docker_login: fix permissions for ~/.docker/config.json (#67353)

* Fix permissions for ~/.docker/config.json.

* Add changelog, remove debug output.

(cherry picked from commit 55cb8c53887c081f645cf9853ace4f94f56d99a9)

2 files changed, 9 insertions, 2 deletions

diff --git a/changelogs/fragments/67353-docker_login-permissions.yml b/changelogs/fragments/67353-docker_login-permissions.yml
new file mode 100644
index 0000000000..ddb38e0fd4
--- /dev/null
+++ b/changelogs/fragments/67353-docker_login-permissions.yml
@@ -0,0 +1,2 @@
+bugfixes:
+- "docker_login - make sure that ``~/.docker/config.json`` is created with permissions ``0600``."
diff --git a/lib/ansible/modules/cloud/docker/docker_login.py b/lib/ansible/modules/cloud/docker/docker_login.py
index 85dfbd8bee..3fac04e4ba 100644
--- a/lib/ansible/modules/cloud/docker/docker_login.py
+++ b/lib/ansible/modules/cloud/docker/docker_login.py
@@ -257,8 +257,13 @@ class LoginManager(DockerBaseClass):
 
     def write_config(self, path, config):
         try:
-            with open(path, "w") as file:
-                json.dump(config, file, indent=5, sort_keys=True)
+            # Write config; make sure it has permissions 0x600
+            content = json.dumps(config, indent=5, sort_keys=True).encode('utf-8')
+            f = os.open(path, os.O_WRONLY | os.O_CREAT | os.O_TRUNC, 0o600)
+            try:
+                os.write(f, content)
+            finally:
+                os.close(f)
         except Exception as exc:
             self.fail("Error: failed to write config to %s - %s" % (path, str(exc)))