mirror of
https://github.com/ansible-collections/community.crypto.git
synced 2026-03-27 05:43:22 +00:00
ce3299f106
* Always generate a new key pair if the private key doesn't exist (#597) This commit updates `KeypairBackend._should_generate()` to first check if the original private key named by the `path` argument exists, and return True if it does not. This brings the code in line with the documentation, which says that a new key will always be generated if the key file doesn't already exist. As an alternative to the approach implemented here, I also considered only modifying the condition in the `fail` branch of the if statement, but I thought that would not map as cleanly to the behavior specified in the documentation, so doing it the way I did should make it easier to check that the code is doing the right thing just by looking at it. I also considered doing something to make the logic more similar to `PrivateKeyBackend.needs_regeneration()` (the openssl version of this functionality), because the two are supposed to be acting the same way, but I thought that'd be going beyond the scope of just fixing this bug. If it'd be useful to make both methods work the same way, someone can refactor the code in a future commit. * Test different regenerate values with nonexistent keys This commit changes the test task that generates new keys to use each of the different values for the `regenerate` argument, which will ensure that the module is capable of generating a key when no previous key exists regardless of the value of `regenerate`. Previously, the task would always run with the `partial_idempotence` value, and that obscured a bug (#597) that would occur when it was set to `fail`. The bug was fixed in the previous commit.