From c58c0b85473f5cad4117b3b06b98f801e6db0938 Mon Sep 17 00:00:00 2001 From: Sloane Hertel Date: Mon, 22 Oct 2018 09:28:07 -0400 Subject: [PATCH] [aws] Fix check mode bug in ec2_key (#45320) Fix incorrect ec2_key check-mode behavior when a key already exists and key_material has been provided --- lib/ansible/modules/cloud/amazon/ec2_key.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/lib/ansible/modules/cloud/amazon/ec2_key.py b/lib/ansible/modules/cloud/amazon/ec2_key.py index ce30563f8c..ebcba6621f 100644 --- a/lib/ansible/modules/cloud/amazon/ec2_key.py +++ b/lib/ansible/modules/cloud/amazon/ec2_key.py @@ -186,13 +186,16 @@ def create_key_pair(module, ec2_client, name, key_material, force): key = find_key_pair(module, ec2_client, name) if key: if key_material and force: - new_fingerprint = get_key_fingerprint(module, ec2_client, key_material) - if key['KeyFingerprint'] != new_fingerprint: - if not module.check_mode: + if not module.check_mode: + new_fingerprint = get_key_fingerprint(module, ec2_client, key_material) + if key['KeyFingerprint'] != new_fingerprint: delete_key_pair(module, ec2_client, name, finish_task=False) key = import_key_pair(module, ec2_client, name, key_material) - key_data = extract_key_data(key) - module.exit_json(changed=True, key=key_data, msg="key pair updated") + key_data = extract_key_data(key) + module.exit_json(changed=True, key=key_data, msg="key pair updated") + else: + # Assume a change will be made in check mode since a comparison can't be done + module.exit_json(changed=True, key=extract_key_data(key), msg="key pair updated") key_data = extract_key_data(key) module.exit_json(changed=False, key=key_data, msg="key pair already exists") else: