From d4333080c4ef3523e053d9d405655324013f6698 Mon Sep 17 00:00:00 2001 From: Rene Moser Date: Sat, 28 Mar 2015 22:12:19 +0100 Subject: [PATCH] cloudstack_ssh: replace ssh public key if fingerprints do not match --- .../cloud/cloudstack/cloudstack_sshkey.py | 38 +++++++++++++++++-- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/lib/ansible/modules/extras/cloud/cloudstack/cloudstack_sshkey.py b/lib/ansible/modules/extras/cloud/cloudstack/cloudstack_sshkey.py index 7e803be02e..4f63a9d566 100644 --- a/lib/ansible/modules/extras/cloud/cloudstack/cloudstack_sshkey.py +++ b/lib/ansible/modules/extras/cloud/cloudstack/cloudstack_sshkey.py @@ -95,6 +95,12 @@ try: except ImportError: has_lib_cs = False +try: + import sshpubkeys + has_lib_sshpubkeys = True +except ImportError: + has_lib_sshpubkeys = False + from ansible.module_utils.cloudstack import * class AnsibleCloudStackSshKey(AnsibleCloudStack): @@ -109,14 +115,30 @@ class AnsibleCloudStackSshKey(AnsibleCloudStack): def register_ssh_key(self, public_key): ssh_key = self.get_ssh_key() + + args = {} + args['projectid'] = self.get_project_id() + args['name'] = self.module.params.get('name') + + res = None if not ssh_key: self.result['changed'] = True - args = {} - args['projectid'] = self.get_project_id() - args['name'] = self.module.params.get('name') args['publickey'] = public_key if not self.module.check_mode: - ssh_key = self.cs.registerSSHKeyPair(**args) + res = self.cs.registerSSHKeyPair(**args) + + else: + fingerprint = self._get_ssh_fingerprint(public_key) + if ssh_key['fingerprint'] != fingerprint: + self.result['changed'] = True + if not self.module.check_mode: + self.cs.deleteSSHKeyPair(**args) + args['publickey'] = public_key + res = self.cs.registerSSHKeyPair(**args) + + if res and 'keypair' in res: + ssh_key = res['keypair'] + return ssh_key @@ -170,6 +192,11 @@ class AnsibleCloudStackSshKey(AnsibleCloudStack): return self.result + def _get_ssh_fingerprint(self, public_key): + key = sshpubkeys.SSHKey(public_key) + return key.hash() + + def main(): module = AnsibleModule( argument_spec = dict( @@ -188,6 +215,9 @@ def main(): if not has_lib_cs: module.fail_json(msg="python library cs required: pip install cs") + if not has_lib_sshpubkeys: + module.fail_json(msg="python library sshpubkeys required: pip install sshpubkeys") + try: acs_sshkey = AnsibleCloudStackSshKey(module) state = module.params.get('state')