Unified tmp accidentally removed the containing tmpdir from the list of
files to fix the permissions on when we're becoming a different
unprivileged user. This resulted in a visible bug for script but not
for patch. This is because patch also uploads the module to the same
temporary directory and the uploaded module also ends up calling
fixup_perms2() which includes the temporary directory. So by the time
patch needs to access the temporary patch file, the directory is
appropriately set.
script's breakage was visible because script does not upload a module
(it's akin to raw in this way). Therefore, we only call fixup_perms2()
once in script and so leaving out the tmpdir in script means that the
containing directory never has its permissions set appropriately.
Fixing both because it does not cause an extra round trip for patch so
any speedup would be minimal and it's better to fix the perms as close
as possible to where we know we need it. Otherwise, changes to
seemingly unrelated code later could end up breaking it.
Fixes#36398
* First bit of fixing temporary to have one source of truth
* Fix pep8
* Remove explicit make_tmp_path() in copy
The copy action plugin sets TRANSFER_FILES=True so it does not need to
set the temporary directory explicitly; the base class's run() method
will do that for us.
* Fix for calling a module's run when a shell has already created a temp path.
* Remember to inform the rest of the world when tempdir is removed
* New strategy for how to warn on passing tmp
Now we just warn when calling the parent class run() early. If the
module does a late call to the parent run() and doesn't make use of the
temporary directory, then we don't check for the possibility that the
user mistakenly is sending tmp in. If we truly deprecate this (rather
than ignoring it forever) then we might want to switch back to checking
for someone passing a value in as tmp.
* Remove tmp parameter from _execute_module as well
* Port all action plugins to not send tmp explicitly
This is now handled inside of _execute_module via the
_connection._shell.tempdir attribute.
Also update warnings and docs to tell people to set the attribute
instead of using _execute_module's tmp parameter.
* Always set local tempdir variable
* allow shells to have per host options, remote_tmp
added language to shell
removed module lang setting from general as plugins have it now
use get to avoid bad powershell plugin
more resilient tmp discovery, fall back to `pwd`
add shell to docs
fixed options for when frags are only options
added shell set ops in t_e and fixed option frags
normalize tmp dir usag4e
- pass tmpdir/tmp/temp options as env var to commands, making it default for tempfile
- adjusted ansiballz tmpdir
- default local tempfile usage to the configured local tmp
- set env temp in action
add options to powershell
shift temporary to internal envvar/params
ensure tempdir is set if we pass var
ensure basic and url use expected tempdir
ensure localhost uses local tmp
give /var/tmp priority, less perms issues
more consistent tempfile mgmt for ansiballz
made async_dir configurable
better action handling, allow for finally rm tmp
fixed tmp issue and no more tempdir in ballz
hostvarize world readable and admin users
always set shell tempdir
added comment to discourage use of exception/flow control
* Mostly revert expand_user as it's not quite working.
This was an additional feature anyhow.
Kept the use of pwd as a fallback but moved it to a second ssh
connection. This is not optimal but getting that to work in a single
ssh connection was part of the problem holding this up.
(cherry picked from commit 395b714120522f15e4c90a346f5e8e8d79213aca)
* fixed script and other action plugins
ensure tmpdir deletion
allow for connections that don't support new options (legacy, 3rd party)
fixed tests
Consolidate the module_utils, constants, and config functions that
convert values into booleans into a single function in module_utils.
Port code to use the module_utils.validate.convert_bool.boolean function
isntead of mk_boolean.
- centralized skipping
- also fixed module name broken by previous refactor
- let action modules handle async processing
- moved async into base action class's module exec
- action plugins can now run final action as async
- actually skip copy if base skips
- fixed normal for new paths
- ensure internal stat is never async
- default poll to 10 as per docs
- added hint for callback fix on poll
- restructured late tmp, now a pipeline query
- moving action handler to connection as networking does
- fixed network assumption invocation is always passed
- centralized key cleanup, normalized internal var
- _supress_tmpdir_delete now in _ansible_xxx and gets removed from results
- delay internal key removal till after we use em
- nicer tmp removing, using existing methods
- moved cleanup tmp flag to mking tmp func
We couldn't copy to_unicode, to_bytes, to_str into module_utils because
of licensing. So once created it we had two sets of functions that did
the same things but had different implementations. To remedy that, this
change removes the ansible.utils.unicode versions of those functions.
Run setfacl/chown/chmod on each temp dir and file.
This fixes temp file permissions handling on platforms such as FreeBSD
which always return success when using find -exec. This is done by
eliminating the use of find when setting up temp files and directories.
Additionally, tests that now pass on FreeBSD have been enabled for CI.
* smarter function to figure out relative paths
takes list of paths in order of relevance to current task
and does the dwim magic on them
* shared function for action plugins using new dwim
unify path construction and error info/messaging
made include and role non exclusive
corrected order and now smarter about tasks
includes inside roles are currently broken as they don't provide the correct role data
make dirname full match to avoid corner cases
* migrated action plugins to new dwim function
reported plugins to use exceptions instead of info
* clarified needle
* Fix the task_vars parameter to not default to a mutable type (dict)
* Implement invocation in the base class's run() method have each action
module call the run() method's implemention in the base class.
* Return values from the action plugins' run() method takes the return
value from the base class run() method into account so that invocation
makes its way to the output.
Fixes#12869
There doesn't appear to be anything that actually uses tmp_path in the
connection plugins so we don't need to pass that in to exec_command.
That change also means that we don't need to pass tmp_path around in
many places in the action plugins any more. there may be more cleanup
that can be done there as well (the action plugin's public run() method
takes tmp as a keyword arg but that may not be necessary).
As a sideeffect of this patch, some potential problems with chmod and
the patch, assemble, copy, and template modules has been fixed (those
modules called _remote_chmod() with the wrong order for their
parameters. Removing the tmp parameter fixed them.)
Also making PlayContext a child class of the Playbook Base class,
which gives it access to all of the FieldAttribute code to ensure
field values are correctly typed after post_validation
Fixes#11381
Toshio Kuratomi
Jordan Borean
Brian Coca
Dag Wieers
Brian Coca
Matt Clay
Brian Coca
Toshio Kuratomi
James Cammarata
Pierre-Louis Bonicoli