-
Notifications
You must be signed in to change notification settings - Fork 23.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add new type 'mode' for Unix permissions/umask #50035
Conversation
5f74734
to
22d01bc
Compare
This comment has been minimized.
This comment has been minimized.
e6c81de
to
42fe72f
Compare
Why not simply changing https://github.com/ansible/ansible/blob/devel/docs/bin/plugin_formatter.py#L150-L163 to output |
@sivel Do you have any thoughts on #50035 (comment) ? |
@felixfontein A possibility as well. It's only |
This PR alse fixes existing modules and examples.
I want to make sure I understand this correctly. Please forgive me for any misunderstanding up front. This change will be introducing a warning to a user who may be using an int in their playbooks for mode. So we suggest moving to a string as the new recommendation? I'd also like to see a porting guide addition for this change. Also, @kustodian, we do need a lint rule change for this. |
The documentation of the mode-parameter usually recommends using strings for various reasons. Rather than giving users insights in how YAML and Ansible work together to make this a big problem, requiring a string takes away most of the pain. This is what we have in the documentation currently:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall I think this change promotes consistency and clarity. I did find a couple of points of confusion, noted below.
@@ -477,7 +477,7 @@ def main(): | |||
backup=dict(type='bool', default=False), | |||
force=dict(type='bool', default=True, aliases=['thirsty']), | |||
validate=dict(type='str'), | |||
directory_mode=dict(type='raw'), | |||
directory_mode=dict(type='mode'), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why isn't the parameter mode
also defined here in the argspec? It's listed in the docs but not here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AnsibleModule()
has an argument add_file_common_args
, which will add common parameters such as mode
to the argspec. The parametes which are added are the ones in FILE_COMMON_ARGUMENTS
defined in module_utils/basic.py
, which includes this change.
@@ -155,8 +155,8 @@ | |||
mode: | |||
description: Unix permissions of the file in octal |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to change as well.
@@ -36,6 +36,7 @@ | |||
mode: | |||
description: | |||
- The octal mode for newly created files in sources.list.d |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one too.
We've passed Core feature freeze for 2.8. |
When discussing this in the backlog meeting it seems like these changes here have been implemented by various other features over time and the changes here may not be needed anymore (or at least aren't needed to the same extent). Due to the age and the conflicts in the files we are going to close this PR. |
SUMMARY
To avoid any dangerous situations with octal or integer values as Unix mode, it is better to always rely on using strings for Unix permissions or umasks. It adds clarity and uniformity, as the current ambiguous situation leads to unforeseen consequences (e.g. with indirected values being converted to integers). It would have been better if we always had only accepted string octal representation IMO.
This implements a deprecation warning if a string was not provided, but by Ansible v2.12 we will only accept string values for type
mode
. As a temporary measure we introduced amode_str
type to cover oldstr
-type modes (whereasmode
is usingraw
-type modes instead).This PR also:
This fixes #43256
ISSUE TYPE
COMPONENT NAME
apt_repository, copy, file, get_url, htpasswd, ini_file, java_keystore, jenkins_plugin, lineinfile, openssl_pkcs12, replace, stat, template, udm_share