From d8351984093e7dc454a4cebb878dc488f3f09626 Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Sat, 12 Aug 2023 12:22:46 +0200
Subject: [PATCH] Now fails if comment cannot be updated.

This was silently ignored in the past.
---
 changelogs/fragments/646-openssh-rc.yml                  | 2 ++
 .../targets/openssh_keypair/tests/options.yml            | 9 +++++++++
 2 files changed, 11 insertions(+)

diff --git a/changelogs/fragments/646-openssh-rc.yml b/changelogs/fragments/646-openssh-rc.yml
index 434a6785a..5ca84e391 100644
--- a/changelogs/fragments/646-openssh-rc.yml
+++ b/changelogs/fragments/646-openssh-rc.yml
@@ -1,3 +1,5 @@
 bugfixes:
   - "openssh_cert, openssh_keypair - the modules ignored return codes of ``ssh`` and ``ssh-keygen`` in some cases (https://github.com/ansible-collections/community.crypto/issues/645, https://github.com/ansible-collections/community.crypto/pull/646)."
   - "openssh_keypair - fix comment updating for OpenSSH before 6.5 (https://github.com/ansible-collections/community.crypto/pull/646)."
+minor_changes:
+  - "openssh_keypair - fail when comment cannot be updated (https://github.com/ansible-collections/community.crypto/pull/646)."
diff --git a/tests/integration/targets/openssh_keypair/tests/options.yml b/tests/integration/targets/openssh_keypair/tests/options.yml
index fdabd7614..f1f0737af 100644
--- a/tests/integration/targets/openssh_keypair/tests/options.yml
+++ b/tests/integration/targets/openssh_keypair/tests/options.yml
@@ -100,6 +100,7 @@
     comment: "test_modified@comment"
     backend: "{{ backend }}"
   register: modified_comment_output
+  ignore_errors: true
 
 - name: "({{ backend }}) Assert comment preserved public key - comment"
   assert:
@@ -111,9 +112,17 @@
   assert:
     that:
       - modified_comment_output.comment == 'test_modified@comment'
+      - modified_comment_output is succeeded
   # Support for updating comments for key types other than rsa1 was added in OpenSSH 7.2
   when: not (backend == 'opensshbin' and openssh_version is version('7.2', '<'))
 
+- name: "({{ backend }}) Assert comment not changed - comment"
+  assert:
+    that:
+      - modified_comment_output is failed
+  # Support for updating comments for key types other than rsa1 was added in OpenSSH 7.2
+  when: backend == 'opensshbin' and openssh_version is version('7.2', '<')
+
 - name: "({{ backend }}) Remove key - comment"
   openssh_keypair:
     path: "{{ remote_tmp_dir }}/comment"