1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

[PR #8057/c13bede0 backport][stable-7] pam_limits: do not create file in check mode when it does not exist (#8070)

pam_limits: do not create file in check mode when it does not exist (#8057)

Do not create file in check mode when it does not exist.

(cherry picked from commit c13bede0c5)

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
patchback[bot] 2024-03-09 12:42:09 +00:00 committed by GitHub
parent 0c676df7cf
commit ddf566a729
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 17 additions and 10 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- "pam_limits - when the file does not exist, do not create it in check mode (https://github.com/ansible-collections/community.general/issues/8050, https://github.com/ansible-collections/community.general/pull/8057)."

View file

@ -175,7 +175,6 @@ def main():
limits_conf = '/etc/security/limits.conf' limits_conf = '/etc/security/limits.conf'
module = AnsibleModule( module = AnsibleModule(
# not checking because of daisy chain to file module
argument_spec=dict( argument_spec=dict(
domain=dict(required=True, type='str'), domain=dict(required=True, type='str'),
limit_type=dict(required=True, type='str', choices=pam_types), limit_type=dict(required=True, type='str', choices=pam_types),
@ -201,6 +200,7 @@ def main():
new_comment = module.params['comment'] new_comment = module.params['comment']
changed = False changed = False
does_not_exist = False
if os.path.isfile(limits_conf): if os.path.isfile(limits_conf):
if not os.access(limits_conf, os.W_OK): if not os.access(limits_conf, os.W_OK):
@ -208,7 +208,7 @@ def main():
else: else:
limits_conf_dir = os.path.dirname(limits_conf) limits_conf_dir = os.path.dirname(limits_conf)
if os.path.isdir(limits_conf_dir) and os.access(limits_conf_dir, os.W_OK): if os.path.isdir(limits_conf_dir) and os.access(limits_conf_dir, os.W_OK):
open(limits_conf, 'a').close() does_not_exist = True
changed = True changed = True
else: else:
module.fail_json(msg="directory %s is not writable (check presence, access rights, use sudo)" % limits_conf_dir) module.fail_json(msg="directory %s is not writable (check presence, access rights, use sudo)" % limits_conf_dir)
@ -224,15 +224,20 @@ def main():
space_pattern = re.compile(r'\s+') space_pattern = re.compile(r'\s+')
if does_not_exist:
lines = []
else:
with open(limits_conf, 'rb') as f:
lines = list(f)
message = '' message = ''
f = open(limits_conf, 'rb')
# Tempfile # Tempfile
nf = tempfile.NamedTemporaryFile(mode='w+') nf = tempfile.NamedTemporaryFile(mode='w+')
found = False found = False
new_value = value new_value = value
for line in f: for line in lines:
line = to_native(line, errors='surrogate_or_strict') line = to_native(line, errors='surrogate_or_strict')
if line.startswith('#'): if line.startswith('#'):
nf.write(line) nf.write(line)
@ -323,17 +328,17 @@ def main():
message = new_limit message = new_limit
nf.write(new_limit) nf.write(new_limit)
f.close()
nf.flush() nf.flush()
with open(limits_conf, 'r') as content:
content_current = content.read()
with open(nf.name, 'r') as content: with open(nf.name, 'r') as content:
content_new = content.read() content_new = content.read()
if not module.check_mode: if not module.check_mode:
# Copy tempfile to newfile if does_not_exist:
with open(limits_conf, 'a'):
pass
# Move tempfile to newfile
module.atomic_move(nf.name, limits_conf) module.atomic_move(nf.name, limits_conf)
try: try:
@ -344,7 +349,7 @@ def main():
res_args = dict( res_args = dict(
changed=changed, changed=changed,
msg=message, msg=message,
diff=dict(before=content_current, after=content_new), diff=dict(before=b''.join(lines), after=content_new),
) )
if backup: if backup: