Skip to content

Commit

Permalink
openssh_cert - fix full_idempotence for host certificates (#396) (#397)
Browse files Browse the repository at this point in the history
* fixing host cert idempotence

* adding changelog fragment

(cherry picked from commit a307618)
  • Loading branch information
Ajpantuso committed Feb 5, 2022
1 parent 2727b74 commit 7ff0679
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 1 deletion.
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
bugfixes:
- openssh_cert - fixed false ``changed`` status for ``host`` certificates when using ``full_idempotence``
(https://github.com/ansible-collections/community.crypto/issues/395,
https://github.com/ansible-collections/community.crypto/pull/396).
2 changes: 1 addition & 1 deletion plugins/modules/openssh_cert.py
Original file line number Diff line number Diff line change
Expand Up @@ -379,7 +379,7 @@ def _should_generate(self):

def _is_fully_valid(self):
return self._is_partially_valid() and all([
self._compare_options(),
self._compare_options() if self.original_data.type == 'user' else True,
self.original_data.key_id == self.identifier,
self.original_data.public_key == self._get_key_fingerprint(self.public_key),
self.original_data.signing_key == self._get_key_fingerprint(self.signing_key),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,27 @@
regenerate: full_idempotence
register: default_options

- name: Generate host cert full_idempotence
openssh_cert:
type: host
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
regenerate: full_idempotence

- name: Generate host cert full_idempotence again
openssh_cert:
type: host
path: "{{ certificate_path }}"
public_key: "{{ public_key }}"
signing_key: "{{ signing_key }}"
valid_from: always
valid_to: forever
regenerate: full_idempotence
register: host_cert_full_idempotence

- name: Assert options results
assert:
that:
Expand All @@ -95,6 +116,7 @@
- explicit_extension_after is not changed
- explicit_extension_and_directive is changed
- default_options is not changed
- host_cert_full_idempotence is not changed

- name: Remove certificate
openssh_cert:
Expand Down

0 comments on commit 7ff0679

Please sign in to comment.