From 1ec0718e7b280496e2cb74a723f794afb6388e25 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80=20?=
 =?UTF-8?q?=D0=91=D0=B0=D0=BA=D0=B0=D0=BD=D0=BE=D0=B2=D1=81=D0=BA=D0=B8?=
 =?UTF-8?q?=D0=B9?= <abakanovskii@astralinux.ru>
Date: Tue, 17 Sep 2024 17:26:17 +0300
Subject: [PATCH 1/4] Allow path for authorized_key

---
 plugins/modules/authorized_key.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/plugins/modules/authorized_key.py b/plugins/modules/authorized_key.py
index 9fbc610..f08bf9b 100644
--- a/plugins/modules/authorized_key.py
+++ b/plugins/modules/authorized_key.py
@@ -24,6 +24,7 @@ options:
   key:
     description:
       - The SSH public key(s), as a string or (since Ansible 1.9) url (https://github.com/username.keys).
+      - You can also use absolute path on a target host to a file with SSH key(s)
     type: str
     required: true
   path:
@@ -96,6 +97,12 @@ EXAMPLES = r'''
     state: present
     key: https://github.com/charlie.keys
 
+- name: Set authorized keys taken from path
+  ansible.posix.authorized_key:
+    user: charlie
+    state: present
+    key: /home/charlie/.ssh/id_rsa.pub
+
 - name: Set authorized keys taken from url using lookup
   ansible.posix.authorized_key:
     user: charlie
@@ -570,6 +577,18 @@ def enforce_state(module, params):
         # resp.read gives bytes on python3, convert to native string type
         key = to_native(key, errors='surrogate_or_strict')
 
+    # if the key is an absolute path, check for existense and use it as a key source
+    if key.startswith("/"):
+        if not os.path.exists(key):
+            module.fail_json(msg="Path to a key file not found: %s" % key)
+        if not os.path.isfile(key):
+            module.fail_json(msg="Path to a key is a directory and must be a file: %s" % key)
+        try:
+            with open(key, 'r') as source_fh:
+                key = source_fh.read()
+        except OSError as e:
+            module.fail_json(msg="Failed to read key file %s : %s" % (key, to_native(e)))
+
     # extract individual keys into an array, skipping blank lines and comments
     new_keys = [s for s in key.splitlines() if s and not s.startswith('#')]
 

From 76e3baa72d1e627e31771eb83d080ce6f0d3b3e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80=20?=
 =?UTF-8?q?=D0=91=D0=B0=D0=BA=D0=B0=D0=BD=D0=BE=D0=B2=D1=81=D0=BA=D0=B8?=
 =?UTF-8?q?=D0=B9?= <abakanovskii@astralinux.ru>
Date: Tue, 17 Sep 2024 17:26:35 +0300
Subject: [PATCH 2/4] Update integration tests

---
 .../targets/authorized_key/defaults/main.yml  |  2 ++
 .../authorized_key/tasks/check_path.yml       | 31 +++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 tests/integration/targets/authorized_key/tasks/check_path.yml

diff --git a/tests/integration/targets/authorized_key/defaults/main.yml b/tests/integration/targets/authorized_key/defaults/main.yml
index 1b60f8c..7ec99ca 100644
--- a/tests/integration/targets/authorized_key/defaults/main.yml
+++ b/tests/integration/targets/authorized_key/defaults/main.yml
@@ -35,3 +35,5 @@ multiple_keys_comments: |
   ssh-rsa DATA_BASIC 1@testing
   # I like adding comments yo-dude-this-is-not-a-key INVALID_DATA 2@testing
   ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
+
+key_path: /tmp/id_rsa.pub
diff --git a/tests/integration/targets/authorized_key/tasks/check_path.yml b/tests/integration/targets/authorized_key/tasks/check_path.yml
new file mode 100644
index 0000000..7f1133b
--- /dev/null
+++ b/tests/integration/targets/authorized_key/tasks/check_path.yml
@@ -0,0 +1,31 @@
+---
+- name: Create key file for test
+  ansible.builtin.copy:
+    dest: "{{ key_path }}"
+    content: "{{ rsa_key_basic }}"
+
+- name: Add key using path
+  ansible.posix.authorized_key:
+    user: root
+    key: "{{ key_path }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: Assert that the key was added
+  ansible.builtin.assert:
+    that:
+      - result.changed == true
+
+- name: Add key using path again
+  ansible.posix.authorized_key:
+    user: root
+    key: "{{ key_path }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: Assert that no changes were applied
+  ansible.builtin.assert:
+    that:
+      - result.changed == false

From f7f346f8234209b34098ccf5ec2381d0212fb0c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80=20?=
 =?UTF-8?q?=D0=91=D0=B0=D0=BA=D0=B0=D0=BD=D0=BE=D0=B2=D1=81=D0=BA=D0=B8?=
 =?UTF-8?q?=D0=B9?= <abakanovskii@astralinux.ru>
Date: Tue, 17 Sep 2024 17:41:20 +0300
Subject: [PATCH 3/4] Update CHANGELOG

---
 changelogs/fragments/568_update_authorized_key.yml | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 changelogs/fragments/568_update_authorized_key.yml

diff --git a/changelogs/fragments/568_update_authorized_key.yml b/changelogs/fragments/568_update_authorized_key.yml
new file mode 100644
index 0000000..7efa29c
--- /dev/null
+++ b/changelogs/fragments/568_update_authorized_key.yml
@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - authorized_keys - allow using absolute path to a file as a SSH key(s) source (https://github.com/ansible-collections/ansible.posix/pull/568)

From 69c04cd5bd36b5f89e342cfc3abf416ba1bec6f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80=20?=
 =?UTF-8?q?=D0=91=D0=B0=D0=BA=D0=B0=D0=BD=D0=BE=D0=B2=D1=81=D0=BA=D0=B8?=
 =?UTF-8?q?=D0=B9?= <abakanovskii@astralinux.ru>
Date: Tue, 17 Sep 2024 17:56:04 +0300
Subject: [PATCH 4/4] Update integration tests

---
 tests/integration/targets/authorized_key/tasks/check_path.yml | 1 +
 tests/integration/targets/authorized_key/tasks/main.yml       | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/tests/integration/targets/authorized_key/tasks/check_path.yml b/tests/integration/targets/authorized_key/tasks/check_path.yml
index 7f1133b..7c1e561 100644
--- a/tests/integration/targets/authorized_key/tasks/check_path.yml
+++ b/tests/integration/targets/authorized_key/tasks/check_path.yml
@@ -3,6 +3,7 @@
   ansible.builtin.copy:
     dest: "{{ key_path }}"
     content: "{{ rsa_key_basic }}"
+    mode: "0600"
 
 - name: Add key using path
   ansible.posix.authorized_key:
diff --git a/tests/integration/targets/authorized_key/tasks/main.yml b/tests/integration/targets/authorized_key/tasks/main.yml
index 6a22838..525ea3f 100644
--- a/tests/integration/targets/authorized_key/tasks/main.yml
+++ b/tests/integration/targets/authorized_key/tasks/main.yml
@@ -31,3 +31,6 @@
 
 - name: Test for the management of comments with key
   ansible.builtin.import_tasks: comments.yml
+
+- name: Test for specifying key as a path
+  ansible.builtin.import_tasks: setup_steps.yml