search

Venafi / ansible-collection-venafi

Ansible collection for managing machine identities (certificates and keys) using Venafi
Apache License 2.0
14 stars 7 forks source link

ssh_certificate role fails when the file private key file is already present using the ssh_key_generation_type provide feature #17

Closed ricrodriguezg closed 2 years ago

ricrodriguezg commented 2 years ago

PROBLEM SUMMARY ssh_certificate role is returning an error on its second execution when the variable ssh_key_generation_type is set to providedand an existing public key is provided.

STEPS TO REPRODUCE

Set the ssh_key_generation_typetoprovidedand thessh_public_key_path` to provide an existing public key, execute your playbook twice and in the second executing you'll receive the above mentioned error

EXPECTED RESULTS

The following error appears:

\tResponse: b'{\"Response\":{\"ErrorCode\":41,\"ErrorMessage
\":\"Unique public key data must be used. Requested public key hash: 2E737935ED7C51A9EDDEBE11D93B446919A4911B\",\

ACTUAL RESULTS

ENVIRONMENT DETAILS

venafi.machine_identity 0.7.5

COMMENTS/WORKAROUNDS

No Workaround found so far.

achuchev commented 2 years ago

@ricrodriguezg This is expected behaviour. The error comes from SSH Protect. By default, the SSH certificate issuance templates disallow private key reuse. However, this can be adjusted on the issuance template.