openssh_keypair: fix idempotence issue (#65017)

* Fix idempotence issue. * Add changelog.
5 years ago · b36f572256
parent 509b989a9a
commit b36f572256
4 changed files with 15 additions and 5 deletions
--- a/changelogs/fragments/65017-openssh_keypair-idempotence.yml
+++ b/changelogs/fragments/65017-openssh_keypair-idempotence.yml
@ -0,0 +1,2 @@
+bugfixes:
+- "openssh_keypair - fixes idempotence issue with public key (https://github.com/ansible/ansible/issues/64969)."
--- a/lib/ansible/modules/crypto/openssh_keypair.py
+++ b/lib/ansible/modules/crypto/openssh_keypair.py
@ -281,8 +281,7 @@ class Keypair(object):
            else:
                return False

-        def _parse_pubkey():
-            pubkey_content = _get_pubkey_content()
+        def _parse_pubkey(pubkey_content):
            if pubkey_content:
                parts = pubkey_content.split(' ', 2)
                return parts[0], parts[1], '' if len(parts) <= 2 else parts[2]
@ -290,8 +289,7 @@ class Keypair(object):

        def _pubkey_valid(pubkey):
            if pubkey_parts:
-                current_pubkey = ' '.join([pubkey_parts[0], pubkey_parts[1]])
-                return current_pubkey == pubkey
+                return pubkey_parts[:2] == _parse_pubkey(pubkey)[:2]
            return False

        def _comment_valid():
@ -306,7 +304,7 @@ class Keypair(object):

        pubkey = module.run_command([module.get_bin_path('ssh-keygen', True), '-yf', self.path])
        pubkey = pubkey[1].strip('\n')
-        pubkey_parts = _parse_pubkey()
+        pubkey_parts = _parse_pubkey(_get_pubkey_content())
        if _pubkey_valid(pubkey):
            self.public_key = pubkey

--- a/test/integration/targets/openssh_keypair/tasks/main.yml
+++ b/test/integration/targets/openssh_keypair/tasks/main.yml
@ -3,6 +3,11 @@
    path: '{{ output_dir }}/privatekey1'
  register: privatekey1_result

+- name: Generate privatekey1 - standard (idempotent)
+  openssh_keypair:
+    path: '{{ output_dir }}/privatekey1'
+  register: privatekey1_idem_result
+
 - name: Generate privatekey2 - size 2048
  openssh_keypair:
    path: '{{ output_dir }}/privatekey2'
--- a/test/integration/targets/openssh_keypair/tests/validate.yml
+++ b/test/integration/targets/openssh_keypair/tests/validate.yml
@ -38,6 +38,11 @@
    that:
      - privatekey1.stdout == '4096'

+- name: Validate privatekey1 idempotence
+  assert:
+    that:
+      - privatekey1_idem_result is not changed
+

 - name: Validate privatekey2 (test - RSA key with size 2048 bits)
  shell: "ssh-keygen -lf {{ output_dir }}/privatekey2 | grep -o -E '^[0-9]+'"