[aws] Fix check mode bug in ec2_key (#45320)

Fix incorrect ec2_key check-mode behavior when a key already exists and key_material has been provided
2018-10-22 09:28:07 -04:00 · 2018-10-22 09:28:07 -04:00 · c58c0b8547
commit c58c0b8547
parent 7ba09adee1
1 changed files with 8 additions and 5 deletions
--- a/lib/ansible/modules/cloud/amazon/ec2_key.py
+++ b/lib/ansible/modules/cloud/amazon/ec2_key.py
@ -186,13 +186,16 @@ def create_key_pair(module, ec2_client, name, key_material, force):
    key = find_key_pair(module, ec2_client, name)
    if key:
        if key_material and force:
-            new_fingerprint = get_key_fingerprint(module, ec2_client, key_material)
-            if key['KeyFingerprint'] != new_fingerprint:
-                if not module.check_mode:
+            if not module.check_mode:
+                new_fingerprint = get_key_fingerprint(module, ec2_client, key_material)
+                if key['KeyFingerprint'] != new_fingerprint:
                    delete_key_pair(module, ec2_client, name, finish_task=False)
                    key = import_key_pair(module, ec2_client, name, key_material)
-                key_data = extract_key_data(key)
-                module.exit_json(changed=True, key=key_data, msg="key pair updated")
+                    key_data = extract_key_data(key)
+                    module.exit_json(changed=True, key=key_data, msg="key pair updated")
+            else:
+                # Assume a change will be made in check mode since a comparison can't be done
+                module.exit_json(changed=True, key=extract_key_data(key), msg="key pair updated")
        key_data = extract_key_data(key)
        module.exit_json(changed=False, key=key_data, msg="key pair already exists")
    else: