From c6bc4c49762b9c81c58b1a3085a41a6420df72d0 Mon Sep 17 00:00:00 2001
From: Guillaume Abrioux <gabrioux@redhat.com>
Date: Thu, 14 Nov 2019 10:30:34 +0100
Subject: [PATCH] ceph_key: restore file mode after a key is fetched

when `import_key` is enabled, if the key already exists, it will only be
fetched using ceph cli, if the mode specified in the `ceph_key` task is
different from what is applied by the ceph cli, the mode isn't restored because
we don't call `module.set_fs_attributes_if_different()` before
`module.exit_json(**result)`

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1734513

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit b717b5f736448903c69882392e0691fba60893aa)
---
 library/ceph_key.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/library/ceph_key.py b/library/ceph_key.py
index 34a3b79b2..db9a42a09 100644
--- a/library/ceph_key.py
+++ b/library/ceph_key.py
@@ -505,6 +505,8 @@ def run_module():
         add_file_common_args=True,
     )
 
+    file_args = module.load_file_common_arguments(module.params)
+
     # Gather module parameters in variables
     state = module.params['state']
     name = module.params.get('name')
@@ -554,6 +556,8 @@ def run_module():
             file_path = os.path.join(dest + "/" + cluster +
                                      "." + name + ".keyring")
 
+        file_args['path'] = file_path
+
         # We allow 'present' to override any existing key
         # ONLY if a secret is provided
         # if not we skip the creation
@@ -565,13 +569,11 @@ def run_module():
                 result["stdout"] = "skipped, since {0} already exists, we only fetched the key at {1}. If you want to update a key use 'state: update'".format(  # noqa E501
                     name, file_path)
                 result['rc'] = rc
+                module.set_fs_attributes_if_different(file_args, False)
                 module.exit_json(**result)
 
         rc, cmd, out, err = exec_commands(module, create_key(
             module, result, cluster, name, secret, caps, import_key, auid, file_path, containerized))  # noqa E501
-
-        file_args = module.load_file_common_arguments(module.params)
-        file_args['path'] = file_path
         module.set_fs_attributes_if_different(file_args, False)
     elif state == "update":
         if not caps: