Temporary (#31677)

* allow shells to have per host options, remote_tmp

added language to shell
removed module lang setting from general as  plugins have it now
use get to avoid bad powershell plugin
more resilient tmp discovery, fall back to `pwd`
add shell to docs
fixed options for when frags are only options
added shell set ops in t_e and fixed option frags
normalize tmp dir usag4e

- pass tmpdir/tmp/temp options as env var to commands, making it default for tempfile
- adjusted ansiballz tmpdir
- default local tempfile usage to the configured local tmp
- set env temp in action

add options to powershell
shift temporary to internal envvar/params
ensure tempdir is set if we pass var
ensure basic and url use expected tempdir
ensure localhost uses local tmp
give /var/tmp priority, less perms issues
more consistent tempfile mgmt for ansiballz
made async_dir configurable
better action handling, allow for finally rm tmp
fixed tmp issue and no more tempdir in ballz
hostvarize world readable and admin users
always set shell tempdir
added comment to discourage use of exception/flow control

* Mostly revert expand_user as it's not quite working.

This was an additional feature anyhow.

Kept the use of pwd as a fallback but moved it to a second ssh
connection.  This is not optimal but getting that to work in a single
ssh connection was part of the problem holding this up.

(cherry picked from commit 395b714120522f15e4c90a346f5e8e8d79213aca)

* fixed script and other action plugins

ensure tmpdir deletion
allow for connections that don't support new options (legacy, 3rd party)
fixed tests

lib/ansible/plugins/shell/__init__.py

@@ -18,10 +18,10 @@ from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
 import os
-import re
-import ansible.constants as C
-import time
+import os.path
 import random
+import re
+import time
 
 from ansible.module_utils.six import text_type
 from ansible.module_utils.six.moves import shlex_quote
@@ -31,26 +31,32 @@ _USER_HOME_PATH_RE = re.compile(r'^~[_.A-Za-z0-9][-_.A-Za-z0-9]*$')
 
 
 class ShellBase(AnsiblePlugin):
-
     def __init__(self):
 
         super(ShellBase, self).__init__()
 
-        self.env = dict()
-        if C.DEFAULT_MODULE_SET_LOCALE:
-            module_locale = C.DEFAULT_MODULE_LANG or os.getenv('LANG', 'en_US.UTF-8')
+        self.env = {}
+        self.tempdir = None
+
+    def set_options(self, task_keys=None, var_options=None, direct=None):
+
+        super(ShellBase, self).set_options(task_keys=task_keys, var_options=var_options, direct=direct)
+
+        # not all shell modules have this option
+        if self.get_option('set_module_language'):
             self.env.update(
                 dict(
-                    LANG=module_locale,
-                    LC_ALL=module_locale,
-                    LC_MESSAGES=module_locale,
+                    LANG=self.get_option('module_language'),
+                    LC_ALL=self.get_option('module_language'),
+                    LC_MESSAGES=self.get_option('module_language'),
                 )
             )
 
+        # set env
+        self.env.update(self.get_option('environment'))
+
     def env_prefix(self, **kwargs):
-        env = self.env.copy()
-        env.update(kwargs)
-        return ' '.join(['%s=%s' % (k, shlex_quote(text_type(v))) for k, v in env.items()])
+        return ' '.join(['%s=%s' % (k, shlex_quote(text_type(v))) for k, v in kwargs.items()])
 
     def join_path(self, *args):
         return os.path.join(*args)
@@ -96,32 +102,27 @@ class ShellBase(AnsiblePlugin):
         cmd = ['test', '-e', shlex_quote(path)]
         return ' '.join(cmd)
 
-    def mkdtemp(self, basefile=None, system=False, mode=None, tmpdir=None):
+    def mkdtemp(self, basefile=None, system=False, mode=0o700, tmpdir=None):
         if not basefile:
             basefile = 'ansible-tmp-%s-%s' % (time.time(), random.randint(0, 2**48))
 
         # When system is specified we have to create this in a directory where
-        # other users can read and access the temp directory.  This is because
-        # we use system to create tmp dirs for unprivileged users who are
-        # sudo'ing to a second unprivileged user.  The only dirctories where
-        # that is standard are the tmp dirs, /tmp and /var/tmp.  So we only
-        # allow one of those two locations if system=True.  However, users
-        # might want to have some say over which of /tmp or /var/tmp is used
-        # (because /tmp may be a tmpfs and want to conserve RAM or persist the
-        # tmp files beyond a reboot.  So we check if the user set REMOTE_TMP
-        # to somewhere in or below /var/tmp and if so use /var/tmp.  If
-        # anything else we use /tmp (because /tmp is specified by POSIX nad
-        # /var/tmp is not).
+        # other users can read and access the temp directory.
+        # This is because we use system to create tmp dirs for unprivileged users who are
+        # sudo'ing to a second unprivileged user.
+        # The 'system_temps' setting defines dirctories we can use for this purpose
+        # the default are, /tmp and /var/tmp.
+        # So we only allow one of those locations if system=True, using the
+        # passed in tmpdir if it is valid or the first one from the setting if not.
 
         if system:
-            # FIXME: create 'system tmp dirs' config/var and check tmpdir is in those values to allow for /opt/tmp, etc
-            if tmpdir.startswith('/var/tmp'):
-                basetmpdir = '/var/tmp'
+            if tmpdir.startswith(tuple(self.get_option('system_temps'))):
+                basetmpdir = tmpdir
             else:
-                basetmpdir = '/tmp'
+                basetmpdir = self.get_option('system_temps')[0]
         else:
             if tmpdir is None:
-                basetmpdir = C.DEFAULT_REMOTE_TMP
+                basetmpdir = self.get_option('remote_temp')
             else:
                 basetmpdir = tmpdir
 
@@ -138,13 +139,15 @@ class ShellBase(AnsiblePlugin):
 
         return cmd
 
-    def expand_user(self, user_home_path):
+    def expand_user(self, user_home_path, username=''):
         ''' Return a command to expand tildes in a path
 
-        It can be either "~" or "~username".  We use the POSIX definition of
-        a username:
+        It can be either "~" or "~username". We just ignore $HOME
+        We use the POSIX definition of a username:
             http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap03.html#tag_03_426
             http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap03.html#tag_03_276
+
+            Falls back to 'current workind directory' as we assume 'home is where the remote user ends up'
         '''
 
         # Check that the user_path to expand is safe
@@ -152,9 +155,17 @@ class ShellBase(AnsiblePlugin):
             if not _USER_HOME_PATH_RE.match(user_home_path):
                 # shlex_quote will make the shell return the string verbatim
                 user_home_path = shlex_quote(user_home_path)
+        elif username:
+            # if present the user name is appended to resolve "that user's home"
+            user_home_path += username
+
         return 'echo %s' % user_home_path
 
-    def build_module_command(self, env_string, shebang, cmd, arg_path=None, rm_tmp=None):
+    def pwd(self):
+        """Return the working directory after connecting"""
+        return 'echo %spwd%s' % (self._SHELL_SUB_LEFT, self._SHELL_SUB_RIGHT)
+
+    def build_module_command(self, env_string, shebang, cmd, arg_path=None):
         # don't quote the cmd if it's an empty string, because this will break pipelining mode
         if cmd.strip() != '':
             cmd = shlex_quote(cmd)
@@ -168,8 +179,6 @@ class ShellBase(AnsiblePlugin):
         if arg_path is not None:
             cmd_parts.append(arg_path)
         new_cmd = " ".join(cmd_parts)
-        if rm_tmp:
-            new_cmd = '%s; rm -rf "%s" %s' % (new_cmd, rm_tmp, self._SHELL_REDIRECT_ALLNULL)
         return new_cmd
 
     def append_command(self, cmd, cmd_to_append):

lib/ansible/plugins/shell/csh.py

@@ -1,24 +1,22 @@
-# (c) 2014, Chris Church <chris@ninemoreminutes.com>
-#
-# This file is part of Ansible.
-#
-# Ansible is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+# Copyright (c) 2014, Chris Church <chris@ninemoreminutes.com>
+# Copyright (c) 2017 Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
 from ansible.plugins.shell import ShellBase
 
+DOCUMENTATION = '''
+    name: csh
+    plugin_type: shell
+    version_added: ""
+    short_description: C shell (/bin/csh)
+    description:
+      - When you have no other option than to use csh
+    extends_documentation_fragment:
+      - shell_common
+'''
+
 
 class ShellModule(ShellBase):
 

lib/ansible/plugins/shell/fish.py

@@ -1,19 +1,6 @@
-# (c) 2014, Chris Church <chris@ninemoreminutes.com>
-#
-# This file is part of Ansible.
-#
-# Ansible is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+# Copyright (c) 2014, Chris Church <chris@ninemoreminutes.com>
+# Copyright (c) 2017 Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
@@ -21,6 +8,17 @@ from ansible.module_utils.six import text_type
 from ansible.module_utils.six.moves import shlex_quote
 from ansible.plugins.shell.sh import ShellModule as ShModule
 
+DOCUMENTATION = '''
+    name: fish
+    plugin_type: shell
+    version_added: ""
+    short_description: fish shell (/bin/fish)
+    description:
+      - This is here because some people are restricted to fish.
+    extends_documentation_fragment:
+      - shell_common
+'''
+
 
 class ShellModule(ShModule):
 
@@ -43,7 +41,7 @@ class ShellModule(ShModule):
         env.update(kwargs)
         return ' '.join(['set -lx %s %s;' % (k, shlex_quote(text_type(v))) for k, v in env.items()])
 
-    def build_module_command(self, env_string, shebang, cmd, arg_path=None, rm_tmp=None):
+    def build_module_command(self, env_string, shebang, cmd, arg_path=None):
         # don't quote the cmd if it's an empty string, because this will break pipelining mode
         if cmd.strip() != '':
             cmd = shlex_quote(cmd)
@@ -51,8 +49,6 @@ class ShellModule(ShModule):
         if arg_path is not None:
             cmd_parts.append(arg_path)
         new_cmd = " ".join(cmd_parts)
-        if rm_tmp:
-            new_cmd = 'begin ; %s; rm -rf "%s" %s ; end' % (new_cmd, rm_tmp, self._SHELL_REDIRECT_ALLNULL)
         return new_cmd
 
     def checksum(self, path, python_interp):

lib/ansible/plugins/shell/powershell.py

@@ -1,22 +1,18 @@
-# (c) 2014, Chris Church <chris@ninemoreminutes.com>
-#
-# This file is part of Ansible.
-#
-# Ansible is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+# Copyright (c) 2014, Chris Church <chris@ninemoreminutes.com>
+# Copyright (c) 2017 Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
+DOCUMENTATION = '''
+    name: powershell
+    plugin_type: shell
+    version_added: ""
+    short_description: Windows Powershell
+    description:
+      - The only option whne using 'winrm' as a connection plugin
+'''
+
 import base64
 import os
 import re
@@ -1693,8 +1689,10 @@ Function Run($payload) {
 
 '''  # end async_watchdog
 
+from ansible.plugins import AnsiblePlugin
 
-class ShellModule(object):
+
+class ShellModule(AnsiblePlugin):
 
     # Common shell filenames that this plugin handles
     # Powershell is handled differently.  It's selected when winrm is the
@@ -1773,7 +1771,7 @@ class ShellModule(object):
         # FIXME: Support system temp path and passed in tmpdir!
         return self._encode_script('''(New-Item -Type Directory -Path $env:temp -Name "%s").FullName | Write-Host -Separator '';''' % basefile)
 
-    def expand_user(self, user_home_path):
+    def expand_user(self, user_home_path, username=''):
         # PowerShell only supports "~" (not "~username").  Resolve-Path ~ does
         # not seem to work remotely, though by default we are always starting
         # in the user's home directory.
@@ -1823,7 +1821,7 @@ class ShellModule(object):
         ''' % dict(path=path)
         return self._encode_script(script)
 
-    def build_module_command(self, env_string, shebang, cmd, arg_path=None, rm_tmp=None):
+    def build_module_command(self, env_string, shebang, cmd, arg_path=None):
         # pipelining bypass
         if cmd == '':
             return '-'
@@ -1878,10 +1876,6 @@ class ShellModule(object):
                 Exit 1
             }
         ''' % (env_string, ' '.join(cmd_parts))
-        if rm_tmp:
-            rm_tmp = self._escape(self._unquote(rm_tmp))
-            rm_cmd = 'Remove-Item "%s" -Force -Recurse -ErrorAction SilentlyContinue' % rm_tmp
-            script = '%s\nFinally { %s }' % (script, rm_cmd)
         return self._encode_script(script, preserve_rc=False)
 
     def wrap_for_exec(self, cmd):

lib/ansible/plugins/shell/sh.py

@@ -1,22 +1,19 @@
-# (c) 2014, Chris Church <chris@ninemoreminutes.com>
-#
-# This file is part of Ansible.
-#
-# Ansible is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Ansible is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+# Copyright (c) 2014, Chris Church <chris@ninemoreminutes.com>
+# Copyright (c) 2017 Ansible Project
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
+DOCUMENTATION = '''
+name: sh
+plugin_type: shell
+short_description: "POSIX shell (/bin/sh)"
+version_added: historical
+description:
+  - This shell plugin is the one you want to use on most Unix systems, it is the most compatible and widely installed shell.
+extends_documentation_fragment:
+  - shell_common
+'''
 
 from ansible.module_utils.six.moves import shlex_quote
 from ansible.plugins.shell import ShellBase
@@ -26,6 +23,8 @@ class ShellModule(ShellBase):
 
     # Common shell filenames that this plugin handles.
     # Note: sh is the default shell plugin so this plugin may also be selected
+    # This code needs to be SH-compliant. BASH-isms will not work if /bin/sh points to a non-BASH shell.
+
     # if the filename is not listed in any Shell plugin.
     COMPATIBLE_SHELLS = frozenset(('sh', 'zsh', 'bash', 'dash', 'ksh'))
     # Family of shells this has.  Must match the filename without extension
@@ -42,22 +41,16 @@ class ShellModule(ShellBase):
     _SHELL_GROUP_RIGHT = ')'
 
     def checksum(self, path, python_interp):
-        # The following test needs to be SH-compliant.  BASH-isms will
-        # not work if /bin/sh points to a non-BASH shell.
-        #
         # In the following test, each condition is a check and logical
         # comparison (|| or &&) that sets the rc value.  Every check is run so
-        # the last check in the series to fail will be the rc that is
-        # returned.
+        # the last check in the series to fail will be the rc that is returned.
         #
         # If a check fails we error before invoking the hash functions because
         # hash functions may successfully take the hash of a directory on BSDs
-        # (UFS filesystem?) which is not what the rest of the ansible code
-        # expects
+        # (UFS filesystem?) which is not what the rest of the ansible code expects
         #
-        # If all of the available hashing methods fail we fail with an rc of
-        # 0.  This logic is added to the end of the cmd at the bottom of this
-        # function.
+        # If all of the available hashing methods fail we fail with an rc of 0.
+        # This logic is added to the end of the cmd at the bottom of this function.
 
         # Return codes:
         # checksum: success!