openssl_publickey: Ensure format OpenSSH is idempotent (#33264)

Currently the check() method for idempotence only assumes the public
key is under the form of a PEM file when its not always the case.

The module openssl_publickey allows one to generate OpenSSH format
publickey. This leads to idempotence not being detected.
This commit is contained in:
Yanis Guenane 2017-11-28 09:38:47 +01:00 committed by Abhijeet Kasurde
commit a773bd7ad5
3 changed files with 21 additions and 2 deletions

View file

@ -18,6 +18,14 @@
# appeared in version 1.4 of cryptography
when: cryptography_version.stdout is version('1.4.0', '>=')
- name: Generate publickey - OpenSSH format - test idempotence (issue 33256)
openssl_publickey:
path: '{{ output_dir }}/publickey-ssh.pub'
privatekey_path: '{{ output_dir }}/privatekey.pem'
format: OpenSSH
when: cryptography_version.stdout|version_compare('1.4.0', '>=')
register: publickey_ssh_idempotence
- name: Generate publickey2 - standard
openssl_publickey:
path: '{{ output_dir }}/publickey2.pub'

View file

@ -28,6 +28,12 @@
- privatekey_publickey.stdout == '{{ publickey.content|b64decode }}'
when: cryptography_version.stdout is version('1.4.0', '>=')
- name: Validate public key - OpenSSH format - test idempotence (issue 33256)
assert:
that:
- not publickey_ssh_idempotence|changed
when: cryptography_version.stdout|version_compare('1.4.0', '>=')
- name: Validate publickey2 (test - Ensure key has been removed)
stat:
path: '{{ output_dir }}/publickey2.pub'