internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-06 13:22:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

openssh_* modules: check return code on ssh(-keygen) invocations; fail if comment cannot be updated (#646)

Browse Source 
* Check return code on ssh(-keygen) invocations.

* openssh_cert: only check for errors if certificate should be present and module is not in check mode.

* Handle rc check for _get_private_key().

* Add changelog fragment.

* Only pass -o for comment updating when necessary.

* Now fails if comment cannot be updated.

This was silently ignored in the past.

* Avoid failing operation.
This commit is contained in:
Felix Fontein
2023-08-12 17:14:00 +02:00
committed by GitHub
parent 62c842548d
commit addbd067c8
6 changed files with 57 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/module_utils/openssh/backends/common.py
View File

@@ -127,7 +127,7 @@ class OpensshModule(object):
ssh_bin = self.module.get_bin_path('ssh')
if not ssh_bin:
return ""
return parse_openssh_version(self.module.run_command([ssh_bin, '-V', '-q'])[2].strip())
return parse_openssh_version(self.module.run_command([ssh_bin, '-V', '-q'], check_rc=True)[2].strip())
@_restore_all_on_failure
def _safe_secure_move(self, sources_and_destinations):
@@ -208,14 +208,18 @@ class KeygenCommand(object):
def get_private_key(self, private_key_path, **kwargs):
return self._run_command([self._bin_path, '-l', '-f', private_key_path], **kwargs)
def update_comment(self, private_key_path, comment, **kwargs):
def update_comment(self, private_key_path, comment, force_new_format=True, **kwargs):
if os.path.exists(private_key_path) and not os.access(private_key_path, os.W_OK):
try:
os.chmod(private_key_path, stat.S_IWUSR + stat.S_IRUSR)
except (IOError, OSError) as e:
raise e("The private key at %s is not writeable preventing a comment update" % private_key_path)
return self._run_command([self._bin_path, '-q', '-o', '-c', '-C', comment, '-f', private_key_path], **kwargs)
command = [self._bin_path, '-q']
if force_new_format:
command.append('-o')
command.extend(['-c', '-C', comment, '-f', private_key_path])
return self._run_command(command, **kwargs)
class PrivateKey(object):