Add changelog fragment for deprecated imports fix

Added changelog entry documenting the bugfixes for synchronize and mount modules' deprecated import issues. Related to #686 Co-authored-by: Cursor AI Signed-off-by: Pavel Bar <pbar@redhat.com>
Fix additional six deprecations for CI compliance
2026-01-10 22:55:27 +01:00 · 2025-11-28 16:48:14 +02:00 · 2025-11-28 16:48:14 +02:00 · 2025-11-28 16:48:14 +02:00 · 2025-11-28 16:48:14 +02:00 · 2025-11-28 07:14:56 +00:00
8 changed files with 72 additions and 19 deletions
--- a/README.md
+++ b/README.md
@ -2,7 +2,7 @@
 <!-- Add CI and code coverage badges here. Samples included below. -->
 [![Build Status](
 https://dev.azure.com/ansible/ansible.posix/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/ansible.posix/_build?definitionId=26)
-[![Run Status](https://api.shippable.com/projects/5e669aaf8b17a60007e4d18d/badge?branch=main)]() <!--[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)-->
+[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)

 ## Communication

--- a/changelogs/fragments/639_fix_authorized_key.yml
+++ b/changelogs/fragments/639_fix_authorized_key.yml
@ -0,0 +1,3 @@
+---
+bugfixes:
+  - ansible.posix.authorized_key - fixes error on permission denied in authorized_key module (https://github.com/ansible-collections/ansible.posix/issues/462).
--- a/changelogs/fragments/686_fix_deprecated_imports.yml
+++ b/changelogs/fragments/686_fix_deprecated_imports.yml
@ -0,0 +1,4 @@
+---
+bugfixes:
+  - synchronize - fix deprecated ``ansible.module_utils._text`` and ``ansible.module_utils.common._collections_compat`` imports (https://github.com/ansible-collections/ansible.posix/issues/686).
+  - mount - fix deprecated ``ansible.module_utils._text`` import (https://github.com/ansible-collections/ansible.posix/issues/686).
--- a/plugins/action/synchronize.py
+++ b/plugins/action/synchronize.py
@ -18,12 +18,11 @@ from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type

 import os.path
+from collections.abc import MutableSequence
+from shlex import quote as shlex_quote

 from ansible import constants as C
-from ansible.module_utils.six import string_types
-from ansible.module_utils.six.moves import shlex_quote
-from ansible.module_utils._text import to_text
-from ansible.module_utils.common._collections_compat import MutableSequence
+from ansible.module_utils.common.text.converters import to_text
 from ansible.module_utils.parsing.convert_bool import boolean
 from ansible.plugins.action import ActionBase
 from ansible.plugins.loader import connection_loader
@ -417,7 +416,7 @@ class ActionModule(ActionBase):
            # Replicate what we do in the module argumentspec handling for lists
            if not isinstance(_tmp_args.get('rsync_opts'), MutableSequence):
                tmp_rsync_opts = _tmp_args.get('rsync_opts', [])
-                if isinstance(tmp_rsync_opts, string_types):
+                if isinstance(tmp_rsync_opts, str):
                    tmp_rsync_opts = tmp_rsync_opts.split(',')
                elif isinstance(tmp_rsync_opts, (int, float)):
                    tmp_rsync_opts = [to_text(tmp_rsync_opts)]
--- a/plugins/modules/authorized_key.py
+++ b/plugins/modules/authorized_key.py
@ -225,6 +225,8 @@ import os.path
 import tempfile
 import re
 import shlex
+import errno
+import traceback
 from operator import itemgetter

 from ansible.module_utils._text import to_native
@ -475,16 +477,18 @@ def parsekey(module, raw_key, rank=None):
    return (key, key_type, options, comment, rank)


-def readfile(filename):
-
-    if not os.path.isfile(filename):
-        return ''
-
-    f = open(filename)
+def readfile(module, filename):
    try:
-        return f.read()
-    finally:
-        f.close()
+        with open(filename, 'r') as f:
+            return f.read()
+    except IOError as e:
+        if e.errno == errno.EACCES:
+            module.fail_json(msg="Permission denied on file or path for authorized keys file: %s" % filename,
+                             exception=traceback.format_exc())
+        elif e.errno == errno.ENOENT:
+            return ''
+        else:
+            raise


 def parsekeys(module, lines):
@ -597,7 +601,7 @@ def enforce_state(module, params):
    # check current state -- just get the filename, don't create file
    do_write = False
    params["keyfile"] = keyfile(module, user, do_write, path, manage_dir)
-    existing_content = readfile(params["keyfile"])
+    existing_content = readfile(module, params["keyfile"])
    existing_keys = parsekeys(module, existing_content)

    # Add a place holder for keys that should exist in the state=present and
--- a/plugins/modules/mount.py
+++ b/plugins/modules/mount.py
@ -225,8 +225,7 @@ import platform

 from ansible.module_utils.basic import AnsibleModule
 from ansible_collections.ansible.posix.plugins.module_utils.mount import ismount
-from ansible.module_utils.six import iteritems
-from ansible.module_utils._text import to_bytes, to_native
+from ansible.module_utils.common.text.converters import to_bytes, to_native
 from ansible.module_utils.parsing.convert_bool import boolean


@ -279,7 +278,7 @@ def _set_mount_save_old(module, args):
    old_lines = []
    exists = False
    changed = False
-    escaped_args = dict([(k, _escape_fstab(v)) for k, v in iteritems(args)])
+    escaped_args = dict([(k, _escape_fstab(v)) for k, v in args.items()])
    new_line = '%(src)s %(name)s %(fstype)s %(opts)s %(dump)s %(passno)s\n'

    if platform.system() == 'SunOS':
--- a/tests/integration/targets/authorized_key/tasks/check_permissions.yml
+++ b/tests/integration/targets/authorized_key/tasks/check_permissions.yml
@ -0,0 +1,41 @@
+---
+# -------------------------------------------------------------
+# check permissions
+
+- name: Create a file that is not accessible
+  ansible.builtin.file:
+    state: touch
+    path: "{{ output_dir | expanduser }}/file_permissions"
+    owner: root
+    mode: '0000'
+
+- name: Create unprivileged user
+  ansible.builtin.user:
+    name: nopriv
+    create_home: true
+
+- name: Try to delete a key from an unreadable file
+  become: true
+  become_user: nopriv
+  ansible.posix.authorized_key:
+    user: root
+    key: "{{ dss_key_basic }}"
+    state: absent
+    path: "{{ output_dir | expanduser }}/file_permissions"
+  register: result
+  ignore_errors: true
+
+- name: Assert that the key deletion has failed
+  ansible.builtin.assert:
+    that:
+      - result is failed
+
+- name: Remove the file
+  ansible.builtin.file:
+    state: absent
+    path: "{{ output_dir | expanduser }}/file_permissions"
+
+- name: Remove the user
+  ansible.builtin.user:
+    name: nopriv
+    state: absent
--- a/tests/integration/targets/authorized_key/tasks/main.yml
+++ b/tests/integration/targets/authorized_key/tasks/main.yml
@ -34,3 +34,6 @@

 - name: Test for specifying key as a path
  ansible.builtin.import_tasks: check_path.yml
+
+- name: Test for permission denied files
+  ansible.builtin.import_tasks: check_permissions.yml
Author	SHA1	Message	Date
Pavel Bar	c19d766d3a	Add changelog fragment for deprecated imports fix Added changelog entry documenting the bugfixes for synchronize and mount modules' deprecated import issues. Related to #686 Co-authored-by: Cursor AI Signed-off-by: Pavel Bar <pbar@redhat.com>	2025-11-28 16:48:14 +02:00
Pavel Bar	5b071d26ba	Fix additional six deprecations for CI compliance Replace deprecated ansible.module_utils.six imports with Python 3 standard library equivalents to pass pylint sanity checks. synchronize.py: - ansible.module_utils.six.string_types → str - ansible.module_utils.six.moves.shlex_quote → shlex.quote mount.py: - ansible.module_utils.six.iteritems → dict.items() Related to #686 Co-authored-by: Cursor AI Signed-off-by: Pavel Bar <pbar@redhat.com>	2025-11-28 16:48:14 +02:00
Pavel Bar	708df85118	Fix deprecated module_utils imports in mount These deprecated imports will be removed in ansible-core 2.24. Updated to use the new recommended import paths. - ansible.module_utils._text → ansible.module_utils.common.text.converters Related to #686 Co-authored-by: Cursor AI Signed-off-by: Pavel Bar <pbar@redhat.com>	2025-11-28 16:48:14 +02:00
Pavel Bar	60bc3e3634	Fix deprecated module_utils imports in synchronize These deprecated imports will be removed in ansible-core 2.24. Updated to use the new recommended import paths. - ansible.module_utils._text → ansible.module_utils.common.text.converters - ansible.module_utils.common._collections_compat → collections.abc Fixes #686 Co-authored-by: Cursor AI Signed-off-by: Pavel Bar <pbar@redhat.com>	2025-11-28 16:48:14 +02:00
softwarefactory-project-zuul[bot]	b39ee97ccc	Merge pull request #677 from shenxianpeng/patch-1 docs: fix broken badge and restore coverage badge SUMMARY Replaced the outdated Shippable badge and active Codecov coverage badge, like other repos in ansible-collections org ISSUE TYPE Docs Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Hideki Saito <saito@fgrep.org>	2025-11-28 07:14:56 +00:00
softwarefactory-project-zuul[bot]	72a6eb9729	Merge pull request #639 from Klaas-/Klaas-fix_authorized_key Fixes #462 notice permission denied on authorized_key module SUMMARY As of right now the authorized_key module does not notice on an "absent" if a authorized_keys file is simply not readable to the executing user. I am trying to fix that ISSUE TYPE Bugfix Pull Request COMPONENT NAME authorized_key ADDITIONAL INFORMATION Execute as a user that does not have access to the root users authorized keys file - name: Delete key from root user ansible.posix.authorized_key: state: absent user: root key: ssh-rsa xxxxxxxx - name: Delete key from root user become: true ansible.posix.authorized_key: state: absent user: root key: ssh-rsa xxxxxxxx The one without become will succeed before my change and will fail with a permission denied error after my change. The 2nd task will actually remove a key from root user if become privileges are available for the executing user Reviewed-by: Brian Coca Reviewed-by: Klaas Demter Reviewed-by: Felix Fontein <felix@fontein.de> Reviewed-by: Hideki Saito <saito@fgrep.org>	2025-11-28 03:25:21 +00:00
Klaas Demter	9651a19805	change result.failed==True to result is failed in check_permissions.yml Co-authored-by: Felix Fontein <felix@fontein.de>	2025-10-22 08:29:46 +02:00
Klaas Demter	413ab782a8	Fixes #462 notice permission denied on authorized_key module	2025-10-21 10:00:12 +02:00
Xianpeng Shen	cda2e0657f	docs: fix broken badge and restore coverage badge	2025-08-14 14:33:30 +03:00