None)
+        return ansible.module_utils.parsing.convert_bool.boolean(val)
+
     def private_key_file(self):
         return self._play_context.private_key_file
 
@@ -692,6 +708,14 @@ def python_path(self, rediscover_python=False):
             action=self._action,
             rediscover_python=rediscover_python)
 
+    def host_key_checking(self):
+        def candidates():
+            yield self._host_vars.get('ansible_ssh_host_key_checking')
+            yield self._host_vars.get('ansible_host_key_checking')
+            yield C.HOST_KEY_CHECKING
+        val = next(v for v in candidates() if v is not None)
+        return ansible.module_utils.parsing.convert_bool.boolean(val)
+
     def private_key_file(self):
         # TODO: must come from PlayContext too.
         return (

docs/changelog.rst

@@ -24,6 +24,8 @@ Unreleased
 * :gh:issue:`952` Fix Ansible `--ask-become-pass`, add test coverage
 * :gh:issue:`957` Fix Ansible exception when executing against 10s of hosts
   "ValueError: filedescriptor out of range in select()"
+* :gh:issue:`1066` Allow Ansible host key checking to be overridden by
+   `ansible_host_key_checking` & `ansible_ssh_host_key_checking`
 
 
 v0.3.7 (2024-04-08)