Merge 8cdf51b3b3 into b39ee97ccc

docs: fix broken badge and restore coverage badge

SUMMARY
Replaced the outdated Shippable badge and active Codecov coverage badge, like other repos in ansible-collections org
ISSUE TYPE


Docs Pull Request

COMPONENT NAME

ADDITIONAL INFORMATION

Reviewed-by: Hideki Saito <saito@fgrep.org>

README.md

@@ -2,7 +2,7 @@
 <!-- Add CI and code coverage badges here. Samples included below. -->
 [![Build Status](
 https://dev.azure.com/ansible/ansible.posix/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/ansible.posix/_build?definitionId=26)
-[![Run Status](https://api.shippable.com/projects/5e669aaf8b17a60007e4d18d/badge?branch=main)]() <!--[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)-->
+[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)
 
 ## Communication
 

changelogs/fragments/428-synchronize-user-defined-out-format.yml

@@ -0,0 +1,2 @@
+minor_changes:
+  - synchronize - user-defined ``--out-format`` in ``rsync_opts`` is now honored in the returned output. (https://github.com/ansible-collections/ansible.posix/pull/428)

changelogs/fragments/639_fix_authorized_key.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - ansible.posix.authorized_key - fixes error on permission denied in authorized_key module (https://github.com/ansible-collections/ansible.posix/issues/462).

plugins/modules/authorized_key.py

@@ -225,6 +225,8 @@ import os.path
 import tempfile
 import re
 import shlex
+import errno
+import traceback
 from operator import itemgetter
 
 from ansible.module_utils._text import to_native
@@ -475,16 +477,18 @@ def parsekey(module, raw_key, rank=None):
     return (key, key_type, options, comment, rank)
 
 
-def readfile(filename):
-
-    if not os.path.isfile(filename):
-        return ''
-
-    f = open(filename)
+def readfile(module, filename):
     try:
-        return f.read()
-    finally:
-        f.close()
+        with open(filename, 'r') as f:
+            return f.read()
+    except IOError as e:
+        if e.errno == errno.EACCES:
+            module.fail_json(msg="Permission denied on file or path for authorized keys file: %s" % filename,
+                             exception=traceback.format_exc())
+        elif e.errno == errno.ENOENT:
+            return ''
+        else:
+            raise
 
 
 def parsekeys(module, lines):
@@ -597,7 +601,7 @@ def enforce_state(module, params):
     # check current state -- just get the filename, don't create file
     do_write = False
     params["keyfile"] = keyfile(module, user, do_write, path, manage_dir)
-    existing_content = readfile(params["keyfile"])
+    existing_content = readfile(module, params["keyfile"])
     existing_keys = parsekeys(module, existing_content)
 
     # Add a place holder for keys that should exist in the state=present and

plugins/modules/synchronize.py

@@ -366,6 +366,7 @@ EXAMPLES = r'''
 
 import os
 import errno
+import re
 
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils._text import to_bytes, to_native
@@ -597,8 +598,19 @@ def main():
                 module.fail_json(msg='Hardlinking into a subdirectory of the source would cause recursion. %s and %s' % (destination_path, dest))
             cmd.append('--link-dest=%s' % link_path)
 
-    changed_marker = '<<CHANGED>>'
-    cmd.append('--out-format=%s' % shlex_quote(changed_marker + '%i %n%L'))
+    # find the last specified out-format
+    out_format = ''
+    for rsync_opt in rsync_opts:
+        if rsync_opt.startswith('--out-format='):
+            out_format = rsync_opt.replace('--out-format=', '', 1)
+
+    # force a known out-format so we can test for changes and return a known format of diff
+    diff_marker = 'DIFF'
+    if out_format == '' or module._diff:
+        diff_detail = '%n%L'
+    else:
+        diff_detail = ''
+    cmd.append('--out-format=%s' % shlex_quote('%s//%s//%%i//%s' % (out_format, diff_marker, diff_detail)))
 
     cmd.append(shlex_quote(source))
     cmd.append(shlex_quote(dest))
@@ -624,18 +636,36 @@ def main():
     if rc:
         return module.fail_json(msg=err, rc=rc, cmd=cmdstr)
 
-    if link_dest:
-        # a leading period indicates no change
-        changed = (changed_marker + '.') not in out
-    else:
-        changed = changed_marker in out
+    changed = False
+    diff = []
+    out_lines = []
+    # remove forced out-format suffix, check for file changes
+    for line in out.split('\n'):
+        match = re.match('(.*)//%s//(...*?)//(.*)$' % diff_marker, line)
+        if match:
+            default_diff = '%s %s' % (match.group(2), match.group(3))
 
-    out_clean = out.replace(changed_marker, '')
-    out_lines = out_clean.split('\n')
+            if module._diff:
+                diff.append(default_diff)
+
+            if out_format == '':
+                out_lines.append(default_diff)
+            else:
+                out_lines.append(match.group(1))
+
+            # a period in the first position indicates no changes to the file's contents
+            # a period in every other position from the third onward indicates no attribute changes
+            if not re.match(r'\..\.*$', match.group(2)):
+                changed = True
+        else:
+            out_lines.append(line)
+
+    out_clean = '\n'.join(out_lines)
     while '' in out_lines:
         out_lines.remove('')
+
     if module._diff:
-        diff = {'prepared': out_clean}
+        diff = {'prepared': '\n'.join(diff)}
         return module.exit_json(changed=changed, msg=out_clean,
                                 rc=rc, cmd=cmdstr, stdout_lines=out_lines,
                                 diff=diff)

tests/integration/targets/authorized_key/tasks/check_permissions.yml

@@ -0,0 +1,41 @@
+---
+# -------------------------------------------------------------
+# check permissions
+
+- name: Create a file that is not accessible
+  ansible.builtin.file:
+    state: touch
+    path: "{{ output_dir | expanduser }}/file_permissions"
+    owner: root
+    mode: '0000'
+
+- name: Create unprivileged user
+  ansible.builtin.user:
+    name: nopriv
+    create_home: true
+
+- name: Try to delete a key from an unreadable file
+  become: true
+  become_user: nopriv
+  ansible.posix.authorized_key:
+    user: root
+    key: "{{ dss_key_basic }}"
+    state: absent
+    path: "{{ output_dir | expanduser }}/file_permissions"
+  register: result
+  ignore_errors: true
+
+- name: Assert that the key deletion has failed
+  ansible.builtin.assert:
+    that:
+      - result is failed
+
+- name: Remove the file
+  ansible.builtin.file:
+    state: absent
+    path: "{{ output_dir | expanduser }}/file_permissions"
+
+- name: Remove the user
+  ansible.builtin.user:
+    name: nopriv
+    state: absent

tests/integration/targets/authorized_key/tasks/main.yml

@@ -34,3 +34,6 @@
 
 - name: Test for specifying key as a path
   ansible.builtin.import_tasks: check_path.yml
+
+- name: Test for permission denied files
+  ansible.builtin.import_tasks: check_permissions.yml