Merge d05a5c70b5 into 6da1331018

.ansible-lint

@@ -4,8 +4,7 @@
 # SPDX-FileCopyrightText: 2024, Ansible Project
 
 skip_list:
-  - meta-runtime[unsupported-version]  # This rule doesn't make any sense
+  - meta-runtime[unsupported-version]  # Tis rule doesn't make any sense
   - fqcn[deep]  # This rule produces false positives for files in tests/unit/plugins/action/fixtures/
-  - sanity[cannot-ignore]  # This rule is skipped to keep backward compatibility with Python 2
 exclude_paths:
   - changelogs/

.azure-pipelines/azure-pipelines.yml

@@ -43,7 +43,7 @@ pool: Standard
 
 stages:
   - stage: Sanity_devel
-    displayName: Ansible devel Sanity & Units & Lint
+    displayName: Ansible devel sanity
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -58,7 +58,7 @@ stages:
             - name: Lint
               test: lint
   - stage: Sanity_2_19
-    displayName: Ansible 2.19 Sanity & Units & Lint
+    displayName: Ansible 2.19 sanitay & Units & Lint
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -73,7 +73,7 @@ stages:
             - name: Lint
               test: lint
   - stage: Sanity_2_18
-    displayName: Ansible 2.18 Sanity & Units & Lint
+    displayName: Ansible 2.18 sanity & Units & Lint
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -88,7 +88,7 @@ stages:
             - name: Lint
               test: lint
   - stage: Sanity_2_17
-    displayName: Ansible 2.17 Sanity & Units & Lint
+    displayName: Ansible 2.17 sanity & Units & Lint
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -103,7 +103,7 @@ stages:
             - name: Lint
               test: lint
   - stage: Sanity_2_16
-    displayName: Ansible 2.16 Sanity & Units & Lint
+    displayName: Ansible 2.16 sanity & Units & Lint
     dependsOn: []
     jobs:
       - template: templates/matrix.yml
@@ -115,8 +115,6 @@ stages:
               test: sanity
             - name: Units
               test: units
-            - name: Lint
-              test: lint
   ## Docker
   - stage: Docker_devel
     displayName: Docker devel

README.md

@@ -2,7 +2,7 @@
 <!-- Add CI and code coverage badges here. Samples included below. -->
 [![Build Status](
 https://dev.azure.com/ansible/ansible.posix/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/ansible.posix/_build?definitionId=26)
-[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)
+[![Run Status](https://api.shippable.com/projects/5e669aaf8b17a60007e4d18d/badge?branch=main)]() <!--[![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/ansible.posix)](https://codecov.io/gh/ansible-collections/ansible.posix)-->
 
 ## Communication
 

changelogs/fragments/639_fix_authorized_key.yml

@@ -1,3 +0,0 @@
----
-bugfixes:
-  - ansible.posix.authorized_key - fixes error on permission denied in authorized_key module (https://github.com/ansible-collections/ansible.posix/issues/462).

changelogs/fragments/682_update_ci_20250929.yml

@@ -1,4 +0,0 @@
-trivial:
-  - Updatng AZP CI matrix to ignore ansible-bad-import-from on six(https://github.com/ansible-collections/ansible.posix/pull/682).
-  - Skipped sanity[cannot-ignore] to keep backward compatibility with Python2.
-  - Consolidate all ansible-lint option locations into .ansible-lint file.

plugins/modules/authorized_key.py

@@ -225,8 +225,6 @@ import os.path
 import tempfile
 import re
 import shlex
-import errno
-import traceback
 from operator import itemgetter
 
 from ansible.module_utils._text import to_native
@@ -477,18 +475,16 @@ def parsekey(module, raw_key, rank=None):
     return (key, key_type, options, comment, rank)
 
 
-def readfile(module, filename):
+def readfile(filename):
+
+    if not os.path.isfile(filename):
+        return ''
+
+    f = open(filename)
     try:
-        with open(filename, 'r') as f:
-            return f.read()
-    except IOError as e:
-        if e.errno == errno.EACCES:
-            module.fail_json(msg="Permission denied on file or path for authorized keys file: %s" % filename,
-                             exception=traceback.format_exc())
-        elif e.errno == errno.ENOENT:
-            return ''
-        else:
-            raise
+        return f.read()
+    finally:
+        f.close()
 
 
 def parsekeys(module, lines):
@@ -601,7 +597,7 @@ def enforce_state(module, params):
     # check current state -- just get the filename, don't create file
     do_write = False
     params["keyfile"] = keyfile(module, user, do_write, path, manage_dir)
-    existing_content = readfile(module, params["keyfile"])
+    existing_content = readfile(params["keyfile"])
     existing_keys = parsekeys(module, existing_content)
 
     # Add a place holder for keys that should exist in the state=present and

tests/integration/targets/authorized_key/tasks/check_permissions.yml

@@ -1,41 +0,0 @@
----
-# -------------------------------------------------------------
-# check permissions
-
-- name: Create a file that is not accessible
-  ansible.builtin.file:
-    state: touch
-    path: "{{ output_dir | expanduser }}/file_permissions"
-    owner: root
-    mode: '0000'
-
-- name: Create unprivileged user
-  ansible.builtin.user:
-    name: nopriv
-    create_home: true
-
-- name: Try to delete a key from an unreadable file
-  become: true
-  become_user: nopriv
-  ansible.posix.authorized_key:
-    user: root
-    key: "{{ dss_key_basic }}"
-    state: absent
-    path: "{{ output_dir | expanduser }}/file_permissions"
-  register: result
-  ignore_errors: true
-
-- name: Assert that the key deletion has failed
-  ansible.builtin.assert:
-    that:
-      - result is failed
-
-- name: Remove the file
-  ansible.builtin.file:
-    state: absent
-    path: "{{ output_dir | expanduser }}/file_permissions"
-
-- name: Remove the user
-  ansible.builtin.user:
-    name: nopriv
-    state: absent

tests/integration/targets/authorized_key/tasks/main.yml

@@ -34,6 +34,3 @@
 
 - name: Test for specifying key as a path
   ansible.builtin.import_tasks: check_path.yml
-
-- name: Test for permission denied files
-  ansible.builtin.import_tasks: check_permissions.yml

tests/sanity/ignore-2.20.txt

@@ -1,10 +1 @@
 tests/utils/shippable/timing.py shebang
-plugins/action/synchronize.py pylint:ansible-bad-import-from
-plugins/callback/cgroup_perf_recap.py pylint:ansible-bad-import-from
-plugins/modules/mount.py pylint:ansible-bad-import-from
-plugins/modules/sysctl.py pylint:ansible-bad-import-from
-plugins/shell/csh.py pylint:ansible-bad-import-from
-plugins/shell/fish.py pylint:ansible-bad-import-from
-tests/unit/mock/procenv.py pylint:ansible-bad-import-from
-tests/unit/mock/yaml_helper.py pylint:ansible-bad-import-from
-tests/unit/modules/conftest.py pylint:ansible-bad-import-from

tests/utils/shippable/lint.sh

@@ -9,5 +9,6 @@ command -v ansible
 pip install --upgrade --user pip
 pip install --upgrade --user ansible-lint
 
-# To specify additional options, you can specify them into .ansible-lint file.
-PATH="${PATH/\~/${HOME}}" ansible-lint
+PATH="${PATH/\~/${HOME}}" ansible-lint \
+                                    --exclude changelogs/ \
+                                    --profile=production