Merge c401a5d331 into b39ee97ccc

Merge pull request #677 from shenxianpeng/patch-1
docs: fix broken badge and restore coverage badge SUMMARY Replaced the outdated Shippable badge and active Codecov coverage badge, like other repos in ansible-collections org ISSUE TYPE Docs Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Hideki Saito <saito@fgrep.org>
2026-01-11 07:05:27 +01:00 · 2025-12-08 14:11:50 +00:00 · 2025-11-28 07:14:56 +00:00 · 2025-11-28 03:25:21 +00:00 · 2025-10-22 08:29:46 +02:00 · 2025-10-21 10:00:12 +02:00
9 changed files with 124 additions and 19 deletions
--- a/README.md
+++ b/README.md
@ -2,7 +2,7 @@
 <!-- Add CI and code coverage badges here. Samples included below. -->
 [![Build Status](
 https://dev.azure.com/ansible/ansible.posix/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/ansible.posix/_build?definitionId=26)
-[![Run Status](https://api.shippable.com/projects/5e669aaf8b17a60007e4d18d/badge?branch=main)]() <!--[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)-->
+[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)

 ## Communication

--- a/changelogs/fragments/220_synchronize_add_quiet_option.yml
+++ b/changelogs/fragments/220_synchronize_add_quiet_option.yml
@ -0,0 +1,2 @@
+minor_changes:
+- synchronize - add the ``quiet`` option to suppress non-error messages (https://github.com/ansible-collections/ansible.posix/issues/171).
--- a/changelogs/fragments/639_fix_authorized_key.yml
+++ b/changelogs/fragments/639_fix_authorized_key.yml
@ -0,0 +1,3 @@
+---
+bugfixes:
+  - ansible.posix.authorized_key - fixes error on permission denied in authorized_key module (https://github.com/ansible-collections/ansible.posix/issues/462).
--- a/plugins/modules/authorized_key.py
+++ b/plugins/modules/authorized_key.py
@ -225,6 +225,8 @@ import os.path
 import tempfile
 import re
 import shlex
+import errno
+import traceback
 from operator import itemgetter

 from ansible.module_utils._text import to_native
@ -475,16 +477,18 @@ def parsekey(module, raw_key, rank=None):
    return (key, key_type, options, comment, rank)


-def readfile(filename):
-
-    if not os.path.isfile(filename):
-        return ''
-
-    f = open(filename)
+def readfile(module, filename):
    try:
-        return f.read()
-    finally:
-        f.close()
+        with open(filename, 'r') as f:
+            return f.read()
+    except IOError as e:
+        if e.errno == errno.EACCES:
+            module.fail_json(msg="Permission denied on file or path for authorized keys file: %s" % filename,
+                             exception=traceback.format_exc())
+        elif e.errno == errno.ENOENT:
+            return ''
+        else:
+            raise


 def parsekeys(module, lines):
@ -597,7 +601,7 @@ def enforce_state(module, params):
    # check current state -- just get the filename, don't create file
    do_write = False
    params["keyfile"] = keyfile(module, user, do_write, path, manage_dir)
-    existing_content = readfile(params["keyfile"])
+    existing_content = readfile(module, params["keyfile"])
    existing_keys = parsekeys(module, existing_content)

    # Add a place holder for keys that should exist in the state=present and
--- a/plugins/modules/synchronize.py
+++ b/plugins/modules/synchronize.py
@ -8,7 +8,6 @@
 from __future__ import absolute_import, division, print_function
 __metaclass__ = type

-
 DOCUMENTATION = r'''
 ---
 module: synchronize
@ -204,6 +203,12 @@ options:
    description: Internal use only. See O(use_ssh_args) for ssh arg settings.
    type: str
    required: false
+  quiet:
+    description:
+      - This option specifies quiet option which on true suppresses the output.
+    type: bool
+    default: false
+    version_added: 1.6.0

 notes:
   - C(rsync) must be installed on both the local and remote host.
@ -361,6 +366,12 @@ EXAMPLES = r'''
        src: /tmp/localpath/
        dest: /tmp/remotepath
        rsync_path: /usr/gnu/bin/rsync
+
+- name: Synchronization with quiet option enabled
+  ansible.posix.synchronize:
+    src: some/relative/path
+    dest: /some/absolute/path
+    quiet: true
 '''


@ -438,6 +449,7 @@ def main():
            delay_updates=dict(type='bool', default=True),
            mode=dict(type='str', default='push', choices=['pull', 'push']),
            link_dest=dict(type='list', elements='path'),
+            quiet=dict(type='bool', default=False)
        ),
        supports_check_mode=True,
    )
@ -478,6 +490,7 @@ def main():
    verify_host = module.params['verify_host']
    link_dest = module.params['link_dest']
    delay_updates = module.params['delay_updates']
+    quiet = module.params['quiet']

    if '/' not in rsync:
        rsync = module.get_bin_path(rsync, required=True)
@ -602,6 +615,9 @@ def main():

    cmd.append(shlex_quote(source))
    cmd.append(shlex_quote(dest))
+    if quiet:
+        cmd.append('--quiet')
+
    cmdstr = ' '.join(cmd)

    # If we are using password authentication, write the password into the pipe
@ -634,14 +650,17 @@ def main():
    out_lines = out_clean.split('\n')
    while '' in out_lines:
        out_lines.remove('')
-    if module._diff:
-        diff = {'prepared': out_clean}
-        return module.exit_json(changed=changed, msg=out_clean,
-                                rc=rc, cmd=cmdstr, stdout_lines=out_lines,
-                                diff=diff)

-    return module.exit_json(changed=changed, msg=out_clean,
-                            rc=rc, cmd=cmdstr, stdout_lines=out_lines)
+    result = dict(changed=changed, rc=rc, cmd=cmdstr, stdout_lines=out_lines, msg=out_clean)
+
+    if quiet:
+        changes = out.count(changed_marker) if changed else 0
+        result['msg'] = "%s files/directories have been synchronized" % changes
+
+    if module._diff:
+        result['diff'] = {'prepared': out_clean}
+
+    return module.exit_json(**result)


 if __name__ == '__main__':
--- a/tests/integration/inventory
+++ b/tests/integration/inventory
@ -0,0 +1,2 @@
+[testgroup]
+testhost ansible_connection="local" ansible_pipelining="yes" ansible_python_interpreter="/Users/mandkulk/venv3.9/bin/python"
--- a/tests/integration/targets/authorized_key/tasks/check_permissions.yml
+++ b/tests/integration/targets/authorized_key/tasks/check_permissions.yml
@ -0,0 +1,41 @@
+---
+# -------------------------------------------------------------
+# check permissions
+
+- name: Create a file that is not accessible
+  ansible.builtin.file:
+    state: touch
+    path: "{{ output_dir | expanduser }}/file_permissions"
+    owner: root
+    mode: '0000'
+
+- name: Create unprivileged user
+  ansible.builtin.user:
+    name: nopriv
+    create_home: true
+
+- name: Try to delete a key from an unreadable file
+  become: true
+  become_user: nopriv
+  ansible.posix.authorized_key:
+    user: root
+    key: "{{ dss_key_basic }}"
+    state: absent
+    path: "{{ output_dir | expanduser }}/file_permissions"
+  register: result
+  ignore_errors: true
+
+- name: Assert that the key deletion has failed
+  ansible.builtin.assert:
+    that:
+      - result is failed
+
+- name: Remove the file
+  ansible.builtin.file:
+    state: absent
+    path: "{{ output_dir | expanduser }}/file_permissions"
+
+- name: Remove the user
+  ansible.builtin.user:
+    name: nopriv
+    state: absent
--- a/tests/integration/targets/authorized_key/tasks/main.yml
+++ b/tests/integration/targets/authorized_key/tasks/main.yml
@ -34,3 +34,6 @@

 - name: Test for specifying key as a path
  ansible.builtin.import_tasks: check_path.yml
+
+- name: Test for permission denied files
+  ansible.builtin.import_tasks: check_permissions.yml
--- a/tests/integration/targets/synchronize/tasks/main.yml
+++ b/tests/integration/targets/synchronize/tasks/main.yml
@ -339,6 +339,37 @@
      - stat_result_b.stat.exists == True
      - stat_result_b.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'

+- name: Synchronize files with quiet option
+  ansible.posix.synchronize:
+    src: '{{ output_dir }}/foo.txt'
+    dest: '{{ output_dir }}/foo.result'
+    quiet: true
+  register: sync_result
+
+- name: Assertion for synchronize with quiet option
+  ansible.builtin.assert:
+    that:
+      - '''files/directories have been synchronized'' in sync_result.msg'
+
+- name: Cleanup
+  ansible.builtin.file:
+    state: absent
+    path: '{{ output_dir }}/{{ item }}'
+  loop:
+    - foo.result
+    - bar.result
+
+- name: Synchronize files without quiet option
+  ansible.posix.synchronize:
+    src: '{{ output_dir }}/foo.txt'
+    dest: '{{ output_dir }}/foo.result'
+  register: sync_result
+
+- name: Assertion for synchronize without quiet option
+  ansible.builtin.assert:
+    that:
+      - '''files/directories have been synchronized'' not in sync_result.msg'
+
 - name: Cleanup
  ansible.builtin.file:
    state: absent
Author	SHA1	Message	Date
Mandar	6ddc98fbdf	Merge `c401a5d331` into `b39ee97ccc`	2025-12-08 14:11:50 +00:00
softwarefactory-project-zuul[bot]	b39ee97ccc	Merge pull request #677 from shenxianpeng/patch-1 docs: fix broken badge and restore coverage badge SUMMARY Replaced the outdated Shippable badge and active Codecov coverage badge, like other repos in ansible-collections org ISSUE TYPE Docs Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Hideki Saito <saito@fgrep.org>	2025-11-28 07:14:56 +00:00
softwarefactory-project-zuul[bot]	72a6eb9729	Merge pull request #639 from Klaas-/Klaas-fix_authorized_key Fixes #462 notice permission denied on authorized_key module SUMMARY As of right now the authorized_key module does not notice on an "absent" if a authorized_keys file is simply not readable to the executing user. I am trying to fix that ISSUE TYPE Bugfix Pull Request COMPONENT NAME authorized_key ADDITIONAL INFORMATION Execute as a user that does not have access to the root users authorized keys file - name: Delete key from root user ansible.posix.authorized_key: state: absent user: root key: ssh-rsa xxxxxxxx - name: Delete key from root user become: true ansible.posix.authorized_key: state: absent user: root key: ssh-rsa xxxxxxxx The one without become will succeed before my change and will fail with a permission denied error after my change. The 2nd task will actually remove a key from root user if become privileges are available for the executing user Reviewed-by: Brian Coca Reviewed-by: Klaas Demter Reviewed-by: Felix Fontein <felix@fontein.de> Reviewed-by: Hideki Saito <saito@fgrep.org>	2025-11-28 03:25:21 +00:00
Klaas Demter	9651a19805	change result.failed==True to result is failed in check_permissions.yml Co-authored-by: Felix Fontein <felix@fontein.de>	2025-10-22 08:29:46 +02:00
Klaas Demter	413ab782a8	Fixes #462 notice permission denied on authorized_key module	2025-10-21 10:00:12 +02:00
Xianpeng Shen	cda2e0657f	docs: fix broken badge and restore coverage badge	2025-08-14 14:33:30 +03:00
Mandar Kulkarni	c401a5d331	sanity fix in tests	2024-06-07 15:03:48 -07:00
Mandar Kulkarni	94059765b6	sanity fix in tests	2024-06-07 14:58:52 -07:00
Mandar Kulkarni	48c2e9310e	sanity fix in tests	2024-06-07 14:52:22 -07:00
Mandar Kulkarni	0a58f59906	modified based on feedback	2024-06-07 14:48:33 -07:00
Mandar Kulkarni	892c045679	rebase	2024-06-07 14:45:58 -07:00
Mandar Kulkarni	793518be3c	Modify based on feedback	2024-06-07 14:42:11 -07:00
Mandar Kulkarni	b4fe18e6ff	Modifying output to be displayed based on feedback	2024-06-07 14:41:54 -07:00
mandar	e72424ae50	Adding tests, corrections	2024-06-07 14:41:21 -07:00
Mandar Kulkarni	6afd4cdcf1	Modifying based on feedback	2024-06-07 14:40:56 -07:00
Mandar Kulkarni	ee7748732c	Added Changelog fragment	2024-06-07 14:40:56 -07:00
Mandar Kulkarni	1e0654f8b6	Fix: moving conditional to correct place	2024-06-07 14:40:56 -07:00
Mandar Kulkarni	fe7dd71bda	Added documentation and example for quiet option	2024-06-07 14:40:55 -07:00
Mandar Kulkarni	1a4c2051e8	Adding rsync parameter 'quiet' to synchronize	2024-06-07 14:40:40 -07:00
Mandar Kulkarni	8bb61047f8	Adding parameter to synchronize module to suppress verbose output and print error only	2024-06-07 14:40:39 -07:00