Fixes #5486 Keep authorized key options in tact and ordered

This commit is contained in:
James Tanner 2014-01-15 17:10:10 -05:00
parent 36e6709771
commit e22af253bb

View file

@ -114,6 +114,27 @@ import tempfile
import re import re
import shlex import shlex
class keydict(dict):
""" a dictionary that maintains the order of keys as they are added """
# http://stackoverflow.com/questions/2328235/pythonextend-the-dict-class
def __init__(self, *args, **kw):
super(keydict,self).__init__(*args, **kw)
self.itemlist = super(keydict,self).keys()
def __setitem__(self, key, value):
self.itemlist.append(key)
super(keydict,self).__setitem__(key, value)
def __iter__(self):
return iter(self.itemlist)
def keys(self):
return self.itemlist
def values(self):
return [self[key] for key in self]
def itervalues(self):
return (self[key] for key in self)
def keyfile(module, user, write=False, path=None, manage_dir=True): def keyfile(module, user, write=False, path=None, manage_dir=True):
""" """
Calculate name of authorized keys file, optionally creating the Calculate name of authorized keys file, optionally creating the
@ -176,7 +197,8 @@ def parseoptions(module, options):
reads a string containing ssh-key options reads a string containing ssh-key options
and returns a dictionary of those options and returns a dictionary of those options
''' '''
options_dict = {} options_dict = keydict() #ordered dict
key_order = []
if options: if options:
token_exp = [ token_exp = [
# matches separator # matches separator
@ -198,8 +220,10 @@ def parseoptions(module, options):
if is_valid_option: if is_valid_option:
if len(match.groups()) == 2: if len(match.groups()) == 2:
options_dict[match.group(1)] = match.group(2) options_dict[match.group(1)] = match.group(2)
key_order.append(match.group(1))
else: else:
options_dict[text] = None options_dict[text] = None
key_order.append(text)
break break
if not match: if not match:
module.fail_json(msg="invalid option string: %s" % options) module.fail_json(msg="invalid option string: %s" % options)
@ -246,9 +270,8 @@ def parsekey(module, raw_key):
# check for options # check for options
if type_index is None: if type_index is None:
return None return None
elif type_index == 1: elif type_index > 0:
# parse the options and store them options = " ".join(key_parts[:type_index])
options = key_parts[0]
# parse the options (if any) # parse the options (if any)
options = parseoptions(module, options) options = parseoptions(module, options)
@ -292,7 +315,7 @@ def writekeys(module, filename, keys):
option_str = "" option_str = ""
if options: if options:
option_strings = [] option_strings = []
for option_key in sorted(options.keys()): for option_key in options.keys():
if options[option_key]: if options[option_key]:
option_strings.append("%s=\"%s\"" % (option_key, options[option_key])) option_strings.append("%s=\"%s\"" % (option_key, options[option_key]))
else: else:
@ -330,10 +353,11 @@ def enforce_state(module, params):
# Check our new keys, if any of them exist we'll continue. # Check our new keys, if any of them exist we'll continue.
for new_key in key: for new_key in key:
if key_options is not None:
new_key = "%s %s" % (key_options, new_key)
parsed_new_key = parsekey(module, new_key) parsed_new_key = parsekey(module, new_key)
if key_options is not None:
parsed_options = parseoptions(module, key_options)
parsed_new_key = (parsed_new_key[0], parsed_new_key[1], parsed_options, parsed_new_key[3])
if not parsed_new_key: if not parsed_new_key:
module.fail_json(msg="invalid key specified: %s" % new_key) module.fail_json(msg="invalid key specified: %s" % new_key)