mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
authorized_key 29891 use os.path.realpath to follow keyfile symlinks (#40417)
* 29891 use os.path.realpath to follow keyfile symlinks * 29891 add parameter follow * updated changelog fragment * add documentation and set default to false
This commit is contained in:
parent
688ffa4cee
commit
21066410be
2 changed files with 22 additions and 2 deletions
4
changelogs/fragments/authorized_key_symlinks.yaml
Normal file
4
changelogs/fragments/authorized_key_symlinks.yaml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
bugfixes:
|
||||
- authorized_key now have an option for following symlinks,
|
||||
default behaviour (False) can be changed by setting follow True/False
|
|
@ -78,6 +78,12 @@ options:
|
|||
cases such as fetching it from GitHub or GitLab.
|
||||
- If no comment is specified, the existing comment will be kept.
|
||||
version_added: "2.4"
|
||||
follow:
|
||||
description:
|
||||
- Follow path symlink instead of replacing it
|
||||
type: bool
|
||||
default: 'no'
|
||||
version_added: "2.7"
|
||||
author: "Ansible Core Team"
|
||||
'''
|
||||
|
||||
|
@ -284,7 +290,7 @@ class keydict(dict):
|
|||
return [item[1] for item in self.items()]
|
||||
|
||||
|
||||
def keyfile(module, user, write=False, path=None, manage_dir=True):
|
||||
def keyfile(module, user, write=False, path=None, manage_dir=True, follow=False):
|
||||
"""
|
||||
Calculate name of authorized keys file, optionally creating the
|
||||
directories and file, properly setting permissions.
|
||||
|
@ -293,11 +299,16 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
|
|||
:param bool write: if True, write changes to authorized_keys file (creating directories if needed)
|
||||
:param str path: if not None, use provided path rather than default of '~user/.ssh/authorized_keys'
|
||||
:param bool manage_dir: if True, create and set ownership of the parent dir of the authorized_keys file
|
||||
:param bool follow: if True symlinks will be followed and not replaced
|
||||
:return: full path string to authorized_keys for user
|
||||
"""
|
||||
|
||||
if module.check_mode and path is not None:
|
||||
keysfile = path
|
||||
|
||||
if follow:
|
||||
return os.path.realpath(keysfile)
|
||||
|
||||
return keysfile
|
||||
|
||||
try:
|
||||
|
@ -314,6 +325,9 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
|
|||
sshdir = os.path.dirname(path)
|
||||
keysfile = path
|
||||
|
||||
if follow:
|
||||
keysfile = os.path.realpath(keysfile)
|
||||
|
||||
if not write:
|
||||
return keysfile
|
||||
|
||||
|
@ -518,6 +532,7 @@ def enforce_state(module, params):
|
|||
key_options = params.get("key_options", None)
|
||||
exclusive = params.get("exclusive", False)
|
||||
comment = params.get("comment", None)
|
||||
follow = params.get('follow', False)
|
||||
error_msg = "Error getting key from: %s"
|
||||
|
||||
# if the key is a url, request it and use it as key source
|
||||
|
@ -613,7 +628,7 @@ def enforce_state(module, params):
|
|||
do_write = True
|
||||
|
||||
if do_write:
|
||||
filename = keyfile(module, user, do_write, path, manage_dir)
|
||||
filename = keyfile(module, user, do_write, path, manage_dir, follow)
|
||||
new_content = serialize(existing_keys)
|
||||
|
||||
diff = None
|
||||
|
@ -650,6 +665,7 @@ def main():
|
|||
exclusive=dict(default=False, type='bool'),
|
||||
comment=dict(required=False, default=None, type='str'),
|
||||
validate_certs=dict(default=True, type='bool'),
|
||||
follow=dict(default=False, type='bool')
|
||||
),
|
||||
supports_check_mode=True
|
||||
)
|
||||
|
|
Loading…
Reference in a new issue