Avoid failures when default dir ~/.ansible/tmp/ is not previously created and fix failures when using become in zos_job_submit (#2115)

fernandofloresg · web-flow · commit 78e1839fd680 · 2025-06-26T09:43:57.000-06:00
* cherry picked fix

* Updated changelog
diff --git a/changelogs/fragments/2115-copy-fix-tmp-dir.yml b/changelogs/fragments/2115-copy-fix-tmp-dir.yml
@@ -0,0 +1,8 @@
+bugfixes:
+  - zos_job_submit - Previously, the use of `become` would result in a permissions error
+    while trying to execute a job from a local file. Fix now allows a user to escalate
+    privileges when executing a job transferred from the controller node.
+    (https://github.com/ansible-collections/ibm_zos_core/pull/2115)
+  - zos_copy - Previously, when trying to copy into remote and ansible's default temporary directory
+    was not created before execution the copy task would fail. Fix now creates the temporary directory if possible.
+    (https://github.com/ansible-collections/ibm_zos_core/pull/2115)
diff --git a/plugins/action/zos_copy.py b/plugins/action/zos_copy.py
@@ -155,7 +155,7 @@ def run(self, tmp=None, task_vars=None):
                 try:
                     local_content = _write_content_to_temp_file(content)
                     transfer_res = self._copy_to_remote(
-                        local_content, ignore_stderr=ignore_sftp_stderr
+                        local_content, ignore_stderr=ignore_sftp_stderr, task_vars=task_vars
                     )
                 finally:
                     os.remove(local_content)
@@ -243,7 +243,7 @@ def run(self, tmp=None, task_vars=None):
 
                 display.vvv(u"ibm_zos_copy calculated size: {0}".format(os.stat(src).st_size), host=self._play_context.remote_addr)
                 transfer_res = self._copy_to_remote(
-                    src, is_dir=is_src_dir, ignore_stderr=ignore_sftp_stderr
+                    src, is_dir=is_src_dir, ignore_stderr=ignore_sftp_stderr, task_vars=task_vars
                 )
 
             temp_path = transfer_res.get("temp_path")
@@ -291,7 +291,26 @@ def run(self, tmp=None, task_vars=None):
         # Remove temporary directory from remote
         if self.tmp_dir is not None:
             path = os.path.normpath(f"{self.tmp_dir}/ansible-zos-copy")
-            self._connection.exec_command(f"rm -rf {path}*")
+            # If another user created the temporary files, we'll need to run rm
+            # with it too, lest we get a permissions issue.
+            if self._connection.become:
+                # We get the dirname from temp_path and not path = os.path.normpath(f"{self.tmp_dir}/ansible-zos-copy")
+                # because if default is ~/.ansible/tmp/ when using become it would be similar to /root/.ansible/tmp
+                # but the original tmp directory was resolved when user is non escalated yet. Meaning, the original
+                # tmp directory is similar to /u/usrt001/.ansible/tmp.
+                path = os.path.dirname(temp_path)
+                self._connection.set_option('remote_user', self._play_context._become_user)
+                display.vvv(
+                    u"ibm_zos_copy SSH cleanup user updated to {0}".format(self._play_context._become_user),
+                    host=self._play_context.remote_addr
+                )
+            rm_res = self._connection.exec_command(f"rm -rf {path}*")
+            if self._connection.become:
+                self._connection.set_option('remote_user', self._play_context._remote_user)
+                display.vvv(
+                    u"ibm_zos_copy SSH cleanup user restored to {0}".format(self._play_context._remote_user),
+                    host=self._play_context.remote_addr
+                )
 
         if copy_res.get("note") and not force:
             result["note"] = copy_res.get("note")
@@ -319,18 +338,21 @@ def run(self, tmp=None, task_vars=None):
 
         return copy_res
 
-    def _copy_to_remote(self, src, is_dir=False, ignore_stderr=False):
+    def _copy_to_remote(self, src, is_dir=False, ignore_stderr=False, task_vars=None):
         """Copy a file or directory to the remote z/OS system """
         self.tmp_dir = self._connection._shell._options.get("remote_tmp")
-        rc, stdout, stderr = self._connection.exec_command("cd {0} && pwd".format(self.tmp_dir))
-        if rc > 0:
-            msg = f"Failed to resolve remote temporary directory {self.tmp_dir}. Ensure that the directory exists and user has proper access."
-            return self._exit_action({}, msg, failed=True)
-        self.tmp_dir = stdout.decode("utf-8").replace("\r", "").replace("\n", "")
-        temp_path = os.path.join(self.tmp_dir, _create_temp_path_name(), os.path.basename(src))
-        self._connection.exec_command("mkdir -p {0}".format(os.path.dirname(temp_path)))
-        _src = src.replace("#", "\\#")
+        temp_path = os.path.join(self.tmp_dir, _create_temp_path_name())
+        tempfile_args = {"path": temp_path, "state": "directory", "mode": "666"}
+        # Reverted this back to using file ansible module so ansible would handle all temporary dirs
+        # creation with correct permissions.
+        tempfile = self._execute_module(
+            module_name="file", module_args=tempfile_args, task_vars=task_vars, wrap_async=self._task.async_val
+        )
         _sftp_action = 'put'
+        was_user_updated = False
+
+        temp_path = os.path.join(tempfile.get("path"), os.path.basename(src))
+        _src = src.replace("#", "\\#")
         full_temp_path = temp_path
 
         if is_dir:
@@ -370,6 +392,13 @@ def _copy_to_remote(self, src, is_dir=False, ignore_stderr=False):
                             sftp_transfer_method), host=self._play_context.remote_addr)
 
             display.vvv(u"ibm_zos_copy: {0} {1} TO {2}".format(_sftp_action, _src, temp_path), host=self._play_context.remote_addr)
+            if self._connection.become:
+                was_user_updated = True
+                self._connection.set_option('remote_user', self._play_context._become_user)
+                display.vvv(
+                    u"ibm_zos_copy SSH transfer user updated to {0}".format(self._play_context._become_user),
+                    host=self._play_context.remote_addr
+                )
             (returncode, stdout, stderr) = self._connection._file_transport_command(_src, temp_path, _sftp_action)
 
             display.vvv(u"ibm_zos_copy return code: {0}".format(returncode), host=self._play_context.remote_addr)
@@ -400,7 +429,7 @@ def _copy_to_remote(self, src, is_dir=False, ignore_stderr=False):
 
             if returncode != 0 or (err and not ignore_stderr):
                 return dict(
-                    msg="Error transfering source '{0}' to remote z/OS system".format(src),
+                    msg="Error transferring source '{0}' to remote z/OS system".format(src),
                     rc=returncode,
                     stderr=err,
                     stderr_lines=err.splitlines(),
@@ -409,6 +438,12 @@ def _copy_to_remote(self, src, is_dir=False, ignore_stderr=False):
 
         finally:
             # Restore the users defined option `ssh_transfer_method` if it was overridden
+            if was_user_updated:
+                self._connection.set_option('remote_user', self._play_context._remote_user)
+                display.vvv(
+                    u"ibm_zos_copy SSH transfer user restored to {0}".format(self._play_context._remote_user),
+                    host=self._play_context.remote_addr
+                )
 
             if is_ssh_transfer_method_updated:
                 if version_major == 2 and version_minor >= 11:
diff --git a/plugins/action/zos_job_submit.py b/plugins/action/zos_job_submit.py
@@ -77,16 +77,16 @@ def run(self, tmp=None, task_vars=None):
                 return result
 
             tmp_dir = self._connection._shell._options.get("remote_tmp")
-            rc, stdout, stderr = self._connection.exec_command("cd {0} && pwd".format(tmp_dir))
-            if rc > 0:
-                msg = f"Failed to resolve remote temporary directory {tmp_dir}. Ensure that the directory exists and user has proper access."
-                return self._exit_action({}, msg, failed=True)
-
-            tmp_dir = stdout.decode("utf-8").replace("\r", "").replace("\n", "")
             temp_file_dir = f'zos_job_submit_{datetime.now().strftime("%Y%m%d%S%f")}'
-            dest_path = path.join(tmp_dir, temp_file_dir, path.basename(source))
-            # Creating the name for the temp file needed.
-            self._connection.exec_command("mkdir -p {0}".format(path.dirname(dest_path)))
+            dest_path = path.join(tmp_dir, temp_file_dir)
+            tempfile_args = {"path": dest_path, "state": "directory"}
+            # Reverted this back to using file ansible module so ansible would handle all temporary dirs
+            # creation with correct permissions.
+            tempfile = self._execute_module(
+                module_name="file", module_args=tempfile_args, task_vars=task_vars,
+            )
+            dest_path = tempfile.get("path")
+            dest_file = path.join(dest_path, path.basename(source))
 
             source_full = None
             try:
@@ -139,8 +139,8 @@ def run(self, tmp=None, task_vars=None):
             copy_module_args.update(
                 dict(
                     src=source_full,
-                    dest=dest_path,
-                    mode="0600",
+                    dest=dest_file,
+                    mode="0666",
                     force=True,
                     encoding=module_args.get('encoding'),
                     remote_src=False,
@@ -163,7 +163,7 @@ def run(self, tmp=None, task_vars=None):
 
             result.update(copy_action.run(task_vars=task_vars))
             if result.get("msg") is None:
-                module_args["src"] = dest_path
+                module_args["src"] = dest_file
                 result.update(
                     self._execute_module(
                         module_name="ibm.ibm_zos_core.zos_job_submit",
diff --git a/tests/functional/modules/test_zos_copy_func.py b/tests/functional/modules/test_zos_copy_func.py
@@ -648,6 +648,29 @@ def test_copy_local_file_to_uss_file_convert_encoding(ansible_zos_module):
         hosts.all.file(path=dest_path, state="absent")
 
 
+@pytest.mark.uss
+def test_copy_local_file_to_uss_file_with_absent_remote_tmp_dir(ansible_zos_module):
+    hosts = ansible_zos_module
+    dest_path = get_random_file_name(dir=TMP_DIRECTORY) + "/profile"
+    try:
+        hosts.all.shell(cmd="rm -rf ~/.ansible/tmp")
+        copy_res = hosts.all.zos_copy(
+            src="/etc/profile",
+            dest=dest_path,
+            encoding={"from": "ISO8859-1", "to": "IBM-1047"},
+        )
+        stat_res = hosts.all.stat(path=dest_path)
+        for result in copy_res.contacted.values():
+            assert result.get("msg") is None
+            assert result.get("changed") is True
+            assert result.get("dest") == dest_path
+            assert result.get("state") == "file"
+        for result in stat_res.contacted.values():
+            assert result.get("stat").get("exists") is True
+    finally:
+        hosts.all.file(path=dest_path, state="absent")
+
+
 @pytest.mark.uss
 def test_copy_inline_content_to_uss_dir(ansible_zos_module):
     hosts = ansible_zos_module
