From 0ef62ca2dc49c81c52f8547869534cff3a215a71 Mon Sep 17 00:00:00 2001
From: Dmitry Tantsur <dtantsur@protonmail.com>
Date: Thu, 17 Sep 2020 15:54:42 +0200
Subject: [PATCH] Ensure that repositories are owned by the running users

Currently requirements may end up owned by root.

Change-Id: I563af83ddea9fe3392a486c049607151f361faa2
---
 .../roles/bifrost-create-vm-nodes/tasks/main.yml      |  8 ++++++++
 .../roles/bifrost-prep-for-install/tasks/main.yml     | 11 +++++++++++
 releasenotes/notes/repo-owner-41db02a4d0406a7a.yaml   |  4 ++++
 3 files changed, 23 insertions(+)
 create mode 100644 releasenotes/notes/repo-owner-41db02a4d0406a7a.yaml

diff --git a/playbooks/roles/bifrost-create-vm-nodes/tasks/main.yml b/playbooks/roles/bifrost-create-vm-nodes/tasks/main.yml
index 6b086c131..3c0d10032 100644
--- a/playbooks/roles/bifrost-create-vm-nodes/tasks/main.yml
+++ b/playbooks/roles/bifrost-create-vm-nodes/tasks/main.yml
@@ -53,6 +53,14 @@
     clone: yes
   when: not copy_from_local_path | bool
 
+- name: ensure ownership of requirements
+  file:
+    path: "{{ reqs_git_folder }}"
+    owner: "{{ ansible_env.SUDO_USER | default(ansible_user_id) }}"
+    group: "{{ ansible_user_gid }}"
+    recurse: yes
+  when: not copy_from_local_path | bool
+
 - name: copy requirements from local path
   copy:
     src: "{{ reqs_git_url }}/"
diff --git a/playbooks/roles/bifrost-prep-for-install/tasks/main.yml b/playbooks/roles/bifrost-prep-for-install/tasks/main.yml
index 149f1b05f..726df506b 100644
--- a/playbooks/roles/bifrost-prep-for-install/tasks/main.yml
+++ b/playbooks/roles/bifrost-prep-for-install/tasks/main.yml
@@ -34,6 +34,17 @@
     - not copy_from_local_path | bool
     - item.source_install | default(true) | bool
 
+- name: "Ensure ownership of repositories"
+  file:
+    path: "{{ item.git_folder }}"
+    owner: "{{ ansible_env.SUDO_USER | default(ansible_user_id) }}"
+    group: "{{ ansible_user_gid }}"
+    recurse: yes
+  loop: "{{ bifrost_install_sources }}"
+  when:
+    - not copy_from_local_path | bool
+    - item.source_install | default(true) | bool
+
 - name: "Copy from local path"
   copy:
     src: "{{ item.git_url }}/"
diff --git a/releasenotes/notes/repo-owner-41db02a4d0406a7a.yaml b/releasenotes/notes/repo-owner-41db02a4d0406a7a.yaml
new file mode 100644
index 000000000..f2a38fc2c
--- /dev/null
+++ b/releasenotes/notes/repo-owner-41db02a4d0406a7a.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    Ensures that repositories are consistently owned by the calling user.