Add comment option to authorized_key (#27781)
* Add comment option to authorized_keys * Update version_added for authorized_keys comment * PEP8 * Include index rank in parsed_key_key * Properly display diff Only display diff if specificed via settings * Fix PEP8 test failure Removed from legacy files since it is now properly formatted * Cleanup integration test formatting and add test for new comment feature * Correct version_added for new option
This commit is contained in:
parent
8a69706037
commit
271127113f
4 changed files with 234 additions and 152 deletions
|
@ -79,6 +79,14 @@ options:
|
|||
default: "yes"
|
||||
choices: ["yes", "no"]
|
||||
version_added: "2.1"
|
||||
comment:
|
||||
description:
|
||||
- Change the comment on the public key. Rewriting the comment is useful in
|
||||
cases such as fetching it from GitHub or GitLab.
|
||||
- If no comment is specified, the existing comment will be kept.
|
||||
required: false
|
||||
default: None
|
||||
version_added: "2.4"
|
||||
author: "Ansible Core Team"
|
||||
'''
|
||||
|
||||
|
@ -220,6 +228,7 @@ from ansible.module_utils.basic import AnsibleModule
|
|||
from ansible.module_utils.pycompat24 import get_exception
|
||||
from ansible.module_utils.urls import fetch_url
|
||||
|
||||
|
||||
class keydict(dict):
|
||||
|
||||
""" a dictionary that maintains the order of keys as they are added
|
||||
|
@ -247,8 +256,8 @@ class keydict(dict):
|
|||
# http://stackoverflow.com/questions/2328235/pythonextend-the-dict-class
|
||||
|
||||
def __init__(self, *args, **kw):
|
||||
super(keydict,self).__init__(*args, **kw)
|
||||
self.itemlist = list(super(keydict,self).keys())
|
||||
super(keydict, self).__init__(*args, **kw)
|
||||
self.itemlist = list(super(keydict, self).keys())
|
||||
|
||||
def __setitem__(self, key, value):
|
||||
self.itemlist.append(key)
|
||||
|
@ -309,12 +318,12 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
|
|||
module.fail_json(msg="Either user must exist or you must provide full path to key file in check mode")
|
||||
module.fail_json(msg="Failed to lookup user %s: %s" % (user, str(e)))
|
||||
if path is None:
|
||||
homedir = user_entry.pw_dir
|
||||
sshdir = os.path.join(homedir, ".ssh")
|
||||
keysfile = os.path.join(sshdir, "authorized_keys")
|
||||
homedir = user_entry.pw_dir
|
||||
sshdir = os.path.join(homedir, ".ssh")
|
||||
keysfile = os.path.join(sshdir, "authorized_keys")
|
||||
else:
|
||||
sshdir = os.path.dirname(path)
|
||||
keysfile = path
|
||||
sshdir = os.path.dirname(path)
|
||||
keysfile = path
|
||||
|
||||
if not write:
|
||||
return keysfile
|
||||
|
@ -335,7 +344,7 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
|
|||
if not os.path.exists(basedir):
|
||||
os.makedirs(basedir)
|
||||
try:
|
||||
f = open(keysfile, "w") #touches file so we can set ownership and perms
|
||||
f = open(keysfile, "w") # touches file so we can set ownership and perms
|
||||
finally:
|
||||
f.close()
|
||||
if module.selinux_enabled():
|
||||
|
@ -349,12 +358,13 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
|
|||
|
||||
return keysfile
|
||||
|
||||
|
||||
def parseoptions(module, options):
|
||||
'''
|
||||
reads a string containing ssh-key options
|
||||
and returns a dictionary of those options
|
||||
'''
|
||||
options_dict = keydict() #ordered dict
|
||||
options_dict = keydict() # ordered dict
|
||||
if options:
|
||||
# the following regex will split on commas while
|
||||
# ignoring those commas that fall within quotes
|
||||
|
@ -369,6 +379,7 @@ def parseoptions(module, options):
|
|||
|
||||
return options_dict
|
||||
|
||||
|
||||
def parsekey(module, raw_key, rank=None):
|
||||
'''
|
||||
parses a key, which may or may not contain a list
|
||||
|
@ -387,9 +398,9 @@ def parsekey(module, raw_key, rank=None):
|
|||
'ssh-rsa',
|
||||
]
|
||||
|
||||
options = None # connection options
|
||||
key = None # encrypted key string
|
||||
key_type = None # type of ssh key
|
||||
options = None # connection options
|
||||
key = None # encrypted key string
|
||||
key_type = None # type of ssh key
|
||||
type_index = None # index of keytype in key string|list
|
||||
|
||||
# remove comment yaml escapes
|
||||
|
@ -398,7 +409,7 @@ def parsekey(module, raw_key, rank=None):
|
|||
# split key safely
|
||||
lex = shlex.shlex(raw_key)
|
||||
lex.quotes = []
|
||||
lex.commenters = '' #keep comment hashes
|
||||
lex.commenters = '' # keep comment hashes
|
||||
lex.whitespace_split = True
|
||||
key_parts = list(lex)
|
||||
|
||||
|
@ -430,6 +441,7 @@ def parsekey(module, raw_key, rank=None):
|
|||
|
||||
return (key, key_type, options, comment, rank)
|
||||
|
||||
|
||||
def readfile(filename):
|
||||
|
||||
if not os.path.isfile(filename):
|
||||
|
@ -441,6 +453,7 @@ def readfile(filename):
|
|||
finally:
|
||||
f.close()
|
||||
|
||||
|
||||
def parsekeys(module, lines):
|
||||
keys = {}
|
||||
for rank_index, line in enumerate(lines.splitlines(True)):
|
||||
|
@ -454,10 +467,11 @@ def parsekeys(module, lines):
|
|||
keys[line] = (line, 'skipped', None, None, rank_index)
|
||||
return keys
|
||||
|
||||
|
||||
def writefile(module, filename, content):
|
||||
|
||||
fd, tmp_path = tempfile.mkstemp('', 'tmp', os.path.dirname(filename))
|
||||
f = open(tmp_path,"w")
|
||||
f = open(tmp_path, "w")
|
||||
|
||||
try:
|
||||
f.write(content)
|
||||
|
@ -467,6 +481,7 @@ def writefile(module, filename, content):
|
|||
f.close()
|
||||
module.atomic_move(tmp_path, filename)
|
||||
|
||||
|
||||
def serialize(keys):
|
||||
lines = []
|
||||
new_keys = keys.values()
|
||||
|
@ -496,24 +511,26 @@ def serialize(keys):
|
|||
key_line = key[0]
|
||||
else:
|
||||
key_line = "%s%s %s %s\n" % (option_str, key_type, keyhash, comment)
|
||||
except:
|
||||
except Exception:
|
||||
key_line = key
|
||||
lines.append(key_line)
|
||||
return ''.join(lines)
|
||||
|
||||
|
||||
def enforce_state(module, params):
|
||||
"""
|
||||
Add or remove key.
|
||||
"""
|
||||
|
||||
user = params["user"]
|
||||
key = params["key"]
|
||||
path = params.get("path", None)
|
||||
manage_dir = params.get("manage_dir", True)
|
||||
state = params.get("state", "present")
|
||||
user = params["user"]
|
||||
key = params["key"]
|
||||
path = params.get("path", None)
|
||||
manage_dir = params.get("manage_dir", True)
|
||||
state = params.get("state", "present")
|
||||
key_options = params.get("key_options", None)
|
||||
exclusive = params.get("exclusive", False)
|
||||
error_msg = "Error getting key from: %s"
|
||||
exclusive = params.get("exclusive", False)
|
||||
comment = params.get("comment", None)
|
||||
error_msg = "Error getting key from: %s"
|
||||
|
||||
# if the key is a url, request it and use it as key source
|
||||
if key.startswith("http"):
|
||||
|
@ -559,6 +576,9 @@ def enforce_state(module, params):
|
|||
# rank here is the rank in the provided new keys, which may be unrelated to rank in existing_keys
|
||||
parsed_new_key = (parsed_new_key[0], parsed_new_key[1], parsed_options, parsed_new_key[3], parsed_new_key[4])
|
||||
|
||||
if comment is not None:
|
||||
parsed_new_key = (parsed_new_key[0], parsed_new_key[1], parsed_new_key[2], comment, parsed_new_key[4])
|
||||
|
||||
matched = False
|
||||
non_matching_keys = []
|
||||
|
||||
|
@ -574,7 +594,7 @@ def enforce_state(module, params):
|
|||
matched = True
|
||||
|
||||
# handle idempotent state=present
|
||||
if state=="present":
|
||||
if state == "present":
|
||||
keys_to_exist.append(parsed_new_key[0])
|
||||
if len(non_matching_keys) > 0:
|
||||
for non_matching_key in non_matching_keys:
|
||||
|
@ -590,7 +610,7 @@ def enforce_state(module, params):
|
|||
existing_keys[parsed_new_key[0]] = (parsed_new_key[0], parsed_new_key[1], parsed_new_key[2], parsed_new_key[3], total_rank)
|
||||
do_write = True
|
||||
|
||||
elif state=="absent":
|
||||
elif state == "absent":
|
||||
if not matched:
|
||||
continue
|
||||
del existing_keys[parsed_new_key[0]]
|
||||
|
@ -607,35 +627,41 @@ def enforce_state(module, params):
|
|||
if do_write:
|
||||
filename = keyfile(module, user, do_write, path, manage_dir)
|
||||
new_content = serialize(existing_keys)
|
||||
diff = {
|
||||
'before_header': params['keyfile'],
|
||||
'after_header': filename,
|
||||
'before': existing_content,
|
||||
'after': new_content,
|
||||
}
|
||||
|
||||
diff = None
|
||||
if module._diff:
|
||||
diff = {
|
||||
'before_header': params['keyfile'],
|
||||
'after_header': filename,
|
||||
'before': existing_content,
|
||||
'after': new_content,
|
||||
}
|
||||
params['diff'] = diff
|
||||
|
||||
if module.check_mode:
|
||||
module.exit_json(changed=True, diff=diff)
|
||||
writefile(module, filename, new_content)
|
||||
params['changed'] = True
|
||||
params['diff'] = diff
|
||||
else:
|
||||
if module.check_mode:
|
||||
module.exit_json(changed=False)
|
||||
|
||||
return params
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec = dict(
|
||||
user = dict(required=True, type='str'),
|
||||
key = dict(required=True, type='str'),
|
||||
path = dict(required=False, type='str'),
|
||||
manage_dir = dict(required=False, type='bool', default=True),
|
||||
state = dict(default='present', choices=['absent','present']),
|
||||
key_options = dict(required=False, type='str'),
|
||||
unique = dict(default=False, type='bool'),
|
||||
exclusive = dict(default=False, type='bool'),
|
||||
validate_certs = dict(default=True, type='bool'),
|
||||
argument_spec=dict(
|
||||
user=dict(required=True, type='str'),
|
||||
key=dict(required=True, type='str'),
|
||||
path=dict(required=False, type='str'),
|
||||
manage_dir=dict(required=False, type='bool', default=True),
|
||||
state=dict(default='present', choices=['absent', 'present']),
|
||||
key_options=dict(required=False, type='str'),
|
||||
unique=dict(default=False, type='bool'),
|
||||
exclusive=dict(default=False, type='bool'),
|
||||
comment=dict(required=False, default=None, type='str'),
|
||||
validate_certs=dict(default=True, type='bool'),
|
||||
),
|
||||
supports_check_mode=True
|
||||
)
|
||||
|
@ -643,5 +669,6 @@ def main():
|
|||
results = enforce_state(module, module.params)
|
||||
module.exit_json(**results)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
|
|
|
@ -1,39 +1,35 @@
|
|||
---
|
||||
dss_key_basic: >
|
||||
ssh-dss DATA_BASIC root@testing
|
||||
dss_key_unquoted_option: >
|
||||
idle-timeout=5m ssh-dss DATA_UNQUOTED_OPTION root@testing
|
||||
dss_key_command: >
|
||||
command="/bin/true" ssh-dss DATA_COMMAND root@testing
|
||||
dss_key_complex_command: >
|
||||
command="echo foo 'bar baz'" ssh-dss DATA_COMPLEX_COMMAND root@testing
|
||||
dss_key_command_single_option: >
|
||||
no-port-forwarding,command="/bin/true" ssh-dss DATA_COMMAND_SINGLE_OPTIONS root@testing
|
||||
dss_key_command_multiple_options: >
|
||||
no-port-forwarding,idle-timeout=5m,command="/bin/true" ssh-dss DATA_COMMAND_MULTIPLE_OPTIONS root@testing
|
||||
dss_key_trailing: >
|
||||
ssh-dss DATA_TRAILING root@testing foo bar baz
|
||||
rsa_key_basic: >
|
||||
ssh-rsa DATA_BASIC root@testing
|
||||
dss_key_basic: ssh-dss DATA_BASIC root@testing
|
||||
dss_key_unquoted_option: idle-timeout=5m ssh-dss DATA_UNQUOTED_OPTION root@testing
|
||||
dss_key_command: command="/bin/true" ssh-dss DATA_COMMAND root@testing
|
||||
dss_key_complex_command: command="echo foo 'bar baz'" ssh-dss DATA_COMPLEX_COMMAND root@testing
|
||||
dss_key_command_single_option: no-port-forwarding,command="/bin/true" ssh-dss DATA_COMMAND_SINGLE_OPTIONS root@testing
|
||||
dss_key_command_multiple_options: no-port-forwarding,idle-timeout=5m,command="/bin/true" ssh-dss DATA_COMMAND_MULTIPLE_OPTIONS root@testing
|
||||
dss_key_trailing: ssh-dss DATA_TRAILING root@testing foo bar baz
|
||||
rsa_key_basic: ssh-rsa DATA_BASIC root@testing
|
||||
|
||||
multiple_key_base: |
|
||||
ssh-rsa DATA_BASIC 1@testing
|
||||
ssh-dss DATA_TRAILING 2@testing foo bar baz
|
||||
ssh-dss DATA_TRAILING 3@testing foo bar baz
|
||||
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
|
||||
|
||||
multiple_key_different_order: |
|
||||
ssh-dss DATA_TRAILING 2@testing foo bar baz
|
||||
ssh-dss DATA_TRAILING 3@testing foo bar baz
|
||||
ssh-rsa DATA_BASIC 1@testing
|
||||
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
|
||||
|
||||
multiple_key_different_order_2: |
|
||||
ssh-dss DATA_TRAILING 2@testing foo bar baz
|
||||
ssh-rsa WHATEVER 2.5@testing
|
||||
ssh-dss DATA_TRAILING 3@testing foo bar baz
|
||||
ssh-rsa DATA_BASIC 1@testing
|
||||
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
|
||||
|
||||
multiple_key_exclusive: |
|
||||
ssh-rsa DATA_BASIC 1@testing
|
||||
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
|
||||
|
||||
multiple_keys_comments: |
|
||||
ssh-rsa DATA_BASIC 1@testing
|
||||
# I like adding comments yo-dude-this-is-not-a-key INVALID_DATA 2@testing
|
||||
|
|
|
@ -22,52 +22,59 @@
|
|||
|
||||
|
||||
- name: copy an existing file in place with comments
|
||||
copy: src=existing_authorized_keys dest="{{output_dir|expanduser}}/authorized_keys"
|
||||
copy:
|
||||
src: existing_authorized_keys
|
||||
dest: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
|
||||
- name: add multiple keys different order
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ multiple_key_different_order_2 }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: get the file content
|
||||
shell: cat "{{output_dir|expanduser}}/authorized_keys"
|
||||
shell: cat "{{ output_dir | expanduser }}/authorized_keys"
|
||||
changed_when: no
|
||||
register: multiple_keys_existing
|
||||
|
||||
- name: assert that the key was added and comments and ordering preserved
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == True'
|
||||
- '"# I like candy" in multiple_keys_existing.stdout'
|
||||
- '"# I like candy" in multiple_keys_existing.stdout_lines[0]'
|
||||
- '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout'
|
||||
# The specific index is a little fragile, but I want to verify the line shows up
|
||||
# as the 3rd line in the new entries after the existing entries and comments are preserved
|
||||
- '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout_lines[7]'
|
||||
- 'result.changed == True'
|
||||
- '"# I like candy" in multiple_keys_existing.stdout'
|
||||
- '"# I like candy" in multiple_keys_existing.stdout_lines[0]'
|
||||
- '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout'
|
||||
# The specific index is a little fragile, but I want to verify the line shows up
|
||||
# as the 3rd line in the new entries after the existing entries and comments are preserved
|
||||
- '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout_lines[7]'
|
||||
|
||||
# start afresh
|
||||
|
||||
- name: remove file foo.txt
|
||||
file: path="{{output_dir|expanduser}}/authorized_keys" state=absent
|
||||
file:
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
state: absent
|
||||
|
||||
- name: touch the authorized_keys file
|
||||
file: dest="{{output_dir}}/authorized_keys" state=touch
|
||||
file:
|
||||
dest: "{{ output_dir }}/authorized_keys"
|
||||
state: touch
|
||||
register: result
|
||||
|
||||
- name: assert that the authorized_keys file was created
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == True'
|
||||
- 'result.state == "file"'
|
||||
- 'result.changed == True'
|
||||
- 'result.state == "file"'
|
||||
|
||||
- name: add multiple keys
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ multiple_key_base }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that the key was added
|
||||
|
@ -82,7 +89,7 @@
|
|||
user: root
|
||||
key: "{{ multiple_key_different_order }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that the key was added
|
||||
|
@ -97,23 +104,23 @@
|
|||
user: root
|
||||
key: "{{ multiple_key_exclusive }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
exclusive: true
|
||||
register: result
|
||||
|
||||
- name: assert that the key was added
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == True'
|
||||
- 'result.key == multiple_key_exclusive'
|
||||
- 'result.key_options == None'
|
||||
- 'result.changed == True'
|
||||
- 'result.key == multiple_key_exclusive'
|
||||
- 'result.key_options == None'
|
||||
|
||||
- name: add multiple keys in different calls
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "ecdsa-sha2-nistp521 ECDSA_DATA 4@testing"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: add multiple keys in different calls
|
||||
|
@ -121,38 +128,40 @@
|
|||
user: root
|
||||
key: "ssh-rsa DATA_BASIC 1@testing"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: get the file content
|
||||
shell: cat "{{output_dir|expanduser}}/authorized_keys"
|
||||
shell: cat "{{ output_dir | expanduser }}/authorized_keys"
|
||||
changed_when: no
|
||||
register: multiple_keys_at_a_time
|
||||
|
||||
- name: assert that the key was added
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == false'
|
||||
- 'multiple_keys_at_a_time.stdout == multiple_key_exclusive.strip()'
|
||||
- 'result.changed == false'
|
||||
- 'multiple_keys_at_a_time.stdout == multiple_key_exclusive.strip()'
|
||||
|
||||
- name: add multiple keys comment
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ multiple_keys_comments }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
exclusive: true
|
||||
register: result
|
||||
|
||||
- name: get the file content
|
||||
shell: cat "{{output_dir|expanduser}}/authorized_keys"
|
||||
shell: cat "{{ output_dir | expanduser }}/authorized_keys"
|
||||
changed_when: no
|
||||
register: multiple_keys_comments
|
||||
|
||||
- name: assert that the keys exist and comment only lines were not added
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == False'
|
||||
- 'multiple_keys_comments.stdout == multiple_key_exclusive.strip()'
|
||||
- 'result.key_options == None'
|
||||
- 'result.changed == False'
|
||||
- 'multiple_keys_comments.stdout == multiple_key_exclusive.strip()'
|
||||
- 'result.key_options == None'
|
||||
|
||||
|
||||
|
||||
|
@ -160,86 +169,86 @@
|
|||
# basic ssh-dss key
|
||||
|
||||
- name: add basic ssh-dss key
|
||||
authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{output_dir|expanduser}}/authorized_keys"
|
||||
authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that the key was added
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_basic'
|
||||
- 'result.key_options == None'
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_basic'
|
||||
- 'result.key_options == None'
|
||||
|
||||
- name: re-add basic ssh-dss key
|
||||
authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{output_dir|expanduser}}/authorized_keys"
|
||||
authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that nothing changed
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == False'
|
||||
- 'result.changed == False'
|
||||
|
||||
# -------------------------------------------------------------
|
||||
# ssh-dss key with an unquoted option
|
||||
|
||||
- name: add ssh-dss key with an unquoted option
|
||||
authorized_key:
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ dss_key_unquoted_option }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that the key was added
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_unquoted_option'
|
||||
- 'result.key_options == None'
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_unquoted_option'
|
||||
- 'result.key_options == None'
|
||||
|
||||
- name: re-add ssh-dss key with an unquoted option
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ dss_key_unquoted_option }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that nothing changed
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == False'
|
||||
- 'result.changed == False'
|
||||
|
||||
# -------------------------------------------------------------
|
||||
# ssh-dss key with a leading command="/bin/foo"
|
||||
|
||||
- name: add ssh-dss key with a leading command
|
||||
authorized_key:
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ dss_key_command }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that the key was added
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_command'
|
||||
- 'result.key_options == None'
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_command'
|
||||
- 'result.key_options == None'
|
||||
|
||||
- name: re-add ssh-dss key with a leading command
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ dss_key_command }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that nothing changed
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == False'
|
||||
- 'result.changed == False'
|
||||
|
||||
# -------------------------------------------------------------
|
||||
# ssh-dss key with a complex quoted leading command
|
||||
|
@ -250,28 +259,28 @@
|
|||
user: root
|
||||
key: "{{ dss_key_complex_command }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that the key was added
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_complex_command'
|
||||
- 'result.key_options == None'
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_complex_command'
|
||||
- 'result.key_options == None'
|
||||
|
||||
- name: re-add ssh-dss key with a complex quoted leading command
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ dss_key_complex_command }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that nothing changed
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == False'
|
||||
- 'result.changed == False'
|
||||
|
||||
# -------------------------------------------------------------
|
||||
# ssh-dss key with a command and a single option, which are
|
||||
|
@ -282,28 +291,28 @@
|
|||
user: root
|
||||
key: "{{ dss_key_command_single_option }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that the key was added
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_command_single_option'
|
||||
- 'result.key_options == None'
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_command_single_option'
|
||||
- 'result.key_options == None'
|
||||
|
||||
- name: re-add ssh-dss key with a command and a single option
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ dss_key_command_single_option }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that nothing changed
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == False'
|
||||
- 'result.changed == False'
|
||||
|
||||
# -------------------------------------------------------------
|
||||
# ssh-dss key with a command and multiple other options
|
||||
|
@ -313,28 +322,28 @@
|
|||
user: root
|
||||
key: "{{ dss_key_command_multiple_options }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that the key was added
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_command_multiple_options'
|
||||
- 'result.key_options == None'
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_command_multiple_options'
|
||||
- 'result.key_options == None'
|
||||
|
||||
- name: re-add ssh-dss key with a command and multiple options
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ dss_key_command_multiple_options }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that nothing changed
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == False'
|
||||
- 'result.changed == False'
|
||||
|
||||
# -------------------------------------------------------------
|
||||
# ssh-dss key with multiple trailing parts, which are space-
|
||||
|
@ -345,81 +354,132 @@
|
|||
user: root
|
||||
key: "{{ dss_key_trailing }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that the key was added
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_trailing'
|
||||
- 'result.key_options == None'
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_trailing'
|
||||
- 'result.key_options == None'
|
||||
|
||||
- name: re-add ssh-dss key with trailing parts
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ dss_key_trailing }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that nothing changed
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == False'
|
||||
- 'result.changed == False'
|
||||
|
||||
# -------------------------------------------------------------
|
||||
# basic ssh-dss key with mutliple permit-open options
|
||||
# https://github.com/ansible/ansible-modules-core/issues/1715
|
||||
|
||||
- name: add basic ssh-dss key with multi-opts
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ dss_key_basic }}"
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ dss_key_basic }}"
|
||||
key_options: 'no-agent-forwarding,no-X11-forwarding,permitopen="10.9.8.1:8080",permitopen="10.9.8.1:9001"'
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
state: present
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: assert that the key with multi-opts was added
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_basic'
|
||||
- 'result.key_options == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\""'
|
||||
- 'result.changed == True'
|
||||
- 'result.key == dss_key_basic'
|
||||
- 'result.key_options == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\""'
|
||||
|
||||
- name: get the file content
|
||||
shell: cat "{{output_dir|expanduser}}/authorized_keys" | fgrep DATA_BASIC
|
||||
shell: cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC
|
||||
changed_when: no
|
||||
register: content
|
||||
|
||||
- name: validate content
|
||||
assert:
|
||||
that:
|
||||
- 'content.stdout == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\" ssh-dss DATA_BASIC root@testing"'
|
||||
- 'content.stdout == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\" ssh-dss DATA_BASIC root@testing"'
|
||||
|
||||
# -------------------------------------------------------------
|
||||
# check mode
|
||||
|
||||
- name: copy an existing file in place with comments
|
||||
copy: src=existing_authorized_keys dest="{{output_dir|expanduser}}/authorized_keys"
|
||||
copy:
|
||||
src: existing_authorized_keys
|
||||
dest: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
|
||||
- authorized_key:
|
||||
user: root
|
||||
key: "{{ multiple_key_different_order_2 }}"
|
||||
state: present
|
||||
path: "{{output_dir|expanduser}}/authorized_keys"
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
check_mode: True
|
||||
register: result
|
||||
|
||||
- name: assert that the key would be added and that the diff is shown
|
||||
assert:
|
||||
that:
|
||||
- 'result.changed'
|
||||
- '"ssh-rsa WHATEVER 2.5@testing" in result.diff.after'
|
||||
|
||||
- name: assert that the file was not changed
|
||||
copy: src=existing_authorized_keys dest="{{output_dir|expanduser}}/authorized_keys"
|
||||
copy:
|
||||
src: existing_authorized_keys
|
||||
dest: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- 'result.changed == False'
|
||||
|
||||
# -------------------------------------------------------------
|
||||
# comments
|
||||
|
||||
- name: Add rsa key with existing comment
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ rsa_key_basic }}"
|
||||
state: present
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: Change the comment on an existing key
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ rsa_key_basic }}"
|
||||
comment: user@acme.com
|
||||
state: present
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: get the file content
|
||||
shell: cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC
|
||||
changed_when: no
|
||||
register: content
|
||||
|
||||
- name: Assert that comment on an existing key was changed
|
||||
assert:
|
||||
that:
|
||||
- "'user@acme.com' in content.stdout"
|
||||
|
||||
- name: Set the same key with comment to ensure no changes are reported
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ rsa_key_basic }}"
|
||||
comment: user@acme.com
|
||||
state: present
|
||||
path: "{{ output_dir | expanduser }}/authorized_keys"
|
||||
register: result
|
||||
|
||||
- name: Assert that no changes were made when running again
|
||||
assert:
|
||||
that:
|
||||
- not result.changed
|
||||
|
||||
- debug:
|
||||
var: "{{ item }}"
|
||||
verbosity: 1
|
||||
with_items:
|
||||
- result
|
||||
- content
|
||||
|
|
|
@ -434,7 +434,6 @@ lib/ansible/modules/storage/zfs/zfs.py
|
|||
lib/ansible/modules/system/aix_inittab.py
|
||||
lib/ansible/modules/system/alternatives.py
|
||||
lib/ansible/modules/system/at.py
|
||||
lib/ansible/modules/system/authorized_key.py
|
||||
lib/ansible/modules/system/capabilities.py
|
||||
lib/ansible/modules/system/cron.py
|
||||
lib/ansible/modules/system/cronvar.py
|
||||
|
|
Loading…
Reference in a new issue