search

ansible-collections / ansible.posix

Ansible Collection for Posix
Other
157 stars 152 forks source link

authorized_key: Allow local path to a key #568

Closed abakanovskii closed 5 days ago

abakanovskii commented 2 weeks ago
SUMMARY

Add option to specify an absolute path to file with SSH key(s) for authorized_key

ISSUE TYPE
COMPONENT NAME
ADDITIONAL INFORMATION

Before this change you would need to get key using ansible.builtin.slurp or something like ansible.builtin.command: cat <file> with register I tried to keep it as simple as possible

# Now this is possible
- name: Set authorized keys taken from path
  ansible.posix.authorized_key:
    user: charlie
    state: present
    key: /home/charlie/.ssh/id_rsa.pub
softwarefactory-project-zuul[bot] commented 2 weeks ago

Build succeeded. https://ansible.softwarefactory-project.io/zuul/buildset/229982700a4b42409d2056fb57f11404

:heavy_check_mark: ansible-galaxy-importer SUCCESS in 4m 33s :heavy_check_mark: build-ansible-collection SUCCESS in 5m 41s

softwarefactory-project-zuul[bot] commented 2 weeks ago

Build succeeded. https://ansible.softwarefactory-project.io/zuul/buildset/9d92ac46e14a4fc99a9c61e2cd74b006

:heavy_check_mark: ansible-galaxy-importer SUCCESS in 4m 36s :heavy_check_mark: build-ansible-collection SUCCESS in 5m 45s

abakanovskii commented 1 week ago

@abakanovskii thank you for the PR! I understand that the purpose of this modification is to load the public key on the target host and register it in ~/.ssh/authorized_keys more simple steps. I have thought about this a bit. Instead of directly specifying the path when passing the key parameter, how about the idea of adding file:// prefix before the path, like file:///path_to_key style, similar to how http[s] URLs work? Since the authorized_key module already has functionality for handling http[s], this seems like a more consistent option.

Additionally, to distinguish between handling local files on the controller and files on the target host, adding an option like remote_src: yes/no as in the ansible.builtin.copy module might make it more intuitive to specify local files on the controller using the lookup plugin. In this case, I think the lookup plugin can still be used, so it should not be a disruptive modification.

I would like to hear your thoughts on this.

Hello @saito-hideki! Thanks for review That seems like a good idea since we can reuse fetch_url but I do not understand how to switch between Controller/Managed nodes in a module since it will be played on a Managed node so what will be the purpose of remote_src: false with file:///? Look up changes in the last commit

softwarefactory-project-zuul[bot] commented 1 week ago

Build succeeded. https://ansible.softwarefactory-project.io/zuul/buildset/bccd61ff9ca4469e8ac4e7caba8c736f

:heavy_check_mark: ansible-galaxy-importer SUCCESS in 3m 41s :heavy_check_mark: build-ansible-collection SUCCESS in 5m 49s

softwarefactory-project-zuul[bot] commented 1 week ago

Build succeeded. https://ansible.softwarefactory-project.io/zuul/buildset/b1848721d8e341e8b110fa9d54db07d6

:heavy_check_mark: ansible-galaxy-importer SUCCESS in 5m 26s :heavy_check_mark: build-ansible-collection SUCCESS in 5m 46s

abakanovskii commented 1 week ago

there is an issue with python2.7 and urlparse module so I can either do something likethis

try:
    from urllib.parse import urlparse
except ImportError:
     from urlparse import urlparse

or I can do what I did iin the last commit: no imports, just removing file:// part

    file_prefix = "file://"
    if key.startswith(file_prefix):
        # if the key is an absolute path, check for existense and use it as a key source
        key_path = key[len(file_prefix):]

@saito-hideki let me know which one suits the best

softwarefactory-project-zuul[bot] commented 1 week ago

Build succeeded. https://ansible.softwarefactory-project.io/zuul/buildset/7135359f97ae4355a9be8a19fe20a205

:heavy_check_mark: ansible-galaxy-importer SUCCESS in 4m 51s :heavy_check_mark: build-ansible-collection SUCCESS in 5m 47s

saito-hideki commented 1 week ago

Hi @abakanovskii Thank you for the update! I completely forgot Python2 environment :(

from ansible.module_utils.six.moves.urllib.parse import urlpars

How about using six ? I think it might work in both Python2 and Python3 environments.

softwarefactory-project-zuul[bot] commented 1 week ago

Build succeeded. https://ansible.softwarefactory-project.io/zuul/buildset/c9af89aa44ae42c78921f172a604266f

:heavy_check_mark: ansible-galaxy-importer SUCCESS in 5m 10s :heavy_check_mark: build-ansible-collection SUCCESS in 5m 58s

softwarefactory-project-zuul[bot] commented 5 days ago

Build succeeded. https://ansible.softwarefactory-project.io/zuul/buildset/95c3e1f0b9ab4e4097e6548d44a39ae3

:heavy_check_mark: ansible-galaxy-importer SUCCESS in 4m 55s :heavy_check_mark: build-ansible-collection SUCCESS in 5m 45s

softwarefactory-project-zuul[bot] commented 5 days ago

Build succeeded (gate pipeline). https://ansible.softwarefactory-project.io/zuul/buildset/544236b94df14ae5bfddc84692e82707

:heavy_check_mark: ansible-galaxy-importer SUCCESS in 5m 15s :heavy_check_mark: build-ansible-collection SUCCESS in 5m 45s