From 419727a6da60d11f4ad4fffe96b824348fdb6002 Mon Sep 17 00:00:00 2001
From: Jordan Borean <jborean93@gmail.com>
Date: Wed, 23 Jan 2019 10:14:59 +1000
Subject: [PATCH] file - allow touch on files not owned by user (#50964)

* file - allow touch on files not owned by user

* use Sentinal value and preserved existing args

* Do no instantiate the Sentinel object
---
 .../fragments/file-touch-non-owner.yaml       |  2 +
 lib/ansible/modules/files/file.py             | 54 +++++++++++++------
 test/integration/targets/file/tasks/main.yml  | 31 +++++++++++
 3 files changed, 71 insertions(+), 16 deletions(-)
 create mode 100644 changelogs/fragments/file-touch-non-owner.yaml

diff --git a/changelogs/fragments/file-touch-non-owner.yaml b/changelogs/fragments/file-touch-non-owner.yaml
new file mode 100644
index 00000000000..b70f61c93ec
--- /dev/null
+++ b/changelogs/fragments/file-touch-non-owner.yaml
@@ -0,0 +1,2 @@
+bugfixes:
+- file - Allow state=touch on file the user does not own https://github.com/ansible/ansible/issues/50943
diff --git a/lib/ansible/modules/files/file.py b/lib/ansible/modules/files/file.py
index 0dc0a3042a4..1dda03537a0 100644
--- a/lib/ansible/modules/files/file.py
+++ b/lib/ansible/modules/files/file.py
@@ -211,6 +211,11 @@ class ParameterError(AnsibleModuleError):
     pass
 
 
+class Sentinel(object):
+    def __new__(cls, *args, **kwargs):
+        return cls
+
+
 def _ansible_excepthook(exc_type, exc_value, tb):
     # Using an exception allows us to catch it if the calling code knows it can recover
     if issubclass(exc_type, AnsibleModuleError):
@@ -349,8 +354,7 @@ def get_timestamp_for_time(formatted_time, time_format):
     if formatted_time == 'preserve':
         return None
     elif formatted_time == 'now':
-        current_time = time.time()
-        return current_time
+        return Sentinel
     else:
         try:
             struct = time.strptime(formatted_time, time_format)
@@ -363,25 +367,43 @@ def get_timestamp_for_time(formatted_time, time_format):
 
 
 def update_timestamp_for_file(path, mtime, atime, diff=None):
-    # If both parameters are None, nothing to do
-    if mtime is None and atime is None:
-        return False
-
     try:
-        previous_mtime = os.stat(path).st_mtime
-        previous_atime = os.stat(path).st_atime
+        # When mtime and atime are set to 'now', rely on utime(path, None) which does not require ownership of the file
+        # https://github.com/ansible/ansible/issues/50943
+        if mtime is Sentinel and atime is Sentinel:
+            # It's not exact but we can't rely on os.stat(path).st_mtime after setting os.utime(path, None) as it may
+            # not be updated. Just use the current time for the diff values
+            mtime = atime = time.time()
+
+            previous_mtime = os.stat(path).st_mtime
+            previous_atime = os.stat(path).st_atime
+
+            set_time = None
+        else:
+            # If both parameters are None 'preserve', nothing to do
+            if mtime is None and atime is None:
+                return False
+
+            previous_mtime = os.stat(path).st_mtime
+            previous_atime = os.stat(path).st_atime
+
+            if mtime is None:
+                mtime = previous_mtime
+            elif mtime is Sentinel:
+                mtime = time.time()
 
-        if mtime is None:
-            mtime = previous_mtime
+            if atime is None:
+                atime = previous_atime
+            elif atime is Sentinel:
+                atime = time.time()
 
-        if atime is None:
-            atime = previous_atime
+            # If both timestamps are already ok, nothing to do
+            if mtime == previous_mtime and atime == previous_atime:
+                return False
 
-        # If both timestamps are already ok, nothing to do
-        if mtime == previous_mtime and atime == previous_atime:
-            return False
+            set_time = (atime, mtime)
 
-        os.utime(path, (atime, mtime))
+        os.utime(path, set_time)
 
         if diff is not None:
             if 'before' not in diff:
diff --git a/test/integration/targets/file/tasks/main.yml b/test/integration/targets/file/tasks/main.yml
index a8e903f4be6..e8ac8a1c4d2 100644
--- a/test/integration/targets/file/tasks/main.yml
+++ b/test/integration/targets/file/tasks/main.yml
@@ -488,6 +488,37 @@
     that:
     - result.mode == '0444'
 
+# https://github.com/ansible/ansible/issues/50943
+# Need to use /tmp as nobody can't access output_dir at all
+- name: create file as root with all write permissions
+  file: dest=/tmp/write_utime state=touch mode=0666 owner={{ansible_user}}
+
+- block:
+  - name: get previous time
+    stat: path=/tmp/write_utime
+    register: previous_time
+
+  - name: touch file as nobody
+    file: dest=/tmp/write_utime state=touch
+    become: True
+    become_user: nobody
+    register: result
+
+  - name: get new time
+    stat: path=/tmp/write_utime
+    register: current_time
+
+  always:
+  - name: remove test utime file
+    file: path=/tmp/write_utime state=absent
+
+- name: assert touch file as nobody
+  assert:
+    that:
+    - result is changed
+    - current_time.stat.atime > previous_time.stat.atime
+    - current_time.stat.mtime > previous_time.stat.mtime
+
 # Follow + recursive tests
 - name: create a toplevel directory
   file: path={{output_dir}}/test_follow_rec state=directory mode=0755