Merge pull request #350 from rundeck-plugins/ssh-agent-passphrase

RUN-2224: using ssh-agent with passphrase is not working in Ansible Plugin
rundeck-plugins · Mar 21, 2024 · 4228d5a · 4228d5a
2 parents fab01ea + 75a8750
commit 4228d5a
Showing 1 changed file with 37 additions and 8 deletions.
diff --git a/src/main/groovy/com/rundeck/plugins/ansible/ansible/AnsibleRunner.java b/src/main/groovy/com/rundeck/plugins/ansible/ansible/AnsibleRunner.java
@@ -14,13 +14,7 @@
 import java.nio.file.Paths;
 import java.nio.file.SimpleFileVisitor;
 import java.nio.file.attribute.BasicFileAttributes;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import java.util.Collection;
-import java.util.Map;
-import java.util.HashMap;
+import java.util.*;
 
 public class AnsibleRunner {
 
@@ -636,12 +630,29 @@ public boolean registerKeySshAgent(String keyPath) throws AnsibleException, Exce
     // execute the ssh-agent add process
     ProcessBuilder processBuilder = new ProcessBuilder()
             .command(procArgs)
+            .redirectErrorStream(true)
             .directory(baseDirectory.toFile());
+
     Process proc = null;
 
     Map<String, String> env = processBuilder.environment();
     env.put("SSH_AUTH_SOCK", this.sshAgent.getSocketPath());
 
+    File tempPassVarsFile = null;
+    if (sshPassphrase != null && sshPassphrase.length() > 0) {
+      tempPassVarsFile = File.createTempFile("ansible-runner", "ssh-add-check");
+      tempPassVarsFile.setExecutable(true);
+
+      List<String> passScript = new ArrayList<>();
+      passScript.add("read SECRET");
+      passScript.add("echo $SECRET");
+
+      Files.write(tempPassVarsFile.toPath(),passScript);
+
+      env.put("DISPLAY", "0");
+      env.put("SSH_ASKPASS", tempPassVarsFile.getAbsolutePath());
+    }
+
     try {
       proc = processBuilder.start();
 
@@ -659,26 +670,44 @@ public boolean registerKeySshAgent(String keyPath) throws AnsibleException, Exce
         }
       }
 
+      stdinw.close();
+      stdin.close();
+
+      Thread errthread = Logging.copyStreamThread(proc.getErrorStream(), ListenerFactory.getListener(System.err));
+      Thread outthread = Logging.copyStreamThread(proc.getInputStream(), ListenerFactory.getListener(System.out));
+      errthread.start();
+      outthread.start();
+
       int exitCode = proc.waitFor();
 
+      outthread.join();
+      errthread.join();
+      System.err.flush();
+      System.out.flush();
+
      if (exitCode != 0) {
           throw new AnsibleException("ERROR: ssh-add returns with non zero code:" + procArgs.toString(),
                   AnsibleException.AnsibleFailureReason.AnsibleNonZero);
       }
 
+
     } catch (IOException  e) {
       throw new AnsibleException("ERROR: error adding private key to ssh-agent." + procArgs.toString(), e, AnsibleException.AnsibleFailureReason.Unknown);
     } catch (InterruptedException e) {
       if(proc!=null) {
         proc.destroy();
       }
       Thread.currentThread().interrupt();
-      throw new AnsibleException("ERROR: error adding private key to ssh-agen Interrupted.", e, AnsibleException.AnsibleFailureReason.Interrupted);
+      throw new AnsibleException("ERROR: error adding private key to ssh-agent Interrupted.", e, AnsibleException.AnsibleFailureReason.Interrupted);
     }finally {
       // Make sure to always cleanup on failure and success
       if(proc!=null) {
         proc.destroy();
       }
+
+      if(tempPassVarsFile!=null && !tempPassVarsFile.delete()){
+        tempPassVarsFile.deleteOnExit();
+      }
     }
 
     return true;