Fixes #6454 verify ec2 key fingerprints
This commit is contained in:
parent
9ca9f270d9
commit
1dead65ff7
1 changed files with 43 additions and 4 deletions
|
@ -132,6 +132,10 @@ except ImportError:
|
||||||
print "failed=True msg='boto required for this module'"
|
print "failed=True msg='boto required for this module'"
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
|
import random
|
||||||
|
import string
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
argument_spec = ec2_argument_spec()
|
argument_spec = ec2_argument_spec()
|
||||||
argument_spec.update(dict(
|
argument_spec.update(dict(
|
||||||
|
@ -187,10 +191,45 @@ def main():
|
||||||
# Ensure requested key is present
|
# Ensure requested key is present
|
||||||
elif state == 'present':
|
elif state == 'present':
|
||||||
if key:
|
if key:
|
||||||
'''existing key found'''
|
# existing key found
|
||||||
# Should check if the fingerprint is the same - but lack of info
|
if key_material:
|
||||||
# and different fingerprint provided (pub or private) depending if
|
# EC2's fingerprints are non-trivial to generate, so push this key
|
||||||
# the key has been created of imported.
|
# to a temporary name and make ec2 calculate the fingerprint for us.
|
||||||
|
#
|
||||||
|
# http://blog.jbrowne.com/?p=23
|
||||||
|
# https://forums.aws.amazon.com/thread.jspa?messageID=352828
|
||||||
|
|
||||||
|
# find an unused name
|
||||||
|
test = 'empty'
|
||||||
|
while test:
|
||||||
|
randomchars = [random.choice(string.ascii_letters + string.digits) for x in range(0,10)]
|
||||||
|
tmpkeyname = "ansible-" + ''.join(randomchars)
|
||||||
|
test = ec2.get_key_pair(tmpkeyname)
|
||||||
|
|
||||||
|
# create tmp key
|
||||||
|
tmpkey = ec2.import_key_pair(tmpkeyname, key_material)
|
||||||
|
# get tmp key fingerprint
|
||||||
|
tmpfingerprint = tmpkey.fingerprint
|
||||||
|
# delete tmp key
|
||||||
|
tmpkey.delete()
|
||||||
|
|
||||||
|
if key.fingerprint != tmpfingerprint:
|
||||||
|
if not module.check_mode:
|
||||||
|
key.delete()
|
||||||
|
key = ec2.import_key_pair(name, key_material)
|
||||||
|
|
||||||
|
if wait:
|
||||||
|
start = time.time()
|
||||||
|
action_complete = False
|
||||||
|
while (time.time() - start) < wait_timeout:
|
||||||
|
if ec2.get_key_pair(name):
|
||||||
|
action_complete = True
|
||||||
|
break
|
||||||
|
time.sleep(1)
|
||||||
|
if not action_complete:
|
||||||
|
module.fail_json(msg="timed out while waiting for the key to be re-created")
|
||||||
|
|
||||||
|
changed = True
|
||||||
pass
|
pass
|
||||||
|
|
||||||
# if the key doesn't exist, create it now
|
# if the key doesn't exist, create it now
|
||||||
|
|
Loading…
Reference in a new issue