Merge 0de02365d8 into 5321a9ecb5

changelogs/fragments/568_update_authorized_key.yml

@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - authorized_keys - allow using absolute path to a file as a SSH key(s) source (https://github.com/ansible-collections/ansible.posix/pull/568)

plugins/modules/authorized_key.py

@@ -24,6 +24,7 @@ options:
   key:
     description:
       - The SSH public key(s), as a string or (since Ansible 1.9) url (https://github.com/username.keys).
+      - You can also use V(file://) prefix to search localy or remote for a file with SSH key(s) depending on O(remote_src) value.
     type: str
     required: true
   path:
@@ -80,6 +81,13 @@ options:
       - Follow path symlink instead of replacing it.
     type: bool
     default: false
+  remote_src:
+    description:
+      - Influence whether key needs to be transferred or already is present remotely.
+      - If V(false), it will search for src on the controller node.
+      - If V(true) it will search for src on the managed (remote) node.
+    type: bool
+    default: false
 author: Ansible Core Team
 '''
 
@@ -96,6 +104,13 @@ EXAMPLES = r'''
     state: present
     key: https://github.com/charlie.keys
 
+- name: Set authorized keys taken from path on controller node
+  ansible.posix.authorized_key:
+    user: charlie
+    state: present
+    key: file:///home/charlie/.ssh/id_rsa.pub
+    remote_src: true
+
 - name: Set authorized keys taken from url using lookup
   ansible.posix.authorized_key:
     user: charlie
@@ -554,10 +569,11 @@ def enforce_state(module, params):
     exclusive = params.get("exclusive", False)
     comment = params.get("comment", None)
     follow = params.get('follow', False)
+    remote_src = params.get('remote_src', False)
     error_msg = "Error getting key from: %s"
 
-    # if the key is a url, request it and use it as key source
-    if key.startswith("http"):
+    # if the key is a url or file, request it and use it as key source
+    if key.startswith("http") or (key.startswith("file") and remote_src):
         try:
             resp, info = fetch_url(module, key)
             if info['status'] != 200:
@@ -682,6 +698,7 @@ def main():
             comment=dict(type='str'),
             validate_certs=dict(type='bool', default=True),
             follow=dict(type='bool', default=False),
+            remote_src=dict(type='bool', default=False),
         ),
         supports_check_mode=True,
     )

tests/integration/targets/authorized_key/defaults/main.yml

@@ -35,3 +35,5 @@ multiple_keys_comments: |
   ssh-rsa DATA_BASIC 1@testing
   # I like adding comments yo-dude-this-is-not-a-key INVALID_DATA 2@testing
   ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
+
+key_path: /tmp/id_rsa.pub

tests/integration/targets/authorized_key/tasks/check_path.yml

@@ -0,0 +1,32 @@
+---
+- name: Create key file for test
+  ansible.builtin.copy:
+    dest: "{{ key_path }}"
+    content: "{{ rsa_key_basic }}"
+    mode: "0600"
+
+- name: Add key using path
+  ansible.posix.authorized_key:
+    user: root
+    key: "{{ key_path }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: Assert that the key was added
+  ansible.builtin.assert:
+    that:
+      - result.changed == true
+
+- name: Add key using path again
+  ansible.posix.authorized_key:
+    user: root
+    key: "{{ key_path }}"
+    state: present
+    path: "{{ output_dir | expanduser }}/authorized_keys"
+  register: result
+
+- name: Assert that no changes were applied
+  ansible.builtin.assert:
+    that:
+      - result.changed == false

tests/integration/targets/authorized_key/tasks/main.yml

@@ -31,3 +31,6 @@
 
 - name: Test for the management of comments with key
   ansible.builtin.import_tasks: comments.yml
+
+- name: Test for specifying key as a path
+  ansible.builtin.import_tasks: setup_steps.yml