Add comment option to authorized_key (#27781)

* Add comment option to authorized_keys

* Update version_added for authorized_keys comment

* PEP8

* Include index rank in parsed_key_key

*  Properly display diff

Only display diff if specificed via settings

* Fix PEP8 test failure

Removed from legacy files since it is now properly formatted

* Cleanup integration test formatting and add test for new comment feature

* Correct version_added for new option
This commit is contained in:
Sam Doran 2017-08-15 10:50:50 -04:00 committed by GitHub
parent 8a69706037
commit 271127113f
4 changed files with 234 additions and 152 deletions

View file

@ -79,6 +79,14 @@ options:
default: "yes"
choices: ["yes", "no"]
version_added: "2.1"
comment:
description:
- Change the comment on the public key. Rewriting the comment is useful in
cases such as fetching it from GitHub or GitLab.
- If no comment is specified, the existing comment will be kept.
required: false
default: None
version_added: "2.4"
author: "Ansible Core Team"
'''
@ -220,6 +228,7 @@ from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.pycompat24 import get_exception
from ansible.module_utils.urls import fetch_url
class keydict(dict):
""" a dictionary that maintains the order of keys as they are added
@ -247,8 +256,8 @@ class keydict(dict):
# http://stackoverflow.com/questions/2328235/pythonextend-the-dict-class
def __init__(self, *args, **kw):
super(keydict,self).__init__(*args, **kw)
self.itemlist = list(super(keydict,self).keys())
super(keydict, self).__init__(*args, **kw)
self.itemlist = list(super(keydict, self).keys())
def __setitem__(self, key, value):
self.itemlist.append(key)
@ -309,12 +318,12 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
module.fail_json(msg="Either user must exist or you must provide full path to key file in check mode")
module.fail_json(msg="Failed to lookup user %s: %s" % (user, str(e)))
if path is None:
homedir = user_entry.pw_dir
sshdir = os.path.join(homedir, ".ssh")
keysfile = os.path.join(sshdir, "authorized_keys")
homedir = user_entry.pw_dir
sshdir = os.path.join(homedir, ".ssh")
keysfile = os.path.join(sshdir, "authorized_keys")
else:
sshdir = os.path.dirname(path)
keysfile = path
sshdir = os.path.dirname(path)
keysfile = path
if not write:
return keysfile
@ -335,7 +344,7 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
if not os.path.exists(basedir):
os.makedirs(basedir)
try:
f = open(keysfile, "w") #touches file so we can set ownership and perms
f = open(keysfile, "w") # touches file so we can set ownership and perms
finally:
f.close()
if module.selinux_enabled():
@ -349,12 +358,13 @@ def keyfile(module, user, write=False, path=None, manage_dir=True):
return keysfile
def parseoptions(module, options):
'''
reads a string containing ssh-key options
and returns a dictionary of those options
'''
options_dict = keydict() #ordered dict
options_dict = keydict() # ordered dict
if options:
# the following regex will split on commas while
# ignoring those commas that fall within quotes
@ -369,6 +379,7 @@ def parseoptions(module, options):
return options_dict
def parsekey(module, raw_key, rank=None):
'''
parses a key, which may or may not contain a list
@ -387,9 +398,9 @@ def parsekey(module, raw_key, rank=None):
'ssh-rsa',
]
options = None # connection options
key = None # encrypted key string
key_type = None # type of ssh key
options = None # connection options
key = None # encrypted key string
key_type = None # type of ssh key
type_index = None # index of keytype in key string|list
# remove comment yaml escapes
@ -398,7 +409,7 @@ def parsekey(module, raw_key, rank=None):
# split key safely
lex = shlex.shlex(raw_key)
lex.quotes = []
lex.commenters = '' #keep comment hashes
lex.commenters = '' # keep comment hashes
lex.whitespace_split = True
key_parts = list(lex)
@ -430,6 +441,7 @@ def parsekey(module, raw_key, rank=None):
return (key, key_type, options, comment, rank)
def readfile(filename):
if not os.path.isfile(filename):
@ -441,6 +453,7 @@ def readfile(filename):
finally:
f.close()
def parsekeys(module, lines):
keys = {}
for rank_index, line in enumerate(lines.splitlines(True)):
@ -454,10 +467,11 @@ def parsekeys(module, lines):
keys[line] = (line, 'skipped', None, None, rank_index)
return keys
def writefile(module, filename, content):
fd, tmp_path = tempfile.mkstemp('', 'tmp', os.path.dirname(filename))
f = open(tmp_path,"w")
f = open(tmp_path, "w")
try:
f.write(content)
@ -467,6 +481,7 @@ def writefile(module, filename, content):
f.close()
module.atomic_move(tmp_path, filename)
def serialize(keys):
lines = []
new_keys = keys.values()
@ -496,24 +511,26 @@ def serialize(keys):
key_line = key[0]
else:
key_line = "%s%s %s %s\n" % (option_str, key_type, keyhash, comment)
except:
except Exception:
key_line = key
lines.append(key_line)
return ''.join(lines)
def enforce_state(module, params):
"""
Add or remove key.
"""
user = params["user"]
key = params["key"]
path = params.get("path", None)
manage_dir = params.get("manage_dir", True)
state = params.get("state", "present")
user = params["user"]
key = params["key"]
path = params.get("path", None)
manage_dir = params.get("manage_dir", True)
state = params.get("state", "present")
key_options = params.get("key_options", None)
exclusive = params.get("exclusive", False)
error_msg = "Error getting key from: %s"
exclusive = params.get("exclusive", False)
comment = params.get("comment", None)
error_msg = "Error getting key from: %s"
# if the key is a url, request it and use it as key source
if key.startswith("http"):
@ -559,6 +576,9 @@ def enforce_state(module, params):
# rank here is the rank in the provided new keys, which may be unrelated to rank in existing_keys
parsed_new_key = (parsed_new_key[0], parsed_new_key[1], parsed_options, parsed_new_key[3], parsed_new_key[4])
if comment is not None:
parsed_new_key = (parsed_new_key[0], parsed_new_key[1], parsed_new_key[2], comment, parsed_new_key[4])
matched = False
non_matching_keys = []
@ -574,7 +594,7 @@ def enforce_state(module, params):
matched = True
# handle idempotent state=present
if state=="present":
if state == "present":
keys_to_exist.append(parsed_new_key[0])
if len(non_matching_keys) > 0:
for non_matching_key in non_matching_keys:
@ -590,7 +610,7 @@ def enforce_state(module, params):
existing_keys[parsed_new_key[0]] = (parsed_new_key[0], parsed_new_key[1], parsed_new_key[2], parsed_new_key[3], total_rank)
do_write = True
elif state=="absent":
elif state == "absent":
if not matched:
continue
del existing_keys[parsed_new_key[0]]
@ -607,35 +627,41 @@ def enforce_state(module, params):
if do_write:
filename = keyfile(module, user, do_write, path, manage_dir)
new_content = serialize(existing_keys)
diff = {
'before_header': params['keyfile'],
'after_header': filename,
'before': existing_content,
'after': new_content,
}
diff = None
if module._diff:
diff = {
'before_header': params['keyfile'],
'after_header': filename,
'before': existing_content,
'after': new_content,
}
params['diff'] = diff
if module.check_mode:
module.exit_json(changed=True, diff=diff)
writefile(module, filename, new_content)
params['changed'] = True
params['diff'] = diff
else:
if module.check_mode:
module.exit_json(changed=False)
return params
def main():
module = AnsibleModule(
argument_spec = dict(
user = dict(required=True, type='str'),
key = dict(required=True, type='str'),
path = dict(required=False, type='str'),
manage_dir = dict(required=False, type='bool', default=True),
state = dict(default='present', choices=['absent','present']),
key_options = dict(required=False, type='str'),
unique = dict(default=False, type='bool'),
exclusive = dict(default=False, type='bool'),
validate_certs = dict(default=True, type='bool'),
argument_spec=dict(
user=dict(required=True, type='str'),
key=dict(required=True, type='str'),
path=dict(required=False, type='str'),
manage_dir=dict(required=False, type='bool', default=True),
state=dict(default='present', choices=['absent', 'present']),
key_options=dict(required=False, type='str'),
unique=dict(default=False, type='bool'),
exclusive=dict(default=False, type='bool'),
comment=dict(required=False, default=None, type='str'),
validate_certs=dict(default=True, type='bool'),
),
supports_check_mode=True
)
@ -643,5 +669,6 @@ def main():
results = enforce_state(module, module.params)
module.exit_json(**results)
if __name__ == '__main__':
main()

View file

@ -1,39 +1,35 @@
---
dss_key_basic: >
ssh-dss DATA_BASIC root@testing
dss_key_unquoted_option: >
idle-timeout=5m ssh-dss DATA_UNQUOTED_OPTION root@testing
dss_key_command: >
command="/bin/true" ssh-dss DATA_COMMAND root@testing
dss_key_complex_command: >
command="echo foo 'bar baz'" ssh-dss DATA_COMPLEX_COMMAND root@testing
dss_key_command_single_option: >
no-port-forwarding,command="/bin/true" ssh-dss DATA_COMMAND_SINGLE_OPTIONS root@testing
dss_key_command_multiple_options: >
no-port-forwarding,idle-timeout=5m,command="/bin/true" ssh-dss DATA_COMMAND_MULTIPLE_OPTIONS root@testing
dss_key_trailing: >
ssh-dss DATA_TRAILING root@testing foo bar baz
rsa_key_basic: >
ssh-rsa DATA_BASIC root@testing
dss_key_basic: ssh-dss DATA_BASIC root@testing
dss_key_unquoted_option: idle-timeout=5m ssh-dss DATA_UNQUOTED_OPTION root@testing
dss_key_command: command="/bin/true" ssh-dss DATA_COMMAND root@testing
dss_key_complex_command: command="echo foo 'bar baz'" ssh-dss DATA_COMPLEX_COMMAND root@testing
dss_key_command_single_option: no-port-forwarding,command="/bin/true" ssh-dss DATA_COMMAND_SINGLE_OPTIONS root@testing
dss_key_command_multiple_options: no-port-forwarding,idle-timeout=5m,command="/bin/true" ssh-dss DATA_COMMAND_MULTIPLE_OPTIONS root@testing
dss_key_trailing: ssh-dss DATA_TRAILING root@testing foo bar baz
rsa_key_basic: ssh-rsa DATA_BASIC root@testing
multiple_key_base: |
ssh-rsa DATA_BASIC 1@testing
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-dss DATA_TRAILING 3@testing foo bar baz
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
multiple_key_different_order: |
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-dss DATA_TRAILING 3@testing foo bar baz
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
multiple_key_different_order_2: |
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-rsa WHATEVER 2.5@testing
ssh-dss DATA_TRAILING 3@testing foo bar baz
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
multiple_key_exclusive: |
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
multiple_keys_comments: |
ssh-rsa DATA_BASIC 1@testing
# I like adding comments yo-dude-this-is-not-a-key INVALID_DATA 2@testing

View file

@ -22,52 +22,59 @@
- name: copy an existing file in place with comments
copy: src=existing_authorized_keys dest="{{output_dir|expanduser}}/authorized_keys"
copy:
src: existing_authorized_keys
dest: "{{ output_dir | expanduser }}/authorized_keys"
- name: add multiple keys different order
authorized_key:
user: root
key: "{{ multiple_key_different_order_2 }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: get the file content
shell: cat "{{output_dir|expanduser}}/authorized_keys"
shell: cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: no
register: multiple_keys_existing
- name: assert that the key was added and comments and ordering preserved
assert:
that:
- 'result.changed == True'
- '"# I like candy" in multiple_keys_existing.stdout'
- '"# I like candy" in multiple_keys_existing.stdout_lines[0]'
- '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout'
# The specific index is a little fragile, but I want to verify the line shows up
# as the 3rd line in the new entries after the existing entries and comments are preserved
- '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout_lines[7]'
- 'result.changed == True'
- '"# I like candy" in multiple_keys_existing.stdout'
- '"# I like candy" in multiple_keys_existing.stdout_lines[0]'
- '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout'
# The specific index is a little fragile, but I want to verify the line shows up
# as the 3rd line in the new entries after the existing entries and comments are preserved
- '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout_lines[7]'
# start afresh
- name: remove file foo.txt
file: path="{{output_dir|expanduser}}/authorized_keys" state=absent
file:
path: "{{ output_dir | expanduser }}/authorized_keys"
state: absent
- name: touch the authorized_keys file
file: dest="{{output_dir}}/authorized_keys" state=touch
file:
dest: "{{ output_dir }}/authorized_keys"
state: touch
register: result
- name: assert that the authorized_keys file was created
assert:
that:
- 'result.changed == True'
- 'result.state == "file"'
- 'result.changed == True'
- 'result.state == "file"'
- name: add multiple keys
authorized_key:
user: root
key: "{{ multiple_key_base }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
@ -82,7 +89,7 @@
user: root
key: "{{ multiple_key_different_order }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
@ -97,23 +104,23 @@
user: root
key: "{{ multiple_key_exclusive }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
exclusive: true
register: result
- name: assert that the key was added
assert:
that:
- 'result.changed == True'
- 'result.key == multiple_key_exclusive'
- 'result.key_options == None'
- 'result.changed == True'
- 'result.key == multiple_key_exclusive'
- 'result.key_options == None'
- name: add multiple keys in different calls
authorized_key:
user: root
key: "ecdsa-sha2-nistp521 ECDSA_DATA 4@testing"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: add multiple keys in different calls
@ -121,38 +128,40 @@
user: root
key: "ssh-rsa DATA_BASIC 1@testing"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: get the file content
shell: cat "{{output_dir|expanduser}}/authorized_keys"
shell: cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: no
register: multiple_keys_at_a_time
- name: assert that the key was added
assert:
that:
- 'result.changed == false'
- 'multiple_keys_at_a_time.stdout == multiple_key_exclusive.strip()'
- 'result.changed == false'
- 'multiple_keys_at_a_time.stdout == multiple_key_exclusive.strip()'
- name: add multiple keys comment
authorized_key:
user: root
key: "{{ multiple_keys_comments }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
exclusive: true
register: result
- name: get the file content
shell: cat "{{output_dir|expanduser}}/authorized_keys"
shell: cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: no
register: multiple_keys_comments
- name: assert that the keys exist and comment only lines were not added
assert:
that:
- 'result.changed == False'
- 'multiple_keys_comments.stdout == multiple_key_exclusive.strip()'
- 'result.key_options == None'
- 'result.changed == False'
- 'multiple_keys_comments.stdout == multiple_key_exclusive.strip()'
- 'result.key_options == None'
@ -160,86 +169,86 @@
# basic ssh-dss key
- name: add basic ssh-dss key
authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{output_dir|expanduser}}/authorized_keys"
authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_basic'
- 'result.key_options == None'
- 'result.changed == True'
- 'result.key == dss_key_basic'
- 'result.key_options == None'
- name: re-add basic ssh-dss key
authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{output_dir|expanduser}}/authorized_keys"
authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
that:
- 'result.changed == False'
- 'result.changed == False'
# -------------------------------------------------------------
# ssh-dss key with an unquoted option
- name: add ssh-dss key with an unquoted option
authorized_key:
authorized_key:
user: root
key: "{{ dss_key_unquoted_option }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_unquoted_option'
- 'result.key_options == None'
- 'result.changed == True'
- 'result.key == dss_key_unquoted_option'
- 'result.key_options == None'
- name: re-add ssh-dss key with an unquoted option
authorized_key:
user: root
key: "{{ dss_key_unquoted_option }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
that:
- 'result.changed == False'
- 'result.changed == False'
# -------------------------------------------------------------
# ssh-dss key with a leading command="/bin/foo"
- name: add ssh-dss key with a leading command
authorized_key:
authorized_key:
user: root
key: "{{ dss_key_command }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_command'
- 'result.key_options == None'
- 'result.changed == True'
- 'result.key == dss_key_command'
- 'result.key_options == None'
- name: re-add ssh-dss key with a leading command
authorized_key:
user: root
key: "{{ dss_key_command }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
that:
- 'result.changed == False'
- 'result.changed == False'
# -------------------------------------------------------------
# ssh-dss key with a complex quoted leading command
@ -250,28 +259,28 @@
user: root
key: "{{ dss_key_complex_command }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_complex_command'
- 'result.key_options == None'
- 'result.changed == True'
- 'result.key == dss_key_complex_command'
- 'result.key_options == None'
- name: re-add ssh-dss key with a complex quoted leading command
authorized_key:
user: root
key: "{{ dss_key_complex_command }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
that:
- 'result.changed == False'
- 'result.changed == False'
# -------------------------------------------------------------
# ssh-dss key with a command and a single option, which are
@ -282,28 +291,28 @@
user: root
key: "{{ dss_key_command_single_option }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_command_single_option'
- 'result.key_options == None'
- 'result.changed == True'
- 'result.key == dss_key_command_single_option'
- 'result.key_options == None'
- name: re-add ssh-dss key with a command and a single option
authorized_key:
user: root
key: "{{ dss_key_command_single_option }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
that:
- 'result.changed == False'
- 'result.changed == False'
# -------------------------------------------------------------
# ssh-dss key with a command and multiple other options
@ -313,28 +322,28 @@
user: root
key: "{{ dss_key_command_multiple_options }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_command_multiple_options'
- 'result.key_options == None'
- 'result.changed == True'
- 'result.key == dss_key_command_multiple_options'
- 'result.key_options == None'
- name: re-add ssh-dss key with a command and multiple options
authorized_key:
user: root
key: "{{ dss_key_command_multiple_options }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
that:
- 'result.changed == False'
- 'result.changed == False'
# -------------------------------------------------------------
# ssh-dss key with multiple trailing parts, which are space-
@ -345,81 +354,132 @@
user: root
key: "{{ dss_key_trailing }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_trailing'
- 'result.key_options == None'
- 'result.changed == True'
- 'result.key == dss_key_trailing'
- 'result.key_options == None'
- name: re-add ssh-dss key with trailing parts
authorized_key:
user: root
key: "{{ dss_key_trailing }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
that:
- 'result.changed == False'
- 'result.changed == False'
# -------------------------------------------------------------
# basic ssh-dss key with mutliple permit-open options
# https://github.com/ansible/ansible-modules-core/issues/1715
- name: add basic ssh-dss key with multi-opts
authorized_key:
user: root
key: "{{ dss_key_basic }}"
authorized_key:
user: root
key: "{{ dss_key_basic }}"
key_options: 'no-agent-forwarding,no-X11-forwarding,permitopen="10.9.8.1:8080",permitopen="10.9.8.1:9001"'
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key with multi-opts was added
assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_basic'
- 'result.key_options == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\""'
- 'result.changed == True'
- 'result.key == dss_key_basic'
- 'result.key_options == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\""'
- name: get the file content
shell: cat "{{output_dir|expanduser}}/authorized_keys" | fgrep DATA_BASIC
shell: cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC
changed_when: no
register: content
- name: validate content
assert:
that:
- 'content.stdout == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\" ssh-dss DATA_BASIC root@testing"'
- 'content.stdout == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\" ssh-dss DATA_BASIC root@testing"'
# -------------------------------------------------------------
# check mode
- name: copy an existing file in place with comments
copy: src=existing_authorized_keys dest="{{output_dir|expanduser}}/authorized_keys"
copy:
src: existing_authorized_keys
dest: "{{ output_dir | expanduser }}/authorized_keys"
- authorized_key:
user: root
key: "{{ multiple_key_different_order_2 }}"
state: present
path: "{{output_dir|expanduser}}/authorized_keys"
path: "{{ output_dir | expanduser }}/authorized_keys"
check_mode: True
register: result
- name: assert that the key would be added and that the diff is shown
assert:
that:
- 'result.changed'
- '"ssh-rsa WHATEVER 2.5@testing" in result.diff.after'
- name: assert that the file was not changed
copy: src=existing_authorized_keys dest="{{output_dir|expanduser}}/authorized_keys"
copy:
src: existing_authorized_keys
dest: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- assert:
that:
- 'result.changed == False'
# -------------------------------------------------------------
# comments
- name: Add rsa key with existing comment
authorized_key:
user: root
key: "{{ rsa_key_basic }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: Change the comment on an existing key
authorized_key:
user: root
key: "{{ rsa_key_basic }}"
comment: user@acme.com
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: get the file content
shell: cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC
changed_when: no
register: content
- name: Assert that comment on an existing key was changed
assert:
that:
- "'user@acme.com' in content.stdout"
- name: Set the same key with comment to ensure no changes are reported
authorized_key:
user: root
key: "{{ rsa_key_basic }}"
comment: user@acme.com
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: Assert that no changes were made when running again
assert:
that:
- not result.changed
- debug:
var: "{{ item }}"
verbosity: 1
with_items:
- result
- content

View file

@ -434,7 +434,6 @@ lib/ansible/modules/storage/zfs/zfs.py
lib/ansible/modules/system/aix_inittab.py
lib/ansible/modules/system/alternatives.py
lib/ansible/modules/system/at.py
lib/ansible/modules/system/authorized_key.py
lib/ansible/modules/system/capabilities.py
lib/ansible/modules/system/cron.py
lib/ansible/modules/system/cronvar.py