Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Always generate a new key pair if the private key doesn't exist #598

Merged
merged 2 commits into from
May 1, 2023
Merged

Always generate a new key pair if the private key doesn't exist #598

merged 2 commits into from
May 1, 2023

Commits on May 1, 2023

  1. Always generate a new key pair if the private key doesn't exist (ansi… 

    …ble-collections#597)

This commit updates `KeypairBackend._should_generate()` to first check
if the original private key named by the `path` argument exists, and
return True if it does not. This brings the code in line with
the documentation, which says that a new key will always be generated if
the key file doesn't already exist.

As an alternative to the approach implemented here, I also considered
only modifying the condition in the `fail` branch of the if statement,
but I thought that would not map as cleanly to the behavior specified in
the documentation, so doing it the way I did should make it easier to
check that the code is doing the right thing just by looking at it.
I also considered doing something to make the logic more similar to
`PrivateKeyBackend.needs_regeneration()` (the openssl version of this
functionality), because the two are supposed to be acting the same way,
but I thought that'd be going beyond the scope of just fixing this bug.
If it'd be useful to make both methods work the same way, someone can
refactor the code in a future commit.
    @diazona
    diazona committed May 1, 2023
    Configuration menu
    Copy the full SHA
    d046c1c View commit details
    Browse the repository at this point in the history

  2. Test different regenerate values with nonexistent keys 

    This commit changes the test task that generates new keys to use each of
the different values for the `regenerate` argument, which will ensure
that the module is capable of generating a key when no previous key
exists regardless of the value of `regenerate`. Previously, the task
would always run with the `partial_idempotence` value, and that obscured
a bug (ansible-collections#597) that would occur when it was set to `fail`. The bug was
fixed in the previous commit.
    @diazona
    diazona committed May 1, 2023
    Configuration menu
    Copy the full SHA
    d88c323 View commit details
    Browse the repository at this point in the history