[aws] New key_data argument to ec2_win_password module (#45463)

* add key_data argument

The key_data argument helps when using a private key stored in Vault.

* Add "version_added" line

Add version_added line to pass automated tests.

* remove unnecessary nesting
pull/47240/head
maxstack 6 years ago committed by Ryan Brown
parent 28ba10b877
commit c11aba6ed8

@ -27,8 +27,13 @@ options:
required: true
key_file:
description:
- Path to the file containing the key pair used on the instance.
required: true
- Path to the file containing the key pair used on the instance, conflicts with key_data.
required: false
key_data:
version_added: "2.8"
description:
- Variable that references the private key (usually stored in vault), conflicts with key_file.
required: false
key_passphrase:
version_added: "2.0"
description:
@ -67,6 +72,14 @@ EXAMPLES = '''
region: us-east-1
key_file: "~/aws-creds/my_test_key.pem"
# Example of getting a password using a variable
- name: get the Administrator password
ec2_win_password:
profile: my-boto-profile
instance_id: i-XXXXXX
region: us-east-1
key_data: "{{ ec2_private_key }}"
# Example of getting a password with a password protected key
- name: get the Administrator password
ec2_win_password:
@ -108,8 +121,9 @@ def main():
argument_spec = ec2_argument_spec()
argument_spec.update(dict(
instance_id=dict(required=True),
key_file=dict(required=True, type='path'),
key_file=dict(required=False, default=None, type='path'),
key_passphrase=dict(no_log=True, default=None, required=False),
key_data=dict(no_log=True, default=None, required=False),
wait=dict(type='bool', default=False, required=False),
wait_timeout=dict(default=120, required=False, type='int'),
)
@ -124,6 +138,7 @@ def main():
instance_id = module.params.get('instance_id')
key_file = module.params.get('key_file')
key_data = module.params.get('key_data')
if module.params.get('key_passphrase') is None:
b_key_passphrase = None
else:
@ -151,16 +166,21 @@ def main():
if wait and datetime.datetime.now() >= end:
module.fail_json(msg="wait for password timeout after %d seconds" % wait_timeout)
try:
f = open(key_file, 'rb')
except IOError as e:
module.fail_json(msg="I/O error (%d) opening key file: %s" % (e.errno, e.strerror))
else:
if key_file is not None and key_data is None:
try:
with f:
with open(key_file, 'rb') as f:
key = load_pem_private_key(f.read(), b_key_passphrase, default_backend())
except IOError as e:
# Handle bad files
module.fail_json(msg="I/O error (%d) opening key file: %s" % (e.errno, e.strerror))
except (ValueError, TypeError) as e:
# Handle issues loading key
module.fail_json(msg="unable to parse key file")
elif key_data is not None and key_file is None:
try:
key = load_pem_private_key(key_data, b_key_passphrase, default_backend())
except (ValueError, TypeError) as e:
module.fail_json(msg="unable to parse key data")
try:
decrypted = key.decrypt(decoded, PKCS1v15())

Loading…
Cancel
Save