diff --git a/lib/ansible/modules/system/authorized_key.py b/lib/ansible/modules/system/authorized_key.py index d0f378b919a..9bf8e45b285 100644 --- a/lib/ansible/modules/system/authorized_key.py +++ b/lib/ansible/modules/system/authorized_key.py @@ -79,6 +79,14 @@ options: default: "yes" choices: ["yes", "no"] version_added: "2.1" + comment: + description: + - Change the comment on the public key. Rewriting the comment is useful in + cases such as fetching it from GitHub or GitLab. + - If no comment is specified, the existing comment will be kept. + required: false + default: None + version_added: "2.4" author: "Ansible Core Team" ''' @@ -220,6 +228,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.pycompat24 import get_exception from ansible.module_utils.urls import fetch_url + class keydict(dict): """ a dictionary that maintains the order of keys as they are added @@ -247,8 +256,8 @@ class keydict(dict): # http://stackoverflow.com/questions/2328235/pythonextend-the-dict-class def __init__(self, *args, **kw): - super(keydict,self).__init__(*args, **kw) - self.itemlist = list(super(keydict,self).keys()) + super(keydict, self).__init__(*args, **kw) + self.itemlist = list(super(keydict, self).keys()) def __setitem__(self, key, value): self.itemlist.append(key) @@ -309,12 +318,12 @@ def keyfile(module, user, write=False, path=None, manage_dir=True): module.fail_json(msg="Either user must exist or you must provide full path to key file in check mode") module.fail_json(msg="Failed to lookup user %s: %s" % (user, str(e))) if path is None: - homedir = user_entry.pw_dir - sshdir = os.path.join(homedir, ".ssh") - keysfile = os.path.join(sshdir, "authorized_keys") + homedir = user_entry.pw_dir + sshdir = os.path.join(homedir, ".ssh") + keysfile = os.path.join(sshdir, "authorized_keys") else: - sshdir = os.path.dirname(path) - keysfile = path + sshdir = os.path.dirname(path) + keysfile = path if not write: return keysfile @@ -335,7 +344,7 @@ def keyfile(module, user, write=False, path=None, manage_dir=True): if not os.path.exists(basedir): os.makedirs(basedir) try: - f = open(keysfile, "w") #touches file so we can set ownership and perms + f = open(keysfile, "w") # touches file so we can set ownership and perms finally: f.close() if module.selinux_enabled(): @@ -349,12 +358,13 @@ def keyfile(module, user, write=False, path=None, manage_dir=True): return keysfile + def parseoptions(module, options): ''' reads a string containing ssh-key options and returns a dictionary of those options ''' - options_dict = keydict() #ordered dict + options_dict = keydict() # ordered dict if options: # the following regex will split on commas while # ignoring those commas that fall within quotes @@ -369,6 +379,7 @@ def parseoptions(module, options): return options_dict + def parsekey(module, raw_key, rank=None): ''' parses a key, which may or may not contain a list @@ -387,9 +398,9 @@ def parsekey(module, raw_key, rank=None): 'ssh-rsa', ] - options = None # connection options - key = None # encrypted key string - key_type = None # type of ssh key + options = None # connection options + key = None # encrypted key string + key_type = None # type of ssh key type_index = None # index of keytype in key string|list # remove comment yaml escapes @@ -398,7 +409,7 @@ def parsekey(module, raw_key, rank=None): # split key safely lex = shlex.shlex(raw_key) lex.quotes = [] - lex.commenters = '' #keep comment hashes + lex.commenters = '' # keep comment hashes lex.whitespace_split = True key_parts = list(lex) @@ -430,6 +441,7 @@ def parsekey(module, raw_key, rank=None): return (key, key_type, options, comment, rank) + def readfile(filename): if not os.path.isfile(filename): @@ -441,6 +453,7 @@ def readfile(filename): finally: f.close() + def parsekeys(module, lines): keys = {} for rank_index, line in enumerate(lines.splitlines(True)): @@ -454,10 +467,11 @@ def parsekeys(module, lines): keys[line] = (line, 'skipped', None, None, rank_index) return keys + def writefile(module, filename, content): fd, tmp_path = tempfile.mkstemp('', 'tmp', os.path.dirname(filename)) - f = open(tmp_path,"w") + f = open(tmp_path, "w") try: f.write(content) @@ -467,6 +481,7 @@ def writefile(module, filename, content): f.close() module.atomic_move(tmp_path, filename) + def serialize(keys): lines = [] new_keys = keys.values() @@ -496,24 +511,26 @@ def serialize(keys): key_line = key[0] else: key_line = "%s%s %s %s\n" % (option_str, key_type, keyhash, comment) - except: + except Exception: key_line = key lines.append(key_line) return ''.join(lines) + def enforce_state(module, params): """ Add or remove key. """ - user = params["user"] - key = params["key"] - path = params.get("path", None) - manage_dir = params.get("manage_dir", True) - state = params.get("state", "present") + user = params["user"] + key = params["key"] + path = params.get("path", None) + manage_dir = params.get("manage_dir", True) + state = params.get("state", "present") key_options = params.get("key_options", None) - exclusive = params.get("exclusive", False) - error_msg = "Error getting key from: %s" + exclusive = params.get("exclusive", False) + comment = params.get("comment", None) + error_msg = "Error getting key from: %s" # if the key is a url, request it and use it as key source if key.startswith("http"): @@ -559,6 +576,9 @@ def enforce_state(module, params): # rank here is the rank in the provided new keys, which may be unrelated to rank in existing_keys parsed_new_key = (parsed_new_key[0], parsed_new_key[1], parsed_options, parsed_new_key[3], parsed_new_key[4]) + if comment is not None: + parsed_new_key = (parsed_new_key[0], parsed_new_key[1], parsed_new_key[2], comment, parsed_new_key[4]) + matched = False non_matching_keys = [] @@ -574,7 +594,7 @@ def enforce_state(module, params): matched = True # handle idempotent state=present - if state=="present": + if state == "present": keys_to_exist.append(parsed_new_key[0]) if len(non_matching_keys) > 0: for non_matching_key in non_matching_keys: @@ -590,7 +610,7 @@ def enforce_state(module, params): existing_keys[parsed_new_key[0]] = (parsed_new_key[0], parsed_new_key[1], parsed_new_key[2], parsed_new_key[3], total_rank) do_write = True - elif state=="absent": + elif state == "absent": if not matched: continue del existing_keys[parsed_new_key[0]] @@ -607,35 +627,41 @@ def enforce_state(module, params): if do_write: filename = keyfile(module, user, do_write, path, manage_dir) new_content = serialize(existing_keys) - diff = { - 'before_header': params['keyfile'], - 'after_header': filename, - 'before': existing_content, - 'after': new_content, - } + + diff = None + if module._diff: + diff = { + 'before_header': params['keyfile'], + 'after_header': filename, + 'before': existing_content, + 'after': new_content, + } + params['diff'] = diff + if module.check_mode: module.exit_json(changed=True, diff=diff) writefile(module, filename, new_content) params['changed'] = True - params['diff'] = diff else: if module.check_mode: module.exit_json(changed=False) return params + def main(): module = AnsibleModule( - argument_spec = dict( - user = dict(required=True, type='str'), - key = dict(required=True, type='str'), - path = dict(required=False, type='str'), - manage_dir = dict(required=False, type='bool', default=True), - state = dict(default='present', choices=['absent','present']), - key_options = dict(required=False, type='str'), - unique = dict(default=False, type='bool'), - exclusive = dict(default=False, type='bool'), - validate_certs = dict(default=True, type='bool'), + argument_spec=dict( + user=dict(required=True, type='str'), + key=dict(required=True, type='str'), + path=dict(required=False, type='str'), + manage_dir=dict(required=False, type='bool', default=True), + state=dict(default='present', choices=['absent', 'present']), + key_options=dict(required=False, type='str'), + unique=dict(default=False, type='bool'), + exclusive=dict(default=False, type='bool'), + comment=dict(required=False, default=None, type='str'), + validate_certs=dict(default=True, type='bool'), ), supports_check_mode=True ) @@ -643,5 +669,6 @@ def main(): results = enforce_state(module, module.params) module.exit_json(**results) + if __name__ == '__main__': main() diff --git a/test/integration/targets/authorized_key/defaults/main.yml b/test/integration/targets/authorized_key/defaults/main.yml index a9184fd8a8b..d99e298fddd 100644 --- a/test/integration/targets/authorized_key/defaults/main.yml +++ b/test/integration/targets/authorized_key/defaults/main.yml @@ -1,39 +1,35 @@ ---- -dss_key_basic: > - ssh-dss DATA_BASIC root@testing -dss_key_unquoted_option: > - idle-timeout=5m ssh-dss DATA_UNQUOTED_OPTION root@testing -dss_key_command: > - command="/bin/true" ssh-dss DATA_COMMAND root@testing -dss_key_complex_command: > - command="echo foo 'bar baz'" ssh-dss DATA_COMPLEX_COMMAND root@testing -dss_key_command_single_option: > - no-port-forwarding,command="/bin/true" ssh-dss DATA_COMMAND_SINGLE_OPTIONS root@testing -dss_key_command_multiple_options: > - no-port-forwarding,idle-timeout=5m,command="/bin/true" ssh-dss DATA_COMMAND_MULTIPLE_OPTIONS root@testing -dss_key_trailing: > - ssh-dss DATA_TRAILING root@testing foo bar baz -rsa_key_basic: > - ssh-rsa DATA_BASIC root@testing +dss_key_basic: ssh-dss DATA_BASIC root@testing +dss_key_unquoted_option: idle-timeout=5m ssh-dss DATA_UNQUOTED_OPTION root@testing +dss_key_command: command="/bin/true" ssh-dss DATA_COMMAND root@testing +dss_key_complex_command: command="echo foo 'bar baz'" ssh-dss DATA_COMPLEX_COMMAND root@testing +dss_key_command_single_option: no-port-forwarding,command="/bin/true" ssh-dss DATA_COMMAND_SINGLE_OPTIONS root@testing +dss_key_command_multiple_options: no-port-forwarding,idle-timeout=5m,command="/bin/true" ssh-dss DATA_COMMAND_MULTIPLE_OPTIONS root@testing +dss_key_trailing: ssh-dss DATA_TRAILING root@testing foo bar baz +rsa_key_basic: ssh-rsa DATA_BASIC root@testing + multiple_key_base: | ssh-rsa DATA_BASIC 1@testing ssh-dss DATA_TRAILING 2@testing foo bar baz ssh-dss DATA_TRAILING 3@testing foo bar baz ecdsa-sha2-nistp521 ECDSA_DATA 4@testing + multiple_key_different_order: | ssh-dss DATA_TRAILING 2@testing foo bar baz ssh-dss DATA_TRAILING 3@testing foo bar baz ssh-rsa DATA_BASIC 1@testing ecdsa-sha2-nistp521 ECDSA_DATA 4@testing + multiple_key_different_order_2: | ssh-dss DATA_TRAILING 2@testing foo bar baz ssh-rsa WHATEVER 2.5@testing ssh-dss DATA_TRAILING 3@testing foo bar baz ssh-rsa DATA_BASIC 1@testing ecdsa-sha2-nistp521 ECDSA_DATA 4@testing + multiple_key_exclusive: | ssh-rsa DATA_BASIC 1@testing ecdsa-sha2-nistp521 ECDSA_DATA 4@testing + multiple_keys_comments: | ssh-rsa DATA_BASIC 1@testing # I like adding comments yo-dude-this-is-not-a-key INVALID_DATA 2@testing diff --git a/test/integration/targets/authorized_key/tasks/main.yml b/test/integration/targets/authorized_key/tasks/main.yml index 3ea8206f434..14539873274 100644 --- a/test/integration/targets/authorized_key/tasks/main.yml +++ b/test/integration/targets/authorized_key/tasks/main.yml @@ -22,52 +22,59 @@ - name: copy an existing file in place with comments - copy: src=existing_authorized_keys dest="{{output_dir|expanduser}}/authorized_keys" + copy: + src: existing_authorized_keys + dest: "{{ output_dir | expanduser }}/authorized_keys" - name: add multiple keys different order authorized_key: user: root key: "{{ multiple_key_different_order_2 }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: get the file content - shell: cat "{{output_dir|expanduser}}/authorized_keys" + shell: cat "{{ output_dir | expanduser }}/authorized_keys" + changed_when: no register: multiple_keys_existing - name: assert that the key was added and comments and ordering preserved assert: that: - - 'result.changed == True' - - '"# I like candy" in multiple_keys_existing.stdout' - - '"# I like candy" in multiple_keys_existing.stdout_lines[0]' - - '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout' - # The specific index is a little fragile, but I want to verify the line shows up - # as the 3rd line in the new entries after the existing entries and comments are preserved - - '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout_lines[7]' + - 'result.changed == True' + - '"# I like candy" in multiple_keys_existing.stdout' + - '"# I like candy" in multiple_keys_existing.stdout_lines[0]' + - '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout' + # The specific index is a little fragile, but I want to verify the line shows up + # as the 3rd line in the new entries after the existing entries and comments are preserved + - '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout_lines[7]' # start afresh - name: remove file foo.txt - file: path="{{output_dir|expanduser}}/authorized_keys" state=absent + file: + path: "{{ output_dir | expanduser }}/authorized_keys" + state: absent - name: touch the authorized_keys file - file: dest="{{output_dir}}/authorized_keys" state=touch + file: + dest: "{{ output_dir }}/authorized_keys" + state: touch register: result - name: assert that the authorized_keys file was created assert: that: - - 'result.changed == True' - - 'result.state == "file"' + - 'result.changed == True' + - 'result.state == "file"' - name: add multiple keys authorized_key: user: root key: "{{ multiple_key_base }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that the key was added @@ -82,7 +89,7 @@ user: root key: "{{ multiple_key_different_order }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that the key was added @@ -97,23 +104,23 @@ user: root key: "{{ multiple_key_exclusive }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" exclusive: true register: result - name: assert that the key was added assert: that: - - 'result.changed == True' - - 'result.key == multiple_key_exclusive' - - 'result.key_options == None' + - 'result.changed == True' + - 'result.key == multiple_key_exclusive' + - 'result.key_options == None' - name: add multiple keys in different calls authorized_key: user: root key: "ecdsa-sha2-nistp521 ECDSA_DATA 4@testing" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: add multiple keys in different calls @@ -121,38 +128,40 @@ user: root key: "ssh-rsa DATA_BASIC 1@testing" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: get the file content - shell: cat "{{output_dir|expanduser}}/authorized_keys" + shell: cat "{{ output_dir | expanduser }}/authorized_keys" + changed_when: no register: multiple_keys_at_a_time - name: assert that the key was added assert: that: - - 'result.changed == false' - - 'multiple_keys_at_a_time.stdout == multiple_key_exclusive.strip()' + - 'result.changed == false' + - 'multiple_keys_at_a_time.stdout == multiple_key_exclusive.strip()' - name: add multiple keys comment authorized_key: user: root key: "{{ multiple_keys_comments }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" exclusive: true register: result - name: get the file content - shell: cat "{{output_dir|expanduser}}/authorized_keys" + shell: cat "{{ output_dir | expanduser }}/authorized_keys" + changed_when: no register: multiple_keys_comments - name: assert that the keys exist and comment only lines were not added assert: that: - - 'result.changed == False' - - 'multiple_keys_comments.stdout == multiple_key_exclusive.strip()' - - 'result.key_options == None' + - 'result.changed == False' + - 'multiple_keys_comments.stdout == multiple_key_exclusive.strip()' + - 'result.key_options == None' @@ -160,86 +169,86 @@ # basic ssh-dss key - name: add basic ssh-dss key - authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{output_dir|expanduser}}/authorized_keys" + authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that the key was added assert: that: - - 'result.changed == True' - - 'result.key == dss_key_basic' - - 'result.key_options == None' + - 'result.changed == True' + - 'result.key == dss_key_basic' + - 'result.key_options == None' - name: re-add basic ssh-dss key - authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{output_dir|expanduser}}/authorized_keys" + authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that nothing changed assert: that: - - 'result.changed == False' + - 'result.changed == False' # ------------------------------------------------------------- # ssh-dss key with an unquoted option - name: add ssh-dss key with an unquoted option - authorized_key: + authorized_key: user: root key: "{{ dss_key_unquoted_option }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that the key was added assert: that: - - 'result.changed == True' - - 'result.key == dss_key_unquoted_option' - - 'result.key_options == None' + - 'result.changed == True' + - 'result.key == dss_key_unquoted_option' + - 'result.key_options == None' - name: re-add ssh-dss key with an unquoted option authorized_key: user: root key: "{{ dss_key_unquoted_option }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that nothing changed assert: that: - - 'result.changed == False' + - 'result.changed == False' # ------------------------------------------------------------- # ssh-dss key with a leading command="/bin/foo" - name: add ssh-dss key with a leading command - authorized_key: + authorized_key: user: root key: "{{ dss_key_command }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that the key was added assert: that: - - 'result.changed == True' - - 'result.key == dss_key_command' - - 'result.key_options == None' + - 'result.changed == True' + - 'result.key == dss_key_command' + - 'result.key_options == None' - name: re-add ssh-dss key with a leading command authorized_key: user: root key: "{{ dss_key_command }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that nothing changed assert: that: - - 'result.changed == False' + - 'result.changed == False' # ------------------------------------------------------------- # ssh-dss key with a complex quoted leading command @@ -250,28 +259,28 @@ user: root key: "{{ dss_key_complex_command }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that the key was added assert: that: - - 'result.changed == True' - - 'result.key == dss_key_complex_command' - - 'result.key_options == None' + - 'result.changed == True' + - 'result.key == dss_key_complex_command' + - 'result.key_options == None' - name: re-add ssh-dss key with a complex quoted leading command authorized_key: user: root key: "{{ dss_key_complex_command }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that nothing changed assert: that: - - 'result.changed == False' + - 'result.changed == False' # ------------------------------------------------------------- # ssh-dss key with a command and a single option, which are @@ -282,28 +291,28 @@ user: root key: "{{ dss_key_command_single_option }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that the key was added assert: that: - - 'result.changed == True' - - 'result.key == dss_key_command_single_option' - - 'result.key_options == None' + - 'result.changed == True' + - 'result.key == dss_key_command_single_option' + - 'result.key_options == None' - name: re-add ssh-dss key with a command and a single option authorized_key: user: root key: "{{ dss_key_command_single_option }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that nothing changed assert: that: - - 'result.changed == False' + - 'result.changed == False' # ------------------------------------------------------------- # ssh-dss key with a command and multiple other options @@ -313,28 +322,28 @@ user: root key: "{{ dss_key_command_multiple_options }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that the key was added assert: that: - - 'result.changed == True' - - 'result.key == dss_key_command_multiple_options' - - 'result.key_options == None' + - 'result.changed == True' + - 'result.key == dss_key_command_multiple_options' + - 'result.key_options == None' - name: re-add ssh-dss key with a command and multiple options authorized_key: user: root key: "{{ dss_key_command_multiple_options }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that nothing changed assert: that: - - 'result.changed == False' + - 'result.changed == False' # ------------------------------------------------------------- # ssh-dss key with multiple trailing parts, which are space- @@ -345,81 +354,132 @@ user: root key: "{{ dss_key_trailing }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that the key was added assert: that: - - 'result.changed == True' - - 'result.key == dss_key_trailing' - - 'result.key_options == None' + - 'result.changed == True' + - 'result.key == dss_key_trailing' + - 'result.key_options == None' - name: re-add ssh-dss key with trailing parts authorized_key: user: root key: "{{ dss_key_trailing }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that nothing changed assert: that: - - 'result.changed == False' + - 'result.changed == False' # ------------------------------------------------------------- # basic ssh-dss key with mutliple permit-open options # https://github.com/ansible/ansible-modules-core/issues/1715 - name: add basic ssh-dss key with multi-opts - authorized_key: - user: root - key: "{{ dss_key_basic }}" + authorized_key: + user: root + key: "{{ dss_key_basic }}" key_options: 'no-agent-forwarding,no-X11-forwarding,permitopen="10.9.8.1:8080",permitopen="10.9.8.1:9001"' - state: present - path: "{{output_dir|expanduser}}/authorized_keys" + state: present + path: "{{ output_dir | expanduser }}/authorized_keys" register: result - name: assert that the key with multi-opts was added assert: that: - - 'result.changed == True' - - 'result.key == dss_key_basic' - - 'result.key_options == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\""' + - 'result.changed == True' + - 'result.key == dss_key_basic' + - 'result.key_options == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\""' - name: get the file content - shell: cat "{{output_dir|expanduser}}/authorized_keys" | fgrep DATA_BASIC + shell: cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC + changed_when: no register: content - name: validate content assert: that: - - 'content.stdout == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\" ssh-dss DATA_BASIC root@testing"' + - 'content.stdout == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\" ssh-dss DATA_BASIC root@testing"' # ------------------------------------------------------------- # check mode - name: copy an existing file in place with comments - copy: src=existing_authorized_keys dest="{{output_dir|expanduser}}/authorized_keys" + copy: + src: existing_authorized_keys + dest: "{{ output_dir | expanduser }}/authorized_keys" - authorized_key: user: root key: "{{ multiple_key_different_order_2 }}" state: present - path: "{{output_dir|expanduser}}/authorized_keys" + path: "{{ output_dir | expanduser }}/authorized_keys" check_mode: True register: result -- name: assert that the key would be added and that the diff is shown - assert: - that: - - 'result.changed' - - '"ssh-rsa WHATEVER 2.5@testing" in result.diff.after' - - name: assert that the file was not changed - copy: src=existing_authorized_keys dest="{{output_dir|expanduser}}/authorized_keys" + copy: + src: existing_authorized_keys + dest: "{{ output_dir | expanduser }}/authorized_keys" register: result + - assert: that: - 'result.changed == False' + +# ------------------------------------------------------------- +# comments + +- name: Add rsa key with existing comment + authorized_key: + user: root + key: "{{ rsa_key_basic }}" + state: present + path: "{{ output_dir | expanduser }}/authorized_keys" + register: result + +- name: Change the comment on an existing key + authorized_key: + user: root + key: "{{ rsa_key_basic }}" + comment: user@acme.com + state: present + path: "{{ output_dir | expanduser }}/authorized_keys" + register: result + +- name: get the file content + shell: cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC + changed_when: no + register: content + +- name: Assert that comment on an existing key was changed + assert: + that: + - "'user@acme.com' in content.stdout" + +- name: Set the same key with comment to ensure no changes are reported + authorized_key: + user: root + key: "{{ rsa_key_basic }}" + comment: user@acme.com + state: present + path: "{{ output_dir | expanduser }}/authorized_keys" + register: result + +- name: Assert that no changes were made when running again + assert: + that: + - not result.changed + +- debug: + var: "{{ item }}" + verbosity: 1 + with_items: + - result + - content diff --git a/test/sanity/pep8/legacy-files.txt b/test/sanity/pep8/legacy-files.txt index 8a0a374abe4..ad4d309d627 100644 --- a/test/sanity/pep8/legacy-files.txt +++ b/test/sanity/pep8/legacy-files.txt @@ -434,7 +434,6 @@ lib/ansible/modules/storage/zfs/zfs.py lib/ansible/modules/system/aix_inittab.py lib/ansible/modules/system/alternatives.py lib/ansible/modules/system/at.py -lib/ansible/modules/system/authorized_key.py lib/ansible/modules/system/capabilities.py lib/ansible/modules/system/cron.py lib/ansible/modules/system/cronvar.py