From 4b673484f06fa9464601c27706c8a43d1e11bbcb Mon Sep 17 00:00:00 2001 From: Brian Coca Date: Fri, 30 Oct 2020 17:13:12 -0400 Subject: [PATCH] rethink wording (#70028) * rethink wording * removed unrequired requirement * fix tests * fixed versions Co-authored-by: Sloane Hertel --- examples/ansible.cfg | 8 +- lib/ansible/cli/adhoc.py | 2 +- lib/ansible/cli/console.py | 2 +- lib/ansible/cli/doc.py | 6 +- lib/ansible/config/base.yml | 93 ++++++++++++++----- lib/ansible/constants.py | 2 +- .../executor/powershell/module_manifest.py | 4 +- lib/ansible/executor/task_queue_manager.py | 12 +-- lib/ansible/modules/copy.py | 4 +- lib/ansible/modules/unarchive.py | 2 +- lib/ansible/modules/uri.py | 4 +- lib/ansible/plugins/callback/junit.py | 2 +- lib/ansible/plugins/callback/tree.py | 2 +- lib/ansible/template/safe_eval.py | 4 +- lib/ansible/utils/display.py | 4 +- lib/ansible/utils/plugin_docs.py | 2 +- .../testcoll/plugins/callback/usercallback.py | 1 - .../custom_vars_plugins/vars_req_whitelist.py | 46 --------- test/integration/targets/collections/runme.sh | 15 +-- .../targets/collections/vars_plugin_tests.sh | 12 +-- .../targets/lookup_config/tasks/main.yml | 2 +- .../validate-modules/validate_modules/main.py | 57 ++++++------ test/lib/ansible_test/_internal/executor.py | 2 +- .../lib/ansible_test/_internal/util_common.py | 2 +- 24 files changed, 143 insertions(+), 147 deletions(-) delete mode 100644 test/integration/targets/collections/custom_vars_plugins/vars_req_whitelist.py diff --git a/examples/ansible.cfg b/examples/ansible.cfg index ae5cc64afcc..e9f3d5f1d0f 100644 --- a/examples/ansible.cfg +++ b/examples/ansible.cfg @@ -77,14 +77,14 @@ #stdout_callback = debug -# Ansible ships with some plugins that require whitelisting, +# Ansible ships with some plugins that require enabling # this is done to avoid running all of a type by default. # These setting lists those that you want enabled for your system. # Custom plugins should not need this unless plugin author disables them # by default. # # Enable callback plugins, they can output to stdout but cannot be 'stdout' type. -#callback_whitelist = timer, mail +#callback_enabled = timer, mail # Determine whether includes in tasks and handlers are "static" by # default. As of 2.0, includes are dynamic by default. Setting these @@ -227,7 +227,7 @@ # Set which cowsay stencil you'd like to use by default. When set to 'random', # a random stencil will be selected for each task. The selection will be filtered -# against the `cow_whitelist` option below. +# against the `cow_enabled` option below. # #cow_selection = default #cow_selection = random @@ -237,7 +237,7 @@ # NOTE: line continuations here are for formatting purposes only, as the INI parser # in python does not support them. # -#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\ +#cowsay_enabled_stencils=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\ # hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\ # stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www diff --git a/lib/ansible/cli/adhoc.py b/lib/ansible/cli/adhoc.py index 28868bc5bfe..2090721d018 100644 --- a/lib/ansible/cli/adhoc.py +++ b/lib/ansible/cli/adhoc.py @@ -144,7 +144,7 @@ class AdHocCLI(CLI): run_tree = False if context.CLIARGS['tree']: - C.DEFAULT_CALLBACK_WHITELIST.append('tree') + C.CALLBACKS_ENABLED.append('tree') C.TREE_DIR = context.CLIARGS['tree'] run_tree = True diff --git a/lib/ansible/cli/console.py b/lib/ansible/cli/console.py index ddd6baf1200..1be9bd51cd0 100644 --- a/lib/ansible/cli/console.py +++ b/lib/ansible/cli/console.py @@ -150,7 +150,7 @@ class ConsoleCLI(CLI, cmd.Cmd): self._find_modules_in_path(module) elif module.startswith('__'): continue - elif any(module.endswith(x) for x in C.BLACKLIST_EXTS): + elif any(module.endswith(x) for x in C.REJECT_EXTS): continue elif module in C.IGNORE_FILES: continue diff --git a/lib/ansible/cli/doc.py b/lib/ansible/cli/doc.py index 41baa796653..82d2d191f88 100644 --- a/lib/ansible/cli/doc.py +++ b/lib/ansible/cli/doc.py @@ -32,7 +32,7 @@ from ansible.utils.collection_loader import AnsibleCollectionConfig from ansible.utils.collection_loader._collection_finder import _get_collection_name_from_path from ansible.utils.display import Display from ansible.utils.plugin_docs import ( - BLACKLIST, + REJECTLIST, remove_current_collection_from_versions_and_dates, get_docstring, get_versioned_doclink, @@ -417,7 +417,7 @@ class DocCLI(CLI): continue elif os.path.isdir(full_path): continue - elif any(plugin.endswith(x) for x in C.BLACKLIST_EXTS): + elif any(plugin.endswith(x) for x in C.REJECT_EXTS): continue elif plugin.startswith('__'): continue @@ -430,7 +430,7 @@ class DocCLI(CLI): plugin = os.path.splitext(plugin)[0] # removes the extension plugin = plugin.lstrip('_') # remove underscore from deprecated plugins - if plugin not in BLACKLIST.get(bkey, ()): + if plugin not in REJECTLIST.get(bkey, ()): if collection: plugin = '%s.%s' % (collection, plugin) diff --git a/lib/ansible/config/base.yml b/lib/ansible/config/base.yml index e5ea6b77990..a3026be2eaf 100644 --- a/lib/ansible/config/base.yml +++ b/lib/ansible/config/base.yml @@ -36,15 +36,29 @@ ANSIBLE_COW_SELECTION: env: [{name: ANSIBLE_COW_SELECTION}] ini: - {key: cow_selection, section: defaults} -ANSIBLE_COW_WHITELIST: - name: Cowsay filter whitelist +ANSIBLE_COW_ACCEPTLIST: + name: Cowsay filter acceptance list default: ['bud-frogs', 'bunny', 'cheese', 'daemon', 'default', 'dragon', 'elephant-in-snake', 'elephant', 'eyes', 'hellokitty', 'kitty', 'luke-koala', 'meow', 'milk', 'moofasa', 'moose', 'ren', 'sheep', 'small', 'stegosaurus', 'stimpy', 'supermilker', 'three-eyes', 'turkey', 'turtle', 'tux', 'udder', 'vader-koala', 'vader', 'www'] description: White list of cowsay templates that are 'safe' to use, set to empty list if you want to enable all installed templates. - env: [{name: ANSIBLE_COW_WHITELIST}] + env: + - name: ANSIBLE_COW_WHITELIST + deprecated: + why: Normalizing names to new standard. + version: "2.15" + alternatives: 'ANSIBLE_COW_ACCEPTLIST' + - name: ANSIBLE_COW_ACCEPTLIST + version_added: '2.11' ini: - - {key: cow_whitelist, section: defaults} + - key: cow_whitelist + section: defaults + deprecated: + why: Normalizing names to new standard. + version: "2.15" + alternatives: 'cowsay_enabled_stencils' + - key: cowsay_enabled_stencils + section: defaults + version_added: '2.11' type: list - yaml: {key: display.cowsay_whitelist} ANSIBLE_FORCE_COLOR: name: Force color output default: False @@ -382,7 +396,7 @@ COVERAGE_REMOTE_OUTPUT: - {name: _ansible_coverage_remote_output} type: str version_added: '2.9' -COVERAGE_REMOTE_PATH_FILTER: +COVERAGE_REMOTE_PATHS: name: Sets the list of paths to run coverage for. description: - A list of paths for files on the Ansible controller to run coverage for when executing on the remote host. @@ -392,8 +406,14 @@ COVERAGE_REMOTE_PATH_FILTER: - This is for internal use only. default: '*' env: - - {name: _ANSIBLE_COVERAGE_REMOTE_PATH_FILTER} - type: str + - name: _ANSIBLE_COVERAGE_REMOTE_WHITELIST + deprecated: + why: Normalizing names to new standard. + version: "2.15" + alternatives: '_ANSIBLE_COVERAGE_REMOTE_PATHS' + - name: '_ANSIBLE_COVERAGE_REMOTE_PATHS' + version_added: '2.11' + type: pathlist version_added: '2.9' ACTION_WARNINGS: name: Toggle action warnings @@ -548,13 +568,28 @@ DEFAULT_CACHE_PLUGIN_PATH: ini: - {key: cache_plugins, section: defaults} type: pathspec -DEFAULT_CALLABLE_WHITELIST: - name: Template 'callable' whitelist +CALLABLE_ACCEPT_LIST: + name: Template 'callable' accept list default: [] description: Whitelist of callable methods to be made available to template evaluation - env: [{name: ANSIBLE_CALLABLE_WHITELIST}] + env: + - name: ANSIBLE_CALLABLE_WHITELIST + deprecated: + why: Normalizing names to new standard. + version: "2.15" + alternatives: 'ANSIBLE_CALLABLE_ENABLED' + - name: ANSIBLE_CALLABLE_ENABLED + version_added: '2.11' ini: - - {key: callable_whitelist, section: defaults} + - key: callable_whitelist + section: defaults + deprecated: + why: Normalizing names to new standard. + version: "2.15" + alternatives: 'callable_enabled' + - key: callable_enabled + section: defaults + version_added: '2.11' type: list DEFAULT_CALLBACK_PLUGIN_PATH: name: Callback Plugins Path @@ -565,17 +600,31 @@ DEFAULT_CALLBACK_PLUGIN_PATH: - {key: callback_plugins, section: defaults} type: pathspec yaml: {key: plugins.callback.path} -DEFAULT_CALLBACK_WHITELIST: - name: Callback Whitelist +CALLBACKS_ENABLED: + name: Enable callback plugins that require it. default: [] description: - - "List of whitelisted callbacks, not all callbacks need whitelisting, + - "List of enabled callbacks, not all callbacks need enabling, but many of those shipped with Ansible do as we don't want them activated by default." - env: [{name: ANSIBLE_CALLBACK_WHITELIST}] + env: + - name: ANSIBLE_CALLBACK_WHITELIST + deprecated: + why: Normalizing names to new standard. + version: "2.15" + alternatives: 'ANSIBLE_CALLBACKS_ENABLED' + - name: ANSIBLE_CALLBACKS_ENABLED + version_added: '2.11' ini: - - {key: callback_whitelist, section: defaults} + - key: callback_whitelist + section: defaults + deprecated: + why: Normalizing names to new standard. + version: "2.15" + alternatives: 'callback_enabled' + - key: callbacks_enabled + section: defaults + version_added: '2.11' type: list - yaml: {key: plugins.callback.whitelist} DEFAULT_CLICONF_PLUGIN_PATH: name: Cliconf Plugins Path default: ~/.ansible/plugins/cliconf:/usr/share/ansible/plugins/cliconf @@ -1610,7 +1659,7 @@ INVENTORY_EXPORT: type: bool INVENTORY_IGNORE_EXTS: name: Inventory ignore extensions - default: "{{(BLACKLIST_EXTS + ('.orig', '.ini', '.cfg', '.retry'))}}" + default: "{{(REJECT_EXTS + ('.orig', '.ini', '.cfg', '.retry'))}}" description: List of extensions to ignore when using a directory as an inventory source env: [{name: ANSIBLE_INVENTORY_IGNORE}] ini: @@ -1672,10 +1721,10 @@ INJECT_FACTS_AS_VARS: version_added: "2.5" MODULE_IGNORE_EXTS: name: Module ignore extensions - default: "{{(BLACKLIST_EXTS + ('.yaml', '.yml', '.ini'))}}" + default: "{{(REJECT_EXTS + ('.yaml', '.yml', '.ini'))}}" description: - List of extensions to ignore when looking for modules to load - - This is for blacklisting script and binary module fallback extensions + - This is for rejecting script and binary module fallback extensions env: [{name: ANSIBLE_MODULE_IGNORE_EXTS}] ini: - {key: module_ignore_exts, section: defaults} @@ -1905,7 +1954,7 @@ USE_PERSISTENT_CONNECTIONS: - {key: use_persistent_connections, section: defaults} type: boolean VARIABLE_PLUGINS_ENABLED: - name: Vars plugin whitelist + name: Vars plugin enabled list default: ['host_group_vars'] description: Whitelist for variable plugins that require it. env: [{name: ANSIBLE_VARS_ENABLED}] diff --git a/lib/ansible/constants.py b/lib/ansible/constants.py index 38ae5c8f19b..f93986ab4fc 100644 --- a/lib/ansible/constants.py +++ b/lib/ansible/constants.py @@ -60,7 +60,7 @@ class _DeprecatedSequenceConstant(Sequence): # CONSTANTS ### yes, actual ones -BLACKLIST_EXTS = ('.pyc', '.pyo', '.swp', '.bak', '~', '.rpm', '.md', '.txt', '.rst') +REJECT_EXTS = ('.pyc', '.pyo', '.swp', '.bak', '~', '.rpm', '.md', '.txt', '.rst') BOOL_TRUE = BOOLEANS_TRUE COLLECTION_PTYPE_COMPAT = {'module': 'modules'} DEFAULT_BECOME_PASS = None diff --git a/lib/ansible/executor/powershell/module_manifest.py b/lib/ansible/executor/powershell/module_manifest.py index 9d7987bbb08..a784d244b09 100644 --- a/lib/ansible/executor/powershell/module_manifest.py +++ b/lib/ansible/executor/powershell/module_manifest.py @@ -340,8 +340,8 @@ def _create_powershell_wrapper(b_module_data, module_path, module_args, finder.scan_exec_script('coverage_wrapper') coverage_manifest['output'] = coverage_output - coverage_path_filter = C.config.get_config_value('COVERAGE_REMOTE_PATH_FILTER', variables=task_vars) - coverage_manifest['path_filter'] = coverage_path_filter + coverage_enabled = C.config.get_config_value('COVERAGE_REMOTE_PATHS', variables=task_vars) + coverage_manifest['path_filter'] = coverage_enabled # make sure Ansible.ModuleUtils.AddType is added if any C# utils are used if len(finder.cs_utils_wrapper) > 0 or len(finder.cs_utils_module) > 0: diff --git a/lib/ansible/executor/task_queue_manager.py b/lib/ansible/executor/task_queue_manager.py index 348132e93d5..9b4f51537ad 100644 --- a/lib/ansible/executor/task_queue_manager.py +++ b/lib/ansible/executor/task_queue_manager.py @@ -174,8 +174,8 @@ class TaskQueueManager: # get all configured loadable callbacks (adjacent, builtin) callback_list = list(callback_loader.all(class_only=True)) - # add whitelisted callbacks that refer to collections, which might not appear in normal listing - for c in C.DEFAULT_CALLBACK_WHITELIST: + # add enabled callbacks that refer to collections, which might not appear in normal listing + for c in C.CALLBACKS_ENABLED: # load all, as collection ones might be using short/redirected names and not a fqcn plugin = callback_loader.get(c, class_only=True) @@ -191,7 +191,7 @@ class TaskQueueManager: for callback_plugin in callback_list: callback_type = getattr(callback_plugin, 'CALLBACK_TYPE', '') - callback_needs_whitelist = getattr(callback_plugin, 'CALLBACK_NEEDS_WHITELIST', False) + callback_needs_enabled = getattr(callback_plugin, 'CALLBACK_NEEDS_ENABLED', getattr(callback_plugin, 'CALLBACK_NEEDS_WHITELIST', False)) # try to get colleciotn world name first cnames = getattr(callback_plugin, '_redirected_names', []) @@ -212,10 +212,10 @@ class TaskQueueManager: elif callback_name == 'tree' and self._run_tree: # TODO: remove special case for tree, which is an adhoc cli option --tree pass - elif not self._run_additional_callbacks or (callback_needs_whitelist and ( + elif not self._run_additional_callbacks or (callback_needs_enabled and ( # only run if not adhoc, or adhoc was specifically configured to run + check enabled list - C.DEFAULT_CALLBACK_WHITELIST is None or callback_name not in C.DEFAULT_CALLBACK_WHITELIST)): - # 2.x plugins shipped with ansible should require whitelisting, older or non shipped should load automatically + C.CALLBACKS_ENABLED is None or callback_name not in C.CALLBACKS_ENABLED)): + # 2.x plugins shipped with ansible should require enabling, older or non shipped should load automatically continue try: diff --git a/lib/ansible/modules/copy.py b/lib/ansible/modules/copy.py index 0dddb3fff3b..65fb622f768 100644 --- a/lib/ansible/modules/copy.py +++ b/lib/ansible/modules/copy.py @@ -86,8 +86,8 @@ options: remote_src: description: - Influence whether C(src) needs to be transferred or already is present remotely. - - If C(no), it will search for C(src) at originating/master machine. - - If C(yes) it will go to the remote/target machine for the C(src). + - If C(no), it will search for C(src) on the controller node. + - If C(yes) it will search for C(src) on the managed (remote) node. - C(remote_src) supports recursive copying as of version 2.8. - C(remote_src) only works with C(mode=preserve) as of version 2.6. type: bool diff --git a/lib/ansible/modules/unarchive.py b/lib/ansible/modules/unarchive.py index 550ca3a00c4..7ccd56a0d66 100644 --- a/lib/ansible/modules/unarchive.py +++ b/lib/ansible/modules/unarchive.py @@ -39,7 +39,7 @@ options: required: true copy: description: - - If true, the file is copied from local 'master' to the target machine, otherwise, the plugin will look for src archive at the target machine. + - If true, the file is copied from local controller to the managed (remote) node, otherwise, the plugin will look for src archive on the managed machine. - This option has been deprecated in favor of C(remote_src). - This option is mutually exclusive with C(remote_src). type: bool diff --git a/lib/ansible/modules/uri.py b/lib/ansible/modules/uri.py index abd81ba8567..0e8ad802b22 100644 --- a/lib/ansible/modules/uri.py +++ b/lib/ansible/modules/uri.py @@ -149,8 +149,8 @@ options: version_added: '2.7' remote_src: description: - - If C(no), the module will search for src on originating/master machine. - - If C(yes) the module will use the C(src) path on the remote/target machine. + - If C(no), the module will search for the C(src) on the controller node. + - If C(yes), the module will search for the C(src) on the managed (remote) node. type: bool default: no version_added: '2.7' diff --git a/lib/ansible/plugins/callback/junit.py b/lib/ansible/plugins/callback/junit.py index 0b55ce72677..97f0cfd1206 100644 --- a/lib/ansible/plugins/callback/junit.py +++ b/lib/ansible/plugins/callback/junit.py @@ -150,7 +150,7 @@ class CallbackModule(CallbackBase): CALLBACK_VERSION = 2.0 CALLBACK_TYPE = 'aggregate' CALLBACK_NAME = 'junit' - CALLBACK_NEEDS_WHITELIST = True + CALLBACK_NEEDS_ENABLED = True def __init__(self): super(CallbackModule, self).__init__() diff --git a/lib/ansible/plugins/callback/tree.py b/lib/ansible/plugins/callback/tree.py index 23892f39a6b..e7682d5f173 100644 --- a/lib/ansible/plugins/callback/tree.py +++ b/lib/ansible/plugins/callback/tree.py @@ -44,7 +44,7 @@ class CallbackModule(CallbackBase): CALLBACK_VERSION = 2.0 CALLBACK_TYPE = 'aggregate' CALLBACK_NAME = 'tree' - CALLBACK_NEEDS_WHITELIST = True + CALLBACK_NEEDS_ENABLED = True def set_options(self, task_keys=None, var_options=None, direct=None): ''' override to set self.tree ''' diff --git a/lib/ansible/template/safe_eval.py b/lib/ansible/template/safe_eval.py index 43ce250c98c..2c0bfff8f9c 100644 --- a/lib/ansible/template/safe_eval.py +++ b/lib/ansible/template/safe_eval.py @@ -112,7 +112,7 @@ def safe_eval(expr, locals=None, include_exceptions=False): for test in test_loader.all(): test_list.extend(test.tests().keys()) - CALL_WHITELIST = C.DEFAULT_CALLABLE_WHITELIST + filter_list + test_list + CALL_ENABLED = C.CALLABLE_ACCEPT_LIST + filter_list + test_list class CleansingNodeVisitor(ast.NodeVisitor): def generic_visit(self, node, inside_call=False): @@ -124,7 +124,7 @@ def safe_eval(expr, locals=None, include_exceptions=False): # Disallow calls to builtin functions that we have not vetted # as safe. Other functions are excluded by setting locals in # the call to eval() later on - if hasattr(builtins, node.id) and node.id not in CALL_WHITELIST: + if hasattr(builtins, node.id) and node.id not in CALL_ENABLED: raise Exception("invalid function: %s" % node.id) # iterate over all child nodes for child_node in ast.iter_child_nodes(node): diff --git a/lib/ansible/utils/display.py b/lib/ansible/utils/display.py index a372b691087..e268a63c9f5 100644 --- a/lib/ansible/utils/display.py +++ b/lib/ansible/utils/display.py @@ -226,8 +226,8 @@ class Display(with_metaclass(Singleton, object)): cmd = subprocess.Popen([self.b_cowsay, "-l"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) (out, err) = cmd.communicate() self.cows_available = set([to_text(c) for c in out.split()]) - if C.ANSIBLE_COW_WHITELIST and any(C.ANSIBLE_COW_WHITELIST): - self.cows_available = set(C.ANSIBLE_COW_WHITELIST).intersection(self.cows_available) + if C.ANSIBLE_COW_ACCEPTLIST and any(C.ANSIBLE_COW_ACCEPTLIST): + self.cows_available = set(C.ANSIBLE_COW_ACCEPTLIST).intersection(self.cows_available) except Exception: # could not execute cowsay for some reason self.b_cowsay = False diff --git a/lib/ansible/utils/plugin_docs.py b/lib/ansible/utils/plugin_docs.py index 6522f76e95e..7dca58e4050 100644 --- a/lib/ansible/utils/plugin_docs.py +++ b/lib/ansible/utils/plugin_docs.py @@ -18,7 +18,7 @@ display = Display() # modules that are ok that they do not have documentation strings -BLACKLIST = { +REJECTLIST = { 'MODULE': frozenset(('async_wrapper',)), 'CACHE': frozenset(('base',)), } diff --git a/test/integration/targets/collections/collection_root_user/ansible_collections/testns/testcoll/plugins/callback/usercallback.py b/test/integration/targets/collections/collection_root_user/ansible_collections/testns/testcoll/plugins/callback/usercallback.py index c5b0f66abce..b534df2f2a4 100644 --- a/test/integration/targets/collections/collection_root_user/ansible_collections/testns/testcoll/plugins/callback/usercallback.py +++ b/test/integration/targets/collections/collection_root_user/ansible_collections/testns/testcoll/plugins/callback/usercallback.py @@ -16,7 +16,6 @@ class CallbackModule(CallbackBase): CALLBACK_VERSION = 2.0 CALLBACK_TYPE = 'aggregate' CALLBACK_NAME = 'usercallback' - CALLBACK_NEEDS_WHITELIST = True def __init__(self): diff --git a/test/integration/targets/collections/custom_vars_plugins/vars_req_whitelist.py b/test/integration/targets/collections/custom_vars_plugins/vars_req_whitelist.py deleted file mode 100644 index 0ab952735aa..00000000000 --- a/test/integration/targets/collections/custom_vars_plugins/vars_req_whitelist.py +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2019 RedHat, inc -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see . -############################################# -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -DOCUMENTATION = ''' - vars: vars_req_whitelist - version_added: "2.10" - short_description: load host and group vars - description: test loading host and group vars from a collection - options: - stage: - choices: ['all', 'inventory', 'task'] - type: str - ini: - - key: stage - section: vars_req_whitelist - env: - - name: ANSIBLE_VARS_PLUGIN_STAGE -''' - -from ansible.plugins.vars import BaseVarsPlugin - - -class VarsModule(BaseVarsPlugin): - - REQUIRES_WHITELIST = True - - def get_vars(self, loader, path, entities, cache=True): - super(VarsModule, self).get_vars(loader, path, entities) - return {'whitelisted': True, 'collection': False} diff --git a/test/integration/targets/collections/runme.sh b/test/integration/targets/collections/runme.sh index f5d08984080..61fc43f16cf 100755 --- a/test/integration/targets/collections/runme.sh +++ b/test/integration/targets/collections/runme.sh @@ -14,22 +14,23 @@ export INVENTORY_PATH="$ipath" echo "--- validating callbacks" # validate FQ callbacks in ansible-playbook -ANSIBLE_CALLBACK_WHITELIST=testns.testcoll.usercallback ansible-playbook noop.yml | grep "usercallback says ok" +ANSIBLE_CALLBACKS_ENABLED=testns.testcoll.usercallback ansible-playbook noop.yml | grep "usercallback says ok" # use adhoc for the rest of these tests, must force it to load other callbacks export ANSIBLE_LOAD_CALLBACK_PLUGINS=1 # validate redirected callback -ANSIBLE_CALLBACK_WHITELIST=formerly_core_callback ansible localhost -m debug 2>&1 | grep -- "usercallback says ok" +ANSIBLE_CALLBACKS_ENABLED=formerly_core_callback ansible localhost -m debug 2>&1 | grep -- "usercallback says ok" ## validate missing redirected callback -ANSIBLE_CALLBACK_WHITELIST=formerly_core_missing_callback ansible localhost -m debug 2>&1 | grep -- "Skipping callback plugin 'formerly_core_missing_callback'" +ANSIBLE_CALLBACKS_ENABLED=formerly_core_missing_callback ansible localhost -m debug 2>&1 | grep -- "Skipping callback plugin 'formerly_core_missing_callback'" ## validate redirected + removed callback (fatal) -ANSIBLE_CALLBACK_WHITELIST=formerly_core_removed_callback ansible localhost -m debug 2>&1 | grep -- "testns.testcoll.removedcallback has been removed" +ANSIBLE_CALLBACKS_ENABLED=formerly_core_removed_callback ansible localhost -m debug 2>&1 | grep -- "testns.testcoll.removedcallback has been removed" # validate avoiding duplicate loading of callback, even if using diff names -[ "$(ANSIBLE_CALLBACK_WHITELIST=testns.testcoll.usercallback,formerly_core_callback ansible localhost -m debug 2>&1 | grep -c 'usercallback says ok')" = "1" ] +[ "$(ANSIBLE_CALLBACKS_ENABLED=testns.testcoll.usercallback,formerly_core_callback ansible localhost -m debug 2>&1 | grep -c 'usercallback says ok')" = "1" ] # ensure non existing callback does not crash ansible -ANSIBLE_CALLBACK_WHITELIST=charlie.gomez.notme ansible localhost -m debug 2>&1 | grep -- "Skipping callback plugin 'charlie.gomez.notme'" +ANSIBLE_CALLBACKS_ENABLED=charlie.gomez.notme ansible localhost -m debug 2>&1 | grep -- "Skipping callback plugin 'charlie.gomez.notme'" + unset ANSIBLE_LOAD_CALLBACK_PLUGINS # adhoc normally shouldn't load non-default plugins- let's be sure -output=$(ANSIBLE_CALLBACK_WHITELIST=testns.testcoll.usercallback ansible localhost -m debug) +output=$(ANSIBLE_CALLBACK_ENABLED=testns.testcoll.usercallback ansible localhost -m debug) if [[ "${output}" =~ "usercallback says ok" ]]; then echo fail; exit 1; fi echo "--- validating docs" diff --git a/test/integration/targets/collections/vars_plugin_tests.sh b/test/integration/targets/collections/vars_plugin_tests.sh index 2118af6d2d9..9dddf321e5d 100755 --- a/test/integration/targets/collections/vars_plugin_tests.sh +++ b/test/integration/targets/collections/vars_plugin_tests.sh @@ -2,7 +2,7 @@ set -eux -# Collections vars plugins must be whitelisted with FQCN because PluginLoader.all() does not search collections +# Collections vars plugins must be enabled using the FQCN in the 'enabled' list, because PluginLoader.all() does not search collections # Let vars plugins run for inventory by using the global setting export ANSIBLE_RUN_VARS_PLUGINS=start @@ -33,7 +33,7 @@ grep '"collection": "collection_root_user"' out.txt grep '"adj_var": "value"' out.txt grep -v '"collection": "adjacent"' out.txt -# Test that 3rd party plugins in plugin_path do not need to require whitelisting by default +# Test that 3rd party plugins in plugin_path do not need to require enabling by default # Plugins shipped with Ansible and in the custom plugin dir should be used first export ANSIBLE_VARS_PLUGINS=./custom_vars_plugins @@ -42,15 +42,11 @@ ansible-inventory -i a.statichost.yml --list --playbook-dir=./ | tee out.txt grep '"name": "v2_vars_plugin"' out.txt grep '"collection": "collection_root_user"' out.txt grep '"adj_var": "value"' out.txt -grep -v '"whitelisted": true' out.txt -# Test plugins in plugin paths that opt-in to require whitelisting +# Test plugins in plugin paths that opt-in to require enabling unset ANSIBLE_VARS_ENABLED unset ANSIBLE_COLLECTIONS_PATH -ANSIBLE_VARS_ENABLED=vars_req_whitelist ansible-inventory -i a.statichost.yml --list --playbook-dir=./ | tee out.txt - -grep '"whitelisted": true' out.txt # Test vars plugins that support the stage setting don't run for inventory when stage is set to 'task' # and that the vars plugins that don't support the stage setting don't run for inventory when the global setting is 'demand' @@ -58,7 +54,6 @@ ANSIBLE_VARS_PLUGIN_STAGE=task ansible-inventory -i a.statichost.yml --list --pl grep -v '"v1_vars_plugin": true' out.txt grep -v '"v2_vars_plugin": true' out.txt -grep -v '"vars_req_whitelist": true' out.txt grep -v '"collection": "adjacent"' out.txt grep -v '"collection": "collection_root_user"' out.txt grep -v '"adj_var": "value"' out.txt @@ -66,7 +61,6 @@ grep -v '"adj_var": "value"' out.txt # Test that the global setting allows v1 and v2 plugins to run after importing inventory ANSIBLE_RUN_VARS_PLUGINS=start ansible-inventory -i a.statichost.yml --list --playbook-dir=./ | tee out.txt -grep -v '"vars_req_whitelist": true' out.txt grep '"v1_vars_plugin": true' out.txt grep '"v2_vars_plugin": true' out.txt grep '"name": "v2_vars_plugin"' out.txt diff --git a/test/integration/targets/lookup_config/tasks/main.yml b/test/integration/targets/lookup_config/tasks/main.yml index be185197b96..cda9aedc0d0 100644 --- a/test/integration/targets/lookup_config/tasks/main.yml +++ b/test/integration/targets/lookup_config/tasks/main.yml @@ -42,7 +42,7 @@ - name: Verify lookup_config assert: that: - - '"meow" in lookup("config", "ANSIBLE_COW_WHITELIST")' + - '"meow" in lookup("config", "ANSIBLE_COW_ACCEPTLIST")' - lookup_config_1 is failed - '"Unable to find setting" in lookup_config_1.msg' - lookup_config_2 is failed diff --git a/test/lib/ansible_test/_data/sanity/validate-modules/validate_modules/main.py b/test/lib/ansible_test/_data/sanity/validate-modules/validate_modules/main.py index 3b61f1f329b..38fe7d1db58 100644 --- a/test/lib/ansible_test/_data/sanity/validate-modules/validate_modules/main.py +++ b/test/lib/ansible_test/_data/sanity/validate-modules/validate_modules/main.py @@ -41,10 +41,9 @@ import yaml from ansible import __version__ as ansible_version from ansible.executor.module_common import REPLACER_WINDOWS from ansible.module_utils.common._collections_compat import Mapping -from ansible.module_utils._text import to_native from ansible.plugins.loader import fragment_loader from ansible.utils.collection_loader._collection_finder import _AnsibleCollectionFinder -from ansible.utils.plugin_docs import BLACKLIST, add_collection_to_versions_and_dates, add_fragments, get_docstring +from ansible.utils.plugin_docs import REJECTLIST, add_collection_to_versions_and_dates, add_fragments, get_docstring from ansible.utils.version import SemanticVersion from .module_args import AnsibleModuleImportError, AnsibleModuleNotInitialized, get_argument_spec @@ -65,11 +64,11 @@ if PY3: else: TRY_EXCEPT = ast.TryExcept -BLACKLIST_DIRS = frozenset(('.git', 'test', '.github', '.idea')) +REJECTLIST_DIRS = frozenset(('.git', 'test', '.github', '.idea')) INDENT_REGEX = re.compile(r'([\t]*)') TYPE_REGEX = re.compile(r'.*(if|or)(\s+[^"\']*|\s+)(?