Merge e31700d993 into 6da1331018

2026-01-11 15:15:26 +01:00 · 2025-08-18 12:31:23 +00:00
10 changed files with 20 additions and 86 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -4,8 +4,7 @@
 # SPDX-FileCopyrightText: 2024, Ansible Project
 skip_list:
-  - meta-runtime[unsupported-version]  # This rule doesn't make any sense
+  - meta-runtime[unsupported-version]  # Tis rule doesn't make any sense
  - fqcn[deep]  # This rule produces false positives for files in tests/unit/plugins/action/fixtures/
  - sanity[cannot-ignore]  # This rule is skipped to keep backward compatibility with Python 2
 exclude_paths:
  - changelogs/
--- a/.azure-pipelines/azure-pipelines.yml
+++ b/.azure-pipelines/azure-pipelines.yml
@ -43,7 +43,7 @@ pool: Standard
 stages:
  - stage: Sanity_devel
-    displayName: Ansible devel Sanity & Units & Lint
+    displayName: Ansible devel sanity
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
@ -58,7 +58,7 @@ stages:
            - name: Lint
              test: lint
  - stage: Sanity_2_19
-    displayName: Ansible 2.19 Sanity & Units & Lint
+    displayName: Ansible 2.19 sanitay & Units & Lint
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
@ -73,7 +73,7 @@ stages:
            - name: Lint
              test: lint
  - stage: Sanity_2_18
-    displayName: Ansible 2.18 Sanity & Units & Lint
+    displayName: Ansible 2.18 sanity & Units & Lint
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
@ -88,7 +88,7 @@ stages:
            - name: Lint
              test: lint
  - stage: Sanity_2_17
-    displayName: Ansible 2.17 Sanity & Units & Lint
+    displayName: Ansible 2.17 sanity & Units & Lint
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
@ -103,7 +103,7 @@ stages:
            - name: Lint
              test: lint
  - stage: Sanity_2_16
-    displayName: Ansible 2.16 Sanity & Units & Lint
+    displayName: Ansible 2.16 sanity & Units & Lint
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
@ -115,8 +115,6 @@ stages:
              test: sanity
            - name: Units
              test: units
            - name: Lint
              test: lint
  ## Docker
  - stage: Docker_devel
    displayName: Docker devel
--- a/README.md
+++ b/README.md
@ -2,7 +2,7 @@
 <!-- Add CI and code coverage badges here. Samples included below. -->
 [![Build Status](
 https://dev.azure.com/ansible/ansible.posix/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/ansible.posix/_build?definitionId=26)
-[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)
+[![Run Status](https://api.shippable.com/projects/5e669aaf8b17a60007e4d18d/badge?branch=main)]() <!--[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)-->
 ## Communication
--- a/changelogs/fragments/639_fix_authorized_key.yml
+++ b/changelogs/fragments/639_fix_authorized_key.yml
@ -1,3 +0,0 @@
 ---
 bugfixes:
  - ansible.posix.authorized_key - fixes error on permission denied in authorized_key module (https://github.com/ansible-collections/ansible.posix/issues/462).
--- a/changelogs/fragments/682_update_ci_20250929.yml
+++ b/changelogs/fragments/682_update_ci_20250929.yml
@ -1,4 +0,0 @@
 trivial:
  - Updatng AZP CI matrix to ignore ansible-bad-import-from on six(https://github.com/ansible-collections/ansible.posix/pull/682).
  - Skipped sanity[cannot-ignore] to keep backward compatibility with Python2.
  - Consolidate all ansible-lint option locations into .ansible-lint file.
--- a/plugins/modules/authorized_key.py
+++ b/plugins/modules/authorized_key.py
@ -225,8 +225,6 @@ import os.path
 import tempfile
 import re
 import shlex
 import errno
 import traceback
 from operator import itemgetter
 from ansible.module_utils._text import to_native
@ -477,18 +475,16 @@ def parsekey(module, raw_key, rank=None):
    return (key, key_type, options, comment, rank)
-def readfile(module, filename):
+def readfile(filename):
    if not os.path.isfile(filename):
        return ''
    f = open(filename)
    try:
-        with open(filename, 'r') as f:
+        return f.read()
-            return f.read()
+    finally:
-    except IOError as e:
+        f.close()
        if e.errno == errno.EACCES:
            module.fail_json(msg="Permission denied on file or path for authorized keys file: %s" % filename,
                             exception=traceback.format_exc())
        elif e.errno == errno.ENOENT:
            return ''
        else:
            raise
 def parsekeys(module, lines):
@ -601,7 +597,7 @@ def enforce_state(module, params):
    # check current state -- just get the filename, don't create file
    do_write = False
    params["keyfile"] = keyfile(module, user, do_write, path, manage_dir)
-    existing_content = readfile(module, params["keyfile"])
+    existing_content = readfile(params["keyfile"])
    existing_keys = parsekeys(module, existing_content)
    # Add a place holder for keys that should exist in the state=present and
--- a/tests/integration/targets/authorized_key/tasks/check_permissions.yml
+++ b/tests/integration/targets/authorized_key/tasks/check_permissions.yml
@ -1,41 +0,0 @@
 ---
 # -------------------------------------------------------------
 # check permissions
 - name: Create a file that is not accessible
  ansible.builtin.file:
    state: touch
    path: "{{ output_dir | expanduser }}/file_permissions"
    owner: root
    mode: '0000'
 - name: Create unprivileged user
  ansible.builtin.user:
    name: nopriv
    create_home: true
 - name: Try to delete a key from an unreadable file
  become: true
  become_user: nopriv
  ansible.posix.authorized_key:
    user: root
    key: "{{ dss_key_basic }}"
    state: absent
    path: "{{ output_dir | expanduser }}/file_permissions"
  register: result
  ignore_errors: true
 - name: Assert that the key deletion has failed
  ansible.builtin.assert:
    that:
      - result is failed
 - name: Remove the file
  ansible.builtin.file:
    state: absent
    path: "{{ output_dir | expanduser }}/file_permissions"
 - name: Remove the user
  ansible.builtin.user:
    name: nopriv
    state: absent
--- a/tests/integration/targets/authorized_key/tasks/main.yml
+++ b/tests/integration/targets/authorized_key/tasks/main.yml
@ -34,6 +34,3 @@
 - name: Test for specifying key as a path
  ansible.builtin.import_tasks: check_path.yml
 - name: Test for permission denied files
  ansible.builtin.import_tasks: check_permissions.yml
--- a/tests/sanity/ignore-2.20.txt
+++ b/tests/sanity/ignore-2.20.txt
@ -1,10 +1 @@
 tests/utils/shippable/timing.py shebang
 plugins/action/synchronize.py pylint:ansible-bad-import-from
 plugins/callback/cgroup_perf_recap.py pylint:ansible-bad-import-from
 plugins/modules/mount.py pylint:ansible-bad-import-from
 plugins/modules/sysctl.py pylint:ansible-bad-import-from
 plugins/shell/csh.py pylint:ansible-bad-import-from
 plugins/shell/fish.py pylint:ansible-bad-import-from
 tests/unit/mock/procenv.py pylint:ansible-bad-import-from
 tests/unit/mock/yaml_helper.py pylint:ansible-bad-import-from
 tests/unit/modules/conftest.py pylint:ansible-bad-import-from
--- a/tests/utils/shippable/lint.sh
+++ b/tests/utils/shippable/lint.sh
@ -9,5 +9,6 @@ command -v ansible
 pip install --upgrade --user pip
 pip install --upgrade --user ansible-lint
-# To specify additional options, you can specify them into .ansible-lint file.
+PATH="${PATH/\~/${HOME}}" ansible-lint \
-PATH="${PATH/\~/${HOME}}" ansible-lint
+                                    --exclude changelogs/ \
                                    --profile=production