Allow $ & ~ inside paths in galaxy roles (#72966)

ansible-galaxy currently behaves bad then a role to be installed
contains ~ or $ at any place in the path of a file in that role.
It extracts the parent directory of the offending path level as an
empty file. This explodes if that directory contains anything else.

Change this behaviour. `~` is now allowed allowed when it is
not a full level (Yes: `some~thing/`, no: `~/`). The code should
get refactoring in an other PR.
This commit is contained in:
Alexander Sowitzki 2021-02-02 18:10:05 +01:00 committed by GitHub
parent a9b5bebab3
commit 1c83672532
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 68 additions and 1 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- Allow `~` to be present in file names in galaxy roles (https://github.com/ansible/ansible/issues/72966)

View file

@ -334,7 +334,11 @@ class GalaxyRole(object):
n_parts = n_member_name.replace(n_archive_parent_dir, "", 1).split(os.sep)
n_final_parts = []
for n_part in n_parts:
if n_part != '..' and '~' not in n_part and '$' not in n_part:
# TODO if the condition triggers it produces a broken installation.
# It will create the parent directory as an empty file and will
# explode if the directory contains valid files.
# Leaving this as is since the whole module needs a rewrite.
if n_part != '..' and not n_part.startswith('~') and '$' not in n_part:
n_final_parts.append(n_part)
member.name = os.path.join(*n_final_parts)
role_tar_file.extract(member, to_native(self.path))

View file

@ -0,0 +1,2 @@
shippable/posix/group4
skip/python2.6 # build uses tarfile with features not available until 2.7

View file

@ -0,0 +1 @@
dependencies: [setup_remote_tmp_dir]

View file

@ -0,0 +1,58 @@
- name: Archive directories
file:
state: directory
path: "{{ remote_tmp_dir }}/role.d/{{item}}"
loop:
- meta
- tasks
- name: Metadata file
copy:
content: "'galaxy_info': {}"
dest: "{{ remote_tmp_dir }}/role.d/meta/main.yml"
- name: Valid files
copy:
content: ""
dest: "{{ remote_tmp_dir }}/role.d/tasks/{{item}}"
loop:
- "main.yml"
- "valid~file.yml"
- name: Valid role archive
command: "tar cf {{ remote_tmp_dir }}/valid-role.tar {{ remote_tmp_dir }}/role.d"
- name: Invalid file
copy:
content: ""
dest: "{{ remote_tmp_dir }}/role.d/tasks/~invalid.yml"
- name: Valid requirements file
copy:
dest: valid-requirements.yml
content: "[{'src': '{{ remote_tmp_dir }}/valid-role.tar', 'name': 'valid-testrole'}]"
- name: Invalid role archive
command: "tar cf {{ remote_tmp_dir }}/invalid-role.tar {{ remote_tmp_dir }}/role.d"
- name: Invalid requirements file
copy:
dest: invalid-requirements.yml
content: "[{'src': '{{ remote_tmp_dir }}/invalid-role.tar', 'name': 'invalid-testrole'}]"
- name: Install valid role
command: ansible-galaxy install -r valid-requirements.yml
- name: Uninstall valid role
command: ansible-galaxy role remove valid-testrole
- name: Install invalid role
command: ansible-galaxy install -r invalid-requirements.yml
ignore_errors: yes
register: invalid
- assert:
that: "invalid.rc != 0"
- name: Uninstall invalid role
command: ansible-galaxy role remove invalid-testrole