peadm::update_pe_conf function set improper permissions on the configuration file

[vchepkov]

Describe the Bug

When peadm::update_pe_conf is called from a plan, it sets improper permissions
first it makes root:root as the owner of the file, second it modifies SELinux context to unconfined_u:object_r:user_tmp_t

Expected Behavior

permissions/context should be as follow:

-rw-------. 1 pe-puppet pe-puppet system_u:object_r:puppet_etc_t:s0 2390 Jan 28 14:04 /etc/puppetlabs/enterprise/conf.d/pe.conf

Steps to Reproduce

execute a plan, for example

  $target = get_target($primary)
  $current_pe_conf = peadm::get_pe_conf($target)
  $updated_pe_conf = $current_pe_conf + {
    'puppet_enterprise::profile::orchestrator::plan_runner_active' => $enable_plan_runner,
  }
  peadm::update_pe_conf($target, $updated_pe_conf)

Environment

• Version 3.26.1
• Platform RHEL9

[vchepkov]

I suspect, that in the background write_file function moves over a temporary file instead.
It should copy file in place, this way both permissions and SELinux context would be preserved,