From a24dcf232c2eea2791f4b010da0dc5d0a84cbd9d Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Sat, 15 Feb 2020 15:38:58 +0100 Subject: [PATCH] docker_login: fix permissions for ~/.docker/config.json (#67353) * Fix permissions for ~/.docker/config.json. * Add changelog, remove debug output. (cherry picked from commit 55cb8c53887c081f645cf9853ace4f94f56d99a9) --- changelogs/fragments/67353-docker_login-permissions.yml | 2 ++ lib/ansible/modules/cloud/docker/docker_login.py | 9 +++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/67353-docker_login-permissions.yml diff --git a/changelogs/fragments/67353-docker_login-permissions.yml b/changelogs/fragments/67353-docker_login-permissions.yml new file mode 100644 index 00000000000..ddb38e0fd4e --- /dev/null +++ b/changelogs/fragments/67353-docker_login-permissions.yml @@ -0,0 +1,2 @@ +bugfixes: +- "docker_login - make sure that ``~/.docker/config.json`` is created with permissions ``0600``." diff --git a/lib/ansible/modules/cloud/docker/docker_login.py b/lib/ansible/modules/cloud/docker/docker_login.py index 85dfbd8bee7..3fac04e4baf 100644 --- a/lib/ansible/modules/cloud/docker/docker_login.py +++ b/lib/ansible/modules/cloud/docker/docker_login.py @@ -257,8 +257,13 @@ class LoginManager(DockerBaseClass): def write_config(self, path, config): try: - with open(path, "w") as file: - json.dump(config, file, indent=5, sort_keys=True) + # Write config; make sure it has permissions 0x600 + content = json.dumps(config, indent=5, sort_keys=True).encode('utf-8') + f = os.open(path, os.O_WRONLY | os.O_CREAT | os.O_TRUNC, 0o600) + try: + os.write(f, content) + finally: + os.close(f) except Exception as exc: self.fail("Error: failed to write config to %s - %s" % (path, str(exc)))