ansible.posix
ansible.posix copied to clipboard
authorized_key: option to ensure consistent order
SUMMARY
Ensure public keys in the authorized_key file are sorted prior to writing.
Offer choice to sort lexicographically by fingerprint (default), or by comment (empty ones first)
ISSUE TYPE
- Feature Idea
COMPONENT NAME
ansible.posix.authorized_key
ADDITIONAL INFORMATION
The file on multiple machines can be fetched from a single point and hashed to quickly verify it has not been tampered with, is consistent across similar machines, or for other purposes.
Preserve comments at top if #256 ever gets implemented
@mchubby thank you for the feature request. Basically, the authorized_key module provides the functionality to add and remove specific entries. This means that the authorized_key module does not manage the entire file. For example, the idea of adding a comment when adding as in #256 is basically along with this line-level add/delete policy.
However, a mechanism for change verification is not limited to the authorized_keys file, it seems like a feature that should be solved(or implemented) by the Playbook task side. Also, I don't think the mechanism for managing the entire file like this does not match the line-level management mechanism like the authorized_key module :)
Please let me know if I misunderstood your situation.