Add partially backwards compatible version of _fixup_perms. (#17427)
Also added a deprecation notice for _fixup_perms. Resolves issue #17352 (assumes custom actions use recursive=False).
This commit is contained in:
parent
1d412059a0
commit
94a0d2afb4
10 changed files with 46 additions and 10 deletions
14
CHANGELOG.md
14
CHANGELOG.md
|
@ -86,6 +86,20 @@ Ansible Changes By Release
|
|||
* loop_control now has a label option to allow fine grained control what gets displayed per item
|
||||
* loop_control now has a pause option to allow pausing for N seconds between loop iterations of a task.
|
||||
|
||||
## 2.1.2 "The Song Remains the Same"
|
||||
|
||||
###Deprecations:
|
||||
|
||||
* Deprecated the use of `_fixup_perms`. Use `_fixup_perms2` instead.
|
||||
This change only impacts custom action plugins using `_fixup_perms`.
|
||||
|
||||
###Incompatible Changes:
|
||||
|
||||
* Use of `_fixup_perms` with `recursive=True` (the default) is no longer supported.
|
||||
Custom action plugins using `_fixup_perms` will require changes unless they already use `recursive=False`.
|
||||
Use `_fixup_perms2` if support for previous releases is not required.
|
||||
Otherwise use `_fixup_perms` with `recursive=False`.
|
||||
|
||||
## 2.1 "The Song Remains the Same"
|
||||
|
||||
###Major Changes:
|
||||
|
|
|
@ -293,7 +293,29 @@ class ActionBase(with_metaclass(ABCMeta, object)):
|
|||
|
||||
return remote_path
|
||||
|
||||
def _fixup_perms(self, remote_paths, remote_user, execute=True):
|
||||
def _fixup_perms(self, remote_path, remote_user, execute=True, recursive=True):
|
||||
"""
|
||||
We need the files we upload to be readable (and sometimes executable)
|
||||
by the user being sudo'd to but we want to limit other people's access
|
||||
(because the files could contain passwords or other private
|
||||
information.
|
||||
|
||||
Deprecated in favor of _fixup_perms2. Ansible code has been updated to
|
||||
use _fixup_perms2. This code is maintained to provide partial support
|
||||
for custom actions (non-recursive mode only).
|
||||
|
||||
"""
|
||||
|
||||
display.deprecated('_fixup_perms is deprecated. Use _fixup_perms2 instead.', version='2.4', removed=False)
|
||||
|
||||
if recursive:
|
||||
raise AnsibleError('_fixup_perms with recursive=True (the default) is no longer supported. ' +
|
||||
'Use _fixup_perms2 if support for previous releases is not required. '
|
||||
'Otherwise use fixup_perms with recursive=False.')
|
||||
|
||||
return self._fixup_perms2([remote_path], remote_user, execute)
|
||||
|
||||
def _fixup_perms2(self, remote_paths, remote_user, execute=True):
|
||||
"""
|
||||
We need the files we upload to be readable (and sometimes executable)
|
||||
by the user being sudo'd to but we want to limit other people's access
|
||||
|
@ -618,7 +640,7 @@ class ActionBase(with_metaclass(ABCMeta, object)):
|
|||
# Fix permissions of the tmp path and tmp files. This should be
|
||||
# called after all files have been transferred.
|
||||
if remote_files:
|
||||
self._fixup_perms(remote_files, remote_user)
|
||||
self._fixup_perms2(remote_files, remote_user)
|
||||
|
||||
cmd = ""
|
||||
in_data = None
|
||||
|
|
|
@ -159,7 +159,7 @@ class ActionModule(ActionBase):
|
|||
xfered = self._transfer_file(path, remote_path)
|
||||
|
||||
# fix file permissions when the copy is done as a different user
|
||||
self._fixup_perms((tmp, remote_path), remote_user)
|
||||
self._fixup_perms2((tmp, remote_path), remote_user)
|
||||
|
||||
new_module_args.update( dict( src=xfered,))
|
||||
|
||||
|
|
|
@ -81,7 +81,7 @@ class ActionModule(ActionBase):
|
|||
if argsfile:
|
||||
remote_paths += argsfile,
|
||||
|
||||
self._fixup_perms(remote_paths, remote_user, execute=True)
|
||||
self._fixup_perms2(remote_paths, remote_user, execute=True)
|
||||
|
||||
async_limit = self._task.async
|
||||
async_jid = str(random.randint(0, 999999999999))
|
||||
|
|
|
@ -226,7 +226,7 @@ class ActionModule(ActionBase):
|
|||
|
||||
# fix file permissions when the copy is done as a different user
|
||||
if remote_path:
|
||||
self._fixup_perms((tmp, remote_path), remote_user)
|
||||
self._fixup_perms2((tmp, remote_path), remote_user)
|
||||
|
||||
if raw:
|
||||
# Continue to next iteration if raw is defined.
|
||||
|
|
|
@ -63,7 +63,7 @@ class ActionModule(ActionBase):
|
|||
tmp_src = self._connection._shell.join_path(tmp, os.path.basename(src))
|
||||
self._transfer_file(src, tmp_src)
|
||||
|
||||
self._fixup_perms((tmp, tmp_src), remote_user)
|
||||
self._fixup_perms2((tmp, tmp_src), remote_user)
|
||||
|
||||
new_module_args = self._task.args.copy()
|
||||
new_module_args.update(
|
||||
|
|
|
@ -81,7 +81,7 @@ class ActionModule(ActionBase):
|
|||
self._transfer_file(source, tmp_src)
|
||||
|
||||
# set file permissions, more permissive when the copy is done as a different user
|
||||
self._fixup_perms((tmp, tmp_src), remote_user, execute=True)
|
||||
self._fixup_perms2((tmp, tmp_src), remote_user, execute=True)
|
||||
|
||||
# add preparation steps to one ssh roundtrip executing the script
|
||||
env_string = self._compute_environment_string()
|
||||
|
|
|
@ -167,7 +167,7 @@ class ActionModule(ActionBase):
|
|||
xfered = self._transfer_data(self._connection._shell.join_path(tmp, 'source'), resultant)
|
||||
|
||||
# fix file permissions when the copy is done as a different user
|
||||
self._fixup_perms((tmp, xfered), remote_user)
|
||||
self._fixup_perms2((tmp, xfered), remote_user)
|
||||
|
||||
# run the copy module
|
||||
new_module_args.update(
|
||||
|
|
|
@ -108,7 +108,7 @@ class ActionModule(ActionBase):
|
|||
|
||||
if not remote_src:
|
||||
# fix file permissions when the copy is done as a different user
|
||||
self._fixup_perms((tmp, tmp_src), remote_user)
|
||||
self._fixup_perms2((tmp, tmp_src), remote_user)
|
||||
# Build temporary module_args.
|
||||
new_module_args = self._task.args.copy()
|
||||
new_module_args.update(
|
||||
|
|
|
@ -489,7 +489,7 @@ class TestActionBase(unittest.TestCase):
|
|||
action_base._transfer_data = MagicMock()
|
||||
action_base._compute_environment_string = MagicMock()
|
||||
action_base._low_level_execute_command = MagicMock()
|
||||
action_base._fixup_perms = MagicMock()
|
||||
action_base._fixup_perms2 = MagicMock()
|
||||
|
||||
action_base._configure_module.return_value = ('new', '#!/usr/bin/python', 'this is the module data', 'path')
|
||||
action_base._late_needs_tmp_path.return_value = False
|
||||
|
|
Loading…
Reference in a new issue