docker_login: fix permissions for ~/.docker/config.json (#67353)
* Fix permissions for ~/.docker/config.json. * Add changelog, remove debug output.
This commit is contained in:
parent
25181e1b70
commit
55cb8c5388
3 changed files with 15 additions and 3 deletions
2
changelogs/fragments/67353-docker_login-permissions.yml
Normal file
2
changelogs/fragments/67353-docker_login-permissions.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- "docker_login - make sure that ``~/.docker/config.json`` is created with permissions ``0600``."
|
|
@ -244,9 +244,13 @@ class DockerFileStore(object):
|
||||||
dir = os.path.dirname(self._config_path)
|
dir = os.path.dirname(self._config_path)
|
||||||
if not os.path.exists(dir):
|
if not os.path.exists(dir):
|
||||||
os.makedirs(dir)
|
os.makedirs(dir)
|
||||||
# Write config
|
# Write config; make sure it has permissions 0x600
|
||||||
with open(self._config_path, "w") as f:
|
content = json.dumps(self._config, indent=4, sort_keys=True).encode('utf-8')
|
||||||
json.dump(self._config, f, indent=4, sort_keys=True)
|
f = os.open(self._config_path, os.O_WRONLY | os.O_CREAT | os.O_TRUNC, 0o600)
|
||||||
|
try:
|
||||||
|
os.write(f, content)
|
||||||
|
finally:
|
||||||
|
os.close(f)
|
||||||
|
|
||||||
def store(self, server, username, password):
|
def store(self, server, username, password):
|
||||||
'''
|
'''
|
||||||
|
|
|
@ -43,6 +43,11 @@
|
||||||
state: present
|
state: present
|
||||||
register: login_2
|
register: login_2
|
||||||
|
|
||||||
|
- name: Get permissions of ~/.docker/config.json
|
||||||
|
stat:
|
||||||
|
path: ~/.docker/config.json
|
||||||
|
register: login_2_stat
|
||||||
|
|
||||||
- name: Log in (idempotent)
|
- name: Log in (idempotent)
|
||||||
docker_login:
|
docker_login:
|
||||||
registry_url: "{{ registry_frontend_address }}"
|
registry_url: "{{ registry_frontend_address }}"
|
||||||
|
@ -67,6 +72,7 @@
|
||||||
- login_2 is changed
|
- login_2 is changed
|
||||||
- login_3 is not changed
|
- login_3 is not changed
|
||||||
- login_4 is not changed
|
- login_4 is not changed
|
||||||
|
- login_2_stat.stat.mode == '0600'
|
||||||
|
|
||||||
- name: Log in again with wrong password (check mode)
|
- name: Log in again with wrong password (check mode)
|
||||||
docker_login:
|
docker_login:
|
||||||
|
|
Loading…
Reference in a new issue