diff options
| author | Felix Fontein <felix@fontein.de> | 2019-12-03 20:13:44 +0100 |
|---|---|---|
| committer | Matt Davis <nitzmahone@users.noreply.github.com> | 2019-12-03 11:13:44 -0800 |
| commit | 96bdcbe90c44903fefcf526f9536b2ff5b4d516e (patch) | |
| tree | d9c389c7eaed1c3bcfab97ac7a722b589ce780cd | |
| parent | 666acb1754b9c58e1f5a7c411a88b9ff76b47fb1 (diff) | |
| download | ansible-96bdcbe90c44903fefcf526f9536b2ff5b4d516e.tar.gz | |
openssh_keypair: fix idempotence issue (#65017) (#65127)
* Fix idempotence issue.
* Add changelog.
(cherry picked from commit b36f57225665de07c31d6affac541adc12207040)
4 files changed, 15 insertions, 5 deletions
diff --git a/changelogs/fragments/65017-openssh_keypair-idempotence.yml b/changelogs/fragments/65017-openssh_keypair-idempotence.yml new file mode 100644 index 0000000000..411b714982 --- /dev/null +++ b/changelogs/fragments/65017-openssh_keypair-idempotence.yml @@ -0,0 +1,2 @@ +bugfixes: +- "openssh_keypair - fixes idempotence issue with public key (https://github.com/ansible/ansible/issues/64969)." diff --git a/lib/ansible/modules/crypto/openssh_keypair.py b/lib/ansible/modules/crypto/openssh_keypair.py index 152c087f50..66f23c4170 100644 --- a/lib/ansible/modules/crypto/openssh_keypair.py +++ b/lib/ansible/modules/crypto/openssh_keypair.py @@ -272,8 +272,7 @@ class Keypair(object): else: return False - def _parse_pubkey(): - pubkey_content = _get_pubkey_content() + def _parse_pubkey(pubkey_content): if pubkey_content: parts = pubkey_content.split(' ', 2) return parts[0], parts[1], '' if len(parts) <= 2 else parts[2] @@ -281,8 +280,7 @@ class Keypair(object): def _pubkey_valid(pubkey): if pubkey_parts: - current_pubkey = ' '.join([pubkey_parts[0], pubkey_parts[1]]) - return current_pubkey == pubkey + return pubkey_parts[:2] == _parse_pubkey(pubkey)[:2] return False def _comment_valid(): @@ -292,7 +290,7 @@ class Keypair(object): pubkey = module.run_command([module.get_bin_path('ssh-keygen', True), '-yf', self.path]) pubkey = pubkey[1].strip('\n') - pubkey_parts = _parse_pubkey() + pubkey_parts = _parse_pubkey(_get_pubkey_content()) if _pubkey_valid(pubkey): self.public_key = pubkey diff --git a/test/integration/targets/openssh_keypair/tasks/main.yml b/test/integration/targets/openssh_keypair/tasks/main.yml index 529f4334c0..62850ca8a5 100644 --- a/test/integration/targets/openssh_keypair/tasks/main.yml +++ b/test/integration/targets/openssh_keypair/tasks/main.yml @@ -4,6 +4,11 @@ path: '{{ output_dir }}/privatekey1' register: privatekey1_result +- name: Generate privatekey1 - standard (idempotent) + openssh_keypair: + path: '{{ output_dir }}/privatekey1' + register: privatekey1_idem_result + - name: Generate privatekey2 - size 2048 openssh_keypair: path: '{{ output_dir }}/privatekey2' diff --git a/test/integration/targets/openssh_keypair/tests/validate.yml b/test/integration/targets/openssh_keypair/tests/validate.yml index 93899e8017..57bb909dff 100644 --- a/test/integration/targets/openssh_keypair/tests/validate.yml +++ b/test/integration/targets/openssh_keypair/tests/validate.yml @@ -38,6 +38,11 @@ that: - privatekey1.stdout == '4096' +- name: Validate privatekey1 idempotence + assert: + that: + - privatekey1_idem_result is not changed + - name: Validate privatekey2 (test - RSA key with size 2048 bits) shell: "ssh-keygen -lf {{ output_dir }}/privatekey2 | grep -o -E '^[0-9]+'" |