Add partially backwards compatible version of _fixup_perms. (#17427)
Also added a deprecation notice for _fixup_perms.
Resolves issue #17352 (assumes custom actions use recursive=False).
(cherry picked from commit 94a0d2afb4)
This commit is contained in:
Matt Clay
parent
e83840c3fd
commit
2587d2aaf9
10 changed files with 45 additions and 10 deletions
13
CHANGELOG.md
13
CHANGELOG.md
|
|
@ -7,6 +7,19 @@ Ansible Changes By Release
|
||||||
* Fix a bug with async's poll keyword not making use of ansible_python_interpreter to run (and thus breaking when /usr/bin/python is not present on the remote machine.)
|
* Fix a bug with async's poll keyword not making use of ansible_python_interpreter to run (and thus breaking when /usr/bin/python is not present on the remote machine.)
|
||||||
* Fix a bug where hosts that started with a range in inventory were being treated as an invalid section header.
|
* Fix a bug where hosts that started with a range in inventory were being treated as an invalid section header.
|
||||||
* Fix a bug where the fetch module was not idempotent when retrieving the target of a symlink.
|
* Fix a bug where the fetch module was not idempotent when retrieving the target of a symlink.
|
||||||
|
|
||||||
|
###Deprecations:
|
||||||
|
|
||||||
|
* Deprecated the use of `_fixup_perms`. Use `_fixup_perms2` instead.
|
||||||
|
This change only impacts custom action plugins using `_fixup_perms`.
|
||||||
|
|
||||||
|
###Incompatible Changes:
|
||||||
|
|
||||||
|
* Use of `_fixup_perms` with `recursive=True` (the default) is no longer supported.
|
||||||
|
Custom action plugins using `_fixup_perms` will require changes unless they already use `recursive=False`.
|
||||||
|
Use `_fixup_perms2` if support for previous releases is not required.
|
||||||
|
Otherwise use `_fixup_perms` with `recursive=False`.
|
||||||
|
|
||||||
## 2.1.1 "The Song Remains the Same" - 07-28-2016
|
## 2.1.1 "The Song Remains the Same" - 07-28-2016
|
||||||
|
|
||||||
###Minor Changes:
|
###Minor Changes:
|
||||||
|
|
|
||||||
|
|
@ -293,7 +293,29 @@ class ActionBase(with_metaclass(ABCMeta, object)):
|
||||||
|
|
||||||
return remote_path
|
return remote_path
|
||||||
|
|
||||||
def _fixup_perms(self, remote_paths, remote_user, execute=True):
|
def _fixup_perms(self, remote_path, remote_user, execute=True, recursive=True):
|
||||||
|
"""
|
||||||
|
We need the files we upload to be readable (and sometimes executable)
|
||||||
|
by the user being sudo'd to but we want to limit other people's access
|
||||||
|
(because the files could contain passwords or other private
|
||||||
|
information.
|
||||||
|
|
||||||
|
Deprecated in favor of _fixup_perms2. Ansible code has been updated to
|
||||||
|
use _fixup_perms2. This code is maintained to provide partial support
|
||||||
|
for custom actions (non-recursive mode only).
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
display.deprecated('_fixup_perms is deprecated. Use _fixup_perms2 instead.', version='2.4', removed=False)
|
||||||
|
|
||||||
|
if recursive:
|
||||||
|
raise AnsibleError('_fixup_perms with recursive=True (the default) is no longer supported. ' +
|
||||||
|
'Use _fixup_perms2 if support for previous releases is not required. '
|
||||||
|
'Otherwise use fixup_perms with recursive=False.')
|
||||||
|
|
||||||
|
return self._fixup_perms2([remote_path], remote_user, execute)
|
||||||
|
|
||||||
|
def _fixup_perms2(self, remote_paths, remote_user, execute=True):
|
||||||
"""
|
"""
|
||||||
We need the files we upload to be readable (and sometimes executable)
|
We need the files we upload to be readable (and sometimes executable)
|
||||||
by the user being sudo'd to but we want to limit other people's access
|
by the user being sudo'd to but we want to limit other people's access
|
||||||
|
|
@ -611,7 +633,7 @@ class ActionBase(with_metaclass(ABCMeta, object)):
|
||||||
# Fix permissions of the tmp path and tmp files. This should be
|
# Fix permissions of the tmp path and tmp files. This should be
|
||||||
# called after all files have been transferred.
|
# called after all files have been transferred.
|
||||||
if remote_files:
|
if remote_files:
|
||||||
self._fixup_perms(remote_files, remote_user)
|
self._fixup_perms2(remote_files, remote_user)
|
||||||
|
|
||||||
cmd = ""
|
cmd = ""
|
||||||
in_data = None
|
in_data = None
|
||||||
|
|
|
||||||
|
|
@ -153,7 +153,7 @@ class ActionModule(ActionBase):
|
||||||
xfered = self._transfer_file(path, remote_path)
|
xfered = self._transfer_file(path, remote_path)
|
||||||
|
|
||||||
# fix file permissions when the copy is done as a different user
|
# fix file permissions when the copy is done as a different user
|
||||||
self._fixup_perms((tmp, remote_path), remote_user)
|
self._fixup_perms2((tmp, remote_path), remote_user)
|
||||||
|
|
||||||
new_module_args.update( dict( src=xfered,))
|
new_module_args.update( dict( src=xfered,))
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -76,7 +76,7 @@ class ActionModule(ActionBase):
|
||||||
if argsfile:
|
if argsfile:
|
||||||
remote_paths += argsfile,
|
remote_paths += argsfile,
|
||||||
|
|
||||||
self._fixup_perms(remote_paths, remote_user, execute=True)
|
self._fixup_perms2(remote_paths, remote_user, execute=True)
|
||||||
|
|
||||||
async_limit = self._task.async
|
async_limit = self._task.async
|
||||||
async_jid = str(random.randint(0, 999999999999))
|
async_jid = str(random.randint(0, 999999999999))
|
||||||
|
|
|
||||||
|
|
@ -230,7 +230,7 @@ class ActionModule(ActionBase):
|
||||||
|
|
||||||
# fix file permissions when the copy is done as a different user
|
# fix file permissions when the copy is done as a different user
|
||||||
if remote_path:
|
if remote_path:
|
||||||
self._fixup_perms((tmp, remote_path), remote_user)
|
self._fixup_perms2((tmp, remote_path), remote_user)
|
||||||
|
|
||||||
if raw:
|
if raw:
|
||||||
# Continue to next iteration if raw is defined.
|
# Continue to next iteration if raw is defined.
|
||||||
|
|
|
||||||
|
|
@ -59,7 +59,7 @@ class ActionModule(ActionBase):
|
||||||
tmp_src = self._connection._shell.join_path(tmp, os.path.basename(src))
|
tmp_src = self._connection._shell.join_path(tmp, os.path.basename(src))
|
||||||
self._transfer_file(src, tmp_src)
|
self._transfer_file(src, tmp_src)
|
||||||
|
|
||||||
self._fixup_perms((tmp, tmp_src), remote_user)
|
self._fixup_perms2((tmp, tmp_src), remote_user)
|
||||||
|
|
||||||
new_module_args = self._task.args.copy()
|
new_module_args = self._task.args.copy()
|
||||||
new_module_args.update(
|
new_module_args.update(
|
||||||
|
|
|
||||||
|
|
@ -79,7 +79,7 @@ class ActionModule(ActionBase):
|
||||||
self._transfer_file(source, tmp_src)
|
self._transfer_file(source, tmp_src)
|
||||||
|
|
||||||
# set file permissions, more permissive when the copy is done as a different user
|
# set file permissions, more permissive when the copy is done as a different user
|
||||||
self._fixup_perms((tmp, tmp_src), remote_user, execute=True)
|
self._fixup_perms2((tmp, tmp_src), remote_user, execute=True)
|
||||||
|
|
||||||
# add preparation steps to one ssh roundtrip executing the script
|
# add preparation steps to one ssh roundtrip executing the script
|
||||||
env_string = self._compute_environment_string()
|
env_string = self._compute_environment_string()
|
||||||
|
|
|
||||||
|
|
@ -164,7 +164,7 @@ class ActionModule(ActionBase):
|
||||||
xfered = self._transfer_data(self._connection._shell.join_path(tmp, 'source'), resultant)
|
xfered = self._transfer_data(self._connection._shell.join_path(tmp, 'source'), resultant)
|
||||||
|
|
||||||
# fix file permissions when the copy is done as a different user
|
# fix file permissions when the copy is done as a different user
|
||||||
self._fixup_perms((tmp, xfered), remote_user)
|
self._fixup_perms2((tmp, xfered), remote_user)
|
||||||
|
|
||||||
# run the copy module
|
# run the copy module
|
||||||
new_module_args.update(
|
new_module_args.update(
|
||||||
|
|
|
||||||
|
|
@ -93,7 +93,7 @@ class ActionModule(ActionBase):
|
||||||
|
|
||||||
if copy:
|
if copy:
|
||||||
# fix file permissions when the copy is done as a different user
|
# fix file permissions when the copy is done as a different user
|
||||||
self._fixup_perms((tmp, tmp_src), remote_user)
|
self._fixup_perms2((tmp, tmp_src), remote_user)
|
||||||
# Build temporary module_args.
|
# Build temporary module_args.
|
||||||
new_module_args = self._task.args.copy()
|
new_module_args = self._task.args.copy()
|
||||||
new_module_args.update(
|
new_module_args.update(
|
||||||
|
|
|
||||||
|
|
@ -570,7 +570,7 @@ class TestActionBase(unittest.TestCase):
|
||||||
action_base._transfer_data = MagicMock()
|
action_base._transfer_data = MagicMock()
|
||||||
action_base._compute_environment_string = MagicMock()
|
action_base._compute_environment_string = MagicMock()
|
||||||
action_base._low_level_execute_command = MagicMock()
|
action_base._low_level_execute_command = MagicMock()
|
||||||
action_base._fixup_perms = MagicMock()
|
action_base._fixup_perms2 = MagicMock()
|
||||||
|
|
||||||
action_base._configure_module.return_value = ('new', '#!/usr/bin/python', 'this is the module data')
|
action_base._configure_module.return_value = ('new', '#!/usr/bin/python', 'this is the module data')
|
||||||
action_base._late_needs_tmp_path.return_value = False
|
action_base._late_needs_tmp_path.return_value = False
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue