Check return code on ssh(-keygen) invocations.

ansible-collections · Aug 11, 2023 · 9c2fbc8 · 9c2fbc8
1 parent 55c94eb
commit 9c2fbc8
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/plugins/module_utils/openssh/backends/common.py b/plugins/module_utils/openssh/backends/common.py
@@ -127,7 +127,7 @@ def _get_ssh_version(self):
         ssh_bin = self.module.get_bin_path('ssh')
         if not ssh_bin:
             return ""
-        return parse_openssh_version(self.module.run_command([ssh_bin, '-V', '-q'])[2].strip())
+        return parse_openssh_version(self.module.run_command([ssh_bin, '-V', '-q'], check_rc=True)[2].strip())
 
     @_restore_all_on_failure
     def _safe_secure_move(self, sources_and_destinations):

diff --git a/plugins/module_utils/openssh/backends/keypair_backend.py b/plugins/module_utils/openssh/backends/keypair_backend.py
@@ -323,23 +323,23 @@ def __init__(self, module):
         self.ssh_keygen = KeygenCommand(self.module)
 
     def _generate_keypair(self, private_key_path):
-        self.ssh_keygen.generate_keypair(private_key_path, self.size, self.type, self.comment)
+        self.ssh_keygen.generate_keypair(private_key_path, self.size, self.type, self.comment, check_rc=True)
 
     def _get_private_key(self):
-        private_key_content = self.ssh_keygen.get_private_key(self.private_key_path)[1]
+        private_key_content = self.ssh_keygen.get_private_key(self.private_key_path, check_rc=True)[1]
         return PrivateKey.from_string(private_key_content)
 
     def _get_public_key(self):
-        public_key_content = self.ssh_keygen.get_matching_public_key(self.private_key_path)[1]
+        public_key_content = self.ssh_keygen.get_matching_public_key(self.private_key_path, check_rc=True)[1]
         return PublicKey.from_string(public_key_content)
 
     def _private_key_readable(self):
-        rc, stdout, stderr = self.ssh_keygen.get_matching_public_key(self.private_key_path)
+        rc, stdout, stderr = self.ssh_keygen.get_matching_public_key(self.private_key_path, check_rc=False)
         return not (rc == 255 or any_in(stderr, 'is not a public key file', 'incorrect passphrase', 'load failed'))
 
     def _update_comment(self):
         try:
-            self.ssh_keygen.update_comment(self.private_key_path, self.comment)
+            self.ssh_keygen.update_comment(self.private_key_path, self.comment, check_rc=True)
         except (IOError, OSError) as e:
             self.module.fail_json(msg=to_native(e))
 

diff --git a/plugins/modules/openssh_cert.py b/plugins/modules/openssh_cert.py
@@ -497,7 +497,7 @@ def _result(self):
         if self.state != 'present':
             return {}
 
-        certificate_info = self.ssh_keygen.get_certificate_info(self.path)[1]
+        certificate_info = self.ssh_keygen.get_certificate_info(self.path, check_rc=True)[1]
 
         return {
             'type': self.type,