Add remote_src

2026-01-12 23:55:19 +01:00 · 2024-09-26 16:19:27 +03:00 · 2024-09-26 16:19:27 +03:00 · 0de02365d8
commit 0de02365d8
parent 69c04cd5bd
1 changed files with 15 additions and 17 deletions
--- a/plugins/modules/authorized_key.py
+++ b/plugins/modules/authorized_key.py
@ -24,7 +24,7 @@ options:
  key:
    description:
      - The SSH public key(s), as a string or (since Ansible 1.9) url (https://github.com/username.keys).
-      - You can also use absolute path on a target host to a file with SSH key(s)
+      - You can also use V(file://) prefix to search localy or remote for a file with SSH key(s) depending on O(remote_src) value.
    type: str
    required: true
  path:
@ -81,6 +81,13 @@ options:
      - Follow path symlink instead of replacing it.
    type: bool
    default: false
+  remote_src:
+    description:
+      - Influence whether key needs to be transferred or already is present remotely.
+      - If V(false), it will search for src on the controller node.
+      - If V(true) it will search for src on the managed (remote) node.
+    type: bool
+    default: false
 author: Ansible Core Team
 '''

@ -97,11 +104,12 @@ EXAMPLES = r'''
    state: present
    key: https://github.com/charlie.keys

- name: Set authorized keys taken from path
+- name: Set authorized keys taken from path on controller node
  ansible.posix.authorized_key:
    user: charlie
    state: present
-    key: /home/charlie/.ssh/id_rsa.pub
+    key: file:///home/charlie/.ssh/id_rsa.pub
+    remote_src: true

 - name: Set authorized keys taken from url using lookup
  ansible.posix.authorized_key:
@ -561,10 +569,11 @@ def enforce_state(module, params):
    exclusive = params.get("exclusive", False)
    comment = params.get("comment", None)
    follow = params.get('follow', False)
+    remote_src = params.get('remote_src', False)
    error_msg = "Error getting key from: %s"

-    # if the key is a url, request it and use it as key source
-    if key.startswith("http"):
+    # if the key is a url or file, request it and use it as key source
+    if key.startswith("http") or (key.startswith("file") and remote_src):
        try:
            resp, info = fetch_url(module, key)
            if info['status'] != 200:
@ -577,18 +586,6 @@ def enforce_state(module, params):
        # resp.read gives bytes on python3, convert to native string type
        key = to_native(key, errors='surrogate_or_strict')

-    # if the key is an absolute path, check for existense and use it as a key source
-    if key.startswith("/"):
-        if not os.path.exists(key):
-            module.fail_json(msg="Path to a key file not found: %s" % key)
-        if not os.path.isfile(key):
-            module.fail_json(msg="Path to a key is a directory and must be a file: %s" % key)
-        try:
-            with open(key, 'r') as source_fh:
-                key = source_fh.read()
-        except OSError as e:
-            module.fail_json(msg="Failed to read key file %s : %s" % (key, to_native(e)))
-
    # extract individual keys into an array, skipping blank lines and comments
    new_keys = [s for s in key.splitlines() if s and not s.startswith('#')]

@ -701,6 +698,7 @@ def main():
            comment=dict(type='str'),
            validate_certs=dict(type='bool', default=True),
            follow=dict(type='bool', default=False),
+            remote_src=dict(type='bool', default=False),
        ),
        supports_check_mode=True,
    )