mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-25 13:34:01 -07:00 
			
		
		
		
	Fixes ansible/ansible#522, no longer creates comment in ~/.ssh/authorized_keys, does not create directory or file if state==absent.
This commit is contained in:
		
					parent
					
						
							
								756df550f8
							
						
					
				
			
			
				commit
				
					
						be9ff7ff46
					
				
			
		
					 1 changed files with 8 additions and 8 deletions
				
			
		|  | @ -95,22 +95,23 @@ def get_params(): | ||||||
| 
 | 
 | ||||||
|     return params |     return params | ||||||
| 
 | 
 | ||||||
| def keyfile(user, create=False): | def keyfile(user, write=False): | ||||||
|     """Calculate name of authorized keys file, optionally creating the  |     """Calculate name of authorized keys file, optionally creating the  | ||||||
|     directories and file, properly setting permissions. |     directories and file, properly setting permissions. | ||||||
| 
 | 
 | ||||||
|     :param str user: name of user in passwd file |     :param str user: name of user in passwd file | ||||||
|     :param bool create: make directories and authorized key file if True |     :param bool write: if True, write changes to authorized_keys file (creating directories if needed) | ||||||
|     :return: full path string to authorized_keys for user |     :return: full path string to authorized_keys for user | ||||||
|     """ |     """ | ||||||
| 
 | 
 | ||||||
|     global msg |     global msg | ||||||
|     msg = "Reading system user entry." |     msg = "Reading system user entry." | ||||||
|     user_entry = pwd.getpwnam(user) |     user_entry = pwd.getpwnam(user) | ||||||
|  |     msg = "Calculating special directories" | ||||||
|     homedir = user_entry.pw_dir |     homedir = user_entry.pw_dir | ||||||
|     sshdir = join(homedir, ".ssh") |     sshdir = join(homedir, ".ssh") | ||||||
|     keysfile = join(sshdir, "authorized_keys") |     keysfile = join(sshdir, "authorized_keys") | ||||||
|     if not create: return keysfile |     if not write: return keysfile | ||||||
| 
 | 
 | ||||||
|     #create directories and files for authorized keys |     #create directories and files for authorized keys | ||||||
|     msg = "Reading user and group info." |     msg = "Reading user and group info." | ||||||
|  | @ -123,8 +124,7 @@ def keyfile(user, create=False): | ||||||
|     msg = "Touching authorized keys file." |     msg = "Touching authorized keys file." | ||||||
|     if not exists( keysfile): |     if not exists( keysfile): | ||||||
|         try: |         try: | ||||||
|             f = open(keysfile, "w") |             f = open(keysfile, "w") #touches file so we can set ownership and perms | ||||||
|             f.write("#Authorized Keys File created by Ansible.\n") |  | ||||||
|         finally: |         finally: | ||||||
|             f.close() |             f.close() | ||||||
|     os.chown(keysfile, uid, gid) |     os.chown(keysfile, uid, gid) | ||||||
|  | @ -166,7 +166,7 @@ def enforce_state( params): | ||||||
|     state = params.get("state", "present") |     state = params.get("state", "present") | ||||||
| 
 | 
 | ||||||
|     #== check current state |     #== check current state | ||||||
|     params["keyfile"] = keyfile(user,create=True) |     params["keyfile"] = keyfile(user, write=False) #just get the filename, don't create file | ||||||
|     keys = readkeys( params["keyfile"]) |     keys = readkeys( params["keyfile"]) | ||||||
|     present = key in keys |     present = key in keys | ||||||
| 
 | 
 | ||||||
|  | @ -174,11 +174,11 @@ def enforce_state( params): | ||||||
|     if state=="present": |     if state=="present": | ||||||
|         if present: return False #nothing to do |         if present: return False #nothing to do | ||||||
|         keys.append(key) |         keys.append(key) | ||||||
|         writekeys(keyfile(user,create=True), keys) |         writekeys(keyfile(user,write=True), keys) | ||||||
|     elif state=="absent": |     elif state=="absent": | ||||||
|         if not present: return False #nothing to do |         if not present: return False #nothing to do | ||||||
|         keys.remove(key) |         keys.remove(key) | ||||||
|         writekeys(keyfile(user,create=True), keys) |         writekeys(keyfile(user,write=True), keys) | ||||||
|     else: |     else: | ||||||
|         msg = "Invalid param: state." |         msg = "Invalid param: state." | ||||||
|         raise StandardError(msg) |         raise StandardError(msg) | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue