fix custom file attributes for public keys

Use of the confusingly-named _permissions_changed() on both sides of an `or` was resulting in the second invocation not being reached if the first invocation returned True, which it does any time it applied custom attributes to the private key. As a result, custom file attributes were only ever being applied to the private key (except in one specific case) This is fixed by explicitly updating attributes of both files before checking if changes have been made. Signed-off-by: Charlie Wheeler-Robinson <[email protected]>
ansible-collections · Jul 20, 2021 · 7b60859 · 7b60859
1 parent 4908f1a
commit 7b60859
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/plugins/module_utils/openssh/backends/keypair_backend.py b/plugins/module_utils/openssh/backends/keypair_backend.py
@@ -118,7 +118,9 @@ def generate(self):
  self.module.fail_json(msg='Unable to update the comment for the public key.')
  self._update_comment()
 
- if self._permissions_changed() or self._permissions_changed(public_key=True):
+ private_key_perms_changed = self._permissions_changed()
+ public_key_perms_changed = self._permissions_changed(public_key=True)
+ if private_key_perms_changed or public_key_perms_changed:
  self.changed = True
 
  def is_private_key_valid(self, perms_required=True):

diff --git a/plugins/modules/openssh_keypair.py b/plugins/modules/openssh_keypair.py
@@ -122,6 +122,7 @@
  - In case the ssh key is broken or password protected, the module will fail.
  Set the I(force) option to C(yes) if you want to regenerate the keypair.
  - Supports C(check_mode).
+ - In the case a custom C(mode), C(group), C(owner), or other file attribute is provided it will be applied to both key files.
 
 extends_documentation_fragment: files
 '''