[backport][release_2.3] Fix artifact file permissions

* Fix artifact file permissions (#702, #853) Sets artifact file permissions to octal `600` in `ansible_runner.utils.dump_artifact` (cherry picked from commit a4a981d) Co-authored-by: Sam Caldwell <shoriminimoe@pm.me>
ansible · Jan 27, 2023 · 22c4555 · 22c4555
1 parent b858da8
commit 22c4555
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 1 deletion.
diff --git a/ansible_runner/utils/__init__.py b/ansible_runner/utils/__init__.py
@@ -162,7 +162,7 @@ def dump_artifact(obj, path, filename=None):
 
         try:
             with open(fn, 'w') as f:
-                os.chmod(fn, stat.S_IRUSR)
+                os.chmod(fn, stat.S_IRUSR | stat.S_IWUSR)
                 f.write(str(obj))
         finally:
             fcntl.lockf(lock_fd, fcntl.LOCK_UN)

diff --git a/test/integration/test_interface.py b/test/integration/test_interface.py
@@ -1,4 +1,6 @@
 import os
+import shutil
+
 import pytest
 
 from ansible_runner import defaults
@@ -39,6 +41,32 @@ def test_run_async(tmp_path):
     assert r.status == 'successful'
 
 
+def test_repeat_run_with_new_inventory(project_fixtures):
+    '''Repeat runs with different inventories should not fail'''
+    private_data_dir = project_fixtures / 'debug'
+    shutil.rmtree(private_data_dir / 'inventory')
+    hosts_file = private_data_dir / 'inventory' / 'hosts'
+
+    res = run(
+        private_data_dir=private_data_dir,
+        playbook='debug.yml',
+        inventory='localhost',
+    )
+    stdout = res.stdout.read()
+    assert res.rc == 0, stdout
+    assert hosts_file.read_text() == 'localhost', 'hosts file content is incorrect'
+
+    # Run again with a different inventory
+    res = run(
+        private_data_dir=private_data_dir,
+        playbook='debug.yml',
+        inventory='127.0.0.1',
+    )
+    stdout = res.stdout.read()
+    assert res.rc == 0, stdout
+    assert hosts_file.read_text() == '127.0.0.1', 'hosts file content is incorrect'
+
+
 def get_env_data(res):
     for event in res.events:
         found = bool(

diff --git a/test/unit/test_utils.py b/test/unit/test_utils.py
@@ -0,0 +1,12 @@
+import os
+import stat
+
+from ansible_runner.utils import dump_artifact
+
+
+def test_artifact_permissions(tmp_path):
+    """Artifacts should allow user read/write"""
+    filename = dump_artifact("artifact content", str(tmp_path))
+    file_mode = stat.S_IMODE(os.stat(filename).st_mode)
+    user_rw = stat.S_IRUSR | stat.S_IWUSR
+    assert (user_rw & file_mode) == user_rw, "file mode is incorrect"