From c7df5c97c16563a17e3f6f3512b2f2154292a757 Mon Sep 17 00:00:00 2001
From: Alex Willmer <alex@moreati.org.uk>
Date: Tue, 5 Nov 2024 18:12:36 +0000
Subject: [PATCH] ansible_mitogen: Templated SSH private key file

---
 ansible_mitogen/transport_config.py           |  2 +-
 docs/changelog.rst                            |  2 ++
 tests/ansible/hosts/default.hosts             |  1 +
 .../ssh/templated_by_play_taskvar.yml         | 21 ++++++++++++++++++-
 tests/ansible/templates/test-targets.j2       |  1 +
 5 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/ansible_mitogen/transport_config.py b/ansible_mitogen/transport_config.py
index 97f1b2f0..294e8914 100644
--- a/ansible_mitogen/transport_config.py
+++ b/ansible_mitogen/transport_config.py
@@ -508,7 +508,7 @@ class PlayContextSpec(Spec):
         return boolean(val)
 
     def private_key_file(self):
-        return self._play_context.private_key_file
+        return self._connection_option('private_key_file')
 
     def ssh_executable(self):
         return self._connection_option('ssh_executable')
diff --git a/docs/changelog.rst b/docs/changelog.rst
index 85ab9d2f..69e5e944 100644
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@@ -23,6 +23,8 @@ In progress (unreleased)
 
 * :gh:issue:`1182` CI: Fix incorrect world readable/writable file permissions
   on SSH key ``mitogen__has_sudo_pubkey.key`` during Ansible tests.
+* :gh:issue:`1083` :mod:`ansible_mitogen`: Templated SSH private key file
+  (e.g. ``ansible_private_key_file``).
 
 
 v0.3.16 (2024-11-05)
diff --git a/tests/ansible/hosts/default.hosts b/tests/ansible/hosts/default.hosts
index eb04cf90..221d333d 100644
--- a/tests/ansible/hosts/default.hosts
+++ b/tests/ansible/hosts/default.hosts
@@ -45,6 +45,7 @@ ansible_user="{{ lookup('pipe', 'whoami') }}"
 [tt_targets_inventory]
 tt-password                 ansible_password="{{ 'has_sudo_nopw_password' | trim }}" ansible_user=mitogen__has_sudo_nopw
 tt-port                     ansible_password=has_sudo_nopw_password ansible_port="{{ 22 | int }}" ansible_user=mitogen__has_sudo_nopw
+tt-private-key-file         ansible_private_key_file="{{ git_basedir }}/tests/data/docker/mitogen__has_sudo_pubkey.key" ansible_user=mitogen__has_sudo_pubkey
 tt-remote-user              ansible_password=has_sudo_nopw_password ansible_user="{{ 'mitogen__has_sudo_nopw' | trim }}"
 tt-ssh-executable           ansible_password=has_sudo_nopw_password ansible_ssh_executable="{{ 'ssh' | trim }}" ansible_user=mitogen__has_sudo_nopw
 
diff --git a/tests/ansible/integration/ssh/templated_by_play_taskvar.yml b/tests/ansible/integration/ssh/templated_by_play_taskvar.yml
index 0662adcd..d3ae6117 100644
--- a/tests/ansible/integration/ssh/templated_by_play_taskvar.yml
+++ b/tests/ansible/integration/ssh/templated_by_play_taskvar.yml
@@ -9,5 +9,24 @@
 
   tasks:
     - meta: reset_connection
-    - name: Templated variables in play
+    - name: Templated variables in play, password authentication
+      ping:
+
+- name: integration/ssh/templated_by_play_taskvar.yml
+  hosts: tt_targets_bare
+  gather_facts: false
+  vars:
+    ansible_private_key_file: "{{ git_basedir }}/tests/data/docker/mitogen__has_sudo_pubkey.key"
+    ansible_port: "{{ hostvars[groups['test-targets'][0]].ansible_port | default(22) }}"
+    ansible_ssh_executable: "{{ 'ssh' | trim }}"
+    ansible_user: "{{ 'mitogen__has_sudo_pubkey' | trim }}"
+
+  tasks:
+    - meta: end_play
+      when:
+        # https://github.com/ansible/ansible/issues/84238
+        - not is_mitogen
+        - ansible_version.full is version('2.19', '<', strict=True)
+    - meta: reset_connection
+    - name: Templated variables in play, key authentication
       ping:
diff --git a/tests/ansible/templates/test-targets.j2 b/tests/ansible/templates/test-targets.j2
index 27949758..9e726d1f 100644
--- a/tests/ansible/templates/test-targets.j2
+++ b/tests/ansible/templates/test-targets.j2
@@ -73,6 +73,7 @@ ansible_user=mitogen__has_sudo_nopw
 [tt_targets_inventory]
 tt-password                 ansible_password="{{ '{{' }} 'has_sudo_nopw_password' | trim {{ '}}' }}"  ansible_port={{ tt.port }} ansible_user=mitogen__has_sudo_nopw
 tt-port                     ansible_password=has_sudo_nopw_password  ansible_port="{{ '{{' }} {{ tt.port }} | int {{ '}}' }}"  ansible_user=mitogen__has_sudo_nopw
+tt-private-key-file         ansible_port={{ tt.port }} ansible_private_key_file="{{ '{{' }} git_basedir {{ '}}' }}/tests/data/docker/mitogen__has_sudo_pubkey.key" ansible_user=mitogen__has_sudo_pubkey
 tt-remote-user              ansible_password=has_sudo_nopw_password  ansible_port={{ tt.port }} ansible_user="{{ '{{' }} 'mitogen__has_sudo_nopw' | trim {{ '}}' }}"
 tt-ssh-executable           ansible_password=has_sudo_nopw_password  ansible_port={{ tt.port }} ansible_ssh_executable="{{ '{{' }} 'ssh' | trim {{ '}}' }}" ansible_user=mitogen__has_sudo_nopw