Allow overwrite of SSH key (#49971)

* Allow overwrite of SSH key

* Use k: v syntax rather than k=v
pull/51028/head
Christopher Gadd 6 years ago committed by ansibot
parent 5137bd5958
commit e89fb35843

@ -116,26 +116,27 @@ options:
aliases: ['createhome'] aliases: ['createhome']
move_home: move_home:
description: description:
- If set to C(yes) when used with C(home=), attempt to move the user's old home - "If set to C(yes) when used with C(home: ), attempt to move the user's old home
directory to the specified directory if it isn't there already and the old home exists. directory to the specified directory if it isn't there already and the old home exists."
type: bool type: bool
default: "no" default: "no"
system: system:
description: description:
- When creating an account C(state=present), setting this to C(yes) makes the user a system account. - "When creating an account C(state: present), setting this to C(yes) makes the user a system account.
This setting cannot be changed on existing users. This setting cannot be changed on existing users."
type: bool type: bool
default: "no" default: "no"
force: force:
description: description:
- This only affects C(state=absent), it forces removal of the user and associated directories on supported platforms. - "This only affects C(state: absent), it forces removal of the user and associated directories on supported platforms.
The behavior is the same as C(userdel --force), check the man page for C(userdel) on your system for details and support. The behavior is the same as C(userdel --force), check the man page for C(userdel) on your system for details and support."
- "When used with C(generate_ssh_key: yes) this forces an existing key to be overwritten."
type: bool type: bool
default: "no" default: "no"
remove: remove:
description: description:
- This only affects C(state=absent), it attempts to remove directories associated with the user. - "This only affects C(state: absent), it attempts to remove directories associated with the user.
The behavior is the same as C(userdel --remove), check the man page for details and support. The behavior is the same as C(userdel --remove), check the man page for details and support."
type: bool type: bool
default: "no" default: "no"
login_class: login_class:
@ -143,8 +144,8 @@ options:
- Optionally sets the user's login class, a feature of most BSD OSs. - Optionally sets the user's login class, a feature of most BSD OSs.
generate_ssh_key: generate_ssh_key:
description: description:
- Whether to generate a SSH key for the user in question. - "Whether to generate a SSH key for the user in question.
This will B(not) overwrite an existing SSH key. This will not overwrite an existing SSH key unless used with C(force: yes)."
type: bool type: bool
default: "no" default: "no"
version_added: "0.9" version_added: "0.9"
@ -211,7 +212,7 @@ options:
- Sets the profile of the user. - Sets the profile of the user.
- Does nothing when used with other platforms. - Does nothing when used with other platforms.
- Can set multiple profiles using comma separation. - Can set multiple profiles using comma separation.
- To delete all the profiles, use profile='' - "To delete all the profiles, use C(profile: '')"
- Currently supported on Illumos/Solaris. - Currently supported on Illumos/Solaris.
version_added: "2.8" version_added: "2.8"
authorization: authorization:
@ -219,7 +220,7 @@ options:
- Sets the authorization of the user. - Sets the authorization of the user.
- Does nothing when used with other platforms. - Does nothing when used with other platforms.
- Can set multiple authorizations using comma separation. - Can set multiple authorizations using comma separation.
- To delete all authorizations, use authorization='' - "To delete all authorizations, use C(authorization: '')"
- Currently supported on Illumos/Solaris. - Currently supported on Illumos/Solaris.
version_added: "2.8" version_added: "2.8"
role: role:
@ -227,7 +228,7 @@ options:
- Sets the role of the user. - Sets the role of the user.
- Does nothing when used with other platforms. - Does nothing when used with other platforms.
- Can set multiple roles using comma separation. - Can set multiple roles using comma separation.
- To delete all roles, use role='' - "To delete all roles, use C(role: '')"
- Currently supported on Illumos/Solaris. - Currently supported on Illumos/Solaris.
version_added: "2.8" version_added: "2.8"
''' '''
@ -874,6 +875,7 @@ class User(object):
def ssh_key_gen(self): def ssh_key_gen(self):
info = self.user_info() info = self.user_info()
overwrite = None
try: try:
ssh_key_file = self.get_ssh_key_path() ssh_key_file = self.get_ssh_key_path()
except Exception as e: except Exception as e:
@ -888,7 +890,11 @@ class User(object):
except OSError as e: except OSError as e:
return (1, '', 'Failed to create %s: %s' % (ssh_dir, to_native(e))) return (1, '', 'Failed to create %s: %s' % (ssh_dir, to_native(e)))
if os.path.exists(ssh_key_file): if os.path.exists(ssh_key_file):
return (None, 'Key already exists', '') if self.force:
# ssh-keygen doesn't support overwriting the key interactively, so send 'y' to confirm
overwrite = 'y'
else:
return (None, 'Key already exists, use "force: yes" to overwrite', '')
cmd = [self.module.get_bin_path('ssh-keygen', True)] cmd = [self.module.get_bin_path('ssh-keygen', True)]
cmd.append('-t') cmd.append('-t')
cmd.append(self.ssh_type) cmd.append(self.ssh_type)
@ -949,7 +955,7 @@ class User(object):
cmd.append('-N') cmd.append('-N')
cmd.append('') cmd.append('')
(rc, out, err) = self.execute_command(cmd) (rc, out, err) = self.execute_command(cmd, data=overwrite)
if rc == 0 and not self.module.check_mode: if rc == 0 and not self.module.check_mode:
# If the keys were successfully created, we should be able # If the keys were successfully created, we should be able

Loading…
Cancel
Save