Update QueryOutFileArgument permission logic

Instead of setting the file permissions after the file is written,
the permissions are set as part of opening the file to ensure the
file permissions is stable for the invocation of the command.

awscli/customizations/arguments.py

@@ -14,6 +14,7 @@
 import re
 
 from awscli.arguments import CustomArgument
+from awscli.compat import compat_open
 import jmespath
 
 
@@ -126,12 +127,18 @@ def save_query(self, parsed, **kwargs):
         """
         if is_parsed_result_successful(parsed):
             contents = jmespath.search(self.query, parsed)
-            with open(self.value, 'w') as fp:
+            with compat_open(
+                    self.value, 'w', access_permissions=self.perm) as fp:
                 # Don't write 'None' to a file -- write ''.
                 if contents is None:
                     fp.write('')
                 else:
                     fp.write(contents)
+                # Even though the file is opened using self.perm permissions,
+                # the file may already exist and as a result, retain it's
+                # preexisting file permissions. The os.chmod is retained here
+                # to preserve behavior of this argument always clobbering
+                # a preexisting file's permissions.
                 os.chmod(self.value, self.perm)
 
 

tests/unit/customizations/test_arguments.py

@@ -144,7 +144,7 @@ def test_saves_query_to_file_as_empty_string_when_none_result(self):
 
     @skip_if_windows("Test not valid on windows.")
     def test_permissions_on_created_file(self):
-        outfile = self.files.create_file('not-empty-test', '')
+        outfile = self.files.full_path('not-empty-test')
         session = mock.Mock()
         arg = QueryOutFileArgument(session, 'foo', 'baz', 'event', 0o600)
         arg.add_to_params({}, outfile)