Implement https://trello.com/c/Oznsyg2c - Always use ssh-agent to run playbooks whenever an SSH key is provided.

2026-01-16 20:30:46 -03:30 · 2014-10-23 14:34:38 -04:00 · 2014-10-23 14:34:38 -04:00 · 4eb0ed225b
commit 4eb0ed225b
parent 7834bfab70
2 changed files with 8 additions and 13 deletions
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@ -660,12 +660,6 @@ class RunJob(BaseTask):
        except ValueError:
            pass

-        # If private key isn't encrypted, pass the path on the command line.
-        ssh_key_path = kwargs.get('private_data_file', '')
-        use_ssh_agent = bool(creds and creds.has_encrypted_ssh_key_data)
-        if ssh_key_path and not use_ssh_agent:
-            args.append('--private-key=%s' % ssh_key_path)
-
        if job.forks:  # FIXME: Max limit?
            args.append('--forks=%d' % job.forks)
        if job.force_handlers:
@ -703,8 +697,9 @@ class RunJob(BaseTask):
        # Add path to playbook (relative to project.local_path).
        args.append(job.playbook)

-        # If ssh unlock password is needed, run using ssh-agent.
-        if ssh_key_path and use_ssh_agent:
+        # If using an SSH key, run using ssh-agent.
+        ssh_key_path = kwargs.get('private_data_file', '')
+        if ssh_key_path:
            args = self.wrap_args_with_ssh_agent(args, ssh_key_path)

        return args
--- a/awx/main/tests/tasks.py
+++ b/awx/main/tests/tasks.py
@ -459,7 +459,7 @@ class RunJobTest(BaseCeleryTest):
        if expect_stdout:
            self.assertTrue(job.result_stdout)
        else:
-            self.assertFalse(job.result_stdout,
+            self.assertTrue(job.result_stdout in ('', 'stdout capture is missing'),
                             u'expected no stdout, got:\n%s' %
                             job.result_stdout)
        if expect_traceback:
@ -925,8 +925,8 @@ class RunJobTest(BaseCeleryTest):
        self.assertTrue(job.signal_start())
        job = Job.objects.get(pk=job.pk)
        self.check_job_result(job, 'successful')
-        self.assertTrue('"--private-key=' in job.job_args)
-        self.assertFalse('ssh-agent' in job.job_args)
+        self.assertFalse('"--private-key=' in job.job_args)
+        self.assertTrue('ssh-agent' in job.job_args)

    def test_tag_and_task_options(self):
        self.create_test_project(TEST_PLAYBOOK_WITH_TAGS)
@ -1062,8 +1062,8 @@ class RunJobTest(BaseCeleryTest):
        self.assertTrue(job.signal_start())
        job = Job.objects.get(pk=job.pk)
        self.check_job_result(job, 'successful')
-        self.assertTrue('"--private-key=' in job.job_args)
-        self.assertFalse('ssh-agent' in job.job_args)
+        self.assertFalse('"--private-key=' in job.job_args)
+        self.assertTrue('ssh-agent' in job.job_args)

    def test_locked_ssh_key_with_password(self):
        self.create_test_credential(ssh_key_data=TEST_SSH_KEY_DATA_LOCKED,