8000 openssh_keypair: bugfix make regenerating keypairs via force possible… by lolcube · Pull Request #57801 · ansible/ansible · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

openssh_keypair: bugfix make regenerating keypairs via force possible… #57801

New issue

Have a questi 8000 on about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Jun 24, 2019
Merged

openssh_keypair: bugfix make regenerating keypairs via force possible… #57801

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
8438aba
openssh_keypair: bugfix make regenerating keypairs via force possible…
Jun 13, 2019
f210f55
openssh_keypair: change permissions of read-only file instead of dele…
Jun 16, 2019
64ba245
address review feedbak, refactor
Jun 21, 2019
afe2cbd
add integration tests for bigfixes
Jun 21, 2019
09d7f9a
linter: fix indent
Jun 21, 2019
277afbb
fixup integration tests: use force when regenerating an invalid file
Jun 21, 2019
ff9dfd5
linter: fix indent
Jun 21, 2019
8d8f319
openssh_keypair: address review feedback
Jun 24, 2019
1b46482
openssh_keypair: fixup, remove backtick
Jun 24, 2019
da138ef
openssh_keypair: address review feedback
Jun 24, 2019
cf009c5
Only pass 'y' into stdin of ssh-keygen when file exists.
felixfontein Jun 24, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions changelogs/fragments/57801-openssh_keypair-fix-make-regenerating-valid-files-possible.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
bugfixes:
- openssh_keypair - make regeneration of valid keypairs with the ``force`` option possible, add better handling for invalid files
16 changes: 14 additions & 2 deletions lib/ansible/modules/crypto/openssh_keypair.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@
'''

import os
import stat
import errno

from ansible.module_utils.basic import AnsibleModule
Expand Down Expand Up @@ -180,8 +181,13 @@ def generate(self, module):
args.extend(['-C', ""])

try:
if os.path.exists(self.path) and not os.access(self.path, os.W_OK):
os.chmod(self.path, stat.S_IWUSR + stat.S_IRUSR)
self.changed = True
module.run_command(args)
stdin_data = None
if os.path.exists(self.path):
stdin_data = 'y'
module.run_command(args, data=stdin_data)
proc = module.run_command([module.get_bin_path('ssh-keygen', True), '-lf', self.path])
self.fingerprint = proc[1].split()
pubkey = module.run_command([module.get_bin_path('ssh-keygen', True), '-yf', self.path])
Expand All @@ -201,7 +207,13 @@ def _check_state():
return os.path.exists(self.path)

if _check_state():
proc = module.run_command([module.get_bin_path('ssh-keygen', True), '-lf', self.path])
proc = module.run_command([module.get_bin_path('ssh-keygen', True), '-lf', self.path], check_rc=False)
if not proc[0] == 0:
if os.path.isdir(self.path):
module.fail_json(msg='%s is a directory. Please specify a path to a file.' % (self.path))

return False

fingerprint = proc[1].split()
pubkey = module.run_command([module.get_bin_path('ssh-keygen', True), '-yf', self.path])
pubkey = pubkey[1].strip('\n')
Expand Down
40 changes: 40 additions & 0 deletions test/integration/targets/openssh_keypair/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,4 +27,44 @@
path: '{{ output_dir }}/privatekey5'
register: publickey_gen

- name: Generate privatekey6
openssh_keypair:
path: '{{ output_dir }}/privatekey6'
type: rsa

- name: Regenerate privatekey6 via force
openssh_keypair:
path: '{{ output_dir }}/privatekey6'
type: rsa
force: yes
register: output_regenerated_via_force

- name: Create broken key
copy:
dest: '{{ item }}'
content: ''
mode: '0700'
loop:
- '{{ output_dir }}/privatekeybroken'
- '{{ output_dir }}/privatekeybroken.pub'

- name: Regenerate broken key
openssh_keypair:
path: '{{ output_dir }}/privatekeybroken'
type: rsa
register: output_broken

- name: Generate read-only private key
openssh_keypair:
path: '{{ output_dir }}/privatekeyreadonly'
type: rsa
mode: '0200'

- name: Regenerate read-only private key via force
openssh_keypair:
path: '{{ output_dir }}/privatekeyreadonly'
type: rsa
force: yes
register: output_read_only

- import_tasks: ../tests/validate.yml
18 changes: 18 additions & 0 deletions test/integration/targets/openssh_keypair/tests/validate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
- name: Log privatekey1 return values
debug:
var: privatekey1_result
Expand Down Expand Up @@ -73,3 +74,20 @@
assert:
that:
- "publickey_gen.public_key == lookup('file', output_dir ~ '/privatekey5.pub').strip('\n')"
< 5DD3 span class='blob-code-inner blob-code-marker ' data-code-marker="+">
- name: Verify that privatekey6 will be regenerated via force
assert:
that:
- output_regenerated_via_force is changed


- name: Verify that broken key will be regenerated
assert:
that:
- output_broken is changed


- name: Verify that read-only key will be regenerated
assert:
that:
- output_read_only is changed
0