Try again to generate EC2 key fingerprints

tests/integration/requirements.txt

@@ -1,3 +1,5 @@
 # netaddr is needed for ansible.netcommon.ipv6
 netaddr
 virtualenv
+# Used for comparing SSH Public keys to the Amazon fingerprints
+pycrypto

tests/integration/targets/setup_sshkey/files/ec2-fingerprint.py

@@ -0,0 +1,28 @@
+#!/usr/bin/env python
+"""
+Reads an OpenSSH Public key and spits out the 'AWS' MD5 sum
+The equivalent of
+
+ssh-keygen -f id_rsa.pub -e -m PKCS8 | openssl pkey -pubin -outform DER | openssl md5 -c | cut -f 2 -d ' '
+
+(but without needing the OpenSSL CLI)
+"""
+
+import hashlib
+import sys
+from Crypto.PublicKey import RSA
+
+if len(sys.argv) == 0:
+    ssh_public_key = "id_rsa.pub"
+else:
+    ssh_public_key = sys.argv[1]
+
+data = open(ssh_public_key, 'r').read()
+# Convert from SSH format to DER format
+public_key = RSA.importKey(data).exportKey('DER')
+md5digest = hashlib.md5(public_key).hexdigest()
+# Format the md5sum into the normal format
+pairs = zip(md5digest[::2],md5digest[1::2])
+md5string = ":".join(map(lambda x: "".join(x), pairs))
+
+print(md5string)

tests/integration/targets/setup_sshkey/tasks/main.yml

@@ -15,48 +15,55 @@
 # You should have received a copy of the GNU General Public License
 # along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
 
-- name: ensure openssl cli is available
-  package:
-    name: openssl
-    state: present
+- name: create a temp dir
+  tempfile:
+    state: directory
+  register: sshkey_dir
   tags:
     - prepare
 
-- name: create a temp file
-  tempfile:
-    state: file
-  register: sshkey_file
+- name: ensure script is available
+  copy:
+    src: ec2-fingerprint.py
+    dest: '{{ sshkey_dir.path }}/ec2-fingerprint.py'
+    mode: 0700
   tags:
     - prepare
 
+- name: Set location of SSH keys
+  set_fact:
+    sshkey: '{{ sshkey_dir.path }}/key_one'
+    another_sshkey: '{{ sshkey_dir.path }}/key_two'
+    sshkey_pub: '{{ sshkey_dir.path }}/key_one.pub'
+    another_sshkey_pub: '{{ sshkey_dir.path }}/key_two.pub'
+
 - name: generate sshkey
-  shell: echo 'y' | ssh-keygen -P '' -f {{ sshkey_file.path }}
+  shell: echo 'y' | ssh-keygen -P '' -f '{{ sshkey }}'
   tags:
     - prepare
 
-- name: create another temp file
-  tempfile:
-    state: file
-  register: another_sshkey_file
+- name: record fingerprint
+  shell: '{{ sshkey_dir.path }}/ec2-fingerprint.py {{ sshkey_pub }}'
+  register: fingerprint
   tags:
     - prepare
 
 - name: generate another_sshkey
-  shell: echo 'y' | ssh-keygen -P '' -f {{ another_sshkey_file.path }}
+  shell: echo 'y' | ssh-keygen -P '' -f {{ another_sshkey }}
   tags:
     - prepare
 
-- name: record fingerprint
-  shell: openssl rsa -in {{ sshkey_file.path }} -pubout -outform DER 2>/dev/null | openssl md5 -c
-  register: fingerprint
+- name: record another fingerprint
+  shell: '{{ sshkey_dir.path }}/ec2-fingerprint.py {{ another_sshkey_pub }}'
+  register: another_fingerprint
   tags:
     - prepare
 
 - name: set facts for future roles
   set_fact:
-    sshkey: '{{ sshkey_file.path }}'
-    key_material: "{{ lookup('file', sshkey_file.path ~ '.pub') }}"
-    another_key_material: "{{ lookup('file', another_sshkey_file.path ~ '.pub') }}"
-    fingerprint: '{{ fingerprint.stdout.split()[1] }}'
+    key_material: "{{ lookup('file', sshkey_pub) }}"
+    another_key_material: "{{ lookup('file', another_sshkey_pub) }}"
+    fingerprint: '{{ fingerprint.stdout }}'
+    another_fingerprint: '{{ another_fingerprint.stdout }}'
   tags:
     - prepare