Temporary (#31677)

* allow shells to have per host options, remote_tmp

added language to shell
removed module lang setting from general as  plugins have it now
use get to avoid bad powershell plugin
more resilient tmp discovery, fall back to `pwd`
add shell to docs
fixed options for when frags are only options
added shell set ops in t_e and fixed option frags
normalize tmp dir usag4e

- pass tmpdir/tmp/temp options as env var to commands, making it default for tempfile
- adjusted ansiballz tmpdir
- default local tempfile usage to the configured local tmp
- set env temp in action

add options to powershell
shift temporary to internal envvar/params
ensure tempdir is set if we pass var
ensure basic and url use expected tempdir
ensure localhost uses local tmp
give /var/tmp priority, less perms issues
more consistent tempfile mgmt for ansiballz
made async_dir configurable
better action handling, allow for finally rm tmp
fixed tmp issue and no more tempdir in ballz
hostvarize world readable and admin users
always set shell tempdir
added comment to discourage use of exception/flow control

* Mostly revert expand_user as it's not quite working.

This was an additional feature anyhow.

Kept the use of pwd as a fallback but moved it to a second ssh
connection.  This is not optimal but getting that to work in a single
ssh connection was part of the problem holding this up.

(cherry picked from commit 395b714120522f15e4c90a346f5e8e8d79213aca)

* fixed script and other action plugins

ensure tmpdir deletion
allow for connections that don't support new options (legacy, 3rd party)
fixed tests

lib/ansible/plugins/shell/__init__.py

@@ -18,10 +18,10 @@ from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
 import os
-import re
-import ansible.constants as C
-import time
+import os.path
 import random
+import re
+import time
 
 from ansible.module_utils.six import text_type
 from ansible.module_utils.six.moves import shlex_quote
@@ -31,26 +31,32 @@ _USER_HOME_PATH_RE = re.compile(r'^~[_.A-Za-z0-9][-_.A-Za-z0-9]*$')
 
 
 class ShellBase(AnsiblePlugin):
-
     def __init__(self):
 
         super(ShellBase, self).__init__()
 
-        self.env = dict()
-        if C.DEFAULT_MODULE_SET_LOCALE:
-            module_locale = C.DEFAULT_MODULE_LANG or os.getenv('LANG', 'en_US.UTF-8')
+        self.env = {}
+        self.tempdir = None
+
+    def set_options(self, task_keys=None, var_options=None, direct=None):
+
+        super(ShellBase, self).set_options(task_keys=task_keys, var_options=var_options, direct=direct)
+
+        # not all shell modules have this option
+        if self.get_option('set_module_language'):
             self.env.update(
                 dict(
-                    LANG=module_locale,
-                    LC_ALL=module_locale,
-                    LC_MESSAGES=module_locale,
+                    LANG=self.get_option('module_language'),
+                    LC_ALL=self.get_option('module_language'),
+                    LC_MESSAGES=self.get_option('module_language'),
                 )
             )
 
+        # set env
+        self.env.update(self.get_option('environment'))
+
     def env_prefix(self, **kwargs):
-        env = self.env.copy()
-        env.update(kwargs)
-        return ' '.join(['%s=%s' % (k, shlex_quote(text_type(v))) for k, v in env.items()])
+        return ' '.join(['%s=%s' % (k, shlex_quote(text_type(v))) for k, v in kwargs.items()])
 
     def join_path(self, *args):
         return os.path.join(*args)
@@ -96,32 +102,27 @@ class ShellBase(AnsiblePlugin):
         cmd = ['test', '-e', shlex_quote(path)]
         return ' '.join(cmd)
 
-    def mkdtemp(self, basefile=None, system=False, mode=None, tmpdir=None):
+    def mkdtemp(self, basefile=None, system=False, mode=0o700, tmpdir=None):
         if not basefile:
             basefile = 'ansible-tmp-%s-%s' % (time.time(), random.randint(0, 2**48))
 
         # When system is specified we have to create this in a directory where
-        # other users can read and access the temp directory.  This is because
-        # we use system to create tmp dirs for unprivileged users who are
-        # sudo'ing to a second unprivileged user.  The only dirctories where
-        # that is standard are the tmp dirs, /tmp and /var/tmp.  So we only
-        # allow one of those two locations if system=True.  However, users
-        # might want to have some say over which of /tmp or /var/tmp is used
-        # (because /tmp may be a tmpfs and want to conserve RAM or persist the
-        # tmp files beyond a reboot.  So we check if the user set REMOTE_TMP
-        # to somewhere in or below /var/tmp and if so use /var/tmp.  If
-        # anything else we use /tmp (because /tmp is specified by POSIX nad
-        # /var/tmp is not).
+        # other users can read and access the temp directory.
+        # This is because we use system to create tmp dirs for unprivileged users who are
+        # sudo'ing to a second unprivileged user.
+        # The 'system_temps' setting defines dirctories we can use for this purpose
+        # the default are, /tmp and /var/tmp.
+        # So we only allow one of those locations if system=True, using the
+        # passed in tmpdir if it is valid or the first one from the setting if not.
 
         if system:
-            # FIXME: create 'system tmp dirs' config/var and check tmpdir is in those values to allow for /opt/tmp, etc
-            if tmpdir.startswith('/var/tmp'):
-                basetmpdir = '/var/tmp'
+            if tmpdir.startswith(tuple(self.get_option('system_temps'))):
+                basetmpdir = tmpdir
             else:
-                basetmpdir = '/tmp'
+                basetmpdir = self.get_option('system_temps')[0]
         else:
             if tmpdir is None:
-                basetmpdir = C.DEFAULT_REMOTE_TMP
+                basetmpdir = self.get_option('remote_temp')
             else:
                 basetmpdir = tmpdir
 
@@ -138,13 +139,15 @@ class ShellBase(AnsiblePlugin):
 
         return cmd
 
-    def expand_user(self, user_home_path):
+    def expand_user(self, user_home_path, username=''):
         ''' Return a command to expand tildes in a path
 
-        It can be either "~" or "~username".  We use the POSIX definition of
-        a username:
+        It can be either "~" or "~username". We just ignore $HOME
+        We use the POSIX definition of a username:
             http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap03.html#tag_03_426
             http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap03.html#tag_03_276
+
+            Falls back to 'current workind directory' as we assume 'home is where the remote user ends up'
         '''
 
         # Check that the user_path to expand is safe
@@ -152,9 +155,17 @@ class ShellBase(AnsiblePlugin):
             if not _USER_HOME_PATH_RE.match(user_home_path):
                 # shlex_quote will make the shell return the string verbatim
                 user_home_path = shlex_quote(user_home_path)
+        elif username:
+            # if present the user name is appended to resolve "that user's home"
+            user_home_path += username
+
         return 'echo %s' % user_home_path
 
-    def build_module_command(self, env_string, shebang, cmd, arg_path=None, rm_tmp=None):
+    def pwd(self):
+        """Return the working directory after connecting"""
+        return 'echo %spwd%s' % (self._SHELL_SUB_LEFT, self._SHELL_SUB_RIGHT)
+
+    def build_module_command(self, env_string, shebang, cmd, arg_path=None):
         # don't quote the cmd if it's an empty string, because this will break pipelining mode
         if cmd.strip() != '':
             cmd = shlex_quote(cmd)
@@ -168,8 +179,6 @@ class ShellBase(AnsiblePlugin):
         if arg_path is not None:
             cmd_parts.append(arg_path)
         new_cmd = " ".join(cmd_parts)
-        if rm_tmp:
-            new_cmd = '%s; rm -rf "%s" %s' % (new_cmd, rm_tmp, self._SHELL_REDIRECT_ALLNULL)
         return new_cmd
 
     def append_command(self, cmd, cmd_to_append):