Allow path for authorized_key

2026-01-13 16:15:21 +01:00 · 2024-09-17 17:26:17 +03:00 · 2024-09-17 17:26:17 +03:00 · 1ec0718e7b
commit 1ec0718e7b
parent 7e4d5dd7a9
1 changed files with 19 additions and 0 deletions
--- a/plugins/modules/authorized_key.py
+++ b/plugins/modules/authorized_key.py
@ -24,6 +24,7 @@ options:
  key:
    description:
      - The SSH public key(s), as a string or (since Ansible 1.9) url (https://github.com/username.keys).
+      - You can also use absolute path on a target host to a file with SSH key(s)
    type: str
    required: true
  path:
@ -96,6 +97,12 @@ EXAMPLES = r'''
    state: present
    key: https://github.com/charlie.keys

+- name: Set authorized keys taken from path
+  ansible.posix.authorized_key:
+    user: charlie
+    state: present
+    key: /home/charlie/.ssh/id_rsa.pub
+
 - name: Set authorized keys taken from url using lookup
  ansible.posix.authorized_key:
    user: charlie
@ -570,6 +577,18 @@ def enforce_state(module, params):
        # resp.read gives bytes on python3, convert to native string type
        key = to_native(key, errors='surrogate_or_strict')

+    # if the key is an absolute path, check for existense and use it as a key source
+    if key.startswith("/"):
+        if not os.path.exists(key):
+            module.fail_json(msg="Path to a key file not found: %s" % key)
+        if not os.path.isfile(key):
+            module.fail_json(msg="Path to a key is a directory and must be a file: %s" % key)
+        try:
+            with open(key, 'r') as source_fh:
+                key = source_fh.read()
+        except OSError as e:
+            module.fail_json(msg="Failed to read key file %s : %s" % (key, to_native(e)))
+
    # extract individual keys into an array, skipping blank lines and comments
    new_keys = [s for s in key.splitlines() if s and not s.startswith('#')]