Also added a deprecation notice for _fixup_perms.
Resolves issue #17352 (assumes custom actions use recursive=False).
(cherry picked from commit 94a0d2afb4b7b74bbefd5ab57d459f0e74b060a2)
... | ... |
@@ -7,6 +7,19 @@ Ansible Changes By Release |
7 | 7 |
* Fix a bug with async's poll keyword not making use of ansible_python_interpreter to run (and thus breaking when /usr/bin/python is not present on the remote machine.) |
8 | 8 |
* Fix a bug where hosts that started with a range in inventory were being treated as an invalid section header. |
9 | 9 |
* Fix a bug where the fetch module was not idempotent when retrieving the target of a symlink. |
10 |
+ |
|
11 |
+###Deprecations: |
|
12 |
+ |
|
13 |
+* Deprecated the use of `_fixup_perms`. Use `_fixup_perms2` instead. |
|
14 |
+ This change only impacts custom action plugins using `_fixup_perms`. |
|
15 |
+ |
|
16 |
+###Incompatible Changes: |
|
17 |
+ |
|
18 |
+* Use of `_fixup_perms` with `recursive=True` (the default) is no longer supported. |
|
19 |
+ Custom action plugins using `_fixup_perms` will require changes unless they already use `recursive=False`. |
|
20 |
+ Use `_fixup_perms2` if support for previous releases is not required. |
|
21 |
+ Otherwise use `_fixup_perms` with `recursive=False`. |
|
22 |
+ |
|
10 | 23 |
## 2.1.1 "The Song Remains the Same" - 07-28-2016 |
11 | 24 |
|
12 | 25 |
###Minor Changes: |
... | ... |
@@ -293,7 +293,29 @@ class ActionBase(with_metaclass(ABCMeta, object)): |
293 | 293 |
|
294 | 294 |
return remote_path |
295 | 295 |
|
296 |
- def _fixup_perms(self, remote_paths, remote_user, execute=True): |
|
296 |
+ def _fixup_perms(self, remote_path, remote_user, execute=True, recursive=True): |
|
297 |
+ """ |
|
298 |
+ We need the files we upload to be readable (and sometimes executable) |
|
299 |
+ by the user being sudo'd to but we want to limit other people's access |
|
300 |
+ (because the files could contain passwords or other private |
|
301 |
+ information. |
|
302 |
+ |
|
303 |
+ Deprecated in favor of _fixup_perms2. Ansible code has been updated to |
|
304 |
+ use _fixup_perms2. This code is maintained to provide partial support |
|
305 |
+ for custom actions (non-recursive mode only). |
|
306 |
+ |
|
307 |
+ """ |
|
308 |
+ |
|
309 |
+ display.deprecated('_fixup_perms is deprecated. Use _fixup_perms2 instead.', version='2.4', removed=False) |
|
310 |
+ |
|
311 |
+ if recursive: |
|
312 |
+ raise AnsibleError('_fixup_perms with recursive=True (the default) is no longer supported. ' + |
|
313 |
+ 'Use _fixup_perms2 if support for previous releases is not required. ' |
|
314 |
+ 'Otherwise use fixup_perms with recursive=False.') |
|
315 |
+ |
|
316 |
+ return self._fixup_perms2([remote_path], remote_user, execute) |
|
317 |
+ |
|
318 |
+ def _fixup_perms2(self, remote_paths, remote_user, execute=True): |
|
297 | 319 |
""" |
298 | 320 |
We need the files we upload to be readable (and sometimes executable) |
299 | 321 |
by the user being sudo'd to but we want to limit other people's access |
... | ... |
@@ -611,7 +633,7 @@ class ActionBase(with_metaclass(ABCMeta, object)): |
611 | 611 |
# Fix permissions of the tmp path and tmp files. This should be |
612 | 612 |
# called after all files have been transferred. |
613 | 613 |
if remote_files: |
614 |
- self._fixup_perms(remote_files, remote_user) |
|
614 |
+ self._fixup_perms2(remote_files, remote_user) |
|
615 | 615 |
|
616 | 616 |
cmd = "" |
617 | 617 |
in_data = None |
... | ... |
@@ -153,7 +153,7 @@ class ActionModule(ActionBase): |
153 | 153 |
xfered = self._transfer_file(path, remote_path) |
154 | 154 |
|
155 | 155 |
# fix file permissions when the copy is done as a different user |
156 |
- self._fixup_perms((tmp, remote_path), remote_user) |
|
156 |
+ self._fixup_perms2((tmp, remote_path), remote_user) |
|
157 | 157 |
|
158 | 158 |
new_module_args.update( dict( src=xfered,)) |
159 | 159 |
|
... | ... |
@@ -76,7 +76,7 @@ class ActionModule(ActionBase): |
76 | 76 |
if argsfile: |
77 | 77 |
remote_paths += argsfile, |
78 | 78 |
|
79 |
- self._fixup_perms(remote_paths, remote_user, execute=True) |
|
79 |
+ self._fixup_perms2(remote_paths, remote_user, execute=True) |
|
80 | 80 |
|
81 | 81 |
async_limit = self._task.async |
82 | 82 |
async_jid = str(random.randint(0, 999999999999)) |
... | ... |
@@ -230,7 +230,7 @@ class ActionModule(ActionBase): |
230 | 230 |
|
231 | 231 |
# fix file permissions when the copy is done as a different user |
232 | 232 |
if remote_path: |
233 |
- self._fixup_perms((tmp, remote_path), remote_user) |
|
233 |
+ self._fixup_perms2((tmp, remote_path), remote_user) |
|
234 | 234 |
|
235 | 235 |
if raw: |
236 | 236 |
# Continue to next iteration if raw is defined. |
... | ... |
@@ -59,7 +59,7 @@ class ActionModule(ActionBase): |
59 | 59 |
tmp_src = self._connection._shell.join_path(tmp, os.path.basename(src)) |
60 | 60 |
self._transfer_file(src, tmp_src) |
61 | 61 |
|
62 |
- self._fixup_perms((tmp, tmp_src), remote_user) |
|
62 |
+ self._fixup_perms2((tmp, tmp_src), remote_user) |
|
63 | 63 |
|
64 | 64 |
new_module_args = self._task.args.copy() |
65 | 65 |
new_module_args.update( |
... | ... |
@@ -79,7 +79,7 @@ class ActionModule(ActionBase): |
79 | 79 |
self._transfer_file(source, tmp_src) |
80 | 80 |
|
81 | 81 |
# set file permissions, more permissive when the copy is done as a different user |
82 |
- self._fixup_perms((tmp, tmp_src), remote_user, execute=True) |
|
82 |
+ self._fixup_perms2((tmp, tmp_src), remote_user, execute=True) |
|
83 | 83 |
|
84 | 84 |
# add preparation steps to one ssh roundtrip executing the script |
85 | 85 |
env_string = self._compute_environment_string() |
... | ... |
@@ -164,7 +164,7 @@ class ActionModule(ActionBase): |
164 | 164 |
xfered = self._transfer_data(self._connection._shell.join_path(tmp, 'source'), resultant) |
165 | 165 |
|
166 | 166 |
# fix file permissions when the copy is done as a different user |
167 |
- self._fixup_perms((tmp, xfered), remote_user) |
|
167 |
+ self._fixup_perms2((tmp, xfered), remote_user) |
|
168 | 168 |
|
169 | 169 |
# run the copy module |
170 | 170 |
new_module_args.update( |
... | ... |
@@ -93,7 +93,7 @@ class ActionModule(ActionBase): |
93 | 93 |
|
94 | 94 |
if copy: |
95 | 95 |
# fix file permissions when the copy is done as a different user |
96 |
- self._fixup_perms((tmp, tmp_src), remote_user) |
|
96 |
+ self._fixup_perms2((tmp, tmp_src), remote_user) |
|
97 | 97 |
# Build temporary module_args. |
98 | 98 |
new_module_args = self._task.args.copy() |
99 | 99 |
new_module_args.update( |
... | ... |
@@ -570,7 +570,7 @@ class TestActionBase(unittest.TestCase): |
570 | 570 |
action_base._transfer_data = MagicMock() |
571 | 571 |
action_base._compute_environment_string = MagicMock() |
572 | 572 |
action_base._low_level_execute_command = MagicMock() |
573 |
- action_base._fixup_perms = MagicMock() |
|
573 |
+ action_base._fixup_perms2 = MagicMock() |
|
574 | 574 |
|
575 | 575 |
action_base._configure_module.return_value = ('new', '#!/usr/bin/python', 'this is the module data') |
576 | 576 |
action_base._late_needs_tmp_path.return_value = False |