git - use remote_tmp directory (#66762)

* fix:git module ignores remote_tmp

* WIP: added the changelog fragment and edit comment

* Revert "WIP: added the changelog fragment and edit comment"

This reverts commit 2f739df619.

* WIP: added changelog fragments

* WIP: added changelog fragment

* WIP: fixed spelling in changelog fragment

changelogs/fragments/66762-fix-git-module-ignores-remote_tmp.yml

@@ -0,0 +1,4 @@
+bugfixes:
+  - Fix issue git module ignores remote_tmp (https://github.com/ansible/ansible/issues/33947).
+  - Fix issue git module cannot use custom `key_file` or `ssh_opts` as non-root user on system with noexec `/tmp` (https://github.com/ansible/ansible/issues/30064).
+  - By passing the module_tmpdir as a parameter in the write_ssh_wrapper function instead of initalizing module_tmpdir via get_module_path()

lib/ansible/modules/source_control/git.py

@@ -369,13 +369,12 @@ def get_submodule_update_params(module, git_path, cwd):
     return params
 
 
-def write_ssh_wrapper():
-    module_dir = get_module_path()
+def write_ssh_wrapper(module_tmpdir):
     try:
         # make sure we have full permission to the module_dir, which
         # may not be the case if we're sudo'ing to a non-root user
-        if os.access(module_dir, os.W_OK | os.R_OK | os.X_OK):
-            fd, wrapper_path = tempfile.mkstemp(prefix=module_dir + '/')
+        if os.access(module_tmpdir, os.W_OK | os.R_OK | os.X_OK):
+            fd, wrapper_path = tempfile.mkstemp(prefix=module_tmpdir + '/')
         else:
             raise OSError
     except (IOError, OSError):
@@ -1153,7 +1152,7 @@ def main():
     # create a wrapper script and export
     # GIT_SSH=<path> as an environment variable
     # for git to use the wrapper script
-    ssh_wrapper = write_ssh_wrapper()
+    ssh_wrapper = write_ssh_wrapper(module.tmpdir)
     set_git_ssh(ssh_wrapper, key_file, ssh_opts)
     module.add_cleanup_file(path=ssh_wrapper)