8 files changed, 162 insertions, 0 deletions

diff --git a/test/integration/targets/connection_ssh/aliases b/test/integration/targets/connection_ssh/aliases
new file mode 100644
index 0000000..bd04bed
--- /dev/null
+++ b/test/integration/targets/connection_ssh/aliases
@@ -0,0 +1,3 @@
+needs/ssh
+shippable/posix/group3
+needs/target/connection
diff --git a/test/integration/targets/connection_ssh/check_ssh_defaults.yml b/test/integration/targets/connection_ssh/check_ssh_defaults.yml
new file mode 100644
index 0000000..937f1f7
--- /dev/null
+++ b/test/integration/targets/connection_ssh/check_ssh_defaults.yml
@@ -0,0 +1,29 @@
+- hosts: ssh
+  gather_facts: false
+  vars:
+    ansible_connection: ssh
+    ansible_ssh_timeout: 10
+  tasks:
+    - name: contain the maddness
+      block:
+        - name: test all is good
+          ping:
+
+        - name: start the fun
+          meta: reset_connection
+
+        - name: now test we can use wrong port from ssh/config
+          ping:
+          ignore_unreachable: True
+          vars:
+            ansible_ssh_args: "-F {{playbook_dir}}/files/port_overrride_ssh.cfg"
+          register: expected
+
+        - name: check all is as expected
+          assert:
+            that:
+              - expected['unreachable']|bool
+              - "'2222' in expected['msg']"
+      always:
+        - name: make sure we don't cache the bad connection
+          meta: reset_connection
diff --git a/test/integration/targets/connection_ssh/files/port_overrride_ssh.cfg b/test/integration/targets/connection_ssh/files/port_overrride_ssh.cfg
new file mode 100644
index 0000000..7f8422e
--- /dev/null
+++ b/test/integration/targets/connection_ssh/files/port_overrride_ssh.cfg
@@ -0,0 +1,2 @@
+Host *
+	Port 2222
diff --git a/test/integration/targets/connection_ssh/posix.sh b/test/integration/targets/connection_ssh/posix.sh
new file mode 100755
index 0000000..8f036fb
--- /dev/null
+++ b/test/integration/targets/connection_ssh/posix.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+set -eux
+
+group=ssh
+
+cd ../connection
+
+INVENTORY="../connection_${group}/test_connection.inventory" ./test.sh \
+    -e target_hosts="${group}" \
+    -e action_prefix= \
+    -e local_tmp=/tmp/ansible-local \
+    -e remote_tmp=/tmp/ansible-remote \
+    "$@"
diff --git a/test/integration/targets/connection_ssh/runme.sh b/test/integration/targets/connection_ssh/runme.sh
new file mode 100755
index 0000000..ad817c8
--- /dev/null
+++ b/test/integration/targets/connection_ssh/runme.sh
@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+
+set -ux
+
+# We skip this whole section if the test node doesn't have sshpass on it.
+if command -v sshpass > /dev/null; then
+    # Check if our sshpass supports -P
+    sshpass -P foo > /dev/null
+    sshpass_supports_prompt=$?
+    if [[ $sshpass_supports_prompt -eq 0 ]]; then
+        # If the prompt is wrong, we'll end up hanging (due to sshpass hanging).
+        # We should probably do something better here, like timing out in Ansible,
+        # but this has been the behavior for a long time, before we supported custom
+        # password prompts.
+        #
+        # So we search for a custom password prompt that is clearly wrong and call
+        # ansible with timeout. If we time out, our custom prompt was successfully
+        # searched for. It's a weird way of doing things, but it does ensure
+        # that the flag gets passed to sshpass.
+        timeout 5 ansible -m ping \
+            -e ansible_connection=ssh \
+            -e ansible_sshpass_prompt=notThis: \
+            -e ansible_password=foo \
+            -e ansible_user=definitelynotroot \
+            -i test_connection.inventory \
+            ssh-pipelining
+        ret=$?
+        # 124 is EXIT_TIMEDOUT from gnu coreutils
+        # 143 is 128+SIGTERM(15) from BusyBox
+        if [[ $ret -ne 124 && $ret -ne 143 ]]; then
+            echo "Expected to time out and we did not. Exiting with failure."
+            exit 1
+        fi
+    else
+        ansible -m ping \
+            -e ansible_connection=ssh \
+            -e ansible_sshpass_prompt=notThis: \
+            -e ansible_password=foo \
+            -e ansible_user=definitelynotroot \
+            -i test_connection.inventory \
+            ssh-pipelining | grep 'customized password prompts'
+        ret=$?
+        [[ $ret -eq 0 ]] || exit $ret
+    fi
+fi
+
+set -e
+
+if [[ "$(scp -O 2>&1)" == "usage: scp "* ]]; then
+    # scp supports the -O option (and thus the -T option as well)
+    # work-around required
+    # see: https://www.openssh.com/txt/release-9.0
+    scp_args=("-e" "ansible_scp_extra_args=-TO")
+elif [[ "$(scp -T 2>&1)" == "usage: scp "* ]]; then
+    # scp supports the -T option
+    # work-around required
+    # see: https://github.com/ansible/ansible/issues/52640
+    scp_args=("-e" "ansible_scp_extra_args=-T")
+else
+    # scp does not support the -T or -O options
+    # no work-around required
+    # however we need to put something in the array to keep older versions of bash happy
+    scp_args=("-e" "")
+fi
+
+# sftp
+./posix.sh "$@"
+# scp
+ANSIBLE_SCP_IF_SSH=true ./posix.sh "$@" "${scp_args[@]}"
+# piped
+ANSIBLE_SSH_TRANSFER_METHOD=piped ./posix.sh "$@"
+
+# test config defaults override
+ansible-playbook check_ssh_defaults.yml "$@" -i test_connection.inventory
+
+# ensure we can load from ini cfg
+ANSIBLE_CONFIG=./test_ssh_defaults.cfg ansible-playbook verify_config.yml "$@"
+
+# ensure we handle cp with spaces correctly, otherwise would fail with
+# `"Failed to connect to the host via ssh: command-line line 0: keyword controlpath extra arguments at end of line"`
+ANSIBLE_SSH_CONTROL_PATH='/tmp/ssh cp with spaces' ansible -m ping all -e ansible_connection=ssh -i test_connection.inventory "$@"
diff --git a/test/integration/targets/connection_ssh/test_connection.inventory b/test/integration/targets/connection_ssh/test_connection.inventory
new file mode 100644
index 0000000..a1a4ff1
--- /dev/null
+++ b/test/integration/targets/connection_ssh/test_connection.inventory
@@ -0,0 +1,7 @@
+[ssh]
+ssh-pipelining    ansible_ssh_pipelining=true
+ssh-no-pipelining ansible_ssh_pipelining=false
+[ssh:vars]
+ansible_host=localhost
+ansible_connection=ssh
+ansible_python_interpreter="{{ ansible_playbook_python }}"
diff --git a/test/integration/targets/connection_ssh/test_ssh_defaults.cfg b/test/integration/targets/connection_ssh/test_ssh_defaults.cfg
new file mode 100644
index 0000000..362f946
--- /dev/null
+++ b/test/integration/targets/connection_ssh/test_ssh_defaults.cfg
@@ -0,0 +1,5 @@
+[ssh_connection]
+ssh_common_args=fromconfig
+ssh_extra_args=fromconfig
+scp_extra_args=fromconfig
+sftp_extra_args=fromconfig
diff --git a/test/integration/targets/connection_ssh/verify_config.yml b/test/integration/targets/connection_ssh/verify_config.yml
new file mode 100644
index 0000000..0bf7958
--- /dev/null
+++ b/test/integration/targets/connection_ssh/verify_config.yml
@@ -0,0 +1,21 @@
+- hosts: localhost
+  gather_facts: false
+  vars:
+    ssh_configs:
+      - ssh_common_args
+      - ssh_extra_args
+      - sftp_extra_args
+      - scp_extra_args
+  tasks:
+    - debug:
+        msg: '{{item ~ ": " ~ lookup("config", item, plugin_type="connection", plugin_name="ssh")}}'
+        verbosity: 3
+      loop: '{{ssh_configs}}'
+      tags: [ configfile ]
+
+    - name: check config from file
+      assert:
+        that:
+          - 'lookup("config", item, plugin_type="connection", plugin_name="ssh") == "fromconfig"'
+      loop: '{{ssh_configs}}'
+      tags: [ configfile ]