Merge pull request #31 from Oefenweb/cs-fixes

Make use of fully-qualified collection name

Author: tersmitten

.github/workflows/ci.yml

@@ -23,7 +23,9 @@ jobs:
           python-version: '3.x'
 
       - name: Install test dependencies
-        run: pip install ansible-lint[community,yamllint]
+        run: |
+          pip install ansible-lint
+          ansible-galaxy install -r requirements.yml
 
       - name: Lint code
         run: |
@@ -43,11 +45,8 @@ jobs:
       matrix:
         include:
           - distro: debian8
-            ansible-version: '<2.10'
           - distro: debian9
           - distro: debian10
-          - distro: ubuntu1604
-            ansible-version: '>=2.9, <2.10'
           - distro: ubuntu1604
             ansible-version: '>=2.10, <2.11'
           - distro: ubuntu1604

.gitignore

@@ -28,3 +28,5 @@ ansible.cfg
 # Other files #
 ###############
 !empty
+
+files/id_rsa*

Dockerfile

@@ -1,17 +1,20 @@
-FROM ubuntu:16.04
+FROM ubuntu:18.04
 MAINTAINER Mischa ter Smitten <[email protected]>
 
+ENV LANG C.UTF-8
+ENV LC_ALL C.UTF-8
+
 # python
 RUN apt-get update && \
-  DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-dev curl && \
+  DEBIAN_FRONTEND=noninteractive apt-get install -y python3-minimal python3-dev curl && \
   apt-get clean
-RUN curl -sL https://bootstrap.pypa.io/pip/2.7/get-pip.py | python -
+RUN curl -sL https://bootstrap.pypa.io/pip/3.6/get-pip.py | python3 -
 RUN rm -rf $HOME/.cache
 
 # ansible
-RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev && \
+RUN DEBIAN_FRONTEND=noninteractive apt-get install -y python3-apt && \
   apt-get clean
-RUN pip install ansible==2.9.15
+RUN pip3 install ansible==2.10.7
 RUN rm -rf $HOME/.cache
 
 # provision

meta/main.yml

@@ -1,13 +1,12 @@
 # meta file
 ---
 galaxy_info:
-  namespace: oefenweb
+  author: oefenweb
   role_name: ssh_keys
-  author: Mischa ter Smitten
   company: Oefenweb.nl B.V.
   description: Manage ssh public key authentication (public / private / authorized keys and known hosts) in Debian-like systems
   license: MIT
-  min_ansible_version: 2.9.0
+  min_ansible_version: 2.10.0
   platforms:
     - name: Ubuntu
       versions:

molecule/default/collections.yml

@@ -0,0 +1,6 @@
+---
+collections:
+  - name: community.docker
+    version: '>=1.2.0,<2'
+  - name: community.general
+    version: '>=2,<3'

requirements.yml

@@ -0,0 +1,5 @@
+# requirements file
+---
+collections:
+  - name: ansible.posix
+  - name: community.crypto

tasks/authorized-keys.yml

@@ -1,7 +1,7 @@
 # tasks file
 ---
 - name: authorized-keys | set up for users
-  authorized_key:
+  ansible.posix.authorized_key:
     user: "{{ item.owner }}"
     key: "{{ lookup('file', item.src) }}"
     state: "{{ item.state | default('present') }}"

tasks/general.yml

@@ -1,7 +1,7 @@
 # tasks file
 ---
 - name: general | create ssh directory
-  file:
+  ansible.builtin.file:
     path: "{{ (item.dest_absolute | default('~' + item.owner + '/' + ssh_keys_sshdir + '/' + (item.dest | default(ssh_keys_private_key_filename)))) | dirname }}"
     state: directory
     owner: "{{ item.owner }}"
@@ -14,7 +14,7 @@
     - ssh-keys-general-create-ssh-directories-private-keys
 
 - name: general | create ssh directory
-  file:
+  ansible.builtin.file:
     path: "~{{ item.owner }}/{{ ssh_keys_sshdir }}"
     state: directory
     owner: "{{ item.owner }}"

tasks/generate.yml

@@ -1,9 +1,10 @@
 # tasks file
 ---
-- block:
+- name: generate
+  block:
 
     - name: generate | create ssh key generation directory
-      file:
+      ansible.builtin.file:
         path: "{{ item.path | dirname }}"
         owner: "{{ item.owner }}"
         group: "{{ item.group | default(item.owner) }}"
@@ -14,17 +15,18 @@
         - ssh-keys-generate-directories
 
     - name: generate | generate private ssh key
-      shell: "{{ ssh_keys_generate_keys_command | default(_ssh_keys_generate_keys_command) }}"
-      tags:
-        - ssh-keys-generate-private-keys
-        - skip_ansible_lint
+      ansible.builtin.shell: >
+        {{ ssh_keys_generate_keys_command | default(_ssh_keys_generate_keys_command) }}
+      with_items: "{{ ssh_keys_generate_keys }}"
       when: >-
         item.force | default(false) | bool or
         item.path is not file
-      with_items: "{{ ssh_keys_generate_keys }}"
+      tags:
+        - ssh-keys-generate-private-keys
+        - skip_ansible_lint
 
     - name: generate | set permissions on keys
-      file:
+      ansible.builtin.file:
         path: "{{ item.path }}"
         owner: "{{ item.owner }}"
         group: "{{ item.group | default(item.owner) }}"
@@ -34,7 +36,7 @@
         - ssh-keys-generate-permissions
 
     - name: generate | generate public ssh key
-      openssl_publickey:
+      community.crypto.openssl_publickey:
         path: "{{ item.path }}.pub"
         force: "{{ item.force | default(false) }}"
         format: "{{ item.format | default('OpenSSH') }}"

tasks/known-hosts.yml

@@ -1,7 +1,7 @@
 # tasks file
 ---
 - name: known-hosts | stat directories
-  stat:
+  ansible.builtin.stat:
     path: "{{ item }}/"
   register: _stat_directories
   with_items:
@@ -11,7 +11,7 @@
     - ssh-keys-known-hosts-directories-stat
 
 - name: known-hosts | create directories
-  file:
+  ansible.builtin.file:
     path: "{{ item.item }}"
     state: directory
     owner: root
@@ -24,7 +24,7 @@
     - ssh-keys-known-hosts-directories-create
 
 - name: known-hosts | update file
-  template:
+  ansible.builtin.template:
     src: "{{ ssh_keys_known_hosts_path.lstrip('/') }}.j2"
     dest: "{{ ssh_keys_known_hosts_path }}"
     owner: root

tasks/main.yml

@@ -1,37 +1,36 @@
 # tasks file
 ---
-
-- import_tasks: generate.yml
+- ansible.builtin.import_tasks: generate.yml
   tags:
     - configuration
     - ssh-keys
     - ssh-keys-generate
 
-- import_tasks: general.yml
+- ansible.builtin.import_tasks: general.yml
   tags:
     - configuration
     - ssh-keys
     - ssh-keys-general
 
-- import_tasks: private-keys.yml
+- ansible.builtin.import_tasks: private-keys.yml
   tags:
     - configuration
     - ssh-keys
     - ssh-keys-private-keys
 
-- import_tasks: public-keys.yml
+- ansible.builtin.import_tasks: public-keys.yml
   tags:
     - configuration
     - ssh-keys
     - ssh-keys-public-keys
 
-- import_tasks: authorized-keys.yml
+- ansible.builtin.import_tasks: authorized-keys.yml
   tags:
     - configuration
     - ssh-keys
     - ssh-keys-authorized-keys
 
-- import_tasks: known-hosts.yml
+- ansible.builtin.import_tasks: known-hosts.yml
   tags:
     - configuration
     - ssh-keys

tasks/private-keys.yml

@@ -1,7 +1,7 @@
 # tasks file
 ---
 - name: private-keys | add
-  copy:
+  ansible.builtin.copy:
     src: "{{ item.src }}"
     dest: "{{ item.dest_absolute | default('~' + item.owner + '/' + ssh_keys_sshdir + '/' + (item.dest | default(ssh_keys_private_key_filename))) }}"
     owner: "{{ item.owner }}"
@@ -13,7 +13,7 @@
     - ssh-keys-private-keys-add
 
 - name: private-keys | remove
-  file:
+  ansible.builtin.file:
     path: "{{ item.dest_absolute | default('~' + item.owner + '/' + ssh_keys_sshdir + '/' + (item.dest | default(ssh_keys_private_key_filename))) }}"
     state: absent
   with_items: "{{ ssh_keys_private_keys }}"

tasks/public-keys.yml

@@ -1,7 +1,7 @@
 # tasks file
 ---
 - name: public-keys | add
-  copy:
+  ansible.builtin.copy:
     src: "{{ item.src }}"
     dest: "{{ item.dest_absolute | default('~' + item.owner + '/' + ssh_keys_sshdir + '/' + (item.dest | default(ssh_keys_public_key_filename))) }}"
     owner: "{{ item.owner }}"
@@ -13,7 +13,7 @@
     - ssh-keys-public-keys-add
 
 - name: public-keys | remove
-  file:
+  ansible.builtin.file:
     path: "{{ item.dest_absolute | default('~' + item.owner + '/' + ssh_keys_sshdir + '/' + (item.dest | default(ssh_keys_public_key_filename))) }}"
     state: absent
   with_items: "{{ ssh_keys_public_keys }}"

tests/tasks/post.yml

@@ -1,16 +1,16 @@
 # post test file
 ---
 - name: set fact
-  command: >
+  ansible.builtin.command: >
     echo "{{ ansible_connection }}"
   register: _ansible_connection
   changed_when: false
 
 - block:
 
   - name: test presence of private key
-    shell: >
-      diff {{ ssh_keys_private_keys[0]['src'] }} ~dummy/.ssh/{{ ssh_keys_private_keys[0]['src'] | basename }}
+    ansible.builtin.shell: >
+      diff {{ ssh_keys_private_keys[0]['src'] }} ~{{ ssh_keys_owner }}/.ssh/{{ ssh_keys_private_keys[0]['src'] | basename }}
       && (echo 'Private key test: pass' && exit 0)
       || (echo 'Private key test: fail' && exit 1)
     args:
@@ -20,8 +20,8 @@
       - skip_ansible_lint
 
   - name: test presence of public key
-    shell: >
-      diff {{ ssh_keys_public_keys[0]['src'] }} ~dummy/.ssh/{{ ssh_keys_public_keys[0]['src'] | basename }}
+    ansible.builtin.shell: >
+      diff {{ ssh_keys_public_keys[0]['src'] }} ~{{ ssh_keys_owner }}/.ssh/{{ ssh_keys_public_keys[0]['src'] | basename }}
       && (echo 'Public key test: pass' && exit 0)
       || (echo 'Public key test: fail' && exit 1)
     args:
@@ -33,7 +33,7 @@
     - skip_ansible_lint
 
 - name: test presence of known hosts
-  shell: >
+  ansible.builtin.shell: >
     grep -q 'github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa' /etc/ssh/ssh_known_hosts
     && (echo 'Known hosts test: pass' && exit 0)
     || (echo 'Known hosts test: fail' && exit 1)

tests/tasks/pre.yml

@@ -1,21 +1,21 @@
 # pre test file
 ---
 - name: install dependencies
-  apt:
+  ansible.builtin.apt:
     name:
       - openssh-client
     state: "{{ apt_install_state | default('latest') }}"
     update_cache: true
     cache_valid_time: "{{ apt_update_cache_valid_time | default(3600) }}"
 
 - name: generate key pair
-  command: >
+  ansible.builtin.command: >
     ssh-keygen -t rsa -b 2048 -C '' -P '' -f {{ ssh_keys_private_key }} -q
   args:
     creates: "{{ ssh_keys_private_key }}"
   connection: local
   become: false
 
 - name: create user (if needed)
-  user:
-    name: dummy
+  ansible.builtin.user:
+    name: "{{ ssh_keys_owner }}"

tests/test.yml

@@ -5,11 +5,11 @@
   become: true
   pre_tasks:
     - name: include vars
-      include_vars: "{{ playbook_dir }}/vars/main.yml"
+      ansible.builtin.include_vars: "{{ playbook_dir }}/vars/main.yml"
     - name: include tasks
-      include: "{{ playbook_dir }}/tasks/pre.yml"
+      ansible.builtin.include: "{{ playbook_dir }}/tasks/pre.yml"
   roles:
     - ../../
   post_tasks:
     - name: include tasks
-      include: "{{ playbook_dir }}/tasks/post.yml"
+      ansible.builtin.include: "{{ playbook_dir }}/tasks/post.yml"

tests/vagrant.yml

@@ -5,11 +5,11 @@
   become: true
   pre_tasks:
     - name: include vars
-      include_vars: "{{ playbook_dir }}/vars/main.yml"
+      ansible.builtin.include_vars: "{{ playbook_dir }}/vars/main.yml"
     - name: include tasks
-      include: "{{ playbook_dir }}/tasks/pre.yml"
+      ansible.builtin.include: "{{ playbook_dir }}/tasks/pre.yml"
   roles:
     - ../../
   post_tasks:
     - name: include tasks
-      include: "{{ playbook_dir }}/tasks/post.yml"
+      ansible.builtin.include: "{{ playbook_dir }}/tasks/post.yml"

tests/vars/main.yml

@@ -1,13 +1,14 @@
 # vars file
 ---
+ssh_keys_owner: dummy
 ssh_keys_private_keys:
-  - owner: dummy
+  - owner: "{{ ssh_keys_owner }}"
     src: "{{ ssh_keys_private_key }}"
 ssh_keys_public_keys:
-  - owner: dummy
+  - owner: "{{ ssh_keys_owner }}"
     src: "{{ ssh_keys_private_key }}.pub"
 ssh_keys_authorized_keys:
-  - owner: dummy
+  - owner: "{{ ssh_keys_owner }}"
     src: "{{ ssh_keys_private_key }}.pub"
 ssh_keys_known_hosts:
   - hostname: github.com