1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

authorized_key 29891 use os.path.realpath to follow keyfile symlinks (#40417)

* 29891 use os.path.realpath to follow keyfile symlinks
* 29891 add parameter follow
* updated changelog fragment
* add documentation and set default to false
This commit is contained in:
Andreas Calminder 2018-08-14 01:06:33 +02:00 committed by Toshio Kuratomi
parent 688ffa4cee
commit 21066410be
2 changed files with 22 additions and 2 deletions

View file

@ -0,0 +1,4 @@
---
bugfixes:
- authorized_key now have an option for following symlinks,
default behaviour (False) can be changed by setting follow True/False

View file

@ -78,6 +78,12 @@ options:
cases such as fetching it from GitHub or GitLab. cases such as fetching it from GitHub or GitLab.
- If no comment is specified, the existing comment will be kept. - If no comment is specified, the existing comment will be kept.
version_added: "2.4" version_added: "2.4"
follow:
description:
- Follow path symlink instead of replacing it
type: bool
default: 'no'
version_added: "2.7"
author: "Ansible Core Team" author: "Ansible Core Team"
''' '''
@ -284,7 +290,7 @@ class keydict(dict):
return [item[1] for item in self.items()] return [item[1] for item in self.items()]
def keyfile(module, user, write=False, path=None, manage_dir=True): def keyfile(module, user, write=False, path=None, manage_dir=True, follow=False):
""" """
Calculate name of authorized keys file, optionally creating the Calculate name of authorized keys file, optionally creating the
directories and file, properly setting permissions. directories and file, properly setting permissions.
@ -293,11 +299,16 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
:param bool write: if True, write changes to authorized_keys file (creating directories if needed) :param bool write: if True, write changes to authorized_keys file (creating directories if needed)
:param str path: if not None, use provided path rather than default of '~user/.ssh/authorized_keys' :param str path: if not None, use provided path rather than default of '~user/.ssh/authorized_keys'
:param bool manage_dir: if True, create and set ownership of the parent dir of the authorized_keys file :param bool manage_dir: if True, create and set ownership of the parent dir of the authorized_keys file
:param bool follow: if True symlinks will be followed and not replaced
:return: full path string to authorized_keys for user :return: full path string to authorized_keys for user
""" """
if module.check_mode and path is not None: if module.check_mode and path is not None:
keysfile = path keysfile = path
if follow:
return os.path.realpath(keysfile)
return keysfile return keysfile
try: try:
@ -314,6 +325,9 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
sshdir = os.path.dirname(path) sshdir = os.path.dirname(path)
keysfile = path keysfile = path
if follow:
keysfile = os.path.realpath(keysfile)
if not write: if not write:
return keysfile return keysfile
@ -518,6 +532,7 @@ def enforce_state(module, params):
key_options = params.get("key_options", None) key_options = params.get("key_options", None)
exclusive = params.get("exclusive", False) exclusive = params.get("exclusive", False)
comment = params.get("comment", None) comment = params.get("comment", None)
follow = params.get('follow', False)
error_msg = "Error getting key from: %s" error_msg = "Error getting key from: %s"
# if the key is a url, request it and use it as key source # if the key is a url, request it and use it as key source
@ -613,7 +628,7 @@ def enforce_state(module, params):
do_write = True do_write = True
if do_write: if do_write:
filename = keyfile(module, user, do_write, path, manage_dir) filename = keyfile(module, user, do_write, path, manage_dir, follow)
new_content = serialize(existing_keys) new_content = serialize(existing_keys)
diff = None diff = None
@ -650,6 +665,7 @@ def main():
exclusive=dict(default=False, type='bool'), exclusive=dict(default=False, type='bool'),
comment=dict(required=False, default=None, type='str'), comment=dict(required=False, default=None, type='str'),
validate_certs=dict(default=True, type='bool'), validate_certs=dict(default=True, type='bool'),
follow=dict(default=False, type='bool')
), ),
supports_check_mode=True supports_check_mode=True
) )