From 6c989de994c0b9bc1f916acb81f82f5550619c38 Mon Sep 17 00:00:00 2001 From: Charlie Wheeler-Robinson Date: Tue, 20 Jul 2021 16:23:56 +0100 Subject: [PATCH] fix custom file attributes for public keys (#257) Use of the confusingly-named _permissions_changed() on both sides of an `or` was resulting in the second invocation not being reached if the first invocation returned True, which it does any time it applied custom attributes to the private key. As a result, custom file attributes were only ever being applied to the private key (except in one specific case) This is fixed by explicitly updating attributes of both files before checking if changes have been made. Signed-off-by: Charlie Wheeler-Robinson --- .../fragments/257-openssh-keypair-fix-pubkey-permissions.yml | 2 ++ plugins/module_utils/openssh/backends/keypair_backend.py | 4 +++- plugins/modules/openssh_keypair.py | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/257-openssh-keypair-fix-pubkey-permissions.yml diff --git a/changelogs/fragments/257-openssh-keypair-fix-pubkey-permissions.yml b/changelogs/fragments/257-openssh-keypair-fix-pubkey-permissions.yml new file mode 100644 index 00000000..52aba8f4 --- /dev/null +++ b/changelogs/fragments/257-openssh-keypair-fix-pubkey-permissions.yml @@ -0,0 +1,2 @@ +bugfixes: + - openssh_keypair - fixed a bug that prevented custom file attributes being applied to public keys (https://github.com/ansible-collections/community.crypto/pull/257). diff --git a/plugins/module_utils/openssh/backends/keypair_backend.py b/plugins/module_utils/openssh/backends/keypair_backend.py index 6f8613b5..6e605ae3 100644 --- a/plugins/module_utils/openssh/backends/keypair_backend.py +++ b/plugins/module_utils/openssh/backends/keypair_backend.py @@ -118,7 +118,9 @@ class KeypairBackend(object): self.module.fail_json(msg='Unable to update the comment for the public key.') self._update_comment() - if self._permissions_changed() or self._permissions_changed(public_key=True): + private_key_perms_changed = self._permissions_changed() + public_key_perms_changed = self._permissions_changed(public_key=True) + if private_key_perms_changed or public_key_perms_changed: self.changed = True def is_private_key_valid(self, perms_required=True): diff --git a/plugins/modules/openssh_keypair.py b/plugins/modules/openssh_keypair.py index 8923d680..5090014b 100644 --- a/plugins/modules/openssh_keypair.py +++ b/plugins/modules/openssh_keypair.py @@ -122,6 +122,7 @@ notes: - In case the ssh key is broken or password protected, the module will fail. Set the I(force) option to C(yes) if you want to regenerate the keypair. - Supports C(check_mode). + - In the case a custom C(mode), C(group), C(owner), or other file attribute is provided it will be applied to both key files. extends_documentation_fragment: files '''