Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
openssh_keypair - Add public key and key comment validation #57993
Jun 18, 2019
referenced this pull request
Jun 18, 2019
Actually, it does not. The module is not idempotent w.r.t.
I guess making the module more idempotent would be a good thing? That should be outside of this PR, though, because that's a bug and should be backported. The module also does not check whether the public key actually belongs to the private key.
Do you think the addition check should be implemented?
@MaxBab it is generated from it, but when private and public key are already there, you'd have to check whether they belong together for proper idempotence checking. The following checks / actions are missing:
In both cases, there's no need to regenerate the private key. In case the private key is regenerated, there's no need to check the public key, since it is regenerated as well.
I have no idea how complicated this is to implement these checks with ssh-keygen though...
@felixfontein I'm started to work on your suggestion and would like to hear your thoughts regarding the following, please.
For this module we have 4 methods: generate, isValid, dump and remove.
All the checks of the validation regarding the existence of the public key, matching of the public key content and same for the comment, should be performed within the "isValid" method. I suppose we agree on this.
I'm not sure it should be located within the "isValid" method as it just returns the state of the checks and not performs any action.
Maybe, creation of the "update" method will fit the logic of the public key and key comment actions?
What do you think?
Hmm, I guess the best way is to refactor the module somehow :) The module copies what similar modules from that namespace are doing, but all these modules only work on one output file. This module has two output files.
How about the following:
@lolcube as the author of this module, do you have any preferences, or other ideas?