Skip to content

Commit

Permalink
Fixes ansible#6454 verify ec2 key fingerprints
Browse files Browse the repository at this point in the history
  • Loading branch information
jctanner committed Apr 3, 2014
1 parent cdc0819 commit b660062
Showing 1 changed file with 43 additions and 4 deletions.
47 changes: 43 additions & 4 deletions library/cloud/ec2_key
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,10 @@ except ImportError:
print "failed=True msg='boto required for this module'"
sys.exit(1)

import random
import string


def main():
argument_spec = ec2_argument_spec()
argument_spec.update(dict(
Expand Down Expand Up @@ -187,10 +191,45 @@ def main():
# Ensure requested key is present
elif state == 'present':
if key:
'''existing key found'''
# Should check if the fingerprint is the same - but lack of info
# and different fingerprint provided (pub or private) depending if
# the key has been created of imported.
# existing key found
if key_material:
# EC2's fingerprints are non-trivial to generate, so push this key
# to a temporary name and make ec2 calculate the fingerprint for us.
#
# http://blog.jbrowne.com/?p=23
# https://forums.aws.amazon.com/thread.jspa?messageID=352828

# find an unused name
test = 'empty'
while test:
randomchars = [random.choice(string.ascii_letters + string.digits) for x in range(0,10)]
tmpkeyname = "ansible-" + ''.join(randomchars)
test = ec2.get_key_pair(tmpkeyname)

# create tmp key
tmpkey = ec2.import_key_pair(tmpkeyname, key_material)
# get tmp key fingerprint
tmpfingerprint = tmpkey.fingerprint
# delete tmp key
tmpkey.delete()

if key.fingerprint != tmpfingerprint:
if not module.check_mode:
key.delete()
key = ec2.import_key_pair(name, key_material)

if wait:
start = time.time()
action_complete = False
while (time.time() - start) < wait_timeout:
if ec2.get_key_pair(name):
action_complete = True
break
time.sleep(1)
if not action_complete:
module.fail_json(msg="timed out while waiting for the key to be re-created")

changed = True
pass

# if the key doesn't exist, create it now
Expand Down

0 comments on commit b660062

Please sign in to comment.