External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-18 19:50:05 -03:30
Code Issues Packages Projects Releases Wiki Activity

Fix permission assignment on rendered registry auth files

Browse Source 
- This file shouldnt need the executable bit
- Should have been setting permissions before writing any data
- No need to close the file since we're using open w/ a context manager
This commit is contained in:
Shane McDonald
2021-04-19 18:35:24 -04:00
parent 0cdf57f31f
commit bcf911daf1
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
awx/main/tasks.py
View File

@@ -878,14 +878,14 @@ class BaseTask(object):
if cred.has_inputs(field_names=('host', 'username', 'password')): if cred.has_inputs(field_names=('host', 'username', 'password')):
path = os.path.split(private_data_dir)[0] path = os.path.split(private_data_dir)[0]
with open(path + '/auth.json', 'w') as authfile: with open(path + '/auth.json', 'w') as authfile:
os.chmod(authfile.name, stat.S_IRUSR | stat.S_IWUSR)
host = cred.get_input('host') host = cred.get_input('host')
username = cred.get_input('username') username = cred.get_input('username')
password = cred.get_input('password') password = cred.get_input('password')
token = "{}:{}".format(username, password) token = "{}:{}".format(username, password)
auth_data = {'auths': {host: {'auth': b64encode(token.encode('ascii')).decode()}}} auth_data = {'auths': {host: {'auth': b64encode(token.encode('ascii')).decode()}}}
authfile.write(json.dumps(auth_data, indent=4)) authfile.write(json.dumps(auth_data, indent=4))
authfile.close()
os.chmod(authfile.name, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
params["container_options"].append(f'--authfile={authfile.name}') params["container_options"].append(f'--authfile={authfile.name}')
else: else:
raise RuntimeError('Please recheck that your host, username, and password fields are all filled.') raise RuntimeError('Please recheck that your host, username, and password fields are all filled.')