]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ansible.git/commitdiff
projects / ceph-ansible.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 146d144)
ceph_key: restore file mode after a key is fetched
authorGuillaume Abrioux <gabrioux@redhat.com>
Thu, 14 Nov 2019 09:30:34 +0000 (10:30 +0100)
committerGuillaume Abrioux <gabrioux@redhat.com>
Fri, 15 Nov 2019 05:11:11 +0000 (06:11 +0100)
when `import_key` is enabled, if the key already exists, it will only be
fetched using ceph cli, if the mode specified in the `ceph_key` task is
different from what is applied by the ceph cli, the mode isn't restored because
we don't call `module.set_fs_attributes_if_different()` before
`module.exit_json(**result)`

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1734513
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit b717b5f736448903c69882392e0691fba60893aa)

library/ceph_key.py patch | blob | history

diff --git a/library/ceph_key.py b/library/ceph_key.py
index 34a3b79b2591550f8991cd83affa179b767eb50a..db9a42a095ff2fed1848bb39ea36fb66a7eb99cf 100644 (file)
--- a/library/ceph_key.py
+++ b/library/ceph_key.py
@@ -505,6 +505,8 @@ def run_module():
         add_file_common_args=True,
     )
 
+    file_args = module.load_file_common_arguments(module.params)
+
     # Gather module parameters in variables
     state = module.params['state']
     name = module.params.get('name')
@@ -554,6 +556,8 @@ def run_module():
             file_path = os.path.join(dest + "/" + cluster +
                                      "." + name + ".keyring")
 
+        file_args['path'] = file_path
+
         # We allow 'present' to override any existing key
         # ONLY if a secret is provided
         # if not we skip the creation
@@ -565,13 +569,11 @@ def run_module():
                 result["stdout"] = "skipped, since {0} already exists, we only fetched the key at {1}. If you want to update a key use 'state: update'".format(  # noqa E501
                     name, file_path)
                 result['rc'] = rc
+                module.set_fs_attributes_if_different(file_args, False)
                 module.exit_json(**result)
 
         rc, cmd, out, err = exec_commands(module, create_key(
             module, result, cluster, name, secret, caps, import_key, auid, file_path, containerized))  # noqa E501
-
-        file_args = module.load_file_common_arguments(module.params)
-        file_args['path'] = file_path
         module.set_fs_attributes_if_different(file_args, False)
     elif state == "update":
         if not caps:
Unnamed repository; edit this file 'description' to name the repository.