---
# -------------------------------------------------------------
# check permissions

- name: Create a file that is not accessible
  ansible.builtin.file:
    state: touch
    path: "{{ output_dir | expanduser }}/file_permissions"
    owner: root
    group: root
    mode: '0000'

- name: Try to delete a key from an unreadable file
  ansible.posix.authorized_key:
    user: root
    key: "{{ dss_key_basic }}"
    state: absent
    path: "{{ output_dir | expanduser }}/file_permissions"
  register: result
  ignore_errors: true

- name: Assert that the key deletion has failed
  ansible.builtin.assert:
    that:
      - result.failed == True

- name: Remove the file
  ansible.builtin.file:
    state: absent
    path: "{{ output_dir | expanduser }}/file_permissions"