ceph_key: fix idempotency when no secret is passed

553584cbd0 introduced a regression when no
secret is passed, it overwrites the secret each time the task is run.

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 003defec03)
pull/5247/head
Guillaume Abrioux 2020-04-03 10:24:32 +02:00 committed by Dimitri Savineau
parent a472064cb8
commit cbed1eb17a
1 changed files with 40 additions and 30 deletions

View File

@ -548,10 +548,26 @@ def run_module():
key_exist = 1 key_exist = 1
_secret = secret _secret = secret
_caps = caps _caps = caps
if (state in ["present", "update"] and import_key) or state == "info": if (state in ["present", "update", "info"]):
# if dest is not a directory, the user wants to change the file's name
# (e,g: /etc/ceph/ceph.mgr.ceph-mon2.keyring)
if not os.path.isdir(dest):
file_path = dest
else:
if 'bootstrap' in dest:
# Build a different path for bootstrap keys as there are stored as
# /var/lib/ceph/bootstrap-rbd/ceph.keyring
keyring_filename = cluster + '.keyring'
else:
keyring_filename = cluster + "." + name + ".keyring"
file_path = os.path.join(dest, keyring_filename)
file_args['path'] = file_path
if import_key or state == "info":
user = "client.admin" user = "client.admin"
keyring_filename = cluster + '.' + user + '.keyring' user_key = os.path.join(
user_key = os.path.join("/etc/ceph/", keyring_filename) "/etc/ceph/" + cluster + ".client.admin.keyring")
output_format = "json" output_format = "json"
_info_key = [] _info_key = []
rc, cmd, out, err = exec_commands( rc, cmd, out, err = exec_commands(
@ -559,12 +575,21 @@ def run_module():
key_exist = rc key_exist = rc
if key_exist == 0: if key_exist == 0:
_info_key = json.loads(out) _info_key = json.loads(out)
if not secret:
secret = _info_key[0]['key']
_secret = _info_key[0]['key'] _secret = _info_key[0]['key']
if not caps:
caps = _info_key[0]['caps']
_caps = _info_key[0]['caps'] _caps = _info_key[0]['caps']
if import_key and secret == _secret and caps == _caps: if secret == _secret and caps == _caps:
result["stdout"] = "{0} already exists and doesn't need to be updated.".format(name) # noqa E501 result["stdout"] = "{0} already exists and doesn't need to be updated.".format(name) # noqa E501
result["rc"] = 0 result["rc"] = 0
module.exit_json(**result) module.exit_json(**result)
else:
if os.path.isfile(file_path) and not secret or not caps:
result["stdout"] = "{0} already exists in {1} you must provide secret *and* caps when import_key is {2}".format(name, dest, import_key) # noqa E501
result["rc"] = 0
module.exit_json(**result)
# "update" is here only for backward compatibility # "update" is here only for backward compatibility
if state in ["present", "update"]: if state in ["present", "update"]:
@ -573,21 +598,6 @@ def run_module():
if import_key and key_exist != 0 and secret is None and caps is None: if import_key and key_exist != 0 and secret is None and caps is None:
fatal("Keyring doesn't exist, you must provide 'secret' and 'caps'", module) # noqa E501 fatal("Keyring doesn't exist, you must provide 'secret' and 'caps'", module) # noqa E501
# if dest is not a directory, the user wants to change the file's name
# (e,g: /etc/ceph/ceph.mgr.ceph-mon2.keyring)
if not os.path.isdir(dest):
file_path = dest
elif 'bootstrap' in dest:
# Build a different path for bootstrap keys as there are stored as
# /var/lib/ceph/bootstrap-rbd/ceph.keyring
keyring_filename = cluster + '.keyring'
file_path = os.path.join(dest, keyring_filename)
else:
keyring_filename = cluster + "." + name + ".keyring"
file_path = os.path.join(dest, keyring_filename)
file_args['path'] = file_path
# There's no need to run create_key() if neither secret nor caps have changed # There's no need to run create_key() if neither secret nor caps have changed
if (key_exist == 0 and (secret != _secret or caps != _caps)) or key_exist != 0: if (key_exist == 0 and (secret != _secret or caps != _caps)) or key_exist != 0:
rc, cmd, out, err = exec_commands(module, create_key( rc, cmd, out, err = exec_commands(module, create_key(