openssh_keypair: fix idempotence issue (#65017) (#65128)

* Fix idempotence issue.

* Add changelog.

(cherry picked from commit b36f572256)
pull/65015/head^2
Felix Fontein 5 years ago committed by Matt Davis
parent 93186e453f
commit b133384895

@ -0,0 +1,2 @@
bugfixes:
- "openssh_keypair - fixes idempotence issue with public key (https://github.com/ansible/ansible/issues/64969)."

@ -281,8 +281,7 @@ class Keypair(object):
else: else:
return False return False
def _parse_pubkey(): def _parse_pubkey(pubkey_content):
pubkey_content = _get_pubkey_content()
if pubkey_content: if pubkey_content:
parts = pubkey_content.split(' ', 2) parts = pubkey_content.split(' ', 2)
return parts[0], parts[1], '' if len(parts) <= 2 else parts[2] return parts[0], parts[1], '' if len(parts) <= 2 else parts[2]
@ -290,8 +289,7 @@ class Keypair(object):
def _pubkey_valid(pubkey): def _pubkey_valid(pubkey):
if pubkey_parts: if pubkey_parts:
current_pubkey = ' '.join([pubkey_parts[0], pubkey_parts[1]]) return pubkey_parts[:2] == _parse_pubkey(pubkey)[:2]
return current_pubkey == pubkey
return False return False
def _comment_valid(): def _comment_valid():
@ -306,7 +304,7 @@ class Keypair(object):
pubkey = module.run_command([module.get_bin_path('ssh-keygen', True), '-yf', self.path]) pubkey = module.run_command([module.get_bin_path('ssh-keygen', True), '-yf', self.path])
pubkey = pubkey[1].strip('\n') pubkey = pubkey[1].strip('\n')
pubkey_parts = _parse_pubkey() pubkey_parts = _parse_pubkey(_get_pubkey_content())
if _pubkey_valid(pubkey): if _pubkey_valid(pubkey):
self.public_key = pubkey self.public_key = pubkey

@ -3,6 +3,11 @@
path: '{{ output_dir }}/privatekey1' path: '{{ output_dir }}/privatekey1'
register: privatekey1_result register: privatekey1_result
- name: Generate privatekey1 - standard (idempotent)
openssh_keypair:
path: '{{ output_dir }}/privatekey1'
register: privatekey1_idem_result
- name: Generate privatekey2 - size 2048 - name: Generate privatekey2 - size 2048
openssh_keypair: openssh_keypair:
path: '{{ output_dir }}/privatekey2' path: '{{ output_dir }}/privatekey2'

@ -38,6 +38,11 @@
that: that:
- privatekey1.stdout == '4096' - privatekey1.stdout == '4096'
- name: Validate privatekey1 idempotence
assert:
that:
- privatekey1_idem_result is not changed
- name: Validate privatekey2 (test - RSA key with size 2048 bits) - name: Validate privatekey2 (test - RSA key with size 2048 bits)
shell: "ssh-keygen -lf {{ output_dir }}/privatekey2 | grep -o -E '^[0-9]+'" shell: "ssh-keygen -lf {{ output_dir }}/privatekey2 | grep -o -E '^[0-9]+'"

Loading…
Cancel
Save