Fixes #462 notice permission denied on authorized_key module

2026-01-11 23:25:28 +01:00 · 2025-05-20 12:36:42 +02:00
24 changed files with 85 additions and 155 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -4,8 +4,7 @@
 # SPDX-FileCopyrightText: 2024, Ansible Project
 skip_list:
-  - meta-runtime[unsupported-version]  # This rule doesn't make any sense
+  - meta-runtime[unsupported-version]  # Tis rule doesn't make any sense
  - fqcn[deep]  # This rule produces false positives for files in tests/unit/plugins/action/fixtures/
  - sanity[cannot-ignore]  # This rule is skipped to keep backward compatibility with Python 2
 exclude_paths:
  - changelogs/
--- a/.azure-pipelines/azure-pipelines.yml
+++ b/.azure-pipelines/azure-pipelines.yml
@ -37,13 +37,13 @@ variables:
 resources:
  containers:
    - container: default
-      image: quay.io/ansible/azure-pipelines-test-container:7.0.0
+      image: quay.io/ansible/azure-pipelines-test-container:6.0.0
 pool: Standard
 stages:
  - stage: Sanity_devel
-    displayName: Ansible devel Sanity & Units & Lint
+    displayName: Ansible devel sanity
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
@ -57,23 +57,8 @@ stages:
              test: units
            - name: Lint
              test: lint
  - stage: Sanity_2_19
    displayName: Ansible 2.19 Sanity & Units & Lint
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
          nameFormat: "{0}"
          testFormat: 2.19/{0}
          targets:
            - name: Sanity
              test: sanity
            - name: Units
              test: units
            - name: Lint
              test: lint
  - stage: Sanity_2_18
-    displayName: Ansible 2.18 Sanity & Units & Lint
+    displayName: Ansible 2.18 sanity
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
@ -88,7 +73,7 @@ stages:
            - name: Lint
              test: lint
  - stage: Sanity_2_17
-    displayName: Ansible 2.17 Sanity & Units & Lint
+    displayName: Ansible 2.17 sanity
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
@ -103,7 +88,7 @@ stages:
            - name: Lint
              test: lint
  - stage: Sanity_2_16
-    displayName: Ansible 2.16 Sanity & Units & Lint
+    displayName: Ansible 2.16 sanity
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
@ -115,8 +100,19 @@ stages:
              test: sanity
            - name: Units
              test: units
-            - name: Lint
+  - stage: Sanity_2_15
-              test: lint
+    displayName: Ansible 2.15 sanity
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
          nameFormat: "{0}"
          testFormat: 2.15/{0}
          targets:
            - name: Sanity
              test: sanity
            - name: Units
              test: units
  ## Docker
  - stage: Docker_devel
    displayName: Docker devel
@ -125,20 +121,6 @@ stages:
      - template: templates/matrix.yml
        parameters:
          testFormat: devel/linux/{0}/1
          targets:
            - name: Fedora 42
              test: fedora42
            - name: Ubuntu 22.04
              test: ubuntu2204
            - name: Ubuntu 24.04
              test: ubuntu2404
  - stage: Docker_2_19
    displayName: Docker 2.19
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
          testFormat: 2.19/linux/{0}/1
          targets:
            - name: Fedora 41
              test: fedora41
@ -187,6 +169,23 @@ stages:
            - name: Ubuntu 22.04
              test: ubuntu2204
  - stage: Docker_2_15
    displayName: Docker 2.15
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
          testFormat: 2.15/linux/{0}/1
          targets:
            - name: CentOS 7
              test: centos7
            - name: Fedora 37
              test: fedora37
            - name: openSUSE 15 py3
              test: opensuse15
            - name: Ubuntu 22.04
              test: ubuntu2204
  ## Remote
  - stage: Remote_devel
    displayName: Remote devel
@ -196,24 +195,6 @@ stages:
        parameters:
          testFormat: devel/{0}/1
          targets:
            - name: RHEL 10.0
              test: rhel/10.0
            - name: RHEL 9.6
              test: rhel/9.6
            - name: FreeBSD 14.3
              test: freebsd/14.3
            - name: FreeBSD 13.5
              test: freebsd/13.5
  - stage: Remote_2_19
    displayName: Remote 2.19
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
          testFormat: 2.19/{0}/1
          targets:
            - name: RHEL 10.0
              test: rhel/10.0
            - name: RHEL 9.5
              test: rhel/9.5
            - name: FreeBSD 14.2
@ -230,8 +211,8 @@ stages:
          targets:
            - name: RHEL 9.4
              test: rhel/9.4
-            - name: FreeBSD 13.5
+            - name: FreeBSD 13.3
-              test: freebsd/13.5
+              test: freebsd/13.3
  - stage: Remote_2_17
    displayName: Remote 2.17
    dependsOn: []
@ -242,8 +223,8 @@ stages:
          targets:
            - name: RHEL 9.3
              test: rhel/9.3
-            - name: FreeBSD 13.5
+            - name: FreeBSD 13.3
-              test: freebsd/13.5
+              test: freebsd/13.3
  - stage: Remote_2_16
    displayName: Remote 2.16
    dependsOn: []
@ -257,11 +238,29 @@ stages:
            - name: RHEL 9.2
              test: rhel/9.2
  - stage: Remote_2_15
    displayName: Remote 2.15
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
          testFormat: 2.15/{0}/1
          targets:
            - name: RHEL 7.9
              test: rhel/7.9
            - name: RHEL 8.7
              test: rhel/8.7
            - name: RHEL 9.1
              test: rhel/9.1
  ## Finally
  - stage: Summary
    condition: succeededOrFailed()
    dependsOn:
      - Sanity_2_15
      - Remote_2_15
      - Docker_2_15
      - Sanity_2_16
      - Remote_2_16
      - Docker_2_16
@ -271,9 +270,6 @@ stages:
      - Sanity_2_18
      - Remote_2_18
      - Docker_2_18
      - Sanity_2_19
      - Remote_2_19
      - Docker_2_19
      - Sanity_devel
      - Remote_devel
      - Docker_devel
--- a/README.md
+++ b/README.md
@ -21,7 +21,7 @@ An Ansible Collection of modules and plugins that target POSIX UNIX/Linux and de
 * Python:
  * The Python interpreter version must meet Ansible Core's requirements.
 * Ansible Core:
-  - ansible-core 2.16 or later
+  - ansible-core 2.15 or later
 ## Installation
@ -46,10 +46,10 @@ To upgrade the collection to the latest available version, run the following com
 ansible-galaxy collection install ansible.posix --upgrade
 ```
-You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax to install version 2.0.0:
+You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax to install version 1.0.0:
 ```shell
-ansible-galaxy collection install ansible.posix:==2.0.0
+ansible-galaxy collection install ansible.posix:==1.0.0
 ```
 See [using Ansible collections](https://docs.ansible.com/ansible/devel/user_guide/collections_using.html) for more details.
@ -78,10 +78,11 @@ ansible-doc -t callback ansible.posix.profile_tasks
 The following ansible-core versions have been tested with this collection:
- ansible-core 2.20 (devel)
+- ansible-core 2.19 (devel)
- ansible-core 2.19 (stable) *
+- ansible-core 2.18 (stable) *
 - ansible-core 2.18 (stable)
 - ansible-core 2.17 (stable)
 - ansible-core 2.16 (stable)
 - ansible-core 2.15 (stable)
 ## Contributing
--- a/changelogs/fragments/642_ci_add_rhel10.yml
+++ b/changelogs/fragments/642_ci_add_rhel10.yml
@ -1,2 +0,0 @@
 trivial:
  - Add Red Hat Enterprise Linux 10.0 to the CI matrix (https://github.com/ansible-collections/ansible.posix/issues/642).
--- a/changelogs/fragments/650-profile_tasks_roles.yml
+++ b/changelogs/fragments/650-profile_tasks_roles.yml
@ -1,2 +0,0 @@
 minor_changes:
  - "profile_tasks and profile_roles callback plugins - avoid deleted/deprecated callback functions, instead use modern interface that was introduced a longer time ago (https://github.com/ansible-collections/ansible.posix/issues/650)."
--- a/changelogs/fragments/654_ci_bump_core_version.yml
+++ b/changelogs/fragments/654_ci_bump_core_version.yml
@ -1,3 +0,0 @@
 ---
 trivial:
  - Bump ansible-core version to 2.20 of devel branch and add 2.19 to CI
--- a/changelogs/fragments/660_ci_azp_syntax.yml
+++ b/changelogs/fragments/660_ci_azp_syntax.yml
@ -1,2 +0,0 @@
 trivial:
  - AZP - fixed syntax error in CI test.
--- a/changelogs/fragments/665_update_readme_20250728.yml
+++ b/changelogs/fragments/665_update_readme_20250728.yml
@ -1,3 +0,0 @@
 ---
 trivial:
  - README - Update README to reflect Ansible Core 2.19 release.
--- a/changelogs/fragments/666_azp_update_20250728.yml
+++ b/changelogs/fragments/666_azp_update_20250728.yml
@ -1,3 +0,0 @@
 ---
 trivial:
  - AZP - Update AZP matrix to follow ansible-test changes.
--- a/changelogs/fragments/670-deprecations.yml
+++ b/changelogs/fragments/670-deprecations.yml
@ -1,3 +0,0 @@
 bugfixes:
  - "firewalld_info - stop returning warnings as return values; this has been deprecated by ansible-core (https://github.com/ansible-collections/ansible.posix/pull/670)."
  - "mount - stop returning warnings as return values; this has been deprecated by ansible-core (https://github.com/ansible-collections/ansible.posix/pull/670)."
--- a/changelogs/fragments/673_update_ci_20250805.yml
+++ b/changelogs/fragments/673_update_ci_20250805.yml
@ -1,2 +0,0 @@
 trivial:
  - Update AZP CI matrix (https://github.com/ansible-collections/ansible.posix/issues/673).
--- a/changelogs/fragments/682_update_ci_20250929.yml
+++ b/changelogs/fragments/682_update_ci_20250929.yml
@ -1,4 +0,0 @@
 trivial:
  - Updatng AZP CI matrix to ignore ansible-bad-import-from on six(https://github.com/ansible-collections/ansible.posix/pull/682).
  - Skipped sanity[cannot-ignore] to keep backward compatibility with Python2.
  - Consolidate all ansible-lint option locations into .ansible-lint file.
--- a/meta/runtime.yml
+++ b/meta/runtime.yml
@ -1,2 +1,2 @@
 ---
-requires_ansible: ">=2.16.0"
+requires_ansible: ">=2.15.0"
--- a/plugins/callback/profile_roles.py
+++ b/plugins/callback/profile_roles.py
@ -124,7 +124,10 @@ class CallbackModule(CallbackBase):
    def v2_playbook_on_handler_task_start(self, task):
        self._record_task(task)
-    def v2_playbook_on_stats(self, stats):
+    def playbook_on_setup(self):
        self._display_tasktime()
    def playbook_on_stats(self, stats):
        # Align summary report header with other callback plugin summary
        self._display.banner("ROLES RECAP")
--- a/plugins/callback/profile_tasks.py
+++ b/plugins/callback/profile_tasks.py
@ -209,7 +209,10 @@ class CallbackModule(CallbackBase):
    def v2_playbook_on_handler_task_start(self, task):
        self._record_task(task)
-    def v2_playbook_on_stats(self, stats):
+    def playbook_on_setup(self):
        self._display_tasktime()
    def playbook_on_stats(self, stats):
        # Align summary report header with other callback plugin summary
        self._display.banner("TASKS RECAP")
--- a/plugins/modules/authorized_key.py
+++ b/plugins/modules/authorized_key.py
@ -226,7 +226,6 @@ import tempfile
 import re
 import shlex
 import errno
 import traceback
 from operator import itemgetter
 from ansible.module_utils._text import to_native
@ -483,8 +482,7 @@ def readfile(module, filename):
            return f.read()
    except IOError as e:
        if e.errno == errno.EACCES:
-            module.fail_json(msg="Permission denied on file or path for authorized keys file: %s" % filename,
+            module.fail_json(msg="Permission denied on file or path for authorized keys file: {}".format(filename))
                             exception=traceback.format_exc())
        elif e.errno == errno.ENOENT:
            return ''
        else:
--- a/plugins/modules/firewalld_info.py
+++ b/plugins/modules/firewalld_info.py
@ -319,6 +319,7 @@ def main():
        active_zones=module.params['active_zones'],
        collected_zones=list(),
        undefined_zones=list(),
        warnings=list(),
    )
    # Exit with failure message if requirements modules are not installed.
--- a/plugins/modules/mount.py
+++ b/plugins/modules/mount.py
@ -279,7 +279,7 @@ def _set_mount_save_old(module, args):
    old_lines = []
    exists = False
    changed = False
-    escaped_args = dict([(k, _escape_fstab(v)) for k, v in iteritems(args)])
+    escaped_args = dict([(k, _escape_fstab(v)) for k, v in iteritems(args) if k != 'warnings'])
    new_line = '%(src)s %(name)s %(fstype)s %(opts)s %(dump)s %(passno)s\n'
    if platform.system() == 'SunOS':
@ -804,6 +804,7 @@ def main():
            passno='-',
            fstab=module.params['fstab'],
            boot='yes' if module.params['boot'] else 'no',
            warnings=[]
        )
        if args['fstab'] is None:
            args['fstab'] = '/etc/vfstab'
@ -815,6 +816,7 @@ def main():
            passno='0',
            fstab=module.params['fstab'],
            boot='yes',
            warnings=[]
        )
        if args['fstab'] is None:
            args['fstab'] = '/etc/fstab'
@ -832,7 +834,8 @@ def main():
        linux_mounts = get_linux_mounts(module)
        if linux_mounts is None:
-            module.warn('Cannot open file /proc/self/mountinfo. Bind mounts might be misinterpreted.')
+            args['warnings'].append('Cannot open file /proc/self/mountinfo.'
                                    ' Bind mounts might be misinterpreted.')
    # Override defaults with user specified params
    for key in ('src', 'fstype', 'passno', 'opts', 'dump', 'fstab'):
@ -844,7 +847,7 @@ def main():
        # specified in 'opts',  mount module will ignore 'boot'.
        opts = args['opts'].split(',')
        if module.params['boot'] and 'noauto' in opts:
-            module.warn("Ignore the 'boot' due to 'opts' contains 'noauto'.")
+            args['warnings'].append("Ignore the 'boot' due to 'opts' contains 'noauto'.")
        elif not module.params['boot']:
            args['boot'] = 'no'
            opts.append('noauto')
--- a/tests/integration/targets/acl/tasks/acl.yml
+++ b/tests/integration/targets/acl/tasks/acl.yml
@ -46,12 +46,6 @@
    path: "{{ test_dir }}"
    state: directory
    mode: "0755"
 - name: Install acl package
  ansible.builtin.package:
    name: acl
    state: present
 ##############################################################################
 - name: Grant ansible user read access to a file
  ansible.posix.acl:
--- a/tests/integration/targets/authorized_key/tasks/check_permissions.yml
+++ b/tests/integration/targets/authorized_key/tasks/check_permissions.yml
@ -1,30 +0,0 @@
 ---
 # -------------------------------------------------------------
 # check permissions
 - name: Create a file that is not accessible
  ansible.builtin.file:
    state: touch
    path: "{{ output_dir | expanduser }}/file_permissions"
    owner: root
    group: root
    mode: '0000'
 - name: Try to delete a key from an unreadable file
  ansible.posix.authorized_key:
    user: root
    key: "{{ dss_key_basic }}"
    state: absent
    path: "{{ output_dir | expanduser }}/file_permissions"
  register: result
  ignore_errors: true
 - name: Assert that the key deletion has failed
  ansible.builtin.assert:
    that:
      - result.failed == True
 - name: Remove the file
  ansible.builtin.file:
    state: absent
    path: "{{ output_dir | expanduser }}/file_permissions"
--- a/tests/integration/targets/authorized_key/tasks/main.yml
+++ b/tests/integration/targets/authorized_key/tasks/main.yml
@ -34,6 +34,3 @@
 - name: Test for specifying key as a path
  ansible.builtin.import_tasks: check_path.yml
 - name: Test for permission denied files
  ansible.builtin.import_tasks: check_permissions.yml
--- a/tests/integration/targets/firewalld/aliases
+++ b/tests/integration/targets/firewalld/aliases
@ -1,5 +1,3 @@
 needs/privileged
 needs/root
 destructive
 shippable/posix/group1
 skip/aix
--- a/tests/sanity/ignore-2.20.txt
+++ b/tests/sanity/ignore-2.20.txt
@ -1,10 +0,0 @@
 tests/utils/shippable/timing.py shebang
 plugins/action/synchronize.py pylint:ansible-bad-import-from
 plugins/callback/cgroup_perf_recap.py pylint:ansible-bad-import-from
 plugins/modules/mount.py pylint:ansible-bad-import-from
 plugins/modules/sysctl.py pylint:ansible-bad-import-from
 plugins/shell/csh.py pylint:ansible-bad-import-from
 plugins/shell/fish.py pylint:ansible-bad-import-from
 tests/unit/mock/procenv.py pylint:ansible-bad-import-from
 tests/unit/mock/yaml_helper.py pylint:ansible-bad-import-from
 tests/unit/modules/conftest.py pylint:ansible-bad-import-from
--- a/tests/utils/shippable/lint.sh
+++ b/tests/utils/shippable/lint.sh
@ -9,5 +9,6 @@ command -v ansible
 pip install --upgrade --user pip
 pip install --upgrade --user ansible-lint
-# To specify additional options, you can specify them into .ansible-lint file.
+PATH="${PATH/\~/${HOME}}" ansible-lint \
-PATH="${PATH/\~/${HOME}}" ansible-lint
+                                    --exclude changelogs/ \
                                    --profile=production
		`@ -1,2 +0,0 @@`
			`trivial:`
			`- Add Red Hat Enterprise Linux 10.0 to the CI matrix (https://github.com/ansible-collections/ansible.posix/issues/642).`
		`@ -1,2 +0,0 @@`
			`minor_changes:`
			`- "profile_tasks and profile_roles callback plugins - avoid deleted/deprecated callback functions, instead use modern interface that was introduced a longer time ago (https://github.com/ansible-collections/ansible.posix/issues/650)."`
		`@ -1,2 +0,0 @@`
			`trivial:`
			`- AZP - fixed syntax error in CI test.`
		`@ -1,2 +0,0 @@`
			`trivial:`
			`- Update AZP CI matrix (https://github.com/ansible-collections/ansible.posix/issues/673).`
`@ -1,2 +1,2 @@`
	`---`	`---`
	`requires_ansible: ">=2.16.0"`	`requires_ansible: ">=2.15.0"`