docker_login: fix permissions for ~/.docker/config.json (#67353)

* Fix permissions for ~/.docker/config.json.

* Add changelog, remove debug output.
This commit is contained in:
Felix Fontein 2020-02-15 15:38:58 +01:00 committed by GitHub
parent 25181e1b70
commit 55cb8c5388
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 3 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- "docker_login - make sure that ``~/.docker/config.json`` is created with permissions ``0600``."

View file

@ -244,9 +244,13 @@ class DockerFileStore(object):
dir = os.path.dirname(self._config_path) dir = os.path.dirname(self._config_path)
if not os.path.exists(dir): if not os.path.exists(dir):
os.makedirs(dir) os.makedirs(dir)
# Write config # Write config; make sure it has permissions 0x600
with open(self._config_path, "w") as f: content = json.dumps(self._config, indent=4, sort_keys=True).encode('utf-8')
json.dump(self._config, f, indent=4, sort_keys=True) f = os.open(self._config_path, os.O_WRONLY | os.O_CREAT | os.O_TRUNC, 0o600)
try:
os.write(f, content)
finally:
os.close(f)
def store(self, server, username, password): def store(self, server, username, password):
''' '''

View file

@ -43,6 +43,11 @@
state: present state: present
register: login_2 register: login_2
- name: Get permissions of ~/.docker/config.json
stat:
path: ~/.docker/config.json
register: login_2_stat
- name: Log in (idempotent) - name: Log in (idempotent)
docker_login: docker_login:
registry_url: "{{ registry_frontend_address }}" registry_url: "{{ registry_frontend_address }}"
@ -67,6 +72,7 @@
- login_2 is changed - login_2 is changed
- login_3 is not changed - login_3 is not changed
- login_4 is not changed - login_4 is not changed
- login_2_stat.stat.mode == '0600'
- name: Log in again with wrong password (check mode) - name: Log in again with wrong password (check mode)
docker_login: docker_login: