diff --git a/changelogs/CHANGELOG-v2.10.rst b/changelogs/CHANGELOG-v2.10.rst index 9b5272d34c1..599ab9b2952 100644 --- a/changelogs/CHANGELOG-v2.10.rst +++ b/changelogs/CHANGELOG-v2.10.rst @@ -5,148 +5,13 @@ Ansible Base 2.10 "When the Levee Breaks" Release Notes .. contents:: Topics -v2.10.0rc4 -========== +v2.10.0 +======= Release Summary --------------- -| Release Date: 2020-07-30 -| `Porting Guide `__ - - -Minor Changes -------------- - -- default_callback - moving 'check_mode_markers' documentation in default_callback doc_fragment (https://github.com/ansible-collections/community.general/issues/565). - -Bugfixes --------- - -- Fix warning for default permission change when no mode is specified. Follow up to https://github.com/ansible/ansible/issues/67794. (CVE-2020-1736) -- Fixes ansible-test traceback when plugin author is not a string or a list of strings (https://github.com/ansible/ansible/pull/70507) -- Restore the ability for changed_when/failed_when to function with group_by (#70844). -- ansible-galaxy collection download - fix downloading tar.gz files and collections in git repositories (https://github.com/ansible/ansible/issues/70429) -- ansible-galaxy collection install - fix fallback mechanism if the AH server did not have the collection requested - https://github.com/ansible/ansible/issues/70940 -- ansible-test - Add ``pytest < 6.0.0`` constraint for managed installations on Python 3.x to avoid issues with relative imports. -- ansible-test - Change detection now properly resolves relative imports instead of treating them as absolute imports. -- ansible-test validate-modules - ``version_added`` on module level was not validated for modules in collections (https://github.com/ansible/ansible/pull/70869). -- ansible-test validate-modules - return correct error codes ``option-invalid-version-added`` resp. ``return-invalid-version-added`` instead of the wrong error ``deprecation-either-date-or-version`` when an invalid value of ``version_added`` is specified for an option or a return value (https://github.com/ansible/ansible/pull/70869). -- facts - fix incorrect UTC timestamp in ``iso8601_micro`` and ``iso8601`` -- lineinfile - fix not subscriptable error in exception handling around file creation -- reboot - Add support for the runit init system, used on Void Linux, that does not support the normal Linux syntax. - -v2.10.0rc3 -========== - -Release Summary ---------------- - -| Release Date: 2020-07-24 -| `Porting Guide `__ - - -Bugfixes --------- - -- reset logging level to INFO due to CVE-2019-14846. - -v2.10.0rc2 -========== - -Release Summary ---------------- - -| Release Date: 2020-07-23 -| `Porting Guide `__ - - -Bugfixes --------- - -- Stop adding the connection variables to the output results - -v2.10.0rc1 -========== - -Release Summary ---------------- - -| Release Date: 2020-07-23 -| `Porting Guide `__ - - -Minor Changes -------------- - -- Add an example for using var in with_sequence (https://github.com/ansible/ansible/issues/68836). -- Add standard Python 2/3 compatibility boilerplate to setup script, module_utils and docs_fragments which were missing them. -- Command module: Removed suggestions to use modules which have moved to collections and out of ansible-base -- The plugin loader now keeps track of the collection where a plugin was resolved to, in particular whether the plugin was loaded from ansible-base's internal paths (``ansible.builtin``) or from user-supplied paths (no collection name). -- ansible-galaxy - Add installation successful message -- ansible-galaxy - Change the output verbosity level of the download message from 3 to 0 (https://github.com/ansible/ansible/issues/70010) -- ansible-test - Provisioning of RHEL instances now includes installation of pinned versions of ``packaging`` and ``pyparsing`` to match the downstream vendored versions. -- ansible-test - Report the correct line number in the ``yamllint`` sanity test when reporting ``libyaml`` parse errors in module documentation. -- conditionals - change the default of CONDITIONAL_BARE_VARS to False (https://github.com/ansible/ansible/issues/70682). -- debconf - add a note about no_log=True since module might expose sensitive information to logs (https://github.com/ansible/ansible/issues/32386). -- pipe lookup - update docs for Popen with shell=True usages (https://github.com/ansible/ansible/issues/70159). - -Bugfixes --------- - -- **security issue** atomic_move - change default permissions when creating temporary files so they are not world readable (https://github.com/ansible/ansible/issues/67794) (CVE-2020-1736) -- Address the deprecation of the use of stdlib distutils in packaging. It's a short-term hotfix for the problem (https://github.com/ansible/ansible/issues/70456, https://github.com/pypa/setuptools/issues/2230, https://github.com/pypa/setuptools/commit/bd110264) -- Allow TypeErrors on Undefined variables in filters to be handled or deferred when processing for loops. -- Ansible output now uses stdout to determine column width instead of stdin -- Fix ``delegate_facts: true`` when ``ansible_python_interpreter`` is not set. (https://github.com/ansible/ansible/issues/70168) -- JSON Encoder - Ensure we treat single vault encrypted values as strings (https://github.com/ansible/ansible/issues/70784) -- Python module_utils finder - refactor logic to eliminate many corner cases, remove recursion, fix base module_utils redirections -- SSH plugin - Improve error message when ssh client is not found on the host -- Sanitize no_log values from any response keys that might be returned from the uri module. -- TaskExecutor - Handle unexpected errors as failed while post validating loops (https://github.com/ansible/ansible/issues/70050). -- Template connection variables before using them (https://github.com/ansible/ansible/issues/70598). -- Terminal plugins - add "\e[m" to the list of ANSI sequences stripped from device output -- The `ansible_become` value was not being treated as a boolean value when set in an INI format inventory file (fixes bug https://github.com/ansible/ansible/issues/70476). -- The machine-readable changelog ``changelogs/changelog.yaml`` is now contained in the release. -- Vault - Allow single vault encrypted values to be used directly as module parameters. (https://github.com/ansible/ansible/issues/68275) -- action plugins - change all action/module delegations to use FQ names while allowing overrides (https://github.com/ansible/ansible/issues/69788) -- add constraints file for ``anisble_runner`` test since an update to ``psutil`` is now causing test failures -- add magic/connection vars updates from delegated host info. -- ansible-doc - collection name for plugin top-level deprecation was not inserted when deprecating by version (https://github.com/ansible/ansible/pull/70344). -- ansible-doc - improve error message in text formatter when ``description`` is missing for a (sub-)option or a return value or its ``contains`` (https://github.com/ansible/ansible/pull/70046). -- ansible-doc - improve man page formatting to avoid problems when YAML anchors are used (https://github.com/ansible/ansible/pull/70045). -- ansible-doc - include the collection name in the text output (https://github.com/ansible/ansible/pull/70401). -- ansible-test - Do not try to validate PowerShell modules ``setup.ps1``, ``slurp.ps1``, and ``async_status.ps1`` -- ansible-test - The ``ansible-doc`` sanity test now works for ``netconf`` plugins. -- ansible-test - integration and unit test change detection now works for filter, lookup and test plugins -- ansible-test now always uses the ``--python`` option for ``virtualenv`` to select the correct interpreter when creating environments with the ``--venv`` option -- api - time.clock is removed in Python 3.8, add backward compatible code (https://github.com/ansible/ansible/issues/70649). -- apt - include exception message from apt python library in error output -- assemble - fix decrypt argument in the module (https://github.com/ansible/ansible/issues/65450). -- basic - use PollSelector implementation when DefaultSelector fails (https://github.com/ansible/ansible/issues/70238). -- collection metadata - ensure collection loader uses libyaml/CSafeLoader to parse collection metadata if available -- cron - encode and decode crontab files in UTF-8 explicitly to allow non-ascii chars in cron filepath and job (https://github.com/ansible/ansible/issues/69492) -- ensure delegated vars can resolve hostvars object and access vars from hostvars[inventory_hostname]. -- facts - account for Slackware OS with ``+`` in the name (https://github.com/ansible/ansible/issues/38760) -- fix issue with inventory_hostname and delegated host vars mixing on connection settings. -- if the ``type`` for a module parameter in the argument spec is callable, do not pass ``kwargs`` to avoid errors (https://github.com/ansible/ansible/issues/70017) -- pause - handle exception when there is no stdout (https://github.com/ansible/ansible/pull/47851) -- playbooks - detect and propagate failures in ``always`` blocks after ``rescue`` (https://github.com/ansible/ansible/issues/70000) -- shell - fix quoting of mkdir command in creation of remote_tmp in order to allow spaces and other special characters (https://github.com/ansible/ansible/issues/69577). -- splunk httpapi plugin - switch from splunk.enterprise_security to splunk.es in runtime.yml to reflect upstream change of Collection Name -- ssh connection plugin - use ``get_option()`` rather than ``_play_context`` to ensure ``ANSBILE_SSH_ARGS`` are applied properly (https://github.com/ansible/ansible/issues/70437) -- user - don't create home directory and missing parents when create_home == false (https://github.com/ansible/ansible/pull/70600). -- win setup - Fix redirection path for the windows setup module -- windows async - use full path when calling PowerShell to reduce reliance on environment vars being correct - https://github.com/ansible/ansible/issues/70655 -- winrm - preserve winrm forensic data on put_file failures - -v2.10.0b1 -========= - -Release Summary ---------------- - -| Release Date: 2020-06-17 +| Release Date: 2020-08-13 | `Porting Guide `__ @@ -172,8 +37,10 @@ Minor Changes - Add a new config parameter, WIN_ASYNC_STARTUP_TIMEOUT, which allows configuration of the named pipe connection timeout under Windows when launching async tasks. - Add a per-plugin stage option to override the global toggle to control the execution of individual vars plugins (per task, after inventory, or both). - Add an additional check for importing journal from systemd-python module (https://github.com/ansible/ansible/issues/60595). +- Add an example for using var in with_sequence (https://github.com/ansible/ansible/issues/68836). - Add new magic variable ``ansible_collection`` that contains the collection name - Add new magic variable ``ansible_role_name`` that contains the FQCN of the role +- Add standard Python 2/3 compatibility boilerplate to setup script, module_utils and docs_fragments which were missing them. - Added PopOS as a part of Debian OS distribution family (https://github.com/ansible/ansible/issues/69286). - Added hostname support for PopOS in hostname module. - Added openEuler OS in RedHat OS Family. @@ -187,6 +54,7 @@ Minor Changes - Ansible.ModuleUtils.WebRequest - Move username and password aliases out of util to avoid option name collision - Change order of arguments in ansible cli to use --ask-vault-password and --vault-password-file by default - CollectionRequirement - Add a metadata property to update and retrieve the _metadata attribute. +- Command module: Removed suggestions to use modules which have moved to collections and out of ansible-base - Enable Ansible Collections loader to discover and import collections from ``site-packages`` dir and ``PYTHONPATH``-added locations. - Enable testing the AIX platform as a remote OS in ansible-test - Flatten the directory hierarchy of modules @@ -204,6 +72,7 @@ Minor Changes - Simplify dict2items filter example in loop documentation (https://github.com/ansible/ansible/issues/65505). - Templating - Add globals to the jinja2 environment at ``Templar`` instantiation, instead of customizing the template object. Only customize the template object, to disable lookups. (https://github.com/ansible/ansible/pull/69278) - Templating - Add support to auto unroll generators produced by jinja2 filters, to prevent the need of explicit use of ``|list`` (https://github.com/ansible/ansible/pull/68014) +- The plugin loader now keeps track of the collection where a plugin was resolved to, in particular whether the plugin was loaded from ansible-base's internal paths (``ansible.builtin``) or from user-supplied paths (no collection name). - The results queue and counter for results are now split for standard / handler results. This allows the governing strategy to be truly independent from the handler strategy, which basically follows the linear methodology. - Update required library message with correct grammer in basic.py. - Updated inventory script location for EC2, Openstack, and Cobbler after collection (https://github.com/ansible/ansible/issues/68897). @@ -221,10 +90,12 @@ Minor Changes - ansible-doc - return values will be properly formatted (https://github.com/ansible/ansible/pull/69796). - ansible-galaxy - Add ``download`` option for ``ansible-galaxy collection`` to download collections and their dependencies for an offline install - ansible-galaxy - Add a `verify` subcommand to `ansible-galaxy collection`. The collection found on the galaxy server is downloaded to a tempfile to compare the checksums of the files listed in the MANIFEST.json and the FILES.json with the contents of the installed collection. +- ansible-galaxy - Add installation successful message - ansible-galaxy - Added the ability to display the progress wheel through the C.GALAXY_DISPLAY_PROGRESS config option. Also this now defaults to displaying the progress wheel if stdout has a tty. - ansible-galaxy - Added the ability to ignore further files and folders using a pattern with the ``build_ignore`` key in a collection's ``galaxy.yml`` (https://github.com/ansible/ansible/issues/59228). - ansible-galaxy - Allow installing collections from git repositories. - ansible-galaxy - Always ignore the ``tests/output`` directory when building a collection as it is used by ``ansible-test`` for test output (https://github.com/ansible/ansible/issues/59228). +- ansible-galaxy - Change the output verbosity level of the download message from 3 to 0 (https://github.com/ansible/ansible/issues/70010) - ansible-galaxy - Display message if both collections and roles are specified in a requirements file but can't be installed together. - ansible-galaxy - Install both collections and roles with ``ansible-galaxy install -r requirements.yml`` in certain scenarios. - ansible-galaxy - Requirement entries for collections now support a 'type' key to indicate whether the collection is a galaxy artifact, file, url, or git repo. @@ -246,9 +117,11 @@ Minor Changes - ansible-test - Added support for testing on Fedora 32. - ansible-test - General code cleanup. - ansible-test - Now includes testing support for RHEL 8.2 +- ansible-test - Provisioning of RHEL instances now includes installation of pinned versions of ``packaging`` and ``pyparsing`` to match the downstream vendored versions. - ansible-test - Refactor code to consolidate filesystem access and improve handling of encoding. - ansible-test - Refactored CI related logic into a basic provider abstraction. - ansible-test - Remove obsolete support for provisioning remote vCenter instances. The supporting services are no longer available. +- ansible-test - Report the correct line number in the ``yamllint`` sanity test when reporting ``libyaml`` parse errors in module documentation. - ansible-test - Support writing compact JSON files instead of formatting and indenting the output. - ansible-test - Update Ubuntu 18.04 test container to version 1.13 which includes ``venv`` - ansible-test - Update ``default-test-container`` to version 1.11, which includes Python 3.9.0a4. @@ -305,8 +178,11 @@ Minor Changes - blockinfile - Update module documentation to clarify insertbefore/insertafter usage. - callbacks - Allow modules to return `None` as before/after entries for diff. This should make it easier for modules to report the "not existing" state of the entity they touched. - combine filter - now accept a ``list_merge`` argument which modifies its behaviour when the hashes to merge contain arrays/lists. +- conditionals - change the default of CONDITIONAL_BARE_VARS to False (https://github.com/ansible/ansible/issues/70682). - config - accept singular version of ``collections_path`` ini setting and ``ANSIBLE_COLLECTIONS_PATH`` environment variable setting - core filters - Adding ``path_join`` filter to the core filters list +- debconf - add a note about no_log=True since module might expose sensitive information to logs (https://github.com/ansible/ansible/issues/32386). +- default_callback - moving 'check_mode_markers' documentation in default_callback doc_fragment (https://github.com/ansible-collections/community.general/issues/565). - distro - Update bundled version of distro from 1.4.0 to 1.5.0 - dnf - Properly handle idempotent transactions with package name wildcard globs (https://github.com/ansible/ansible/issues/62809) - dnf - Properly handle module AppStreams that don't define stream (https://github.com/ansible/ansible/issues/63683) @@ -319,6 +195,7 @@ Minor Changes - host_group_vars plugin - Require whitelisting and whitelist by default. - new magic variable - ``ansible_config_file`` - full path of used Ansible config file - package_facts.py - Add support for Pacman package manager. +- pipe lookup - update docs for Popen with shell=True usages (https://github.com/ansible/ansible/issues/70159). - plugin loader - Add MODULE_IGNORE_EXTS config option to skip over certain extensions when looking for script and binary modules. - powershell (shell plugin) - Fix `join_path` to support UNC paths (https://github.com/ansible/ansible/issues/66341) - regexp_replace filter - add multiline support for regex_replace filter (https://github.com/ansible/ansible/issues/61985) @@ -376,18 +253,24 @@ Security Fixes - **security_issue** - create temporary vault file with strict permissions when editing and prevent race condition (CVE-2020-1740) - Ensure we get an error when creating a remote tmp if it already exists. CVE-2020-1733 - In fetch action, avoid using slurp return to set up dest, also ensure no dir traversal CVE-2020-1735. +- Sanitize no_log values from any response keys that might be returned from the uri module (CVE-2020-14330). - ansible-galaxy - Error when install finds a tar with a file that will be extracted outside the collection install directory - CVE-2020-10691 Bugfixes -------- +- **security issue** atomic_move - change default permissions when creating temporary files so they are not world readable (https://github.com/ansible/ansible/issues/67794) (CVE-2020-1736) - ActionBase - Add new ``cleanup`` method that is explicitly run by the ``TaskExecutor`` to ensure that the shell plugins ``tmpdir`` is always removed. This change means that individual action plugins need not be responsible for removing the temporary directory, which ensures that we don't have code paths that accidentally leave behind the temporary directory. - Add example setting for ``collections_paths`` parameter to ``examples/ansible.cfg`` - Add missing gcp modules to gcp module defaults group - Added support for Flatcar Container Linux in distribution and hostname modules. (https://github.com/ansible/ansible/pull/69627) - Added support for OSMC distro in hostname module (https://github.com/ansible/ansible/issues/66189). +- Address compat with rpmfluff-0.6 for integration tests +- Address the deprecation of the use of stdlib distutils in packaging. It's a short-term hotfix for the problem (https://github.com/ansible/ansible/issues/70456, https://github.com/pypa/setuptools/issues/2230, https://github.com/pypa/setuptools/commit/bd110264) +- Allow TypeErrors on Undefined variables in filters to be handled or deferred when processing for loops. - Allow tasks to notify a fqcn handler name (https://github.com/ansible/ansible/issues/68181) - An invalid value is hard to track down if you don't know where it came from, return field name instead. +- Ansible output now uses stdout to determine column width instead of stdin - Ansible.Basic - Fix issue when setting a ``no_log`` parameter to an empty string - https://github.com/ansible/ansible/issues/62613 - Ansible.ModuleUtils.WebRequest - actually set no proxy when ``use_proxy: no`` is set on a Windows module - https://github.com/ansible/ansible/issues/68528 - AnsibleDumper - Add a representer for AnsibleUnsafeBytes (https://github.com/ansible/ansible/issues/62562). @@ -407,6 +290,7 @@ Bugfixes - Ensure that keywords defined as booleans are correctly interpreting their input, before patch any random string would be interpreted as False - Ensure we don't allow ansible_facts subkey of ansible_facts to override top level, also fix 'deprefixing' to prevent key transforms. - Fact Delegation - Add ability to indicate which facts must always be delegated. Primarily for ``discovered_interpreter_python`` right now, but extensible later. (https://github.com/ansible/ansible/issues/61002) +- Fix ``delegate_facts: true`` when ``ansible_python_interpreter`` is not set. (https://github.com/ansible/ansible/issues/70168) - Fix a bug when a host was not removed from a play after ``meta: end_host`` and as a result the host was still present in ``ansible_play_hosts`` and ``ansible_play_batch`` variables. - Fix an issue with the ``fileglob`` plugin where passing a subdirectory of non-existent directory would cause it to fail - https://github.com/ansible/ansible/issues/69450 - Fix case sensitivity for ``lookup()`` (https://github.com/ansible/ansible/issues/66464) @@ -421,8 +305,10 @@ Bugfixes - Fix regression when ``ansible_failed_task`` and ``ansible_failed_result`` are not defined in the rescue block (https://github.com/ansible/ansible/issues/64789) - Fix string parsing of inline vault strings for plugin config variable sources - Fix traceback when printing ``HostVars`` on native Jinja2 (https://github.com/ansible/ansible/issues/65365) +- Fix warning for default permission change when no mode is specified. Follow up to https://github.com/ansible/ansible/issues/67794. (CVE-2020-1736) - Fixed a bug with the copy action plugin where mode=preserve was being passed on symlink files and causing a traceback (https://github.com/ansible/ansible/issues/68471). - Fixed the equality check for IncludedFiles to ensure they are not accidently merged when process_include_results runs. +- Fixes ansible-test traceback when plugin author is not a string or a list of strings (https://github.com/ansible/ansible/pull/70507) - Fixes in network action plugins load from collections using module prefix (https://github.com/ansible/ansible/issues/65071) - Force collection names to be static so that a warning is generated because templating currently does not work (see https://github.com/ansible/ansible/issues/68704). - Handle empty extra vars in ansible cli (https://github.com/ansible/ansible/issues/61497). @@ -430,6 +316,7 @@ Bugfixes - Handle exception encountered while parsing the argument description in module when invoked via ansible-doc command (https://github.com/ansible/ansible/issues/60587). - Handle exception when /etc/shadow file is missing or not found, while operating user operation in user module (https://github.com/ansible/ansible/issues/63490). - HostVarsVars - Template the __repr__ value (https://github.com/ansible/ansible/issues/64128). +- JSON Encoder - Ensure we treat single vault encrypted values as strings (https://github.com/ansible/ansible/issues/70784) - Make netconf plugin configurable to set ncclient device handler name in netconf plugin (https://github.com/ansible/ansible/pull/65718) - Make sure if a collection is supplied as a string that we transform it into a list. - Misc typo fixes in various documentation pages. @@ -440,17 +327,26 @@ Bugfixes - Prevent rewriting nested Block's data in filter_tagged_tasks - Prevent templating unused variables for {% include %} (https://github.com/ansible/ansible/issues/68699) - Properly handle unicode in ``safe_eval``. (https://github.com/ansible/ansible/issues/66943) +- Python module_utils finder - refactor logic to eliminate many corner cases, remove recursion, fix base module_utils redirections - Remove a temp directory created by wait_for_connection action plugin (https://github.com/ansible/ansible/issues/62407). - Remove the unnecessary warning about aptitude not being installed (https://github.com/ansible/ansible/issues/56832). - Remove unused Python imports in ``ansible-inventory``. +- Restore the ability for changed_when/failed_when to function with group_by (#70844). - Role Installation - Ensure that a role containing files with non-ascii characters can be installed (https://github.com/ansible/ansible/issues/69133) - RoleRequirement - include stderr in the error message if a scm command fails (https://github.com/ansible/ansible/issues/41336) +- SSH plugin - Improve error message when ssh client is not found on the host - Skipping of become for ``network_cli`` connections now works when ``network_cli`` is sourced from a collection. +- Stop adding the connection variables to the output results - Strictly check string datatype for 'tasks_from', 'vars_from', 'defaults_from', and 'handlers_from' in include_role (https://github.com/ansible/ansible/issues/68515). - Strip no log values from module response keys (https://github.com/ansible/ansible/issues/68400) +- TaskExecutor - Handle unexpected errors as failed while post validating loops (https://github.com/ansible/ansible/issues/70050). - TaskQueueManager - Explicitly set the mutliprocessing start method to ``fork`` to avoid issues with the default on macOS now being ``spawn``. +- Template connection variables before using them (https://github.com/ansible/ansible/issues/70598). - Templating - Ansible was caching results of Jinja2 expressions in some cases where these expressions could have dynamic results, like password generation (https://github.com/ansible/ansible/issues/34144). +- Terminal plugins - add "\e[m" to the list of ANSI sequences stripped from device output +- The `ansible_become` value was not being treated as a boolean value when set in an INI format inventory file (fixes bug https://github.com/ansible/ansible/issues/70476). - The ansible-galaxy publish command was using an incorrect URL for v3 servers. The configuration for v3 servers includes part of the path fragment that was added in the new test. +- The machine-readable changelog ``changelogs/changelog.yaml`` is now contained in the release. - Update ActionBase._low_level_execute_command to honor executable (https://github.com/ansible/ansible/issues/68054) - Update the warning message for ``CONDITIONAL_BARE_VARS`` to list the original conditional not the value of the original conditional (https://github.com/ansible/ansible/issues/67735) - Use ``sys.exit`` instead of ``exit`` in ``ansible-inventory``. @@ -458,9 +354,13 @@ Bugfixes - Use hostnamectl command to get current hostname for host while using systemd strategy (https://github.com/ansible/ansible/issues/59438). - Using --start-at-task would fail when it attempted to skip over tasks with no name. - Validate include args in handlers. +- Vault - Allow single vault encrypted values to be used directly as module parameters. (https://github.com/ansible/ansible/issues/68275) - Vault - Make the single vaulted value ``AnsibleVaultEncryptedUnicode`` class work more like a string by replicating the behavior of ``collections.UserString`` from Python. These changes don't allow it to be considered a string, but most common python string actions will now work as expected. (https://github.com/ansible/ansible/pull/67823) - ``AnsibleUnsafe``/``AnsibleContext``/``Templar`` - Do not treat ``AnsibleUndefined`` as being "unsafe" (https://github.com/ansible/ansible/issues/65198) - account for empty strings in when splitting the host pattern (https://github.com/ansible/ansible/issues/61964) +- action plugins - change all action/module delegations to use FQ names while allowing overrides (https://github.com/ansible/ansible/issues/69788) +- add constraints file for ``anisble_runner`` test since an update to ``psutil`` is now causing test failures +- add magic/connection vars updates from delegated host info. - add parameter name to warning message when values are converted to strings (https://github.com/ansible/ansible/pull/57145) - add_host action now correctly shows idempotency/changed status - added 'unimplemented' prefix to file based caching @@ -472,6 +372,10 @@ Bugfixes - ansible command now correctly sends v2_playbook_on_start to callbacks - ansible-connection persists even after playbook run is completed (https://github.com/ansible/ansible/pull/61591) - ansible-doc - Allow and give precedence to `removed_at_date` for deprecated modules. +- ansible-doc - collection name for plugin top-level deprecation was not inserted when deprecating by version (https://github.com/ansible/ansible/pull/70344). +- ansible-doc - improve error message in text formatter when ``description`` is missing for a (sub-)option or a return value or its ``contains`` (https://github.com/ansible/ansible/pull/70046). +- ansible-doc - improve man page formatting to avoid problems when YAML anchors are used (https://github.com/ansible/ansible/pull/70045). +- ansible-doc - include the collection name in the text output (https://github.com/ansible/ansible/pull/70401). - ansible-doc now properly handles removed modules/plugins - ansible-galaxy - Default collection install path to first path in COLLECTIONS_PATHS (https://github.com/ansible/ansible/pull/62870) - ansible-galaxy - Display proper error when invalid token is used for Galaxy servers @@ -498,20 +402,26 @@ Bugfixes - ansible-galaxy - properly show the role description when running offline (https://github.com/ansible/ansible/issues/60167) - ansible-galaxy cli - fixed ``--version`` argument - ansible-galaxy collection - Preserve executable bit on build and preserve mode on install from what tar member is set to - https://github.com/ansible/ansible/issues/68415 +- ansible-galaxy collection download - fix downloading tar.gz files and collections in git repositories (https://github.com/ansible/ansible/issues/70429) +- ansible-galaxy collection install - fix fallback mechanism if the AH server did not have the collection requested - https://github.com/ansible/ansible/issues/70940 - ansible-galaxy role - Fix issue where ``--server`` was not being used for certain ``ansible-galaxy role`` actions - https://github.com/ansible/ansible/issues/61609 - ansible-galaxy- On giving an invalid subcommand to ansible-galaxy, the help would be shown only for role subcommand (collection subcommand help is not shown). With this change, the entire help for ansible-galaxy (same as ansible-galaxy --help) is displayed along with the help for role subcommand. (https://github.com/ansible/ansible/issues/69009) - ansible-inventory - Fix long standing bug not loading vars plugins for group vars relative to the playbook dir when the '--playbook-dir' and '--export' flags are used together. - ansible-inventory - Fix regression loading vars plugins. (https://github.com/ansible/ansible/issues/65064) - ansible-inventory - Properly hide arguments that should not be shown (https://github.com/ansible/ansible/issues/61604) - ansible-inventory - Restore functionality to allow ``--graph`` to be limited by a host pattern +- ansible-test - Add ``pytest < 6.0.0`` constraint for managed installations on Python 3.x to avoid issues with relative imports. +- ansible-test - Change detection now properly resolves relative imports instead of treating them as absolute imports. - ansible-test - Code cleanup. - ansible-test - Disabled the ``duplicate-code`` and ``cyclic-import`` checks for the ``pylint`` sanity test due to inconsistent results. +- ansible-test - Do not try to validate PowerShell modules ``setup.ps1``, ``slurp.ps1``, and ``async_status.ps1`` - ansible-test - Do not warn on missing PowerShell or C# util that are in other collections - ansible-test - Fix PowerShell module util analysis to properly detect the names of a util when running in a collection - ansible-test - Fix regression introduced in https://github.com/ansible/ansible/pull/67063 which caused module_utils analysis to fail on Python 2.x. - ansible-test - Fix traceback in validate-modules test when argument_spec is None. - ansible-test - Make sure import sanity test virtual environments also remove ``pkg-resources`` if it is not removed by uninstalling ``setuptools``. - ansible-test - Remove out-of-date constraint on installing paramiko versions 2.5.0 or later in tests. +- ansible-test - The ``ansible-doc`` sanity test now works for ``netconf`` plugins. - ansible-test - The ``import`` sanity test now correctly blocks access to python modules, not just packages, in the ``ansible`` package. - ansible-test - The ``import`` sanity test now correctly provides an empty ``ansible`` package. - ansible-test - The shebang sanity test now correctly identifies modules in subdirectories in collections. @@ -525,6 +435,7 @@ Bugfixes - ansible-test - during module validation, improve alias handling. - ansible-test - for local change detection, allow to specify branch to compare to with ``--base-branch`` for all types of tests (https://github.com/ansible/ansible/pull/69508). - ansible-test - improve ``deprecate()`` call checker. +- ansible-test - integration and unit test change detection now works for filter, lookup and test plugins - ansible-test can now install argparse with ``--requirements`` or delegation when the pip version in use is older than version 7.1 - ansible-test change detection - Run only sanity tests on ``docs/`` and ``changelogs/`` in collections, to avoid triggering full CI runs of integration and unit tests when files in these directories change. - ansible-test coverage - Fix the ``--all`` argument when generating coverage reports - https://github.com/ansible/ansible/issues/62096 @@ -539,6 +450,7 @@ Bugfixes - ansible-test no longer tracebacks during change analysis due to processing an empty python file - ansible-test no longer tries to install ``coverage`` 5.0+ since those versions are unsupported - ansible-test no longer tries to install ``setuptools`` 45+ on Python 2.x since those versions are unsupported +- ansible-test now always uses the ``--python`` option for ``virtualenv`` to select the correct interpreter when creating environments with the ``--venv`` option - ansible-test now correctly collects code coverage on the last task in a play. This should resolve issues with missing code coverage, empty coverage files and corrupted coverage files resulting from early worker termination. - ansible-test now correctly enumerates submodules when a collection resides below the repository root - ansible-test now correctly excludes the test results temporary directory when copying files from the remote test system to the local system @@ -585,6 +497,8 @@ Bugfixes - ansible-test now uses modules from the ``ansible.windows`` collection for setup and teardown of ``windows-integration`` tests and code coverage - ansible-test once again properly collects code coverage for ``ansible-connection`` - ansible-test validate-modules - Fix arg spec collector for PowerShell to find utils in both a collection and base. +- ansible-test validate-modules - ``version_added`` on module level was not validated for modules in collections (https://github.com/ansible/ansible/pull/70869). +- ansible-test validate-modules - return correct error codes ``option-invalid-version-added`` resp. ``return-invalid-version-added`` instead of the wrong error ``deprecation-either-date-or-version`` when an invalid value of ``version_added`` is specified for an option or a return value (https://github.com/ansible/ansible/pull/70869). - ansible-test validate-modules sanity test code ``missing-module-utils-import-c#-requirements`` is now ``missing-module-utils-import-csharp-requirements`` (fixes ignore bug). - ansible-test validate-modules sanity test code ``multiple-c#-utils-per-requires`` is now ``multiple-csharp-utils-per-requires`` (fixes ignore bug). - ansible-test validate-modules sanity test now checks for AnsibleModule initialization instead of module_utils imports, which did not work in many cases. @@ -596,9 +510,13 @@ Bugfixes - ansible-test windows coverage - Output temp files as UTF-8 with BOM to standardise against non coverage runs - ansible-vault - Fix ``encrypt_string`` output in a tty when using ``--sdtin-name`` option (https://github.com/ansible/ansible/issues/65121) - ansible-vault create - Fix exception on no arguments given +- api - time.clock is removed in Python 3.8, add backward compatible code (https://github.com/ansible/ansible/issues/70649). - apt - Fixed the issue the cache being updated while auto-installing its dependencies even when ``update_cache`` is set to false. +- apt - include exception message from apt python library in error output +- assemble - fix decrypt argument in the module (https://github.com/ansible/ansible/issues/65450). - assemble module - fix documentation - the remote_src property specified a default value of no but it's actually yes. - avoid fatal traceback when a bad FQCN for a callback is supplied in the whitelist (#69401). +- basic - use PollSelector implementation when DefaultSelector fails (https://github.com/ansible/ansible/issues/70238). - become - Fix various plugins that still used play_context to get the become password instead of through the plugin - https://github.com/ansible/ansible/issues/62367 - blockinfile - fix regression that results in incorrect block in file when the block to be inserted does not end in a line separator (https://github.com/ansible/ansible/pull/69734) - blockinfile - preserve line endings on update (https://github.com/ansible/ansible/issues/64966) @@ -606,6 +524,7 @@ Bugfixes - code - removes some Python compatibility code for dealing with socket timeouts in ``wait_for`` - collection loader - ensure Jinja function cache is fully-populated before lookup - collection loader - fixed relative imports on Python 2.7, ensure pluginloader caches use full name to prevent names from being clobbered (https://github.com/ansible/ansible/pull/60317) +- collection metadata - ensure collection loader uses libyaml/CSafeLoader to parse collection metadata if available - collection_loader - sort Windows modules below other plugin types so the correct builtin plugin inside a role is selected (https://github.com/ansible/ansible/issues/65298) - collections - Handle errors better for filters and tests in collections, where a non-existent collection is specified, or importing the plugin results in an exception (https://github.com/ansible/ansible/issues/66721) - combine filter - ``[dict1, [dict2]] | combine`` now raise an error; previously ``combine`` had an undocumented behaviour where it was flattening the list before combining it (https://github.com/ansible/ansible/pull/57894#discussion_r339517518). @@ -616,6 +535,7 @@ Bugfixes - core - remove unneeded Python version checks. - core - replace a compatibility import of pycompat24.literal_eval with ast.literal_eval. - core filters - fix ``extract()`` filter when key does not exist in container (https://github.com/ansible/ansible/issues/64957) +- cron - encode and decode crontab files in UTF-8 explicitly to allow non-ascii chars in cron filepath and job (https://github.com/ansible/ansible/issues/69492) - cron and cronvar - use get_bin_path utility to locate the default crontab executable instead of the hardcoded /usr/bin/crontab. (https://github.com/ansible/ansible/pull/59765) - cron cronvar - only run ``get_bin_path()`` once - cronvar - use correct binary name (https://github.com/ansible/ansible/issues/63274) @@ -634,16 +554,20 @@ Bugfixes - dnf - enable logging using setup_loggers() API in dnf-4.2.17-6 or later - dnf - remove custom ``fetch_rpm_from_url`` method in favor of more general ``ansible.module_utils.urls.fetch_file``. - dnf module - Ensure the modules exit_json['msg'] response is always string, not sometimes a tuple. +- ensure delegated vars can resolve hostvars object and access vars from hostvars[inventory_hostname]. - ensure we pass on interpreter discovery values to delegated host. - env lookup plugin - Fix handling of environment variables values containing utf-8 characters. (https://github.com/ansible/ansible/issues/65298) - fact gathering - Display warnings and deprecation messages that are created during the fact gathering phase +- facts - account for Slackware OS with ``+`` in the name (https://github.com/ansible/ansible/issues/38760) - facts - fix detection of virtualization type when dmi product name is KVM Server +- facts - fix incorrect UTC timestamp in ``iso8601_micro`` and ``iso8601`` - facts - introduce fact "ansible_processor_nproc" which reflects the number of vcpus available to processes (falls back to the number of vcpus available to the scheduler) - file - Removed unreachable code in module - file - change ``_diff_peek`` in argument spec to be the correct type, which is ``bool`` (https://github.com/ansible/ansible/issues/59433) - file - return ``'state': 'absent'`` when a file does not exist (https://github.com/ansible/ansible/issues/66171) - find - clarify description of ``contains`` (https://github.com/ansible/ansible/issues/61983) - fix issue in which symlinked collection cannot be listed, though the docs/plugins can be loaded if referenced directly. +- fix issue with inventory_hostname and delegated host vars mixing on connection settings. - fix wrong command line length calculation in ``ansible-console`` when long command inputted - for those running uids for invalid users (containers), fallback to uid= when logging fixes #68007 - free strategy - Include failed hosts when filtering notified hosts for handlers. The strategy base should determine whether or not to run handlers on those hosts depending on whether forcing handlers is enabled (https://github.com/ansible/ansible/issues/65254). @@ -656,12 +580,14 @@ Bugfixes - hostname - Fixed an issue where the hostname on the cloudlinux 6 server could not be set. - hostname - make module work on Manjaro Linux (https://github.com/ansible/ansible/issues/61382) - hurd - Address FIXMEs. Extract functionality and exit early. +- if the ``type`` for a module parameter in the argument spec is callable, do not pass ``kwargs`` to avoid errors (https://github.com/ansible/ansible/issues/70017) - include_vars - fix stack trace when passing ``dirs`` in an ad-hoc command (https://github.com/ansible/ansible/issues/62633) - interpreter discovery will now use correct vars (from delegated host) when in delegate_to task. - junit callback - avoid use of deprecated junit_xml method - lineinfile - add example of using alternative backrefs syntax (https://github.com/ansible/ansible/issues/42794) - lineinfile - don't attempt mkdirs when path doesn't contain directory path - lineinfile - fix bug that caused multiple line insertions (https://github.com/ansible/ansible/issues/58923). +- lineinfile - fix not subscriptable error in exception handling around file creation - lineinfile - properly handle inserting a line when backrefs are enabled and the line already exists in the file (https://github.com/ansible/ansible/issues/63756) - lineinfile - use ``module.tmpdir`` to allow configuration of the remote temp directory (https://github.com/ansible/ansible/issues/68218) - lineinfile - use correct index value when inserting a line at the end of a file (https://github.com/ansible/ansible/issues/63684) @@ -681,20 +607,27 @@ Bugfixes - paramiko_ssh - Removed redundant conditional statement in ``_parse_proxy_command`` that always evaluated to True. - paramiko_ssh - improve authentication error message so it is less confusing - paramiko_ssh - optimized file handling by using a context manager. +- pause - handle exception when there is no stdout (https://github.com/ansible/ansible/pull/47851) - pip - The virtualenv_command option can now include arguments without requiring the full path to the binary. (https://github.com/ansible/ansible/issues/52275) - pip - check_mode with ``state: present`` now returns the correct state for pre-release versioned packages +- playbooks - detect and propagate failures in ``always`` blocks after ``rescue`` (https://github.com/ansible/ansible/issues/70000) - plugins - Allow ensure_type to decrypt the value for string types (and implicit string types) when value is an inline vault. - psexec - Fix issue where the Kerberos package was not detected as being available. - psexec - Fix issue where the ``interactive`` option was not being passed down to the library. +- reboot - Add support for the runit init system, used on Void Linux, that does not support the normal Linux syntax. - reboot, win_reboot - add ``boot_time_command`` parameter to override the default command used to determine whether or not a system was rebooted (https://github.com/ansible/ansible/issues/58868) - remove update/restore of vars from play_context as it is now redundant. - replace use of deprecated functions from ``ansible.module_utils.basic``. +- reset logging level to INFO due to CVE-2019-14846. - roles - Ensure that ``allow_duplicates: true`` enables to run single role multiple times (https://github.com/ansible/ansible/issues/64902) - runas - Fix the ``runas`` ``become_pass`` variable fallback from ``ansible_runas_runas`` to ``ansible_runas_pass`` - service_facts - Now correctly parses systemd list-unit-files for systemd >=245 - setup - properly detect yum package manager for IBM i. - setup - service_mgr - detect systemd even if it isn't running, such as during a container build +- shell - fix quoting of mkdir command in creation of remote_tmp in order to allow spaces and other special characters (https://github.com/ansible/ansible/issues/69577). - shell cmd - Properly escape double quotes in the command argument +- splunk httpapi plugin - switch from splunk.enterprise_security to splunk.es in runtime.yml to reflect upstream change of Collection Name +- ssh connection plugin - use ``get_option()`` rather than ``_play_context`` to ensure ``ANSBILE_SSH_ARGS`` are applied properly (https://github.com/ansible/ansible/issues/70437) - synchronize - allow data to be passed between two managed nodes when using the docker connection plugin (https://github.com/ansible/ansible/pull/65698) - synchronize - fix password authentication on Python 2 (https://github.com/ansible/ansible/issues/56629) - sysctl - Remove FIXME comments to avoid confusion @@ -710,6 +643,7 @@ Bugfixes - update ``user`` module to support silencing ``no_log`` warnings in the future (see: https://github.com/ansible/ansible/pull/64733) - uri - Don't return the body even if it failed (https://github.com/ansible/ansible/issues/21003) - user - allow 13 asterisk characters in password field without warning +- user - don't create home directory and missing parents when create_home == false (https://github.com/ansible/ansible/pull/70600). - user - fix comprasion on macOS so module does not improperly report a change (https://github.com/ansible/ansible/issues/62969) - user - fix stack trace on AIX when attempting to parse shadow file that does not exist (https://github.com/ansible/ansible/issues/62510) - user - on systems using busybox, honor the ``on_changed`` parameter to prevent unnecessary password changing (https://github.com/ansible/ansible/issues/65711) @@ -717,10 +651,13 @@ Bugfixes - validate-modules - Fix hang when inspecting module with a delegate args spec type - virtual facts - detect generic container environment based on non-empty "container" env var - wait_for_connection - with pipelining enabled, interpreter discovery would fail if the first connection attempt was not successful +- win setup - Fix redirection path for the windows setup module - win_exec_wrapper - Be more defensive when it comes to getting unhandled exceptions - win_package - Handle quoted and unquoted strings in the registry ``UninstallString`` value - https://github.com/ansible/ansible/issues/40973 - win_uri win_get_url - Fix the behaviour of ``follow_redirects: safe`` to actual redirect on ``GET`` and ``HEAD`` requests - https://github.com/ansible/ansible/issues/65556 +- windows async - use full path when calling PowerShell to reduce reliance on environment vars being correct - https://github.com/ansible/ansible/issues/70655 - windows environment - Support env vars that contain the unicode variant of single quotes - https://github.com/ansible-collections/ansible.windows/issues/45 +- winrm - preserve winrm forensic data on put_file failures - yum - fix bug that caused ``enablerepo`` to not be honored when used with disablerepo all wildcard/glob (https://github.com/ansible/ansible/issues/66549) - yum - fixed the handling of releasever parameter - yum - performance bugfix, the YumBase object was being instantiated multiple times unnecessarily, which lead to considerable overhead when operating against large sets of packages. diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index fe8d42b2395..772c65bb199 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -1,5 +1,19 @@ ancestor: 2.9.0 releases: + 2.10.0: + changes: + bugfixes: + - Address compat with rpmfluff-0.6 for integration tests + release_summary: '| Release Date: 2020-08-13 + + | `Porting Guide `__ + + ' + codename: When the Levee Breaks + fragments: + - rpmfluff-compat-fixes.yml + - v2.10.0_summary.yaml + release_date: '2020-08-13' 2.10.0b1: changes: bugfixes: @@ -1556,8 +1570,6 @@ releases: - Python module_utils finder - refactor logic to eliminate many corner cases, remove recursion, fix base module_utils redirections - SSH plugin - Improve error message when ssh client is not found on the host - - Sanitize no_log values from any response keys that might be returned from - the uri module. - TaskExecutor - Handle unexpected errors as failed while post validating loops (https://github.com/ansible/ansible/issues/70050). - Template connection variables before using them (https://github.com/ansible/ansible/issues/70598). @@ -1646,6 +1658,9 @@ releases: | `Porting Guide `__ ' + security_fixes: + - Sanitize no_log values from any response keys that might be returned from + the uri module (CVE-2020-14330). codename: When the Levee Breaks fragments: - 32386_debconf_password.yml diff --git a/changelogs/fragments/v2.10.0_summary.yaml b/changelogs/fragments/v2.10.0_summary.yaml new file mode 100644 index 00000000000..65bf201a506 --- /dev/null +++ b/changelogs/fragments/v2.10.0_summary.yaml @@ -0,0 +1,3 @@ +release_summary: | + | Release Date: 2020-08-13 + | `Porting Guide `__ diff --git a/lib/ansible/release.py b/lib/ansible/release.py index 802b43a436b..4e8203be225 100644 --- a/lib/ansible/release.py +++ b/lib/ansible/release.py @@ -19,6 +19,6 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -__version__ = '2.10.0rc4.post0' +__version__ = '2.10.0' __author__ = 'Ansible, Inc.' __codename__ = 'When the Levee Breaks'