Add partially backwards compatible version of _fixup_perms. (#17427)
Also added a deprecation notice for _fixup_perms. Resolves issue #17352 (assumes custom actions use recursive=False).
This commit is contained in:
parent
1d412059a0
commit
94a0d2afb4
10 changed files with 46 additions and 10 deletions
14
CHANGELOG.md
14
CHANGELOG.md
|
@ -86,6 +86,20 @@ Ansible Changes By Release
|
||||||
* loop_control now has a label option to allow fine grained control what gets displayed per item
|
* loop_control now has a label option to allow fine grained control what gets displayed per item
|
||||||
* loop_control now has a pause option to allow pausing for N seconds between loop iterations of a task.
|
* loop_control now has a pause option to allow pausing for N seconds between loop iterations of a task.
|
||||||
|
|
||||||
|
## 2.1.2 "The Song Remains the Same"
|
||||||
|
|
||||||
|
###Deprecations:
|
||||||
|
|
||||||
|
* Deprecated the use of `_fixup_perms`. Use `_fixup_perms2` instead.
|
||||||
|
This change only impacts custom action plugins using `_fixup_perms`.
|
||||||
|
|
||||||
|
###Incompatible Changes:
|
||||||
|
|
||||||
|
* Use of `_fixup_perms` with `recursive=True` (the default) is no longer supported.
|
||||||
|
Custom action plugins using `_fixup_perms` will require changes unless they already use `recursive=False`.
|
||||||
|
Use `_fixup_perms2` if support for previous releases is not required.
|
||||||
|
Otherwise use `_fixup_perms` with `recursive=False`.
|
||||||
|
|
||||||
## 2.1 "The Song Remains the Same"
|
## 2.1 "The Song Remains the Same"
|
||||||
|
|
||||||
###Major Changes:
|
###Major Changes:
|
||||||
|
|
|
@ -293,7 +293,29 @@ class ActionBase(with_metaclass(ABCMeta, object)):
|
||||||
|
|
||||||
return remote_path
|
return remote_path
|
||||||
|
|
||||||
def _fixup_perms(self, remote_paths, remote_user, execute=True):
|
def _fixup_perms(self, remote_path, remote_user, execute=True, recursive=True):
|
||||||
|
"""
|
||||||
|
We need the files we upload to be readable (and sometimes executable)
|
||||||
|
by the user being sudo'd to but we want to limit other people's access
|
||||||
|
(because the files could contain passwords or other private
|
||||||
|
information.
|
||||||
|
|
||||||
|
Deprecated in favor of _fixup_perms2. Ansible code has been updated to
|
||||||
|
use _fixup_perms2. This code is maintained to provide partial support
|
||||||
|
for custom actions (non-recursive mode only).
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
display.deprecated('_fixup_perms is deprecated. Use _fixup_perms2 instead.', version='2.4', removed=False)
|
||||||
|
|
||||||
|
if recursive:
|
||||||
|
raise AnsibleError('_fixup_perms with recursive=True (the default) is no longer supported. ' +
|
||||||
|
'Use _fixup_perms2 if support for previous releases is not required. '
|
||||||
|
'Otherwise use fixup_perms with recursive=False.')
|
||||||
|
|
||||||
|
return self._fixup_perms2([remote_path], remote_user, execute)
|
||||||
|
|
||||||
|
def _fixup_perms2(self, remote_paths, remote_user, execute=True):
|
||||||
"""
|
"""
|
||||||
We need the files we upload to be readable (and sometimes executable)
|
We need the files we upload to be readable (and sometimes executable)
|
||||||
by the user being sudo'd to but we want to limit other people's access
|
by the user being sudo'd to but we want to limit other people's access
|
||||||
|
@ -618,7 +640,7 @@ class ActionBase(with_metaclass(ABCMeta, object)):
|
||||||
# Fix permissions of the tmp path and tmp files. This should be
|
# Fix permissions of the tmp path and tmp files. This should be
|
||||||
# called after all files have been transferred.
|
# called after all files have been transferred.
|
||||||
if remote_files:
|
if remote_files:
|
||||||
self._fixup_perms(remote_files, remote_user)
|
self._fixup_perms2(remote_files, remote_user)
|
||||||
|
|
||||||
cmd = ""
|
cmd = ""
|
||||||
in_data = None
|
in_data = None
|
||||||
|
|
|
@ -159,7 +159,7 @@ class ActionModule(ActionBase):
|
||||||
xfered = self._transfer_file(path, remote_path)
|
xfered = self._transfer_file(path, remote_path)
|
||||||
|
|
||||||
# fix file permissions when the copy is done as a different user
|
# fix file permissions when the copy is done as a different user
|
||||||
self._fixup_perms((tmp, remote_path), remote_user)
|
self._fixup_perms2((tmp, remote_path), remote_user)
|
||||||
|
|
||||||
new_module_args.update( dict( src=xfered,))
|
new_module_args.update( dict( src=xfered,))
|
||||||
|
|
||||||
|
|
|
@ -81,7 +81,7 @@ class ActionModule(ActionBase):
|
||||||
if argsfile:
|
if argsfile:
|
||||||
remote_paths += argsfile,
|
remote_paths += argsfile,
|
||||||
|
|
||||||
self._fixup_perms(remote_paths, remote_user, execute=True)
|
self._fixup_perms2(remote_paths, remote_user, execute=True)
|
||||||
|
|
||||||
async_limit = self._task.async
|
async_limit = self._task.async
|
||||||
async_jid = str(random.randint(0, 999999999999))
|
async_jid = str(random.randint(0, 999999999999))
|
||||||
|
|
|
@ -226,7 +226,7 @@ class ActionModule(ActionBase):
|
||||||
|
|
||||||
# fix file permissions when the copy is done as a different user
|
# fix file permissions when the copy is done as a different user
|
||||||
if remote_path:
|
if remote_path:
|
||||||
self._fixup_perms((tmp, remote_path), remote_user)
|
self._fixup_perms2((tmp, remote_path), remote_user)
|
||||||
|
|
||||||
if raw:
|
if raw:
|
||||||
# Continue to next iteration if raw is defined.
|
# Continue to next iteration if raw is defined.
|
||||||
|
|
|
@ -63,7 +63,7 @@ class ActionModule(ActionBase):
|
||||||
tmp_src = self._connection._shell.join_path(tmp, os.path.basename(src))
|
tmp_src = self._connection._shell.join_path(tmp, os.path.basename(src))
|
||||||
self._transfer_file(src, tmp_src)
|
self._transfer_file(src, tmp_src)
|
||||||
|
|
||||||
self._fixup_perms((tmp, tmp_src), remote_user)
|
self._fixup_perms2((tmp, tmp_src), remote_user)
|
||||||
|
|
||||||
new_module_args = self._task.args.copy()
|
new_module_args = self._task.args.copy()
|
||||||
new_module_args.update(
|
new_module_args.update(
|
||||||
|
|
|
@ -81,7 +81,7 @@ class ActionModule(ActionBase):
|
||||||
self._transfer_file(source, tmp_src)
|
self._transfer_file(source, tmp_src)
|
||||||
|
|
||||||
# set file permissions, more permissive when the copy is done as a different user
|
# set file permissions, more permissive when the copy is done as a different user
|
||||||
self._fixup_perms((tmp, tmp_src), remote_user, execute=True)
|
self._fixup_perms2((tmp, tmp_src), remote_user, execute=True)
|
||||||
|
|
||||||
# add preparation steps to one ssh roundtrip executing the script
|
# add preparation steps to one ssh roundtrip executing the script
|
||||||
env_string = self._compute_environment_string()
|
env_string = self._compute_environment_string()
|
||||||
|
|
|
@ -167,7 +167,7 @@ class ActionModule(ActionBase):
|
||||||
xfered = self._transfer_data(self._connection._shell.join_path(tmp, 'source'), resultant)
|
xfered = self._transfer_data(self._connection._shell.join_path(tmp, 'source'), resultant)
|
||||||
|
|
||||||
# fix file permissions when the copy is done as a different user
|
# fix file permissions when the copy is done as a different user
|
||||||
self._fixup_perms((tmp, xfered), remote_user)
|
self._fixup_perms2((tmp, xfered), remote_user)
|
||||||
|
|
||||||
# run the copy module
|
# run the copy module
|
||||||
new_module_args.update(
|
new_module_args.update(
|
||||||
|
|
|
@ -108,7 +108,7 @@ class ActionModule(ActionBase):
|
||||||
|
|
||||||
if not remote_src:
|
if not remote_src:
|
||||||
# fix file permissions when the copy is done as a different user
|
# fix file permissions when the copy is done as a different user
|
||||||
self._fixup_perms((tmp, tmp_src), remote_user)
|
self._fixup_perms2((tmp, tmp_src), remote_user)
|
||||||
# Build temporary module_args.
|
# Build temporary module_args.
|
||||||
new_module_args = self._task.args.copy()
|
new_module_args = self._task.args.copy()
|
||||||
new_module_args.update(
|
new_module_args.update(
|
||||||
|
|
|
@ -489,7 +489,7 @@ class TestActionBase(unittest.TestCase):
|
||||||
action_base._transfer_data = MagicMock()
|
action_base._transfer_data = MagicMock()
|
||||||
action_base._compute_environment_string = MagicMock()
|
action_base._compute_environment_string = MagicMock()
|
||||||
action_base._low_level_execute_command = MagicMock()
|
action_base._low_level_execute_command = MagicMock()
|
||||||
action_base._fixup_perms = MagicMock()
|
action_base._fixup_perms2 = MagicMock()
|
||||||
|
|
||||||
action_base._configure_module.return_value = ('new', '#!/usr/bin/python', 'this is the module data', 'path')
|
action_base._configure_module.return_value = ('new', '#!/usr/bin/python', 'this is the module data', 'path')
|
||||||
action_base._late_needs_tmp_path.return_value = False
|
action_base._late_needs_tmp_path.return_value = False
|
||||||
|
|
Loading…
Reference in a new issue