Various performance streamlining and making the file features usable in all modules without daisy chaining.

2025-04-24 03:11:24 -07:00 · 2012-10-20 22:51:36 -04:00 · 2012-10-20 22:51:36 -04:00 · cbc12f0dba
commit cbc12f0dba
parent 60b9316ad8
12 changed files with 361 additions and 312 deletions
--- a/lib/ansible/module_common.py
+++ b/lib/ansible/module_common.py
@ -50,6 +50,16 @@ import types
 import time
 import shutil
 import stat
+import stat
+import grp
+import pwd
+
+HAVE_SELINUX=False
+try:
+    import selinux
+    HAVE_SELINUX=True
+except ImportError:
+    pass

 try:
    from hashlib import md5 as _md5
@ -63,11 +73,22 @@ except ImportError:
  import syslog
  has_journal = False

+FILE_COMMON_ARGUMENTS=dict(
+    src = dict(),
+    mode = dict(),
+    owner = dict(),
+    group = dict(),
+    seuser = dict(),
+    serole = dict(),
+    selevel = dict(),
+    setype = dict(),
+)
+
 class AnsibleModule(object):

    def __init__(self, argument_spec, bypass_checks=False, no_log=False,
        check_invalid_arguments=True, mutually_exclusive=None, required_together=None,
-        required_one_of=None):
+        required_one_of=None, add_file_common_args=True):

        '''
        common code for quickly building an ansible module in Python
@ -76,12 +97,15 @@ class AnsibleModule(object):
        '''

        self.argument_spec = argument_spec
+
+        if add_file_common_args:
+            self.argument_spec.update(FILE_COMMON_ARGUMENTS)
+
        (self.params, self.args) = self._load_params()

        self._legal_inputs = []
        self._handle_aliases()

-        # this may be disabled where modules are going to daisy chain into others
        if check_invalid_arguments:
            self._check_invalid_arguments()

@ -98,6 +122,256 @@ class AnsibleModule(object):
        if not no_log:
            self._log_invocation()

+    def load_file_common_arguments(self, params):
+        ''' 
+        many modules deal with files, this encapsulates common
+        options that the file module accepts such that it is directly
+        available to all modules and they can share code.
+        '''
+
+        path = params.get('path', params.get('dest', None))
+        if path is None:
+            return {}
+
+        mode   = params.get('mode', None)
+        owner  = params.get('owner', None)
+        group  = params.get('group', None)
+
+        # selinux related options
+        seuser    = params.get('seuser', None)
+        serole    = params.get('serole', None)
+        setype    = params.get('setype', None)
+        selevel   = params.get('serange', 's0')
+        secontext = [seuser, serole, setype]
+    
+        if self.selinux_mls_enabled():
+            secontext.append(selevel)
+
+        default_secontext = self.selinux_default_context(path)
+        for i in range(len(default_secontext)):
+            if i is not None and secontext[i] == '_default':
+                secontext[i] = default_secontext[i]
+
+        return dict(
+            path=path, mode=mode, owner=owner, group=group, 
+            seuser=seuser, serole=serole, setype=setype,
+            selevel=selevel, secontext=secontext, 
+        )
+
+
+    # Detect whether using selinux that is MLS-aware.
+    # While this means you can set the level/range with
+    # selinux.lsetfilecon(), it may or may not mean that you
+    # will get the selevel as part of the context returned
+    # by selinux.lgetfilecon().
+
+    def selinux_mls_enabled(self):
+        if not HAVE_SELINUX:
+            return False
+        if selinux.is_selinux_mls_enabled() == 1:
+            return True
+        else:
+            return False
+
+    def selinux_enabled(self):
+        if not HAVE_SELINUX:
+            return False
+        if selinux.is_selinux_enabled() == 1:
+            return True
+        else:
+            return False
+
+    # Determine whether we need a placeholder for selevel/mls
+    def selinux_initial_context(self):
+        context = [None, None, None]
+        if self.selinux_mls_enabled():
+            context.append(None)
+        return context
+
+    # If selinux fails to find a default, return an array of None
+    def selinux_default_context(self, path, mode=0):
+        context = self.selinux_initial_context()
+        if not HAVE_SELINUX or not self.selinux_enabled():
+            return context
+        try:
+            ret = selinux.matchpathcon(path, mode)
+        except OSError:
+            return context
+        if ret[0] == -1:
+            return context
+        context = ret[1].split(':')
+        return context
+
+    def selinux_context(self, path):
+        context = self.selinux_initial_context()
+        if not HAVE_SELINUX or not self.selinux_enabled():
+            return context
+        try:
+            ret = selinux.lgetfilecon(path)
+        except:
+            self.fail_json(path=path, msg='failed to retrieve selinux context')
+        if ret[0] == -1:
+            return context
+        context = ret[1].split(':')
+        return context
+
+    def user_and_group(self, filename):
+        st = os.stat(filename)
+        uid = st.st_uid
+        gid = st.st_gid
+        try:    
+            user = pwd.getpwuid(uid)[0]
+        except KeyError:
+            user = str(uid)
+        try:    
+            group = grp.getgrgid(gid)[0]
+        except KeyError:
+            group = str(gid)
+        return (user, group)
+
+    def set_context_if_different(self, path, context, changed):
+
+        if not HAVE_SELINUX or not self.selinux_enabled():
+            return changed 
+        cur_context = self.selinux_context(path)
+        new_context = list(cur_context)
+        # Iterate over the current context instead of the
+        # argument context, which may have selevel.
+
+        for i in range(len(cur_context)):
+            if context[i] is not None and context[i] != cur_context[i]:
+                new_context[i] = context[i]
+            if context[i] is None:
+                new_context[i] = cur_context[i]
+        if cur_context != new_context:
+            try:    
+                rc = selinux.lsetfilecon(path, ':'.join(new_context))
+            except OSError:
+                self.fail_json(path=path, msg='invalid selinux context', new_context=new_context, cur_context=cur_context, input_was=context)
+            if rc != 0:
+                self.fail_json(path=path, msg='set selinux context failed')
+            changed = True
+        return changed
+
+    def set_owner_if_different(self, path, owner, changed):
+        if owner is None:
+            return changed
+        user, group = self.user_and_group(path)
+        if owner != user:
+            try:
+                uid = pwd.getpwnam(owner).pw_uid
+            except KeyError:
+                self.fail_json(path=path, msg='chown failed: failed to look up user %s' % owner)
+            try:
+                os.chown(path, uid, -1)
+            except OSError:
+                self.fail_json(path=path, msg='chown failed')
+            changed = True
+        return changed
+
+    def set_group_if_different(self, path, group, changed):
+        if group is None:
+            return changed
+        old_user, old_group = self.user_and_group(path)
+        if old_group != group:
+            try:
+                gid = grp.getgrnam(group).gr_gid
+            except KeyError:
+                self.fail_json(path=path, msg='chgrp failed: failed to look up group %s' % group)
+            try:
+                os.chown(path, -1, gid)
+            except OSError:
+                self.fail_json(path=path, msg='chgrp failed')
+            changed = True
+        return changed
+
+    def set_mode_if_different(self, path, mode, changed):
+        if mode is None:
+            return changed
+        try:
+            # FIXME: support English modes
+            mode = int(mode, 8)
+        except Exception, e:
+            self.fail_json(path=path, msg='mode needs to be something octalish', details=str(e))
+
+        st = os.stat(path)
+        prev_mode = stat.S_IMODE(st[stat.ST_MODE])
+
+        if prev_mode != mode:
+            # FIXME: comparison against string above will cause this to be executed
+            # every time
+            try:
+                os.chmod(path, mode)
+            except Exception, e:
+                self.fail_json(path=path, msg='chmod failed', details=str(e))
+
+            st = os.stat(path)
+            new_mode = stat.S_IMODE(st[stat.ST_MODE])
+
+            if new_mode != prev_mode:
+                changed = True
+        return changed
+
+    def set_file_attributes_if_different(self, file_args, changed):
+        # set modes owners and context as needed
+        changed = self.set_context_if_different(
+            file_args['path'], file_args['secontext'], changed
+        )
+        changed = self.set_owner_if_different(
+            file_args['path'], file_args['owner'], changed
+        )
+        changed = self.set_group_if_different(
+            file_args['path'], file_args['group'], changed
+        )
+        changed = self.set_mode_if_different(
+            file_args['path'], file_args['mode'], changed
+        )
+        return changed
+
+    def set_directory_attributes_if_different(self, file_args, changed):
+        changed = self.set_context_if_different(
+            file_args['path'], file_args['secontext'], changed
+        )
+        changed = self.set_owner_if_different(
+            file_args['path'], file_args['owner'], changed
+        )
+        changed = self.set_group_if_different(
+            file_args['path'], file_args['group'], changed
+        )
+        changed = self.set_mode_if_different(
+            file_args['path'], file_args['mode'], changed
+        )
+        return changed
+
+    def add_path_info(self, kwargs):
+        ''' 
+        for results that are files, supplement the info about the file
+        in the return path with stats about the file path. 
+        '''
+
+        path = kwargs.get('path', kwargs.get('dest', None))
+        if path is None:
+            return kwargs
+        if os.path.exists(path):
+            (user, group) = self.user_and_group(path)
+            kwargs['owner']  = user
+            kwargs['group'] = group
+            st = os.stat(path)
+            kwargs['mode']  = oct(stat.S_IMODE(st[stat.ST_MODE]))
+            # secontext not yet supported
+            if os.path.islink(path):
+                kwargs['state'] = 'link'
+            elif os.path.isdir(path):
+                kwargs['state'] = 'directory'
+            else:
+                kwargs['state'] = 'file'
+            if HAVE_SELINUX and self.selinux_enabled():
+                kwargs['secontext'] = ':'.join(self.selinux_context(path))
+        else:
+            kwargs['state'] = 'absent'
+        return kwargs
+
+
    def _handle_aliases(self):
        for (k,v) in self.argument_spec.iteritems():
            self._legal_inputs.append(k)
@ -274,11 +548,13 @@ class AnsibleModule(object):

    def exit_json(self, **kwargs):
        ''' return from the module, without error '''
+        self.add_path_info(kwargs)
        print self.jsonify(kwargs)
        sys.exit(0)

    def fail_json(self, **kwargs):
        ''' return from the module, with an error message '''
+        self.add_path_info(kwargs)
        assert 'msg' in kwargs, "implementation error -- msg to explain the error is required"
        kwargs['failed'] = True
        print self.jsonify(kwargs)
@ -286,8 +562,8 @@ class AnsibleModule(object):

    def is_executable(self, path):
        '''is the given path executable?'''
-        return (stat.S_IXUSR & os.stat(path)[stat.ST_MODE] 
-                or stat.S_IXGRP & os.stat(path)[stat.ST_MODE] 
+        return (stat.S_IXUSR & os.stat(path)[stat.ST_MODE]
+                or stat.S_IXGRP & os.stat(path)[stat.ST_MODE]
                or stat.S_IXOTH & os.stat(path)[stat.ST_MODE])

    def md5(self, filename):