From bd7b361db1de53c21ddfb111c8ed7656b5297dea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20H=C3=A4rdeman?= Date: Sun, 12 Apr 2026 13:09:31 +0200 Subject: [PATCH] nsupdate: fix GSS-TSIG support (#11712) The fix for missing keyring initialization without TSIG auth in PR #11461 put the initialization of "self.keyring" and "self.keyname" in an else clause after checking if "key_name" is set. The problem is that for "key_algorithm" == "gss-tsig": a) "key_name" isn't set b) self.keyring and self.keyname have already been initialized and will be discarded This means that gss-tsig support is broken. Fix it by moving the initialization of "self.keyring" and "self.keyname" to the top. --- changelogs/fragments/fix-nsupdate-gss-tsig.yml | 2 ++ plugins/modules/nsupdate.py | 5 ++--- 2 files changed, 4 insertions(+), 3 deletions(-) create mode 100644 changelogs/fragments/fix-nsupdate-gss-tsig.yml diff --git a/changelogs/fragments/fix-nsupdate-gss-tsig.yml b/changelogs/fragments/fix-nsupdate-gss-tsig.yml new file mode 100644 index 0000000000..5ffd281f04 --- /dev/null +++ b/changelogs/fragments/fix-nsupdate-gss-tsig.yml @@ -0,0 +1,2 @@ +bugfixes: + - nsupdate - fix GSS-TSIG support (accidentally broken by https://github.com/ansible-collections/community.general/pull/11461, https://github.com/ansible-collections/community.general/pull/11712) diff --git a/plugins/modules/nsupdate.py b/plugins/modules/nsupdate.py index 97429ad7d2..483e4f443a 100644 --- a/plugins/modules/nsupdate.py +++ b/plugins/modules/nsupdate.py @@ -229,6 +229,8 @@ class RecordManager: self.server_fqdn = None self.server_ips = self.resolve_server() + self.keyring = None + self.keyname = None if module.params["key_algorithm"] == "hmac-md5": self.algorithm = "HMAC-MD5.SIG-ALG.REG.INT" @@ -248,9 +250,6 @@ class RecordManager: module.fail_json(msg="Missing key_secret") except binascii_error as e: module.fail_json(msg=f"TSIG key error: {e}") - else: - self.keyring = None - self.keyname = None if module.params["zone"] is None: if module.params["record"][-1] != ".":