introduce 'mitogen_ssh_check_host_keys' to disable host key checking …

…in inventory
mitogen-hq · Apr 19, 2024 · 8e7e785 · 8e7e785
1 parent bb9c51b
commit 8e7e785
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 4 deletions.
diff --git a/ansible_mitogen/connection.py b/ansible_mitogen/connection.py
@@ -119,10 +119,12 @@ def _connect_ssh(spec):
     """
     Return ContextService arguments for an SSH connection.
     """
-    if C.HOST_KEY_CHECKING:
-        check_host_keys = 'enforce'
-    else:
-        check_host_keys = 'ignore'
+    check_host_keys = spec.mitogen_ssh_host_key_checking()
+    if check_host_keys is None:
+        if C.HOST_KEY_CHECKING:
+            check_host_keys = 'enforce'
+        else:
+            check_host_keys = 'ignore'
 
     # #334: tilde-expand private_key_file to avoid implementation difference
     # between Python and OpenSSH.

diff --git a/ansible_mitogen/transport_config.py b/ansible_mitogen/transport_config.py
@@ -385,6 +385,12 @@ def mitogen_ssh_compression(self):
         Whether SSH compression is enabled.
         """
 
+    @abc.abstractmethod
+    def mitogen_ssh_host_key_checking(self):
+        """
+        Whether or not to check the ssh hostkeys
+        """
+
     @abc.abstractmethod
     def extra_args(self):
         """
@@ -564,6 +570,9 @@ def mitogen_ssh_debug_level(self):
     def mitogen_ssh_compression(self):
         return self._connection.get_task_var('mitogen_ssh_compression')
 
+    def mitogen_ssh_host_key_checking(self):
+        return self._connection.get_task_var('mitogen_ssh_host_key_checking')
+
     def extra_args(self):
         return self._connection.get_extra_args()
 

diff --git a/docs/ansible_detailed.rst b/docs/ansible_detailed.rst
@@ -1047,6 +1047,8 @@ Like the :ans:conn:`ssh` except connection delegation is supported.
   to 10.
 * ``mitogen_ssh_keepalive_interval``: integer seconds delay between keepalive
   messages. Defaults to 30.
+* ``mitogen_ssh_host_key_checking``: `accept`, `enforce` or `ignore` the
+  remote's ssh host key
 
 
 Debugging

diff --git a/docs/changelog.rst b/docs/changelog.rst
@@ -22,6 +22,8 @@ Unreleased
 ----------
 
 * :gh:issue:`952` Fix Ansible `--ask-become-pass`, add test coverage
+* :gh:issue:`1066` Introduce `mitogen_ssh_host_key_checking` to somehow mimic
+  `ansible_host_key_checking`
 
 
 v0.3.7 (2024-04-08)