authorized_key 29891 use os.path.realpath to follow keyfile symlinks (#40417)

* 29891 use os.path.realpath to follow keyfile symlinks
* 29891 add parameter follow
* updated changelog fragment
* add documentation and set default to false
This commit is contained in:
Andreas Calminder 2018-08-14 01:06:33 +02:00 committed by Toshio Kuratomi
parent 688ffa4cee
commit 21066410be
2 changed files with 22 additions and 2 deletions

View file

@ -0,0 +1,4 @@
---
bugfixes:
- authorized_key now have an option for following symlinks,
default behaviour (False) can be changed by setting follow True/False

View file

@ -78,6 +78,12 @@ options:
cases such as fetching it from GitHub or GitLab.
- If no comment is specified, the existing comment will be kept.
version_added: "2.4"
follow:
description:
- Follow path symlink instead of replacing it
type: bool
default: 'no'
version_added: "2.7"
author: "Ansible Core Team"
'''
@ -284,7 +290,7 @@ class keydict(dict):
return [item[1] for item in self.items()]
def keyfile(module, user, write=False, path=None, manage_dir=True):
def keyfile(module, user, write=False, path=None, manage_dir=True, follow=False):
"""
Calculate name of authorized keys file, optionally creating the
directories and file, properly setting permissions.
@ -293,11 +299,16 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
:param bool write: if True, write changes to authorized_keys file (creating directories if needed)
:param str path: if not None, use provided path rather than default of '~user/.ssh/authorized_keys'
:param bool manage_dir: if True, create and set ownership of the parent dir of the authorized_keys file
:param bool follow: if True symlinks will be followed and not replaced
:return: full path string to authorized_keys for user
"""
if module.check_mode and path is not None:
keysfile = path
if follow:
return os.path.realpath(keysfile)
return keysfile
try:
@ -314,6 +325,9 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
sshdir = os.path.dirname(path)
keysfile = path
if follow:
keysfile = os.path.realpath(keysfile)
if not write:
return keysfile
@ -518,6 +532,7 @@ def enforce_state(module, params):
key_options = params.get("key_options", None)
exclusive = params.get("exclusive", False)
comment = params.get("comment", None)
follow = params.get('follow', False)
error_msg = "Error getting key from: %s"
# if the key is a url, request it and use it as key source
@ -613,7 +628,7 @@ def enforce_state(module, params):
do_write = True
if do_write:
filename = keyfile(module, user, do_write, path, manage_dir)
filename = keyfile(module, user, do_write, path, manage_dir, follow)
new_content = serialize(existing_keys)
diff = None
@ -650,6 +665,7 @@ def main():
exclusive=dict(default=False, type='bool'),
comment=dict(required=False, default=None, type='str'),
validate_certs=dict(default=True, type='bool'),
follow=dict(default=False, type='bool')
),
supports_check_mode=True
)