cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

openssl_publickey: Ensure format OpenSSH is idempotent (#33264)

Browse source 
Currently the check() method for idempotence only assumes the public
key is under the form of a PEM file when its not always the case.

The module openssl_publickey allows one to generate OpenSSH format
publickey. This leads to idempotence not being detected.
This commit is contained in:
Yanis Guenane 2017-11-28 09:38:47 +01:00 committed by Abhijeet Kasurde
parent 341e79b604
commit a773bd7ad5
3 changed files with 21 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
lib/ansible/modules/crypto/openssl_publickey.py
View file

@ -212,11 +212,16 @@ class PublicKey(crypto_utils.OpenSSLObject):
return False return False
try: try:
publickey_content = open(self.path, 'rb').read()
if self.format == 'OpenSSH':
current_publickey = crypto_serialization.load_ssh_public_key(publickey_content, backend=default_backend())
publickey_content = current_publickey.public_bytes(crypto_serialization.Encoding.PEM,
crypto_serialization.PublicFormat.SubjectPublicKeyInfo)
current_publickey = crypto.dump_publickey( current_publickey = crypto.dump_publickey(
crypto.FILETYPE_ASN1, crypto.FILETYPE_ASN1,
crypto.load_publickey(crypto.FILETYPE_PEM, open(self.path, 'rb').read()) crypto.load_publickey(crypto.FILETYPE_PEM, publickey_content)
) )
except crypto.Error: except (crypto.Error, ValueError):
return False return False
desired_publickey = crypto.dump_publickey( desired_publickey = crypto.dump_publickey(

8
test/integration/targets/openssl_publickey/tasks/main.yml
View file

@ -18,6 +18,14 @@
# appeared in version 1.4 of cryptography # appeared in version 1.4 of cryptography
when: cryptography_version.stdout is version('1.4.0', '>=') when: cryptography_version.stdout is version('1.4.0', '>=')
- name: Generate publickey - OpenSSH format - test idempotence (issue 33256)
openssl_publickey:
path: '{{ output_dir }}/publickey-ssh.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
format: OpenSSH
when: cryptography_version.stdout|version_compare('1.4.0', '>=')
register: publickey_ssh_idempotence
- name: Generate publickey2 - standard - name: Generate publickey2 - standard
openssl_publickey: openssl_publickey:
path: '{{ output_dir }}/publickey2.pub' path: '{{ output_dir }}/publickey2.pub'

6
test/integration/targets/openssl_publickey/tests/validate.yml
View file

@ -28,6 +28,12 @@
- privatekey_publickey.stdout == '{{ publickey.content|b64decode }}' - privatekey_publickey.stdout == '{{ publickey.content|b64decode }}'
when: cryptography_version.stdout is version('1.4.0', '>=') when: cryptography_version.stdout is version('1.4.0', '>=')
- name: Validate public key - OpenSSH format - test idempotence (issue 33256)
assert:
that:
- not publickey_ssh_idempotence|changed
when: cryptography_version.stdout|version_compare('1.4.0', '>=')
- name: Validate publickey2 (test - Ensure key has been removed) - name: Validate publickey2 (test - Ensure key has been removed)
stat: stat:
path: '{{ output_dir }}/publickey2.pub' path: '{{ output_dir }}/publickey2.pub'