diff options
author | sbettid <davide.sbetti@gmail.com> | 2022-09-28 15:16:57 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-09-28 08:16:57 -0500 |
commit | 00d60a45fa7cd61b25d622735ceb4c8f6a125a76 (patch) | |
tree | 69f0744b777a88e2b9f96262f6ee66f5094806b6 | |
parent | 0d188114c658c01e65a173bba83219f14e70e52f (diff) | |
download | ansible-00d60a45fa7cd61b25d622735ceb4c8f6a125a76.tar.gz |
[stable 2.13] Fix known host changed status when removing non-existing key #78598 (#78878)
* Fix known_hosts changed status when removing non-existing key (#78748)
* Ensure no change is reported when removing missing key for host with other keys
Co-authored-by: Matt Martz <matt@sivel.net>
* Add changelog for fix known hosts wrong changed status cherry pick
* Remove old changelog for fix known hosts wrong changed status
* Rename changelog according to PR number
Co-authored-by: Matt Martz <matt@sivel.net>
4 files changed, 44 insertions, 0 deletions
diff --git a/changelogs/fragments/78878--fix-known-hosts-wrong-changed-status.yaml b/changelogs/fragments/78878--fix-known-hosts-wrong-changed-status.yaml new file mode 100644 index 0000000000..205891b432 --- /dev/null +++ b/changelogs/fragments/78878--fix-known-hosts-wrong-changed-status.yaml @@ -0,0 +1,3 @@ +bugfixes: + - known_hosts - do not return changed status when a non-existing key is removed (https://github.com/ansible/ansible/issues/78598) +
\ No newline at end of file diff --git a/lib/ansible/modules/known_hosts.py b/lib/ansible/modules/known_hosts.py index ff3bf34a47..b0c888807c 100644 --- a/lib/ansible/modules/known_hosts.py +++ b/lib/ansible/modules/known_hosts.py @@ -143,6 +143,12 @@ def enforce_state(module, params): params['diff'] = compute_diff(path, found_line, replace_or_add, state, key) + # check if we are trying to remove a non matching key, + # in that case return with no change to the host + if state == 'absent' and not found_line and key: + params['changed'] = False + return params + # We will change state if found==True & state!="present" # or found==False & state=="present" # i.e found XOR (state=="present") diff --git a/test/integration/targets/known_hosts/defaults/main.yml b/test/integration/targets/known_hosts/defaults/main.yml index eb0a4ba371..b1b56ac74b 100644 --- a/test/integration/targets/known_hosts/defaults/main.yml +++ b/test/integration/targets/known_hosts/defaults/main.yml @@ -1,3 +1,6 @@ --- example_org_rsa_key: > example.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAglyZmHHWskQ9wkh8LYbIqzvg99/oloneH7BaZ02ripJUy/2Zynv4tgUfm9fdXvAb1XXCEuTRnts9FBer87+voU0FPRgx3CfY9Sgr0FspUjnm4lqs53FIab1psddAaS7/F7lrnjl6VqBtPwMRQZG7qlml5uogGJwYJHxX0PGtsdoTJsM= + +example_org_ed25519_key: > + example.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzlnSq5ESxLgW0avvPk3j7zLV59hcAPkxrMNdnZMKP2
\ No newline at end of file diff --git a/test/integration/targets/known_hosts/tasks/main.yml b/test/integration/targets/known_hosts/tasks/main.yml index 67f0e5a679..dc00dedd87 100644 --- a/test/integration/targets/known_hosts/tasks/main.yml +++ b/test/integration/targets/known_hosts/tasks/main.yml @@ -96,6 +96,37 @@ - 'result.diff.before == result.diff.after' - 'known_hosts.stdout == known_hosts_v2.stdout' +# https://github.com/ansible/ansible/issues/78598 +# test removing nonexistent host key when the other keys exist for the host +- name: remove different key + known_hosts: + name: example.org + key: "{{ example_org_ed25519_key }}" + state: absent + path: "{{remote_tmp_dir}}/known_hosts" + register: result + +- name: remove nonexistent key with check mode + known_hosts: + name: example.org + key: "{{ example_org_ed25519_key }}" + state: absent + path: "{{remote_tmp_dir}}/known_hosts" + check_mode: yes + register: check_mode_result + +- name: get the file content + command: "cat {{remote_tmp_dir}}/known_hosts" + register: known_hosts_different_key_removal + +- name: assert that no changes happened + assert: + that: + - 'result is not changed' + - 'check_mode_result is not changed' + - 'result.diff.before == result.diff.after' + - 'known_hosts_v2.stdout == known_hosts_different_key_removal.stdout' + # test removal - name: remove the host in check mode @@ -129,6 +160,7 @@ - name: assert that the key was removed and ordering preserved assert: that: + - 'diff is changed' - 'result is changed' - '"example.org" not in known_hosts_v3.stdout' - 'known_hosts_v3.stdout_lines[0].startswith("example.com")' |