openssl_publickey: Ensure format OpenSSH is idempotent (#33264)

Currently the check() method for idempotence only assumes the public key is under the form of a PEM file when its not always the case. The module openssl_publickey allows one to generate OpenSSH format publickey. This leads to idempotence not being detected.
2025-07-22 12:50:22 -07:00 · 2017-11-28 09:38:47 +01:00 · 2017-11-28 09:38:47 +01:00 · a773bd7ad5
commit a773bd7ad5
parent 341e79b604
3 changed files with 21 additions and 2 deletions
--- a/lib/ansible/modules/crypto/openssl_publickey.py
+++ b/lib/ansible/modules/crypto/openssl_publickey.py
@ -212,11 +212,16 @@ class PublicKey(crypto_utils.OpenSSLObject):
                return False

            try:
+                publickey_content = open(self.path, 'rb').read()
+                if self.format == 'OpenSSH':
+                    current_publickey = crypto_serialization.load_ssh_public_key(publickey_content, backend=default_backend())
+                    publickey_content = current_publickey.public_bytes(crypto_serialization.Encoding.PEM,
+                                                                       crypto_serialization.PublicFormat.SubjectPublicKeyInfo)
                current_publickey = crypto.dump_publickey(
                    crypto.FILETYPE_ASN1,
-                    crypto.load_publickey(crypto.FILETYPE_PEM, open(self.path, 'rb').read())
+                    crypto.load_publickey(crypto.FILETYPE_PEM, publickey_content)
                )
-            except crypto.Error:
+            except (crypto.Error, ValueError):
                return False

            desired_publickey = crypto.dump_publickey(