Add changelog fragment for deprecated imports fix

Added changelog entry documenting the bugfixes for synchronize and mount modules' deprecated import issues. Related to #686 Co-authored-by: Cursor AI Signed-off-by: Pavel Bar <pbar@redhat.com>
Fix additional six deprecations for CI compliance
2026-01-11 15:15:26 +01:00 · 2025-11-28 16:48:14 +02:00 · 2025-11-28 16:48:14 +02:00 · 2025-11-28 16:48:14 +02:00 · 2025-11-28 16:48:14 +02:00 · 2025-11-28 07:14:56 +00:00
5 changed files with 62 additions and 11 deletions
--- a/README.md
+++ b/README.md
@ -2,7 +2,7 @@
 <!-- Add CI and code coverage badges here. Samples included below. -->
 [![Build Status](
 https://dev.azure.com/ansible/ansible.posix/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/ansible.posix/_build?definitionId=26)
-[![Run Status](https://api.shippable.com/projects/5e669aaf8b17a60007e4d18d/badge?branch=main)]() <!--[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)-->
+[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)
 ## Communication
--- a/changelogs/fragments/639_fix_authorized_key.yml
+++ b/changelogs/fragments/639_fix_authorized_key.yml
@ -0,0 +1,3 @@
 ---
 bugfixes:
  - ansible.posix.authorized_key - fixes error on permission denied in authorized_key module (https://github.com/ansible-collections/ansible.posix/issues/462).
--- a/plugins/modules/authorized_key.py
+++ b/plugins/modules/authorized_key.py
@ -225,6 +225,8 @@ import os.path
 import tempfile
 import re
 import shlex
 import errno
 import traceback
 from operator import itemgetter
 from ansible.module_utils._text import to_native
@ -475,16 +477,18 @@ def parsekey(module, raw_key, rank=None):
    return (key, key_type, options, comment, rank)
-def readfile(filename):
+def readfile(module, filename):
    if not os.path.isfile(filename):
        return ''
    f = open(filename)
    try:
-        return f.read()
+        with open(filename, 'r') as f:
-    finally:
+            return f.read()
-        f.close()
+    except IOError as e:
        if e.errno == errno.EACCES:
            module.fail_json(msg="Permission denied on file or path for authorized keys file: %s" % filename,
                             exception=traceback.format_exc())
        elif e.errno == errno.ENOENT:
            return ''
        else:
            raise
 def parsekeys(module, lines):
@ -597,7 +601,7 @@ def enforce_state(module, params):
    # check current state -- just get the filename, don't create file
    do_write = False
    params["keyfile"] = keyfile(module, user, do_write, path, manage_dir)
-    existing_content = readfile(params["keyfile"])
+    existing_content = readfile(module, params["keyfile"])
    existing_keys = parsekeys(module, existing_content)
    # Add a place holder for keys that should exist in the state=present and
--- a/tests/integration/targets/authorized_key/tasks/check_permissions.yml
+++ b/tests/integration/targets/authorized_key/tasks/check_permissions.yml
@ -0,0 +1,41 @@
 ---
 # -------------------------------------------------------------
 # check permissions
 - name: Create a file that is not accessible
  ansible.builtin.file:
    state: touch
    path: "{{ output_dir | expanduser }}/file_permissions"
    owner: root
    mode: '0000'
 - name: Create unprivileged user
  ansible.builtin.user:
    name: nopriv
    create_home: true
 - name: Try to delete a key from an unreadable file
  become: true
  become_user: nopriv
  ansible.posix.authorized_key:
    user: root
    key: "{{ dss_key_basic }}"
    state: absent
    path: "{{ output_dir | expanduser }}/file_permissions"
  register: result
  ignore_errors: true
 - name: Assert that the key deletion has failed
  ansible.builtin.assert:
    that:
      - result is failed
 - name: Remove the file
  ansible.builtin.file:
    state: absent
    path: "{{ output_dir | expanduser }}/file_permissions"
 - name: Remove the user
  ansible.builtin.user:
    name: nopriv
    state: absent
--- a/tests/integration/targets/authorized_key/tasks/main.yml
+++ b/tests/integration/targets/authorized_key/tasks/main.yml
@ -34,3 +34,6 @@
 - name: Test for specifying key as a path
  ansible.builtin.import_tasks: check_path.yml
 - name: Test for permission denied files
  ansible.builtin.import_tasks: check_permissions.yml
Author	SHA1	Message	Date
Pavel Bar	c19d766d3a	Add changelog fragment for deprecated imports fix Added changelog entry documenting the bugfixes for synchronize and mount modules' deprecated import issues. Related to #686 Co-authored-by: Cursor AI Signed-off-by: Pavel Bar <pbar@redhat.com>	2025-11-28 16:48:14 +02:00
Pavel Bar	5b071d26ba	Fix additional six deprecations for CI compliance Replace deprecated ansible.module_utils.six imports with Python 3 standard library equivalents to pass pylint sanity checks. synchronize.py: - ansible.module_utils.six.string_types → str - ansible.module_utils.six.moves.shlex_quote → shlex.quote mount.py: - ansible.module_utils.six.iteritems → dict.items() Related to #686 Co-authored-by: Cursor AI Signed-off-by: Pavel Bar <pbar@redhat.com>	2025-11-28 16:48:14 +02:00
Pavel Bar	708df85118	Fix deprecated module_utils imports in mount These deprecated imports will be removed in ansible-core 2.24. Updated to use the new recommended import paths. - ansible.module_utils._text → ansible.module_utils.common.text.converters Related to #686 Co-authored-by: Cursor AI Signed-off-by: Pavel Bar <pbar@redhat.com>	2025-11-28 16:48:14 +02:00
Pavel Bar	60bc3e3634	Fix deprecated module_utils imports in synchronize These deprecated imports will be removed in ansible-core 2.24. Updated to use the new recommended import paths. - ansible.module_utils._text → ansible.module_utils.common.text.converters - ansible.module_utils.common._collections_compat → collections.abc Fixes #686 Co-authored-by: Cursor AI Signed-off-by: Pavel Bar <pbar@redhat.com>	2025-11-28 16:48:14 +02:00
softwarefactory-project-zuul[bot]	b39ee97ccc	Merge pull request #677 from shenxianpeng/patch-1 docs: fix broken badge and restore coverage badge SUMMARY Replaced the outdated Shippable badge and active Codecov coverage badge, like other repos in ansible-collections org ISSUE TYPE Docs Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Hideki Saito <saito@fgrep.org>	2025-11-28 07:14:56 +00:00
softwarefactory-project-zuul[bot]	72a6eb9729	Merge pull request #639 from Klaas-/Klaas-fix_authorized_key Fixes #462 notice permission denied on authorized_key module SUMMARY As of right now the authorized_key module does not notice on an "absent" if a authorized_keys file is simply not readable to the executing user. I am trying to fix that ISSUE TYPE Bugfix Pull Request COMPONENT NAME authorized_key ADDITIONAL INFORMATION Execute as a user that does not have access to the root users authorized keys file - name: Delete key from root user ansible.posix.authorized_key: state: absent user: root key: ssh-rsa xxxxxxxx - name: Delete key from root user become: true ansible.posix.authorized_key: state: absent user: root key: ssh-rsa xxxxxxxx The one without become will succeed before my change and will fail with a permission denied error after my change. The 2nd task will actually remove a key from root user if become privileges are available for the executing user Reviewed-by: Brian Coca Reviewed-by: Klaas Demter Reviewed-by: Felix Fontein <felix@fontein.de> Reviewed-by: Hideki Saito <saito@fgrep.org>	2025-11-28 03:25:21 +00:00
Klaas Demter	9651a19805	change result.failed==True to result is failed in check_permissions.yml Co-authored-by: Felix Fontein <felix@fontein.de>	2025-10-22 08:29:46 +02:00
Klaas Demter	413ab782a8	Fixes #462 notice permission denied on authorized_key module	2025-10-21 10:00:12 +02:00
Xianpeng Shen	cda2e0657f	docs: fix broken badge and restore coverage badge	2025-08-14 14:33:30 +03:00