authorized_key 29891 use os.path.realpath to follow keyfile symlinks (#40417)
* 29891 use os.path.realpath to follow keyfile symlinks * 29891 add parameter follow * updated changelog fragment * add documentation and set default to false
This commit is contained in:
parent
688ffa4cee
commit
21066410be
2 changed files with 22 additions and 2 deletions
4
changelogs/fragments/authorized_key_symlinks.yaml
Normal file
4
changelogs/fragments/authorized_key_symlinks.yaml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
bugfixes:
|
||||||
|
- authorized_key now have an option for following symlinks,
|
||||||
|
default behaviour (False) can be changed by setting follow True/False
|
|
@ -78,6 +78,12 @@ options:
|
||||||
cases such as fetching it from GitHub or GitLab.
|
cases such as fetching it from GitHub or GitLab.
|
||||||
- If no comment is specified, the existing comment will be kept.
|
- If no comment is specified, the existing comment will be kept.
|
||||||
version_added: "2.4"
|
version_added: "2.4"
|
||||||
|
follow:
|
||||||
|
description:
|
||||||
|
- Follow path symlink instead of replacing it
|
||||||
|
type: bool
|
||||||
|
default: 'no'
|
||||||
|
version_added: "2.7"
|
||||||
author: "Ansible Core Team"
|
author: "Ansible Core Team"
|
||||||
'''
|
'''
|
||||||
|
|
||||||
|
@ -284,7 +290,7 @@ class keydict(dict):
|
||||||
return [item[1] for item in self.items()]
|
return [item[1] for item in self.items()]
|
||||||
|
|
||||||
|
|
||||||
def keyfile(module, user, write=False, path=None, manage_dir=True):
|
def keyfile(module, user, write=False, path=None, manage_dir=True, follow=False):
|
||||||
"""
|
"""
|
||||||
Calculate name of authorized keys file, optionally creating the
|
Calculate name of authorized keys file, optionally creating the
|
||||||
directories and file, properly setting permissions.
|
directories and file, properly setting permissions.
|
||||||
|
@ -293,11 +299,16 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
|
||||||
:param bool write: if True, write changes to authorized_keys file (creating directories if needed)
|
:param bool write: if True, write changes to authorized_keys file (creating directories if needed)
|
||||||
:param str path: if not None, use provided path rather than default of '~user/.ssh/authorized_keys'
|
:param str path: if not None, use provided path rather than default of '~user/.ssh/authorized_keys'
|
||||||
:param bool manage_dir: if True, create and set ownership of the parent dir of the authorized_keys file
|
:param bool manage_dir: if True, create and set ownership of the parent dir of the authorized_keys file
|
||||||
|
:param bool follow: if True symlinks will be followed and not replaced
|
||||||
:return: full path string to authorized_keys for user
|
:return: full path string to authorized_keys for user
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if module.check_mode and path is not None:
|
if module.check_mode and path is not None:
|
||||||
keysfile = path
|
keysfile = path
|
||||||
|
|
||||||
|
if follow:
|
||||||
|
return os.path.realpath(keysfile)
|
||||||
|
|
||||||
return keysfile
|
return keysfile
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
@ -314,6 +325,9 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
|
||||||
sshdir = os.path.dirname(path)
|
sshdir = os.path.dirname(path)
|
||||||
keysfile = path
|
keysfile = path
|
||||||
|
|
||||||
|
if follow:
|
||||||
|
keysfile = os.path.realpath(keysfile)
|
||||||
|
|
||||||
if not write:
|
if not write:
|
||||||
return keysfile
|
return keysfile
|
||||||
|
|
||||||
|
@ -518,6 +532,7 @@ def enforce_state(module, params):
|
||||||
key_options = params.get("key_options", None)
|
key_options = params.get("key_options", None)
|
||||||
exclusive = params.get("exclusive", False)
|
exclusive = params.get("exclusive", False)
|
||||||
comment = params.get("comment", None)
|
comment = params.get("comment", None)
|
||||||
|
follow = params.get('follow', False)
|
||||||
error_msg = "Error getting key from: %s"
|
error_msg = "Error getting key from: %s"
|
||||||
|
|
||||||
# if the key is a url, request it and use it as key source
|
# if the key is a url, request it and use it as key source
|
||||||
|
@ -613,7 +628,7 @@ def enforce_state(module, params):
|
||||||
do_write = True
|
do_write = True
|
||||||
|
|
||||||
if do_write:
|
if do_write:
|
||||||
filename = keyfile(module, user, do_write, path, manage_dir)
|
filename = keyfile(module, user, do_write, path, manage_dir, follow)
|
||||||
new_content = serialize(existing_keys)
|
new_content = serialize(existing_keys)
|
||||||
|
|
||||||
diff = None
|
diff = None
|
||||||
|
@ -650,6 +665,7 @@ def main():
|
||||||
exclusive=dict(default=False, type='bool'),
|
exclusive=dict(default=False, type='bool'),
|
||||||
comment=dict(required=False, default=None, type='str'),
|
comment=dict(required=False, default=None, type='str'),
|
||||||
validate_certs=dict(default=True, type='bool'),
|
validate_certs=dict(default=True, type='bool'),
|
||||||
|
follow=dict(default=False, type='bool')
|
||||||
),
|
),
|
||||||
supports_check_mode=True
|
supports_check_mode=True
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in a new issue