From 59551351a9fe44b81f58542e2f5824023cba532e Mon Sep 17 00:00:00 2001 From: =?utf8?q?S=C3=A9bastien=20Han?= Date: Fri, 20 Apr 2018 16:35:39 +0200 Subject: [PATCH] ceph_key: ability to apply a mode to a file MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit You can now create keys and set file mode on them. Use the 'mode' parameter for that, mode must be in octal so 0644. Signed-off-by: Sébastien Han --- library/ceph_key.py | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/library/ceph_key.py b/library/ceph_key.py index 15e0657f1..eaa6022a6 100644 --- a/library/ceph_key.py +++ b/library/ceph_key.py @@ -57,8 +57,8 @@ options: If 'absent' is used, the module will simply delete the keyring. If 'list' is used, the module will list all the keys and will return a json output. - If 'update' is used, the module will **only** update the capabilities - of a given keyring. + If 'update' is used, the module will **only** update + the capabilities of a given keyring. If 'info' is used, the module will return in a json format the description of a given keyring. required: true @@ -120,6 +120,7 @@ caps: osd: allow * mgr: allow * mds: allow + mode: 0400 import_key: False - name: create monitor initial keyring @@ -187,14 +188,6 @@ def fatal(message, module): raise(Exception(message)) -def key_mode(file_path, mode): - ''' - Change mode file for a CephX key - Problem, how to do this on containerized deployment? - ''' - os.chmod(file_path, mode) - - def generate_secret(): ''' Generate a CephX secret @@ -213,7 +206,8 @@ def generate_caps(cmd, _type, caps): ''' for k, v in caps.iteritems(): - # makes sure someone didn't pass an empty var, we don't want to add an empty cap + # makes sure someone didn't pass an empty var, + # we don't want to add an empty cap if len(k) == 0: continue if _type == "ceph-authtool": @@ -400,7 +394,8 @@ def run_module(): module = AnsibleModule( argument_spec=module_args, - supports_check_mode=True + supports_check_mode=True, + add_file_common_args=True, ) # Gather module parameters in variables @@ -440,7 +435,9 @@ def run_module(): if not caps: fatal("Capabilities must be provided when state is 'present'", module) - # We allow 'present' to override any existing key ONLY if a secret is provided, if not we skip the creation + # We allow 'present' to override any existing key + # ONLY if a secret is provided + # if not we skip the creation if import_key: if rc == 0 and not secret: result["stdout"] = "skipped, since {0} already exists, if you want to update a key use 'state: update'".format( @@ -451,6 +448,11 @@ def run_module(): rc, cmd, out, err = exec_commands(module, create_key( module, result, cluster, name, secret, caps, import_key, auid, dest, containerized)) + file_path = os.path.join( + dest + "/" + cluster + "." + name + ".keyring") + file_args = module.load_file_common_arguments(module.params) + file_args['path'] = file_path + module.set_fs_attributes_if_different(file_args, False) elif state == "update": if not caps: fatal("Capabilities must be provided when state is 'update'", module) -- 2.39.5