openssh_keypair: fix idempotence issue (#65017)
* Fix idempotence issue. * Add changelog.
This commit is contained in:
parent
509b989a9a
commit
b36f572256
4 changed files with 15 additions and 5 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- "openssh_keypair - fixes idempotence issue with public key (https://github.com/ansible/ansible/issues/64969)."
|
|
@ -281,8 +281,7 @@ class Keypair(object):
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def _parse_pubkey():
|
def _parse_pubkey(pubkey_content):
|
||||||
pubkey_content = _get_pubkey_content()
|
|
||||||
if pubkey_content:
|
if pubkey_content:
|
||||||
parts = pubkey_content.split(' ', 2)
|
parts = pubkey_content.split(' ', 2)
|
||||||
return parts[0], parts[1], '' if len(parts) <= 2 else parts[2]
|
return parts[0], parts[1], '' if len(parts) <= 2 else parts[2]
|
||||||
|
@ -290,8 +289,7 @@ class Keypair(object):
|
||||||
|
|
||||||
def _pubkey_valid(pubkey):
|
def _pubkey_valid(pubkey):
|
||||||
if pubkey_parts:
|
if pubkey_parts:
|
||||||
current_pubkey = ' '.join([pubkey_parts[0], pubkey_parts[1]])
|
return pubkey_parts[:2] == _parse_pubkey(pubkey)[:2]
|
||||||
return current_pubkey == pubkey
|
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def _comment_valid():
|
def _comment_valid():
|
||||||
|
@ -306,7 +304,7 @@ class Keypair(object):
|
||||||
|
|
||||||
pubkey = module.run_command([module.get_bin_path('ssh-keygen', True), '-yf', self.path])
|
pubkey = module.run_command([module.get_bin_path('ssh-keygen', True), '-yf', self.path])
|
||||||
pubkey = pubkey[1].strip('\n')
|
pubkey = pubkey[1].strip('\n')
|
||||||
pubkey_parts = _parse_pubkey()
|
pubkey_parts = _parse_pubkey(_get_pubkey_content())
|
||||||
if _pubkey_valid(pubkey):
|
if _pubkey_valid(pubkey):
|
||||||
self.public_key = pubkey
|
self.public_key = pubkey
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,11 @@
|
||||||
path: '{{ output_dir }}/privatekey1'
|
path: '{{ output_dir }}/privatekey1'
|
||||||
register: privatekey1_result
|
register: privatekey1_result
|
||||||
|
|
||||||
|
- name: Generate privatekey1 - standard (idempotent)
|
||||||
|
openssh_keypair:
|
||||||
|
path: '{{ output_dir }}/privatekey1'
|
||||||
|
register: privatekey1_idem_result
|
||||||
|
|
||||||
- name: Generate privatekey2 - size 2048
|
- name: Generate privatekey2 - size 2048
|
||||||
openssh_keypair:
|
openssh_keypair:
|
||||||
path: '{{ output_dir }}/privatekey2'
|
path: '{{ output_dir }}/privatekey2'
|
||||||
|
|
|
@ -38,6 +38,11 @@
|
||||||
that:
|
that:
|
||||||
- privatekey1.stdout == '4096'
|
- privatekey1.stdout == '4096'
|
||||||
|
|
||||||
|
- name: Validate privatekey1 idempotence
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- privatekey1_idem_result is not changed
|
||||||
|
|
||||||
|
|
||||||
- name: Validate privatekey2 (test - RSA key with size 2048 bits)
|
- name: Validate privatekey2 (test - RSA key with size 2048 bits)
|
||||||
shell: "ssh-keygen -lf {{ output_dir }}/privatekey2 | grep -o -E '^[0-9]+'"
|
shell: "ssh-keygen -lf {{ output_dir }}/privatekey2 | grep -o -E '^[0-9]+'"
|
||||||
|
|
Loading…
Reference in a new issue