Temporary (#31677)

* allow shells to have per host options, remote_tmp added language to shell removed module lang setting from general as plugins have it now use get to avoid bad powershell plugin more resilient tmp discovery, fall back to `pwd` add shell to docs fixed options for when frags are only options added shell set ops in t_e and fixed option frags normalize tmp dir usag4e - pass tmpdir/tmp/temp options as env var to commands, making it default for tempfile - adjusted ansiballz tmpdir - default local tempfile usage to the configured local tmp - set env temp in action add options to powershell shift temporary to internal envvar/params ensure tempdir is set if we pass var ensure basic and url use expected tempdir ensure localhost uses local tmp give /var/tmp priority, less perms issues more consistent tempfile mgmt for ansiballz made async_dir configurable better action handling, allow for finally rm tmp fixed tmp issue and no more tempdir in ballz hostvarize world readable and admin users always set shell tempdir added comment to discourage use of exception/flow control * Mostly revert expand_user as it's not quite working. This was an additional feature anyhow. Kept the use of pwd as a fallback but moved it to a second ssh connection. This is not optimal but getting that to work in a single ssh connection was part of the problem holding this up. (cherry picked from commit 395b714120522f15e4c90a346f5e8e8d79213aca) * fixed script and other action plugins ensure tmpdir deletion allow for connections that don't support new options (legacy, 3rd party) fixed tests
2025-04-25 11:51:26 -07:00 · 2018-01-16 00:15:04 -05:00 · 2018-01-16 00:15:04 -05:00 · bbd6b8bb42
commit bbd6b8bb42
parent eca3fcd214
44 changed files with 1010 additions and 972 deletions
--- a/lib/ansible/plugins/action/script.py
+++ b/lib/ansible/plugins/action/script.py
@ -21,12 +21,13 @@ import os
 import re
 import shlex

-from ansible.errors import AnsibleError
+from ansible.errors import AnsibleError, AnsibleAction, AnsibleActionDone, AnsibleActionFail, AnsibleActionSkip
 from ansible.module_utils._text import to_native, to_text
 from ansible.plugins.action import ActionBase


 class ActionModule(ActionBase):
+
    TRANSFERS_FILES = True

    # On Windows platform, absolute paths begin with a (back)slash
@ -40,95 +41,91 @@ class ActionModule(ActionBase):

        result = super(ActionModule, self).run(tmp, task_vars)

-        if not tmp:
-            tmp = self._make_tmp_path()
-
-        creates = self._task.args.get('creates')
-        if creates:
-            # do not run the command if the line contains creates=filename
-            # and the filename already exists. This allows idempotence
-            # of command executions.
-            if self._remote_file_exists(creates):
-                self._remove_tmp_path(tmp)
-                return dict(skipped=True, msg=("skipped, since %s exists" % creates))
-
-        removes = self._task.args.get('removes')
-        if removes:
-            # do not run the command if the line contains removes=filename
-            # and the filename does not exist. This allows idempotence
-            # of command executions.
-            if not self._remote_file_exists(removes):
-                self._remove_tmp_path(tmp)
-                return dict(skipped=True, msg=("skipped, since %s does not exist" % removes))
-
-        # The chdir must be absolute, because a relative path would rely on
-        # remote node behaviour & user config.
-        chdir = self._task.args.get('chdir')
-        if chdir:
-            # Powershell is the only Windows-path aware shell
-            if self._connection._shell.SHELL_FAMILY == 'powershell' and \
-                    not self.windows_absolute_path_detection.matches(chdir):
-                return dict(failed=True, msg='chdir %s must be an absolute path for a Windows remote node' % chdir)
-            # Every other shell is unix-path-aware.
-            if self._connection._shell.SHELL_FAMILY != 'powershell' and not chdir.startswith('/'):
-                return dict(failed=True, msg='chdir %s must be an absolute path for a Unix-aware remote node' % chdir)
-
-        # Split out the script as the first item in raw_params using
-        # shlex.split() in order to support paths and files with spaces in the name.
-        # Any arguments passed to the script will be added back later.
-        raw_params = to_native(self._task.args.get('_raw_params', ''), errors='surrogate_or_strict')
-        parts = [to_text(s, errors='surrogate_or_strict') for s in shlex.split(raw_params.strip())]
-        source = parts[0]
-
        try:
-            source = self._loader.get_real_file(self._find_needle('files', source), decrypt=self._task.args.get('decrypt', True))
-        except AnsibleError as e:
-            return dict(failed=True, msg=to_native(e))
+            creates = self._task.args.get('creates')
+            if creates:
+                # do not run the command if the line contains creates=filename
+                # and the filename already exists. This allows idempotence
+                # of command executions.
+                if self._remote_file_exists(creates):
+                    raise AnsibleActionSkip("%s exists, matching creates option" % creates)

-        if not self._play_context.check_mode:
-            # transfer the file to a remote tmp location
-            tmp_src = self._connection._shell.join_path(tmp, os.path.basename(source))
+            removes = self._task.args.get('removes')
+            if removes:
+                # do not run the command if the line contains removes=filename
+                # and the filename does not exist. This allows idempotence
+                # of command executions.
+                if not self._remote_file_exists(removes):
+                    raise AnsibleActionSkip("%s does not exist, matching removes option" % removes)

-            # Convert raw_params to text for the purpose of replacing the script since
-            # parts and tmp_src are both unicode strings and raw_params will be different
-            # depending on Python version.
-            #
-            # Once everything is encoded consistently, replace the script path on the remote
-            # system with the remainder of the raw_params. This preserves quoting in parameters
-            # that would have been removed by shlex.split().
-            target_command = to_text(raw_params).strip().replace(parts[0], tmp_src)
+            # The chdir must be absolute, because a relative path would rely on
+            # remote node behaviour & user config.
+            chdir = self._task.args.get('chdir')
+            if chdir:
+                # Powershell is the only Windows-path aware shell
+                if self._connection._shell.SHELL_FAMILY == 'powershell' and \
+                        not self.windows_absolute_path_detection.matches(chdir):
+                    raise AnsibleActionFail('chdir %s must be an absolute path for a Windows remote node' % chdir)
+                # Every other shell is unix-path-aware.
+                if self._connection._shell.SHELL_FAMILY != 'powershell' and not chdir.startswith('/'):
+                    raise AnsibleActionFail('chdir %s must be an absolute path for a Unix-aware remote node' % chdir)

-            self._transfer_file(source, tmp_src)
+            # Split out the script as the first item in raw_params using
+            # shlex.split() in order to support paths and files with spaces in the name.
+            # Any arguments passed to the script will be added back later.
+            raw_params = to_native(self._task.args.get('_raw_params', ''), errors='surrogate_or_strict')
+            parts = [to_text(s, errors='surrogate_or_strict') for s in shlex.split(raw_params.strip())]
+            source = parts[0]

-            # set file permissions, more permissive when the copy is done as a different user
-            self._fixup_perms2((tmp, tmp_src), execute=True)
+            try:
+                source = self._loader.get_real_file(self._find_needle('files', source), decrypt=self._task.args.get('decrypt', True))
+            except AnsibleError as e:
+                raise AnsibleActionFail(to_native(e))

-            # add preparation steps to one ssh roundtrip executing the script
-            env_dict = dict()
-            env_string = self._compute_environment_string(env_dict)
-            script_cmd = ' '.join([env_string, target_command])
-
-        if self._play_context.check_mode:
+            # now we execute script, always assume changed.
            result['changed'] = True
-            self._remove_tmp_path(tmp)
-            return result

-        script_cmd = self._connection._shell.wrap_for_exec(script_cmd)
+            if not self._play_context.check_mode:
+                # transfer the file to a remote tmp location
+                tmp_src = self._connection._shell.join_path(self._connection._shell.tempdir, os.path.basename(source))

-        exec_data = None
-        # HACK: come up with a sane way to pass around env outside the command
-        if self._connection.transport == "winrm":
-            exec_data = self._connection._create_raw_wrapper_payload(script_cmd, env_dict)
+                # Convert raw_params to text for the purpose of replacing the script since
+                # parts and tmp_src are both unicode strings and raw_params will be different
+                # depending on Python version.
+                #
+                # Once everything is encoded consistently, replace the script path on the remote
+                # system with the remainder of the raw_params. This preserves quoting in parameters
+                # that would have been removed by shlex.split().
+                target_command = to_text(raw_params).strip().replace(parts[0], tmp_src)

-        result.update(self._low_level_execute_command(cmd=script_cmd, in_data=exec_data, sudoable=True, chdir=chdir))
+                self._transfer_file(source, tmp_src)

-        # clean up after
-        self._remove_tmp_path(tmp)
+                # set file permissions, more permissive when the copy is done as a different user
+                self._fixup_perms2((tmp_src,), execute=True)

-        result['changed'] = True
+                # add preparation steps to one ssh roundtrip executing the script
+                env_dict = dict()
+                env_string = self._compute_environment_string(env_dict)
+                script_cmd = ' '.join([env_string, target_command])

-        if 'rc' in result and result['rc'] != 0:
-            result['failed'] = True
-            result['msg'] = 'non-zero return code'
+            if self._play_context.check_mode:
+                raise AnsibleActionDone()
+
+            script_cmd = self._connection._shell.wrap_for_exec(script_cmd)
+
+            exec_data = None
+            # HACK: come up with a sane way to pass around env outside the command
+            if self._connection.transport == "winrm":
+                exec_data = self._connection._create_raw_wrapper_payload(script_cmd, env_dict)
+
+            result.update(self._low_level_execute_command(cmd=script_cmd, in_data=exec_data, sudoable=True, chdir=chdir))
+
+            if 'rc' in result and result['rc'] != 0:
+                raise AnsibleActionFail('non-zero return code')
+
+        except AnsibleAction as e:
+            result.update(e.result)
+        finally:
+            self._remove_tmp_path(self._connection._shell.tempdir)

        return result