diff options
author | Felix Fontein <felix@fontein.de> | 2020-02-15 15:38:58 +0100 |
---|---|---|
committer | Matt Clay <matt@mystile.com> | 2020-03-02 14:41:03 -0800 |
commit | a24dcf232c2eea2791f4b010da0dc5d0a84cbd9d (patch) | |
tree | b8dde51bf09edc9a3eb86bf52ec0a064aa4ef0f1 | |
parent | 6fc2ae7476bf1b8e61789843aae795b821d75857 (diff) | |
download | ansible-a24dcf232c2eea2791f4b010da0dc5d0a84cbd9d.tar.gz |
docker_login: fix permissions for ~/.docker/config.json (#67353)
* Fix permissions for ~/.docker/config.json.
* Add changelog, remove debug output.
(cherry picked from commit 55cb8c53887c081f645cf9853ace4f94f56d99a9)
-rw-r--r-- | changelogs/fragments/67353-docker_login-permissions.yml | 2 | ||||
-rw-r--r-- | lib/ansible/modules/cloud/docker/docker_login.py | 9 |
2 files changed, 9 insertions, 2 deletions
diff --git a/changelogs/fragments/67353-docker_login-permissions.yml b/changelogs/fragments/67353-docker_login-permissions.yml new file mode 100644 index 0000000000..ddb38e0fd4 --- /dev/null +++ b/changelogs/fragments/67353-docker_login-permissions.yml @@ -0,0 +1,2 @@ +bugfixes: +- "docker_login - make sure that ``~/.docker/config.json`` is created with permissions ``0600``." diff --git a/lib/ansible/modules/cloud/docker/docker_login.py b/lib/ansible/modules/cloud/docker/docker_login.py index 85dfbd8bee..3fac04e4ba 100644 --- a/lib/ansible/modules/cloud/docker/docker_login.py +++ b/lib/ansible/modules/cloud/docker/docker_login.py @@ -257,8 +257,13 @@ class LoginManager(DockerBaseClass): def write_config(self, path, config): try: - with open(path, "w") as file: - json.dump(config, file, indent=5, sort_keys=True) + # Write config; make sure it has permissions 0x600 + content = json.dumps(config, indent=5, sort_keys=True).encode('utf-8') + f = os.open(path, os.O_WRONLY | os.O_CREAT | os.O_TRUNC, 0o600) + try: + os.write(f, content) + finally: + os.close(f) except Exception as exc: self.fail("Error: failed to write config to %s - %s" % (path, str(exc))) |