iso_extract: Add password argument (#9159)

* iso_extract: Add password argument * Update iso_extract.py * Update iso_extract.py * Update plugins/modules/iso_extract.py Co-authored-by: Felix Fontein <felix@fontein.de> * Create 9159-iso-extract_add_password.yml * Update 9159-iso-extract_add_password.yml * Remove default value for password * Use password with 7z only * Apply suggestions from code review Co-authored-by: Felix Fontein <felix@fontein.de> * Fix indentation * Update plugins/modules/iso_extract.py Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com> * iso_extract: add password warning * Update plugins/modules/iso_extract.py Co-authored-by: Felix Fontein <felix@fontein.de> * Shorten a docs line. * Fix formatting. --------- Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2024-12-02 20:16:30 +01:00 · 2024-12-02 20:16:30 +01:00 · da97e220ef
parent 41b6a281e1
commit da97e220ef
2 changed files with 17 additions and 1 deletions
--- a/changelogs/fragments/9159-iso-extract_add_password.yml
+++ b/changelogs/fragments/9159-iso-extract_add_password.yml
@ -0,0 +1,2 @@
+minor_changes:
+  - iso_extract - adds ``password`` parameter that is passed to 7z (https://github.com/ansible-collections/community.general/pull/9159).
--- a/plugins/modules/iso_extract.py
+++ b/plugins/modules/iso_extract.py
@ -67,6 +67,15 @@ options:
    - The path to the C(7z) executable to use for extracting files from the ISO.
    - If not provided, it will assume the value V(7z).
    type: path
+  password:
+    description:
+    - Password used to decrypt files from the ISO.
+    - Will only be used if 7z is used.
+    - The password is used as a command line argument to 7z. This is a B(potential security risk) that
+      allows passwords to be revealed if someone else can list running processes on the same machine
+      in the right moment.
+    type: str
+    version_added: 10.1.0
 notes:
 - Only the file checksum (content) is taken into account when extracting files
  from the ISO image. If O(force=false), only checks the presence of the file.
@ -100,6 +109,7 @@ def main():
            dest=dict(type='path', required=True),
            files=dict(type='list', elements='str', required=True),
            force=dict(type='bool', default=True),
+            password=dict(type='str', no_log=True),
            executable=dict(type='path'),  # No default on purpose
        ),
        supports_check_mode=True,
@ -108,6 +118,7 @@ def main():
    dest = module.params['dest']
    files = module.params['files']
    force = module.params['force']
+    password = module.params['password']
    executable = module.params['executable']

    result = dict(
@ -154,7 +165,10 @@ def main():

    # Use 7zip when we have a binary, otherwise try to mount
    if binary:
-        cmd = [binary, 'x', image, '-o%s' % tmp_dir] + extract_files
+        cmd = [binary, 'x', image, '-o%s' % tmp_dir]
+        if password:
+            cmd += ["-p%s" % password]
+        cmd += extract_files
    else:
        cmd = [module.get_bin_path('mount'), '-o', 'loop,ro', image, tmp_dir]