Merge 624c15166d into 9343c6f56f

plugins/modules/authorized_key.py

@@ -226,6 +226,7 @@ import tempfile
 import re
 import shlex
 import errno
+import traceback
 from operator import itemgetter
 
 from ansible.module_utils._text import to_native
@@ -482,7 +483,8 @@ def readfile(module, filename):
             return f.read()
     except IOError as e:
         if e.errno == errno.EACCES:
-            module.fail_json(msg="Permission denied on file or path for authorized keys file: {}".format(filename))
+            module.fail_json(msg="Permission denied on file or path for authorized keys file: %s" % filename,
+                             exception=traceback.format_exc())
         elif e.errno == errno.ENOENT:
             return ''
         else:

tests/integration/targets/authorized_key/tasks/check_permissions.yml

@@ -0,0 +1,30 @@
+---
+# -------------------------------------------------------------
+# check permissions
+
+- name: Create a file that is not accessible
+  ansible.builtin.file:
+    state: touch
+    path: "{{ output_dir | expanduser }}/file_permissions"
+    owner: root
+    group: root
+    mode: '0000'
+
+- name: Try to delete a key from an unreadable file
+  ansible.posix.authorized_key:
+    user: root
+    key: "{{ dss_key_basic }}"
+    state: absent
+    path: "{{ output_dir | expanduser }}/file_permissions"
+  register: result
+  ignore_errors: true
+
+- name: Assert that the key deletion has failed
+  ansible.builtin.assert:
+    that:
+      - result.failed == True
+
+- name: Remove the file
+  ansible.builtin.file:
+    state: absent
+    path: "{{ output_dir | expanduser }}/file_permissions"

tests/integration/targets/authorized_key/tasks/main.yml

@@ -34,3 +34,6 @@
 
 - name: Test for specifying key as a path
   ansible.builtin.import_tasks: check_path.yml
+
+- name: Test for permission denied files
+  ansible.builtin.import_tasks: check_permissions.yml