vagrant-ansible_auto 0.1.5 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 40fd0b7cb409371ac24b6e878076c7aa5020db70
-  data.tar.gz: 1ff945bf3f9f43324c504cb2a987c49f1d7eccce
+  metadata.gz: 3d4bb6c4215e1b0c8f9aeb522426dd522a743e26
+  data.tar.gz: 2921234cbcc88bda96d0bde9e1d8ca456f36dbe9
 SHA512:
-  metadata.gz: 0a4e2871cff450346b750f166c39d4730b97e41ba8c39476582cde9ec307d6a42035b99739590fe7dc9baadd181efaf5776d67152ba424b57a877ce87e6530e7
-  data.tar.gz: 5d13474ca2aed002005b23f2c028fe932470293914551e9ddf32b3de0f5fbdd9e9f9ad5a576c2cc4c0ddd8a2502cafb79c22c77639488da910d3247936b98439
+  metadata.gz: 500890578628075bea826662ef985ba8b9007de9454c17ca1078564124710cf7f09abb56ce171897674d0ca47d5a1846d7f653c1c81003feb90317775c606708
+  data.tar.gz: e8d3f80ab494637c2267da56e8aee5d1b67eea39f2e549e3fd8807a2223f75dba0a50256ddf7957e440645ffa07531ce5c6343ef9e3d369d7e2cc27e59e545e5

data/CHANGELOG.md

@@ -0,0 +1,26 @@
+## Next Version (Unreleased)
+
+FEATURES:
+
+IMPROVEMENTS:
+
+BUG FIXES:
+
+## 0.2.1 (July 29, 2017)
+
+BUG FIXES:
+
+- Fix build errors by committing updated `Gemfile.lock` with version bump
+
+## 0.2.1 (July 29, 2017)
+
+FEATURES:
+
+- Permit inserting the control machine's public key into the `authorized_keys`
+  file on managed machines, as an alternative to uploading the managed
+  machines' private keys to the control machine
+- Add JSON output options to `vagrant ansible inventory`
+
+IMPROVEMENTS:
+
+- Add I18n support

data/Gemfile

@@ -1,9 +1,11 @@
 # frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 group :development do
   gem 'pry'
   gem 'vagrant', github: 'mitchellh/vagrant'
+  gem 'vagrant-spec', github: 'mitchellh/vagrant-spec'
 end
 
 group :plugins do

data/Gemfile.lock

@@ -0,0 +1,172 @@
+GIT
+  remote: git://github.com/mitchellh/vagrant-spec.git
+  revision: 2f0fb10862b2d19861c584be9d728080ba1f5d33
+  specs:
+    vagrant-spec (0.0.1)
+      childprocess (~> 0.6.0)
+      log4r (~> 1.1.9)
+      rspec (~> 2.14)
+      thor (~> 0.18.1)
+
+GIT
+  remote: git://github.com/mitchellh/vagrant.git
+  revision: a7b228eb698352638270dc076d0385fa324ca187
+  specs:
+    vagrant (1.9.8.dev)
+      childprocess (~> 0.6.0)
+      erubis (~> 2.7.0)
+      hashicorp-checkpoint (~> 0.1.1)
+      i18n (>= 0.6.0, <= 0.8.0)
+      listen (~> 3.1.5)
+      log4r (~> 1.1.9, < 1.1.11)
+      net-scp (~> 1.2.0)
+      net-sftp (~> 2.1)
+      net-ssh (~> 4.1.0)
+      rb-kqueue (~> 0.2.0)
+      rest-client (>= 1.6.0, < 3.0)
+      ruby_dep (<= 1.3.1)
+      wdm (~> 0.1.0)
+      winrm (~> 2.1)
+      winrm-elevated (~> 1.1)
+      winrm-fs (~> 1.0)
+
+PATH
+  remote: .
+  specs:
+    vagrant-ansible_auto (0.2.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.3.0)
+    builder (3.2.3)
+    cane (3.0.0)
+      parallel
+    childprocess (0.6.3)
+      ffi (~> 1.0, >= 1.0.11)
+    coderay (1.1.1)
+    coveralls (0.7.2)
+      multi_json (~> 1.3)
+      rest-client (= 1.6.7)
+      simplecov (>= 0.7)
+      term-ansicolor (= 1.2.2)
+      thor (= 0.18.1)
+    diff-lcs (1.3)
+    docile (1.1.5)
+    erubis (2.7.0)
+    ffi (1.9.18)
+    gssapi (1.2.0)
+      ffi (>= 1.0.1)
+    gyoku (1.3.1)
+      builder (>= 2.1.2)
+    hashicorp-checkpoint (0.1.4)
+    httpclient (2.8.3)
+    i18n (0.8.0)
+    json (2.1.0)
+    listen (3.1.5)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+      ruby_dep (~> 1.2)
+    little-plugger (1.1.4)
+    log4r (1.1.10)
+    logging (2.2.2)
+      little-plugger (~> 1.1)
+      multi_json (~> 1.10)
+    method_source (0.8.2)
+    mime-types (3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2016.0521)
+    multi_json (1.12.1)
+    net-scp (1.2.1)
+      net-ssh (>= 2.6.5)
+    net-sftp (2.1.2)
+      net-ssh (>= 2.6.5)
+    net-ssh (4.1.0)
+    nori (2.6.0)
+    parallel (1.12.0)
+    parser (2.4.0.0)
+      ast (~> 2.2)
+    powerpack (0.1.1)
+    pry (0.10.4)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
+    rainbow (2.2.2)
+      rake
+    rake (10.5.0)
+    rb-fsevent (0.10.2)
+    rb-inotify (0.9.10)
+      ffi (>= 0.5.0, < 2)
+    rb-kqueue (0.2.5)
+      ffi (>= 0.5.0)
+    rest-client (1.6.7)
+      mime-types (>= 1.16)
+    rspec (2.99.0)
+      rspec-core (~> 2.99.0)
+      rspec-expectations (~> 2.99.0)
+      rspec-mocks (~> 2.99.0)
+    rspec-core (2.99.2)
+    rspec-expectations (2.99.2)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.99.4)
+    rubocop (0.49.1)
+      parallel (~> 1.10)
+      parser (>= 2.3.3.1, < 3.0)
+      powerpack (~> 0.1)
+      rainbow (>= 1.99.1, < 3.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.8.1)
+    ruby_dep (1.3.1)
+    rubyntlm (0.6.2)
+    rubyzip (1.2.1)
+    simplecov (0.14.1)
+      docile (~> 1.1.0)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.1)
+    slop (3.6.0)
+    term-ansicolor (1.2.2)
+      tins (~> 0.8)
+    thor (0.18.1)
+    tins (0.13.2)
+    unicode-display_width (1.3.0)
+    wdm (0.1.1)
+    winrm (2.2.3)
+      builder (>= 2.1.2)
+      erubis (~> 2.7)
+      gssapi (~> 1.2)
+      gyoku (~> 1.0)
+      httpclient (~> 2.2, >= 2.2.0.2)
+      logging (>= 1.6.1, < 3.0)
+      nori (~> 2.0)
+      rubyntlm (~> 0.6.0, >= 0.6.1)
+    winrm-elevated (1.1.0)
+      winrm (~> 2.0)
+      winrm-fs (~> 1.0)
+    winrm-fs (1.0.1)
+      erubis (~> 2.7)
+      logging (>= 1.6.1, < 3.0)
+      rubyzip (~> 1.1)
+      winrm (~> 2.0)
+    yard (0.9.9)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.12.5)
+  cane
+  coveralls
+  pry
+  rake (~> 10.0)
+  rspec (~> 2.14)
+  rubocop
+  simplecov
+  vagrant!
+  vagrant-ansible_auto!
+  vagrant-spec!
+  yard
+
+BUNDLED WITH
+   1.12.5

data/README.md

@@ -1,5 +1,11 @@
 # Vagrant::AnsibleAuto
 
+[![Build Status](https://secure.travis-ci.org/BaxterStockman/vagrant-ansible_auto.png?branch=master)](https://travis-ci.org/BaxterStockman/vagrant-ansible_auto)
+[![Dependency Status](https://gemnasium.com/BaxterStockman/vagrant-ansible_auto.png)](https://gemnasium.com/BaxterStockman/vagrant-ansible_auto)
+[![Code Climate](https://codeclimate.com/github/BaxterStockman/vagrant-ansible_auto.png)](https://codeclimate.com/github/BaxterStockman/vagrant-ansible_auto)
+[![Coverage Status](https://coveralls.io/repos/github/BaxterStockman/vagrant-ansible_auto/badge.svg?branch=travis)](https://coveralls.io/github/BaxterStockman/vagrant-ansible_auto?branch=travis)
+[![Gem Version](https://img.shields.io/gem/v/vagrant-ansible_auto.svg)](https://rubygems.org/gems/vagrant-ansible_auto)
+
 This Vagrant plugin provides the `ansible_auto` provisioner that automatically
 sets up the provisioned guest as an Ansible control machine for the nodes
 defined in your Vagrantfile.  It also provides the `vagrant ansible` subcommand
@@ -47,9 +53,9 @@ end
 Running `vagrant ansible inventory` will print this Ansible inventory:
 
 ```ini
-ansible-test-worker-1 ansible_ssh_user=vagrant ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 ansible_ssh_private_key_file=/home/matt/git/vagrant-ansible_inventory/.vagrant/machines/ansible-test-worker-1/virtualbox/private_key
-ansible-test-worker-2 ansible_ssh_user=vagrant ansible_ssh_host=127.0.0.1 ansible_ssh_port=2200 ansible_ssh_private_key_file=/home/matt/git/vagrant-ansible_inventory/.vagrant/machines/ansible-test-worker-2/virtualbox/private_key
-ansible-test-control ansible_ssh_user=vagrant ansible_ssh_host=127.0.0.1 ansible_ssh_port=2201 ansible_ssh_private_key_file=/home/matt/git/vagrant-ansible_inventory/.vagrant/machines/ansible-test-control/virtualbox/private_key
+ansible-test-worker-1 ansible_ssh_user=vagrant ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 ansible_ssh_private_key_file=/home/user/vagrant/cluster/.vagrant/machines/ansible-test-worker-1/virtualbox/private_key
+ansible-test-worker-2 ansible_ssh_user=vagrant ansible_ssh_host=127.0.0.1 ansible_ssh_port=2200 ansible_ssh_private_key_file=/home/user/vagrant/cluster/.vagrant/machines/ansible-test-worker-2/virtualbox/private_key
+ansible-test-control ansible_ssh_user=vagrant ansible_ssh_host=127.0.0.1 ansible_ssh_port=2201 ansible_ssh_private_key_file=/home/user/vagrant/cluster/.vagrant/machines/ansible-test-control/virtualbox/private_key
 [control]
 ansible-test-control
 [worker]
@@ -60,6 +66,9 @@ control
 worker
 ```
 
+You can print the inventory as compact JSON by providing the `--json` flag or
+as pretty JSON by providing the `--pretty` flag.
+
 ### Provisioning
 
 The `ansible_auto` provisioner is an augmented version of the
@@ -75,7 +84,7 @@ Vagrant.configure(2) do |config|
       #   [control]
       #   ansible-control
       ansible.groups = {
-        'control'   => %(ansible-control)
+        'control'   => %w(ansible-control)
       }
 
       # Will show up in inventory as
@@ -87,14 +96,14 @@ Vagrant.configure(2) do |config|
 
       # Will show up in inventory as
       #   [dev:vars]
-      #   ansible_port = 2222
+      #   git_branch = devel
       ansible.vars = {
         'dev' => {
-          'ansible_port' => 2222
+          'git_branch' => 'devel'
         }
       }
 
-      # Enable or disable `StrictHostKeyChecking` SSH option.
+      # Enable or disable the `StrictHostKeyChecking` SSH option.
       # Disabled by default.
       ansible.strict_host_key_checking = false
 
@@ -104,21 +113,53 @@ Vagrant.configure(2) do |config|
 
       # The number of seconds to delay between connection attempts.
       ansible.host_connect_sleep = 5
+
+      # When true, insert the public key of the SSH user for the control
+      # machine (the machine that will run `ansible-playbook`) into the
+      # authorized_keys files of the SSH users on managed machines.  Enabled by
+      # default.
+      ansible.insert_control_machine_public_key = false
+
+      # When true, upload the private keys for the SSH users of managed
+      # machines to a temporary location on the control machine, using these
+      # keys as the values of `ansible_ssh_private_key_file` in the generated
+      # inventory.  Disabled by default, unless
+      # `insert_control_machine_public_key` is disabled.
+      ansible.upload_inventory_host_private_keys = true
     end
   end
 end
 ```
 
+#### Public Key Authentication
+
 Each guest provisioned with `ansible_auto` will be set up as an Ansible
 control machine with the ability to connect to other guests defined in the
-`Vagrantfile`.  This is facilitated by uploading the private keys of each guest
-to a temporary path on the control machine and assigning this path as the
-hostvar `ansible_ssh_private_key_file` to the relevant host in the generated
-inventory.
+`Vagrantfile`.  This is facilitated by either:
+
+- Inserting the public key of the control machine's SSH user into the
+  `authorized_keys` file of the SSH user on each of the managed machines (other
+  than the control machine itself).  This is what happens when the option
+  `insert_control_machine_public_key` is in effect.
+- Uploading the private keys of each guest to a temporary path on the control
+  machine and assigning this path as the hostvar `ansible_ssh_private_key_file`
+  to the relevant host in the generated inventory.  This is what happens when
+  the option `upload_inventory_host_private_keys` is in effect.
+
+`insert_control_machine_public_key` takes precedence over
+`upload_inventory_host_private_keys`, so public key insertion will be used if
+both options are set to `true`.
+
+#### Targeted Machines
+
+By default, the `ansible_auto` provisioner targets all machines defined in the
+inventory by setting the provisioner option `ansible.limit` to `"*"`.  This is
+different than the core `ansible_local` provisioner, which by default targets
+only the guest for which the provisioner was defined.
 
 ## Contributing
 
-1. Fork it ( https://github.com/joiggama/vagrant-ansible_auto/fork )
+1. Fork it ( https://github.com/BaxterStockman/vagrant-ansible_auto/fork )
 2. Create your feature branch (`git checkout -b my-new-feature`)
 3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)

data/Rakefile

@@ -1,12 +1,14 @@
 # frozen_string_literal: true
-require "bundler/gem_tasks"
 
-require "rspec/core/rake_task"
-RSpec::Core::RakeTask.new(:spec) do |t|
-  t.ruby_opts = "-w"
-end
+require 'bundler/gem_tasks'
 
-require "rubocop/rake_task"
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+
+require 'rubocop/rake_task'
 RuboCop::RakeTask.new
 
-task default: [:rubocop, :spec]
+require 'yard'
+YARD::Rake::YardocTask.new
+
+task default: %i[rubocop spec]

data/TODO.md

@@ -6,3 +6,17 @@
 - Util::ScopedHashOverride for the key conversions done in Host?
 - Util::HashWithIndifferentAccess for Host?
 - default vaues for arguments to attr_writer methods in `Inventory`
+- Make sure error messages use `channel: :error`
+- Safe method for expansion of remote paths
+- Check that the version of Ansible on the control machine supports the `local`
+  connection type
+- (Optionally) remove inventory host private keys from the control machine
+  after `ansible-playbook` runs
+- Delegate config methods `groups=`, `children=`, and `vars=` to the
+  `inventory` instance variable (for auto-vivification of the various hashes)
+
+## I1*8n
+
+- Command line option usage
+- Error message in `command/root.rb` (and any other instances of
+  `@env.ui#method`)

data/Vagrantfile

@@ -1,23 +1,45 @@
-# frozen_string_literal: true
 Vagrant.configure(2) do |config|
-  define_vm = lambda do |name, box, memory|
-    config.vm.define name do |instance|
-      instance.vm.box      = box
-      instance.vm.hostname = name
-      instance.vm.network 'private_network', type: 'dhcp'
-      instance.vm.provider :virtualbox do |i|
-        i.name   = name
-        i.memory = memory
+  config.vm.box = 'hashicorp/precise64'
+
+  (1..2).each do |i|
+    name = "ansible-test-worker-#{i}"
+
+    config.vm.define name do |machine|
+      machine.vm.provider :docker do |d|
+        d.image = 'baxterstockman/minideb-vagrant'
+        d.has_ssh = true
       end
+
+      machine.ansible.groups = {
+        'worker' => name,
+        'cluster:children' => ['worker']
+      }
     end
   end
 
-  define_vm.call 'master',  'ubuntu/trusty32', 256
-  define_vm.call 'slave-1', 'ubuntu/trusty32', 256
-  define_vm.call 'slave-2', 'ubuntu/trusty32', 256
+  config.vm.define 'ansible-test-control' do |machine|
+    machine.vm.provider :docker do |d|
+      d.image = 'baxterstockman/minideb-vagrant'
+      d.has_ssh = true
+    end
+
+    machine.vm.provision :ansible_auto do |ansible|
+      ansible.limit = '*'
+      ansible.playbook = 'playbooks/test.yml'
+    end
+
+    machine.ansible.groups = {
+      'control' => ['ansible-test-control'],
+      'cluster:children' => ['control']
+    }
+  end
 
-  config.ansible.groups = {
-    'cluster:children' => %w(master slaves),
-    'slaves'           => ['slave-1', 'slave-2'],
+  config.ansible.vars = {
+    'control' => {
+      'role'  => 'ansible-control'
+    },
+    'worker' => {
+      'role'  => 'ansible-worker'
+    }
   }
 end

data/lib/vagrant/ansible_auto/cap/guest/posix/check_open_port.rb

@@ -1,14 +1,31 @@
 # frozen_string_literal: true
+
 require 'uri'
 
+require 'vagrant/ansible_auto/util/shell_quote'
+
 module VagrantPlugins
   module AnsibleAuto
     module Cap
       module Guest
         module POSIX
+          # Capability class for checking whether a port is open on a given
+          # host
+          # @note requires Bash to be installed on the target machine
           class CheckOpenPort
+            extend VagrantPlugins::AnsibleAuto::Util::ShellQuote
+
             class << self
-              def check_open_port(machine, host, port, proto = 'tcp')
+              # Check whether a port is open
+              # @param [Vagrant::Machine] machine a guest machine
+              # @param [String] host hostname whose port will be checked
+              # @param [Integer] port port number to check
+              # @param [String] proto the protocol to use
+              # @return [Boolean] if a valid hostname and port were provided,
+              #   whether the specified port is open on the specified host
+              # @return [nil] if hostname or port were not valid, or if Bash is
+              #   not available on the target machine
+              def port_open?(machine, host, port, proto = 'tcp')
                 return nil unless machine.communicate.test('bash')
 
                 # Check that we got a valid URI by constructing a URI object
@@ -22,8 +39,10 @@ module VagrantPlugins
                   return nil
                 end
 
-                target = File.join('/dev/', proto, uri.host, uri.port.to_s).shellescape
-                machine.communicate.test("read < #{target}", shell: '/bin/bash')
+                return false if uri.host.nil? || uri.port.nil?
+
+                target = shellescape(File.join('/dev/', proto, uri.host, uri.port.to_s))
+                machine.communicate.test("read < #{target}", shell: 'bash')
               end
             end
           end

data/lib/vagrant/ansible_auto/cap/guest/posix/executable_installed.rb

@@ -1,15 +1,23 @@
 # frozen_string_literal: true
-require 'shellwords'
+
+require 'vagrant/ansible_auto/util/shell_quote'
 
 module VagrantPlugins
   module AnsibleAuto
     module Cap
       module Guest
         module POSIX
+          # Check whether an executable is installed
           class ExecutableInstalled
+            extend Util::ShellQuote
+
             class << self
+              # @param [Machine] machine a guest machine
+              # @param [#to_s] executable name or path of an executable
+              # @return [Boolean] whether the executable exists and has the
+              #   executable bit set
               def executable_installed?(machine, executable)
-                machine.communicate.test(%[test -x "$(command -v #{executable.shellescape})"], error_check: false)
+                machine.communicate.test(%[test -x "$(command -v '#{shellescape(executable)}')"], error_check: false)
               end
             end
           end

data/lib/vagrant/ansible_auto/cap/guest/posix/gateway_addresses.rb

@@ -1,15 +1,18 @@
 # frozen_string_literal: true
-require 'set'
 
 module VagrantPlugins
   module AnsibleAuto
     module Cap
       module Guest
         module POSIX
+          # List gateway addresses for the interfaces on a machine
           class GatewayAddresses
             class << self
+              # @param [Machine] machine a guest machine
+              # @return [Array<String>] a list of the gateway IP addresses for
+              #   the machine
               def gateway_addresses(machine)
-                with_default_gateway_addresses(machine).to_a.compact
+                with_default_gateway_addresses(machine).to_a.compact.uniq
               end
 
             private
@@ -17,39 +20,21 @@ module VagrantPlugins
               def with_default_gateway_addresses(machine)
                 return enum_for(__method__, machine) unless block_given?
 
-                seen_addresses = Set.new
-                yield_unseen_address = lambda do |a|
-                  yield a unless seen_addresses.include? a
-                  seen_addresses << a
-                end
-
                 machine.communicate.execute('ip route show', error_check: false) do |type, data|
                   if type == :stdout
-                    data.lines.each do |line|
-                      if line.start_with?('default')
-                        yield_unseen_address.call(line.split[2])
-                      end
-                    end
+                    data.each_line { |l| yield l.split[2] if l.start_with? 'default' }
                   end
                 end
 
                 machine.communicate.execute('route -n', error_check: false) do |type, data|
                   if type == :stdout
-                    data.lines.each do |line|
-                      if line.start_with?('0.0.0.0')
-                        yield_unseen_address.call(line.split[1])
-                      end
-                    end
+                    data.each_line { |l| yield l.split[1] if l.start_with? '0.0.0.0' }
                   end
                 end
 
                 machine.communicate.execute('netstat -rn', error_check: false) do |type, data|
                   if type == :stdout
-                    data.lines.each do |line|
-                      if line.start_with?('0.0.0.0')
-                        yield_unseen_address.call(line.split[1])
-                      end
-                    end
+                    data.each_line { |l| yield l.split[1] if l.start_with? '0.0.0.0' }
                   end
                 end
               end

data/lib/vagrant/ansible_auto/cap/guest/posix/private_key.rb

@@ -1,17 +1,32 @@
 # frozen_string_literal: true
 
+require 'vagrant/ansible_auto/util/shell_quote'
+
 module VagrantPlugins
   module AnsibleAuto
     module Cap
       module Guest
         module POSIX
+          # Create a private key
           class PrivateKey
+            extend Util::ShellQuote
+
             class << self
+              # @param [Vagrant::Machine] machine a guest machine
+              # @param [#to_s] path the output path for the generated private
+              #   key
+              # @param [String] type the type of key to generate. Takes any
+              #   valid type to the +ssh-keygen+ utility's +-t+ option
+              # @param [String] bits the bits of entropy.  Takes any value
+              #   valid for the +ssh-keygen+ utility's +-b+ option
+              # @return [nil] if +ssh-keygen+ is not available on the machine
+              # @return [Integer] the exit code of the remote command
               def generate_private_key(machine, path, type = 'rsa', bits = '2048')
                 return unless machine.guest.capability?(:executable_installed?) \
                   && machine.guest.capability(:executable_installed?, 'ssh-keygen')
 
-                machine.communicate.execute("ssh-keygen -t #{type} -b #{bits} -C 'Vagrant-generated keypair' -f #{path}")
+                cmd = "ssh-keygen -t #{shellescape(type)} -b #{shellescape(bits)} -C 'Vagrant-generated keypair' -f #{shellescape(path)}"
+                machine.communicate.execute(cmd)
               end
             end
           end

data/lib/vagrant/ansible_auto/cap/guest/posix/public_key.rb

@@ -1,24 +1,39 @@
 # frozen_string_literal: true
 
+require 'vagrant/ansible_auto/util/shell_quote'
+
 module VagrantPlugins
   module AnsibleAuto
     module Cap
       module Guest
         module POSIX
-          class PrivateKey
+          # Grab a public key from a guest machine
+          class PublicKey
+            extend Util::ShellQuote
+
             class << self
+              # @param [Vagrant::Machine] machine a guest machine
+              # @param [#to_s] path path to the public key
+              # @return [nil] if the public key file cannot be read
+              # @return [String if the public key file can be read, its
+              #   contents
               def fetch_public_key(machine, path)
                 return unless machine.guest.capability?(:executable_installed?) \
                   && machine.guest.capability(:executable_installed?, 'ssh-keygen')
 
-                # TODO: handle bad status
                 public_key = ''
-                _status = machine.communicate.execute("ssh-keygen -f #{path} -y") do |data_type, data|
+                exit_status = machine.communicate.execute("ssh-keygen -f #{shellescape(path)} -y", error_check: false) do |data_type, data|
                   public_key += data if data_type == :stdout
                 end
 
+                return if public_key.empty? || !exit_status.zero?
+
                 public_key
               end
+
+              def authorized_key?(machine, content, path = '~/.ssh/authorized_keys')
+                machine.communicate.test("grep -q -x -F '#{shellescape(content.chomp)}' #{shellescape(path)}")
+              end
             end
           end
         end