diff --git a/changelogs/fragments/1661-gitlab-deploy-key-update-pubkey.yml b/changelogs/fragments/1661-gitlab-deploy-key-update-pubkey.yml new file mode 100644 index 0000000000..f6edfc6f53 --- /dev/null +++ b/changelogs/fragments/1661-gitlab-deploy-key-update-pubkey.yml @@ -0,0 +1,5 @@ +--- +minor_changes: + - gitlab_deploy_key - when the given key title already exists but has a different public key, the public key will now be updated to given value (https://github.com/ansible-collections/community.general/pull/1661). +breaking_changes: + - gitlab_deploy_key - if for an already existing key title a different public key was given as parameter nothing happened, now this changed so that the public key is updated to the new value (https://github.com/ansible-collections/community.general/pull/1661). diff --git a/plugins/modules/source_control/gitlab/gitlab_deploy_key.py b/plugins/modules/source_control/gitlab/gitlab_deploy_key.py index c66a6f9da8..20caf4292b 100644 --- a/plugins/modules/source_control/gitlab/gitlab_deploy_key.py +++ b/plugins/modules/source_control/gitlab/gitlab_deploy_key.py @@ -145,6 +145,13 @@ class GitLabDeployKey(object): def createOrUpdateDeployKey(self, project, key_title, key_key, options): changed = False + # note: unfortunately public key cannot be updated directly by + # GitLab REST API, so for that case we need to delete and + # than recreate the key + if self.deployKeyObject and self.deployKeyObject.key != key_key: + self.deployKeyObject.delete() + self.deployKeyObject = None + # Because we have already call existsDeployKey in main() if self.deployKeyObject is None: deployKey = self.createDeployKey(project, { diff --git a/tests/integration/targets/gitlab_deploy_key/defaults/main.yml b/tests/integration/targets/gitlab_deploy_key/defaults/main.yml index 4e47591941..04d5b6ca83 100644 --- a/tests/integration/targets/gitlab_deploy_key/defaults/main.yml +++ b/tests/integration/targets/gitlab_deploy_key/defaults/main.yml @@ -1,2 +1,3 @@ gitlab_project_name: ansible_test_project gitlab_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJnTYY7CYk1F/wBklpdRxudxN6KeXgfhutkiCigSfPhe ansible_test" +gitlab_deploy_key_new: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDL1TDkIY2uu6NYRD0G5qGeHTd/AoqQpCw1XENXDnTLDN5DNZVCO1+7xfA5DR5V2tcR691Q005BKxoCo+uUBd1aAM7JWyuXl050rZCXBj4oaUF7urjDANQ7FzYuvqp9h8NGkvzfBYz5YBfu4vh43ajnF0daSyZy4RlxeG9G44vnHElXTQ0igaOCSta/23FdERIYzKxuX4Ul42AwtSmCRwbkN4fC86o0UwW2q0zkgFOUoojtS/Avh0aX8UQyeagaPJFXCc/ldG1mMK020GQAEa8aQcUpysnEzZdq6no5Zyn/WQSobpnJ9CraHhdb1QQytg/+c+CgjSN0cERhTvLn0WsQ043jo5g1kSHNu+OiYXmVwTxe95nXCsoYmCNF/DmezjYVxe9BGlKRAEuHsNi87Il84nBnzKVHGlkq8eJNTR8ASjNkjI7pGS0zxCDB55c3LHh4Aa1xU+nwINRurn/TEDpDZc43/XOnt+aqbxkeWbMtOD/r2gfMj8lNZJ/IyamWy7HcFgGpTZJln4WxVLF+Cz56qa8Hf9WzJL+8Lq7eE3sJKOagn/zPgqeybXbTIPSr3fshq3yE8FYHpFKS4aLvQC/XSLCywrhr25DKBn9UHIZmgC9hxMnVJCKux+ltwGJOKIaoj+5n3+DvM+E3fK3fkADo5+Frzay6/rLTwKWUrzfjQQ== ansible_test_new" diff --git a/tests/integration/targets/gitlab_deploy_key/tasks/main.yml b/tests/integration/targets/gitlab_deploy_key/tasks/main.yml index ba82e378a5..430d46f4ab 100644 --- a/tests/integration/targets/gitlab_deploy_key/tasks/main.yml +++ b/tests/integration/targets/gitlab_deploy_key/tasks/main.yml @@ -39,3 +39,35 @@ - assert: that: - deploy_key_status is changed + - deploy_key_status.deploy_key.key == gitlab_deploy_key + + +- name: Update public key {{ gitlab_project_name }} (change expected) + gitlab_deploy_key: + login_token: "{{ gitlab_login_token }}" + project: "root/{{ gitlab_project_name }}" + server_url: "{{ gitlab_host }}" + title: "{{ gitlab_project_name }}" + key: "{{ gitlab_deploy_key_new }}" + state: present + register: deploy_key_status + +- assert: + that: + - deploy_key_status is changed + - deploy_key_status.deploy_key.key == gitlab_deploy_key_new + +- name: Update public key {{ gitlab_project_name }} (no change expected) + gitlab_deploy_key: + login_token: "{{ gitlab_login_token }}" + project: "root/{{ gitlab_project_name }}" + server_url: "{{ gitlab_host }}" + title: "{{ gitlab_project_name }}" + key: "{{ gitlab_deploy_key_new }}" + state: present + register: deploy_key_status + +- assert: + that: + - not deploy_key_status.changed + - deploy_key_status.deploy_key.key == gitlab_deploy_key_new