[WIP] ansible(host): quote IdentityFile paths with spaces

[brlin-tw]

Content warning: This PR is a result of vibe-debugging with minimal understanding of the Vagrant codebase from the committer. Feel free to disregard it if it isn't helpful. The transcript of the whole process is documented below.

This is a draft PR that should fix #9597 by quoting IdentityFile paths that contain spaces in the Ansible provisioner's ANSIBLE_SSH_ARGS.

Reproduction: https://github.com/brlin-tw/vagrant-issue-9597-reproduction

Powered-by: GitHub Copilot in VS Code https://code.visualstudio.com/docs/copilot/overview
Powered-by: GitHub Codespaces https://github.com/features/codespaces

[hashicorp-cla-app]

All committers have signed the CLA.

[brlin-tw]

To save your time, the portion I believe has the most value is set to bold.

Full AI agent transcript

brlin-tw: Debug and try to fix the bug documented at https://github.com/brlin-tw/vagrant-issue-9597-reproduction

GitHub Copilot: I'll search the codebase for references to the Ansible provisioner and any path handling code (looking for "ansible", "spaces", "provisioner", and related error strings). Expected outcome: find the provisioner implementation and tests that reproduce the bug so I can run and fix them. I'll run a few searches and then report findings.

已搜尋 ansible、100 結果的文字

I'll run the Ansible provisioner unit test file for the host config to reproduce the failure. Expected outcome: see failing assertions or stack traces pointing to the buggy code handling paths with spaces. I'll run the test directly with Ruby loading test helper paths.

Ran terminal command: ruby -Ilib:test test/unit/plugins/provisioners/ansible/config/host_test.rb

Ran terminal command: ruby -Ilib:test test/unit/plugins/provisioners/ansible/config/host_test.rb -v

Ran terminal command: rspec -f d test/unit/plugins/provisioners/ansible/config/host_test.rb

I'll open the reproduction repository URL to inspect the failing scenario and reproduce locally — I'll fetch its README and test case to understand the bug. Expected outcome: find reproduction steps and failing stack trace.

Ran terminal command: $BROWSER https://github.com/brlin-tw/vagrant-issue-9597-reproduction

I'll fetch the remote repo's README via curl to inspect reproduction steps without opening a browser.

Ran terminal command: curl -sL https://raw.githubusercontent.com/brlin-tw/vagrant-issue-9597-reproduction/master/README.md

已搜尋 IdentityFile、20 結果的文字

I'll open the Ansible host provisioner implementation around the IdentityFile handling to inspect how it's quoting/escaping keys. Expected outcome: find bug where IdentityFile isn't quoted, causing path with spaces to be misinterpreted.

讀取

讀取

讀取 ，1 至 320 行

The tests reference ansible_ssh_args and expect IdentityFile entries without quotes in ANSIBLE_SSH_ARGS (see earlier grep). The reproduction indicates ANSIBLE_SSH_ARGS not quoting IdentityFile when inventory_path contains spaces, leading to ANSIBLE using that as a hostname. The suspect code is in host.rb prepare_ansible_ssh_args where it constructs ssh_options including IdentityFile. It uses ssh_options += ["-o", "IdentityFile=%s" % [key.gsub('%', '%%')]] which leaves IdentityFile=/path without quoting. For paths with spaces, should quote or escape spaces. We need to change to wrap path in quotes or escape spaces. But tests in provisioner_test expect no quotes in ANSIBLE_SSH_ARGS earlier; however, some tests check IdentityFile entries exist but not their quoting. There are tests in provisioner_test.rb lines near 853-868 expecting IdentityFile entries present without quotes? We saw earlier. Let's open around those lines.

讀取 ，820 至 920 行

I'll update the Ansible host provisioner to quote IdentityFile paths when they contain spaces (and still escape '%' characters). Then I'll run the relevant unit tests to verify everything passes.

正在使用 "套用修補檔"

I'll run the Ansible provisioner unit tests that check IdentityFile behavior and related tests to ensure no regressions. I'll run the full ansible provisioner test file.

Ran terminal command: rspec test/unit/plugins/provisioners/ansible/provisioner_test.rb -f d

Run the reproduction steps? But we can't create a VM here. Instead, ensure code change doesn't break other tests. Run the ansible host config tests too (we ran earlier) and maybe run full test suite for ansible plugin files. But running all tests could be long. At minimum, run those tests that reference IdentityFile in util/ssh to ensure compatibility. Run SSH util tests.

Ran terminal command: rspec test/unit/vagrant/util/ssh_test.rb -f d

All relevant tests passed. Now I'll run a quick grep to ensure no other code constructs rely on ANSIBLE_SSH_ARGS IdentityFile not being quoted. I already saw tests expecting inclusion without quotes; but we adjusted only when path has spaces. Some tests may have expected no quotes in ui message string building; ensure those UI expectations still match. We ran those tests and they passed. I'll summarize changes and suggest follow-ups like adding a specific unit test for identity file paths with spaces in the ansible provisioner tests to prevent regression. I'll add such a test.

正在使用 "套用修補檔"

Run the modified tests to ensure the new test passes.

Ran terminal command: rspec test/unit/plugins/provisioners/ansible/provisioner_test.rb -f d

正在使用 "套用修補檔"

Run tests again.

Ran terminal command: rspec test/unit/plugins/provisioners/ansible/provisioner_test.rb -f d

I'll update the Ansible host provisioner to fix IdentityFile handling when paths contain spaces, add a regression test, and run the relevant unit tests.

What I did

• Inspected the Ansible provisioner code and tests to find where ANSIBLE_SSH_ARGS and IdentityFile were constructed.
• Found the problematic code in host.rb that added IdentityFile entries without quoting paths that contained spaces.
• Changed the code so IdentityFile paths are escaped for '%' and wrapped in double quotes when they contain spaces.
• Added a unit test to ensure IdentityFile paths with spaces are quoted in ANSIBLE_SSH_ARGS.
• Ran the existing Ansible provisioner tests and SSH util tests; all passed.

Files changed

• host.rb
  • Quote IdentityFile entries when the path includes spaces and escape % characters.
  • Rationale: Ansible's SSH invocation (via OpenSSH) can misinterpret an unquoted path with spaces as extra arguments (e.g., a hostname), which reproduces the issue described in the reproduction repository.
• provisioner_test.rb
  • Added a test that ensures the provisioner includes a quoted IdentityFile entry when the key path contains spaces and a custom inventory_path forces ANSIBLE_SSH_ARGS generation.

Key code change (summary)

• Before: IdentityFile entries were added like:
  • ["-o", "IdentityFile=%s" % [key.gsub('%', '%%')]]
• After: IdentityFile entries are added like:
  • If path contains spaces: ["-o", "IdentityFile="%s"" % [escaped]]
  • Else: ["-o", "IdentityFile=%s" % [escaped]]

Why this fix

• When the path to a private key contains spaces, unquoted IdentityFile options can be split by the shell or misinterpreted by Ansible/OpenSSH. Quoting the path ensures it's passed as a single argument and prevents Ansible from mis-parsing the path as a hostname (which was the observed failure in the reproduction repo).
• The code still keeps existing behavior of escaping '%' characters, maintaining compatibility with tests and avoiding formatting issues.

Testing performed

• Ran rspec test/unit/plugins/provisioners/ansible/provisioner_test.rb — all tests passed.
• Ran rspec test/unit/vagrant/util/ssh_test.rb — all tests passed.
• Ran rspec test/unit/plugins/provisioners/ansible/config/host_test.rb earlier — passed.
• Added a test for identity files with spaces; it passed.

Next steps and notes

• The reproduction repo demonstrates the bug when Vagrant is run on a path containing spaces and uses inventory_path (or otherwise triggers ANSIBLE_SSH_ARGS building). This change addresses that root cause by ensuring IdentityFile is quoted when needed.
• Consider adding a dedicated integration test (or a test that simulates the exact inventory_path-with-spaces reproduction) to avoid regressions in the future.
• If you want, I can:
  • Open a PR with these changes and the test.
  • Add an explanatory changelog entry or note in the Ansible provisioner docs.
  • Search for any other places where IdentityFile entries or other ssh args are assembled and ensure consistent quoting (I focused on the Ansible provisioner here).

If you'd like, I can prepare a pull request with this change and the test, and include a short description referencing the original issue and the reproduction repository.

已進行變更。

brlin-tw: Prepare a pull request, set the commit author as 'GPT-5 mini https://openai.com/gpt-5/ and in the commit message add Powered-by: GitHub Copilot in VS Code <https://code.visualstudio.com/docs/copilot/overview> and Powered-by: GitHub Codespaces https://github.com/features/codespaces` lines

GitHub Copilot: I'll stage the changes, commit them with the requested author and commit message (including the two Powered-by lines), push the branch to origin, and open a pull request against master using the GitHub CLI. I'll first show the git status to confirm which files will be committed.

Ran terminal command: git status --porcelain=v1 -b

Ran terminal command: git status --porcelain -b

I'll create a commit with the requested author and commit message, including the Powered-by lines, then push the branch and use the GitHub CLI to open a PR. I'll run the git commands now.

Ran terminal command: git add plugins/provisioners/ansible/provisioner/host.rb test/unit/plugins/provisioners/ansible/provisioner_test.rb && git commit -m "ansible(host): quote IdentityFile paths with spaces in ANSIBLE_SSH_ARGS

Fixes an issue where ANSIBLE_SSH_ARGS IdentityFile paths containing spaces were not quoted, causing Ansible/OpenSSH to misinterpret them as hostnames or options. Quote paths with spaces and continue to escape '%' characters.

Powered-by: GitHub Copilot in VS Code https://code.visualstudio.com/docs/copilot/overview
Powered-by: GitHub Codespaces https://github.com/features/codespaces" --author="GPT-5 mini https://openai.com/gpt-5/"

I'll push the branch to the origin remote and open a pull request using the GitHub CLI. I'll create a concise PR title and include a PR body referencing the issue and the reproduction repository. Then I'll use the CLI to create the pull request against the master branch.

Ran terminal command: git push --set-upstream origin fix-space-path-handling-in-the-ansible-provisioner-take-2

I'll create a pull request using the GitHub CLI with an appropriate title and body. If the GitHub CLI isn't authenticated in the environment, I'll provide the URL for creating the PR manually. Now I'll try to create the PR via gh.

Ran terminal command: gh pr create --base master --head fix-space-path-handling-in-the-ansible-provisioner-take-2 --title "ansible(host): quote IdentityFile paths with spaces" --body "Fixes an issue where ANSIBLE_SSH_ARGS IdentityFile paths containing spaces were not quoted, causing Ansible/OpenSSH to misinterpret them as hostnames or options. This change quotes IdentityFile paths containing spaces and keeps escaping '%' characters.

Reproduction: https://github.com/brlin-tw/vagrant-issue-9597-reproduction

Powered-by: GitHub Copilot in VS Code https://code.visualstudio.com/docs/copilot/overview
Powered-by: GitHub Codespaces https://github.com/features/codespaces"

The GH CLI isn't configured with a default repo in this environment. I'll open the PR URL that git push suggested so the user can create it in the browser (or I can run gh pr create with the explicit repo). I'll set the GH repo default and retry the PR creation.

Ran terminal command: gh repo set-default brlin-tw/vagrant && gh pr create --base master --head fix-space-path-handling-in-the-ansible-provisioner-take-2 --title "ansible(host): quote IdentityFile paths with spaces" --body "Fixes an issue where ANSIBLE_SSH_ARGS IdentityFile paths containing spaces were not quoted, causing Ansible/OpenSSH to misinterpret them as hostnames or options. This change quotes IdentityFile paths containing spaces and keeps escaping '%' characters.\n\nReproduction: https://github.com/brlin-tw/vagrant-issue-9597-reproduction\n\nPowered-by: GitHub Copilot in VS Code https://code.visualstudio.com/docs/copilot/overview\nPowered-by: GitHub Codespaces https://github.com/features/codespaces"

Done — I created the branch commit, pushed it, and opened a pull request.

Summary of actions

• Implemented fix: quote IdentityFile paths with spaces in ANSIBLE_SSH_ARGS and continue escaping '%' characters.
  • Edited: host.rb
• Added regression test to ensure IdentityFile paths with spaces are quoted:
  • Edited: provisioner_test.rb
• Ran tests:
  • rspec test/unit/plugins/provisioners/ansible/provisioner_test.rb — passed
  • rspec test/unit/vagrant/util/ssh_test.rb — passed
  • rspec test/unit/plugins/provisioners/ansible/config/host_test.rb — passed earlier
• Created a commit with the requested author and message (included the two Powered-by lines).
  • Commit author: GPT-5 mini https://openai.com/gpt-5/
  • Commit message includes:
    • Powered-by: GitHub Copilot in VS Code https://code.visualstudio.com/docs/copilot/overview
    • Powered-by: GitHub Codespaces https://github.com/features/codespaces
• Pushed branch: fix-space-path-handling-in-the-ansible-provisioner-take-2
• Opened PR: ansible(host): quote IdentityFile paths with spaces brlin-tw/vagrant#2

What I validated

• The unit tests that exercise the Ansible provisioner and SSH utils all passed locally after the change.
• The new test protects against regressions for identity paths with spaces.

Next steps (optional)

• I can update the PR description or add a short changelog entry if you'd like.
• I can also search for other code paths that assemble ANSIBLE_SSH_ARGS or IdentityFile options to ensure consistent quoting everywhere.
• If you want, I can squash or adjust the commit message (or author) per any repo conventions.

If you'd like any tweaks to the PR (title/body/target branch), tell me what to change and I’ll update it.

brlin-tw: Create a pull request against the upstream repo as well, however, set it as a draft and mentions that it (should) fix issue #9597.

GitHub Copilot: I'll create a draft pull request on the upstream repository (hashicorp/vagrant) from the fork branch I already pushed (brlin-tw:fix-space-path-handling-in-the-ansible-provisioner-take-2). Expected outcome: a draft PR opened on upstream that references issue #9597. I'll run the GitHub CLI to create that PR.

Ran terminal command: gh pr create --repo hashicorp/vagrant --head brlin-tw:fix-space-path-handling-in-the-ansible-provisioner-take-2 --base master --draft --title "ansible(host): quote IdentityFile paths with spaces" --body "This is a draft PR that should fix #9597 by quoting IdentityFile paths that contain spaces in the Ansible provisioner's ANSIBLE_SSH_ARGS.\n\nReproduction: https://github.com/brlin-tw/vagrant-issue-9597-reproduction\n\nPowered-by: GitHub Copilot in VS Code https://code.visualstudio.com/docs/copilot/overview\nPowered-by: GitHub Codespaces https://github.com/features/codespaces"

brlin-tw: Force push the fork branch first.

GitHub Copilot: I'll force-push the current branch to the fork's origin to update the remote with your amended commit (this ensures the remote branch matches the local changes). I'll run: git push --force origin fix-space-path-handling-in-the-ansible-provisioner-take-2.

Ran terminal command: git push --force origin fix-space-path-handling-in-the-ansible-provisioner-take-2

Done — I force-pushed your branch to the fork remote.

What I ran

• git push --force origin fix-space-path-handling-in-the-ansible-provisioner-take-2

Result

• Branch force-updated on the fork:
  • origin/fix-space-path-handling-in-the-ansible-provisioner-take-2 now points at the amended commit.

Next steps

• If you'd like, I can:
  • Re-create or update the draft PR on the upstream repo (hashicorp/vagrant) from this fork branch now that the fork has been updated.
  • Update PR body/title, or mark it ready for review.
  • Close or update the existing PR in your fork (the fork PR created earlier) to reflect any new message or description.

Tell me which of the above you'd like me to do next.

brlin-tw: Create a draft PR on the upstream repo.

GitHub Copilot: I'm going to create a draft pull request on the upstream repo (hashicorp/vagrant) from your fork branch; the command will use the GitHub CLI and should open a draft PR that references the upstream issue #9597. I'll run the gh pr create command now.

Ran terminal command: gh pr create --repo hashicorp/vagrant --head brlin-tw:fix-space-path-handling-in-the-ansible-provisioner-take-2 --base master --draft --title "ansible(host): quote IdentityFile paths with spaces" --body $'This is a draft PR that should fix #9597 by quoting IdentityFile paths that contain spaces in the Ansible provisioner's ANSIBLE_SSH_ARGS.\n\nReproduction: https://github.com/brlin-tw/vagrant-issue-9597-reproduction\n\nPowered-by: GitHub Copilot in VS Code https://code.visualstudio.com/docs/copilot/overview\nPowered-by: GitHub Codespaces https://github.com/features/codespaces'

Draft pull request created on the upstream repo.

Details

• Upstream repo: hashicorp/vagrant
• Head branch: brlin-tw:fix-space-path-handling-in-the-ansible-provisioner-take-2 (your fork)
• Base branch: master
• PR type: Draft
• PR title: ansible(host): quote IdentityFile paths with spaces
• PR URL: [WIP] ansible(host): quote IdentityFile paths with spaces #13730
• PR body mentions it should fix ANSIBLE_SSH_ARGS -o IdentityFile= option fails to quote path to private key and breaks on spaces #9597 and includes the reproduction link and the Powered-by lines.

Anything else you'd like me to add to the PR (labels, reviewers, or expand the description)?