From 1ec0718e7b280496e2cb74a723f794afb6388e25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80=20?= =?UTF-8?q?=D0=91=D0=B0=D0=BA=D0=B0=D0=BD=D0=BE=D0=B2=D1=81=D0=BA=D0=B8?= =?UTF-8?q?=D0=B9?= Date: Tue, 17 Sep 2024 17:26:17 +0300 Subject: [PATCH] Allow path for authorized_key --- plugins/modules/authorized_key.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/plugins/modules/authorized_key.py b/plugins/modules/authorized_key.py index 9fbc610..f08bf9b 100644 --- a/plugins/modules/authorized_key.py +++ b/plugins/modules/authorized_key.py @@ -24,6 +24,7 @@ options: key: description: - The SSH public key(s), as a string or (since Ansible 1.9) url (https://github.com/username.keys). + - You can also use absolute path on a target host to a file with SSH key(s) type: str required: true path: @@ -96,6 +97,12 @@ EXAMPLES = r''' state: present key: https://github.com/charlie.keys +- name: Set authorized keys taken from path + ansible.posix.authorized_key: + user: charlie + state: present + key: /home/charlie/.ssh/id_rsa.pub + - name: Set authorized keys taken from url using lookup ansible.posix.authorized_key: user: charlie @@ -570,6 +577,18 @@ def enforce_state(module, params): # resp.read gives bytes on python3, convert to native string type key = to_native(key, errors='surrogate_or_strict') + # if the key is an absolute path, check for existense and use it as a key source + if key.startswith("/"): + if not os.path.exists(key): + module.fail_json(msg="Path to a key file not found: %s" % key) + if not os.path.isfile(key): + module.fail_json(msg="Path to a key is a directory and must be a file: %s" % key) + try: + with open(key, 'r') as source_fh: + key = source_fh.read() + except OSError as e: + module.fail_json(msg="Failed to read key file %s : %s" % (key, to_native(e))) + # extract individual keys into an array, skipping blank lines and comments new_keys = [s for s in key.splitlines() if s and not s.startswith('#')]