rename hash_host arg to hash_known_hosts

Fixes #27187.
2025-04-17 10:10:20 +00:00 · 2015-09-17 12:31:52 -06:00 · 2015-09-17 12:31:52 -06:00 · 1b620b77cd
commit 1b620b77cd
parent 12f14ae37c
2 changed files with 71 additions and 5 deletions
--- a/salt/modules/ssh.py
+++ b/salt/modules/ssh.py
@ -774,7 +774,8 @@ def set_known_host(user=None,
                   port=None,
                   enc=None,
                   hash_hostname=True,
-                   config=None):
+                   config=None,
+                   hash_known_hosts=True):
    '''
    Download SSH public key from remote host "hostname", optionally validate
    its fingerprint against "fingerprint" variable and save the record in the
@ -782,6 +783,44 @@ def set_known_host(user=None,

    If such a record does already exists in there, do nothing.

+    user
+        The user who owns the ssh authorized keys file to modify
+
+    hostname
+        The name of the remote host (e.g. "github.com")
+
+    fingerprint
+        The fingerprint of the key which must be presented in the known_hosts
+        file (optional if key specified)
+
+    key
+        The public key which must be presented in the known_hosts file
+        (optional if fingerprint specified)
+
+    port
+        optional parameter, denoting the port of the remote host, which will be
+        used in case, if the public key will be requested from it. By default
+        the port 22 is used.
+
+    enc
+        Defines what type of key is being used, can be ed25519, ecdsa ssh-rsa
+        or ssh-dss
+
+    hash_hostname : True
+        Hash all hostnames and addresses in the known hosts file.
+
+        .. deprecated:: Carbon
+
+            Please use hash_known_hosts instead.
+
+    config
+        The location of the authorized keys file relative to the user's home
+        directory, defaults to ".ssh/known_hosts". If no user is specified,
+        defaults to "/etc/ssh/ssh_known_hosts". If present, must be an
+        absolute path when a user is not specified.
+
+    hash_known_hosts : True
+        Hash all hostnames and addresses in the known hosts file.

    CLI Example:

@ -798,6 +837,14 @@ def set_known_host(user=None,
                'error': 'argument port can not be used in '
                'conjunction with argument hash_hostname'}

+    if not hash_hostname:
+        salt.utils.warn_until(
+            'Carbon',
+            'The hash_hostname parameter is misleading as ssh-keygen can only '
+            'hash the whole known hosts file, not entries for individual'
+            'hosts. Please use hash_known_hosts=False instead.')
+        hash_known_hosts = hash_hostname
+
    update_required = False
    stored_host = get_known_host(user, hostname, config, port)

@ -864,7 +911,7 @@ def set_known_host(user=None,
            os.chown(ssh_dir, uinfo['uid'], uinfo['gid'])
            os.chmod(ssh_dir, 0o700)

-    if key:
+    if key and hash_known_hosts:
        cmd_result = __salt__['ssh.hash_known_hosts'](user=user, config=full)

    # write line to known_hosts file
--- a/salt/states/ssh_known_hosts.py
+++ b/salt/states/ssh_known_hosts.py
@ -23,6 +23,9 @@ from __future__ import absolute_import
 # Import python libs
 import os

+# Import salt libs
+import salt.utils
+

 def present(
        name,
@ -32,7 +35,8 @@ def present(
        port=None,
        enc=None,
        config=None,
-        hash_hostname=True):
+        hash_hostname=True,
+        hash_known_hosts=True):
    '''
    Verifies that the specified host is known by the specified user

@ -70,7 +74,14 @@ def present(
        absolute path when a user is not specified.

    hash_hostname : True
-        Hash all hostnames and addresses in the output.
+        Hash all hostnames and addresses in the known hosts file.
+
+        .. deprecated:: Carbon
+
+            Please use hash_known_hosts instead.
+
+    hash_known_hosts : True
+        Hash all hostnames and addresses in the known hosts file.
    '''
    ret = {'name': name,
           'changes': {},
@ -87,6 +98,14 @@ def present(
        ret['result'] = False
        return dict(ret, comment=comment)

+    if not hash_hostname:
+        salt.utils.warn_until(
+            'Carbon',
+            'The hash_hostname parameter is misleading as ssh-keygen can only '
+            'hash the whole known hosts file, not entries for individual'
+            'hosts. Please use hash_known_hosts=False instead.')
+        hash_known_hosts = hash_hostname
+
    if __opts__['test']:
        if key and fingerprint:
            comment = 'Specify either "key" or "fingerprint", not both.'
@ -121,7 +140,7 @@ def present(
                port=port,
                enc=enc,
                config=config,
-                hash_hostname=hash_hostname)
+                hash_known_hosts=hash_known_hosts)
    if result['status'] == 'exists':
        return dict(ret,
                    comment='{0} already exists in {1}'.format(name, config))