From 5d2652f31b42804db5e1d7442856793f2c7b3ba7 Mon Sep 17 00:00:00 2001 From: Sam Thursfield Date: Mon, 23 Mar 2015 11:51:49 +0000 Subject: [PATCH] Fix authorized_key module crashing when given an invalid key I tried a playbook with the following (accidentally wrong) task: tasks: - name: authorized key test authorized_key: key=/home/sam/.ssh/id_rsa.pub key_options='command="/foo/bar"' user=sam I got the following traceback: TASK: [authorized key test] *************************************************** failed: [localhost] => {"failed": true, "parsed": false} Traceback (most recent call last): File "/home/sam/.ansible/tmp/ansible-tmp-1427110003.65-277897441194582/authorized_key", line 2515, in main() File "/home/sam/.ansible/tmp/ansible-tmp-1427110003.65-277897441194582/authorized_key", line 460, in main results = enforce_state(module, module.params) File "/home/sam/.ansible/tmp/ansible-tmp-1427110003.65-277897441194582/authorized_key", line 385, in enforce_state parsed_new_key = (parsed_new_key[0], parsed_new_key[1], parsed_options, parsed_new_key[3]) TypeError: 'NoneType' object has no attribute '__getitem__' With this fix, I see the expected error instead: TASK: [authorized key test] *************************************************** failed: [localhost] => {"failed": true} msg: invalid key specified: /home/sam/.ssh/id_rsa.pub --- lib/ansible/modules/system/authorized_key.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/ansible/modules/system/authorized_key.py b/lib/ansible/modules/system/authorized_key.py index be2a442346..458b94dff0 100644 --- a/lib/ansible/modules/system/authorized_key.py +++ b/lib/ansible/modules/system/authorized_key.py @@ -377,13 +377,14 @@ def enforce_state(module, params): # Check our new keys, if any of them exist we'll continue. for new_key in key: parsed_new_key = parsekey(module, new_key) - if key_options is not None: - parsed_options = parseoptions(module, key_options) - parsed_new_key = (parsed_new_key[0], parsed_new_key[1], parsed_options, parsed_new_key[3]) if not parsed_new_key: module.fail_json(msg="invalid key specified: %s" % new_key) + if key_options is not None: + parsed_options = parseoptions(module, key_options) + parsed_new_key = (parsed_new_key[0], parsed_new_key[1], parsed_options, parsed_new_key[3]) + present = False matched = False non_matching_keys = []