openssl_publickey: Ensure format OpenSSH is idempotent (#33264)

Currently the check() method for idempotence only assumes the public key is under the form of a PEM file when its not always the case. The module openssl_publickey allows one to generate OpenSSH format publickey. This leads to idempotence not being detected.
2025-07-25 06:10:22 -07:00 · 2017-11-28 09:38:47 +01:00 · 2017-11-28 09:38:47 +01:00 · a773bd7ad5
commit a773bd7ad5
parent 341e79b604
3 changed files with 21 additions and 2 deletions
--- a/test/integration/targets/openssl_publickey/tasks/main.yml
+++ b/test/integration/targets/openssl_publickey/tasks/main.yml
@ -18,6 +18,14 @@
      # appeared in version 1.4 of cryptography
      when: cryptography_version.stdout is version('1.4.0', '>=')

+    - name: Generate publickey - OpenSSH format - test idempotence (issue 33256)
+      openssl_publickey:
+        path: '{{ output_dir }}/publickey-ssh.pub'
+        privatekey_path: '{{ output_dir }}/privatekey.pem'
+        format: OpenSSH
+      when: cryptography_version.stdout|version_compare('1.4.0', '>=')
+      register: publickey_ssh_idempotence
+
    - name: Generate publickey2 - standard
      openssl_publickey:
        path: '{{ output_dir }}/publickey2.pub'
--- a/test/integration/targets/openssl_publickey/tests/validate.yml
+++ b/test/integration/targets/openssl_publickey/tests/validate.yml
@ -28,6 +28,12 @@
      - privatekey_publickey.stdout == '{{ publickey.content|b64decode }}'
  when: cryptography_version.stdout is version('1.4.0', '>=')

+- name: Validate public key - OpenSSH format - test idempotence (issue 33256)
+  assert:
+    that:
+      - not publickey_ssh_idempotence|changed
+  when: cryptography_version.stdout|version_compare('1.4.0', '>=')
+
 - name: Validate publickey2 (test - Ensure key has been removed)
  stat:
    path: '{{ output_dir }}/publickey2.pub'