mirror of
https://github.com/ansible-collections/community.crypto.git
synced 2026-05-08 14:22:56 +00:00
* fixing host cert idempotence
* adding changelog fragment
(cherry picked from commit a307618872)
This commit is contained in:
Andrew Pantuso
GitHub
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
bugfixes:
|
||||||
|
- openssh_cert - fixed false ``changed`` status for ``host`` certificates when using ``full_idempotence``
|
||||||
|
(https://github.com/ansible-collections/community.crypto/issues/395,
|
||||||
|
https://github.com/ansible-collections/community.crypto/pull/396).
|
||||||
@@ -379,7 +379,7 @@ class Certificate(OpensshModule):
|
|||||||
|
|
||||||
def _is_fully_valid(self):
|
def _is_fully_valid(self):
|
||||||
return self._is_partially_valid() and all([
|
return self._is_partially_valid() and all([
|
||||||
self._compare_options(),
|
self._compare_options() if self.original_data.type == 'user' else True,
|
||||||
self.original_data.key_id == self.identifier,
|
self.original_data.key_id == self.identifier,
|
||||||
self.original_data.public_key == self._get_key_fingerprint(self.public_key),
|
self.original_data.public_key == self._get_key_fingerprint(self.public_key),
|
||||||
self.original_data.signing_key == self._get_key_fingerprint(self.signing_key),
|
self.original_data.signing_key == self._get_key_fingerprint(self.signing_key),
|
||||||
|
|||||||
@@ -86,6 +86,27 @@
|
|||||||
regenerate: full_idempotence
|
regenerate: full_idempotence
|
||||||
register: default_options
|
register: default_options
|
||||||
|
|
||||||
|
- name: Generate host cert full_idempotence
|
||||||
|
openssh_cert:
|
||||||
|
type: host
|
||||||
|
path: "{{ certificate_path }}"
|
||||||
|
public_key: "{{ public_key }}"
|
||||||
|
signing_key: "{{ signing_key }}"
|
||||||
|
valid_from: always
|
||||||
|
valid_to: forever
|
||||||
|
regenerate: full_idempotence
|
||||||
|
|
||||||
|
- name: Generate host cert full_idempotence again
|
||||||
|
openssh_cert:
|
||||||
|
type: host
|
||||||
|
path: "{{ certificate_path }}"
|
||||||
|
public_key: "{{ public_key }}"
|
||||||
|
signing_key: "{{ signing_key }}"
|
||||||
|
valid_from: always
|
||||||
|
valid_to: forever
|
||||||
|
regenerate: full_idempotence
|
||||||
|
register: host_cert_full_idempotence
|
||||||
|
|
||||||
- name: Assert options results
|
- name: Assert options results
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
@@ -95,6 +116,7 @@
|
|||||||
- explicit_extension_after is not changed
|
- explicit_extension_after is not changed
|
||||||
- explicit_extension_and_directive is changed
|
- explicit_extension_and_directive is changed
|
||||||
- default_options is not changed
|
- default_options is not changed
|
||||||
|
- host_cert_full_idempotence is not changed
|
||||||
|
|
||||||
- name: Remove certificate
|
- name: Remove certificate
|
||||||
openssh_cert:
|
openssh_cert:
|
||||||
|
|||||||
Reference in New Issue
Block a user