ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-04-17 17:31:31 +00:00
Code Activity

nsupdate: fix GSS-TSIG support (#11712)

Browse source 
The fix for missing keyring initialization without TSIG auth in
PR #11461 put the initialization of "self.keyring" and "self.keyname"
in an else clause after checking if "key_name" is set.

The problem is that for "key_algorithm" == "gss-tsig":
a) "key_name" isn't set
b) self.keyring and self.keyname have already been initialized and
   will be discarded

This means that gss-tsig support is broken. Fix it by moving the
initialization of "self.keyring" and "self.keyname" to the top.
This commit is contained in:
David Härdeman 2026-04-12 13:09:31 +02:00 committed by GitHub
parent 5eaa22b067
commit bd7b361db1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
plugins/modules/nsupdate.py
View file

@ -229,6 +229,8 @@ class RecordManager:
self.server_fqdn = None
self.server_ips = self.resolve_server()
self.keyring = None
self.keyname = None
if module.params["key_algorithm"] == "hmac-md5":
self.algorithm = "HMAC-MD5.SIG-ALG.REG.INT"
@ -248,9 +250,6 @@ class RecordManager:
module.fail_json(msg="Missing key_secret")
except binascii_error as e:
module.fail_json(msg=f"TSIG key error: {e}")
else:
self.keyring = None
self.keyname = None
if module.params["zone"] is None:
if module.params["record"][-1] != ".":