From 29ed6e1c54a6ffbc3017660af5e2a81850e46b43 Mon Sep 17 00:00:00 2001
From: Lars Kellogg-Stedman <lars@redhat.com>
Date: Mon, 10 Apr 2017 15:52:37 -0400
Subject: [PATCH] util: teach write_file about copy_mode option

On centos/fedora/rhel/derivatives, /etc/ssh/sshd_config has mode 0600,
but cloud-init unilaterally sets file modes to 0644 when no explicit
mode is passed to util.write_file. On ubuntu/debian, this file has
mode 0644.  With this patch, write_file learns about the copy_mode
option, which will cause it to use the mode of the existing file by
default, falling back to the explicit mode parameter if the file does
not exist.

LP: #1644064
Resolves: rhbz#1295984
(cherry picked from commit 721348a622a660b65acfdf7fdf53203b47f80748)
---
 cloudinit/atomic_helper.py           | 12 +++++++++++-
 cloudinit/config/cc_set_passwords.py |  3 ++-
 cloudinit/util.py                    | 10 +++++++++-
 tests/unittests/test_util.py         | 33 +++++++++++++++++++++++++++++++--
 4 files changed, 53 insertions(+), 5 deletions(-)

diff --git a/cloudinit/atomic_helper.py b/cloudinit/atomic_helper.py
index fb2df8d..587b994 100644
--- a/cloudinit/atomic_helper.py
+++ b/cloudinit/atomic_helper.py
@@ -2,13 +2,23 @@
 
 import json
 import os
+import stat
 import tempfile
 
 _DEF_PERMS = 0o644
 
 
-def write_file(filename, content, mode=_DEF_PERMS, omode="wb"):
+def write_file(filename, content, mode=_DEF_PERMS,
+               omode="wb", copy_mode=False):
     # open filename in mode 'omode', write content, set permissions to 'mode'
+
+    if copy_mode:
+        try:
+            file_stat = os.stat(filename)
+            mode = stat.S_IMODE(file_stat.st_mode)
+        except OSError:
+            pass
+
     tf = None
     try:
         tf = tempfile.NamedTemporaryFile(dir=os.path.dirname(filename),
diff --git a/cloudinit/config/cc_set_passwords.py b/cloudinit/config/cc_set_passwords.py
index cf1f59e..2745df8 100755
--- a/cloudinit/config/cc_set_passwords.py
+++ b/cloudinit/config/cc_set_passwords.py
@@ -174,7 +174,8 @@ def handle(_name, cfg, cloud, log, args):
                                                      pw_auth))
 
         lines = [str(l) for l in new_lines]
-        util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines))
+        util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines),
+                        copy_mode=True)
 
         try:
             cmd = cloud.distro.init_cmd  # Default service
diff --git a/cloudinit/util.py b/cloudinit/util.py
index 5725129..f90653d 100644
--- a/cloudinit/util.py
+++ b/cloudinit/util.py
@@ -1732,7 +1732,7 @@ def chmod(path, mode):
             os.chmod(path, real_mode)
 
 
-def write_file(filename, content, mode=0o644, omode="wb"):
+def write_file(filename, content, mode=0o644, omode="wb", copy_mode=False):
     """
     Writes a file with the given content and sets the file mode as specified.
     Resotres the SELinux context if possible.
@@ -1742,6 +1742,14 @@ def write_file(filename, content, mode=0o644, omode="wb"):
     @param mode: The filesystem mode to set on the file.
     @param omode: The open mode used when opening the file (w, wb, a, etc.)
     """
+
+    if copy_mode:
+        try:
+            file_stat = os.stat(filename)
+            mode = stat.S_IMODE(file_stat.st_mode)
+        except OSError:
+            pass
+
     ensure_dir(os.path.dirname(filename))
     if 'b' in omode.lower():
         content = encode_text(content)
diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py
index ab74311..5d21b4b 100644
--- a/tests/unittests/test_util.py
+++ b/tests/unittests/test_util.py
@@ -103,8 +103,8 @@ class TestWriteFile(helpers.TestCase):
         self.assertTrue(os.path.isdir(dirname))
         self.assertTrue(os.path.isfile(path))
 
-    def test_custom_mode(self):
-        """Verify custom mode works properly."""
+    def test_explicit_mode(self):
+        """Verify explicit file mode works properly."""
         path = os.path.join(self.tmp, "NewFile.txt")
         contents = "Hey there"
 
@@ -115,6 +115,35 @@ class TestWriteFile(helpers.TestCase):
         file_stat = os.stat(path)
         self.assertEqual(0o666, stat.S_IMODE(file_stat.st_mode))
 
+    def test_copy_mode_no_existing(self):
+        """Verify that file is created with mode 0o644 if copy_mode
+        is true and there is no prior existing file."""
+        path = os.path.join(self.tmp, "NewFile.txt")
+        contents = "Hey there"
+
+        util.write_file(path, contents, copy_mode=True)
+
+        self.assertTrue(os.path.exists(path))
+        self.assertTrue(os.path.isfile(path))
+        file_stat = os.stat(path)
+        self.assertEqual(0o644, stat.S_IMODE(file_stat.st_mode))
+
+    def test_copy_mode_with_existing(self):
+        """Verify that file is created using mode of existing file
+        if copy_mode is true."""
+        path = os.path.join(self.tmp, "NewFile.txt")
+        contents = "Hey there"
+
+        open(path, 'w').close()
+        os.chmod(path, 0o666)
+
+        util.write_file(path, contents, copy_mode=True)
+
+        self.assertTrue(os.path.exists(path))
+        self.assertTrue(os.path.isfile(path))
+        file_stat = os.stat(path)
+        self.assertEqual(0o666, stat.S_IMODE(file_stat.st_mode))
+
     def test_custom_omode(self):
         """Verify custom omode works properly."""
         path = os.path.join(self.tmp, "NewFile.txt")