* Add the task info for tombstoned plugins
* Fix deprecation for 'include' by removing it from BUILTIN_TASKS which skip the plugin loader lookup
* changelog
remove obsolete unit test using 'include'
* Update changelogs/fragments/improve-tombstone-error.yml
(cherry picked from commit caa86cc4df)
* dnf: fix installing a package based the file it provides (#82744)
Fixes#82461
(cherry picked from commit a28709f92d)
* dnf: utilize the API for the installed checks (#82725)
Fixes#71808Fixes#76463Fixes#81018
(cherry picked from commit f1ded0f417)
* setup_rpm_repo/create_repo: "Arch dependent binaries in noarch package" (#83108)
This fixes "Arch dependent binaries in noarch package" error cause by
including files created by make_elf function in noarch packages. While the
error only manifests itself on EL 7 and 8 it is better to use files
suitable for noarch packages to prevent the error potentially
re-occuring in the future.
(cherry picked from commit 87bead3dcf)
* Fix installing roles containing symlinks
Fix sanitizing tarfile symlinks relative to the link directory instead of the archive
For example:
role
├── handlers
│ └── utils.yml -> ../tasks/utils/suite.yml
The link ../tasks/utils/suite.yml will resolve to a path outside of the link's directory, but within the role
role/handlers/../tasks/utils/suite.yml
the resolved path relative to the role is tasks/utils/suite.yml, but if the symlink is set to that value, tarfile would extract it from role/handlers/tasks/utils/suite.yml
* Replace overly forgiving test case with tests for a symlink in a subdirectory of the archive and a symlink in the archive dir when these are not equivalent.
* Build test case from role files to make it easier to add test cases
Fixes#82702Fixes#81965Fixes#82051
(cherry picked from commit e84240db84)
* Fixes permission for cache json file from 600 to 644 (#82761)
Until ansible-core 2.12 the facts cache file created by this module, have permission set as 644 which allows the other users to read the cache, since ansible-core 2.13, we create the temporary file, but we do not set the permission after renaming the temporary file. Adding the line to set the permission to allow other users/groups to read this file.
* [bp-2.16] Fixes permission for cache json file to 644
Until ansible-core 2.12 the facts cache file created by this module, have permission set as 644 which allows the other users to read the cache, since ansible-core 2.13, we create the temporary file, but we do not set the permission after renaming the temporary file. Adding the line to set the permission to allow other users/groups to read this file.
---------
Co-authored-by: Rudnei Bertol Junior <rudnei@redhat.com>
* dnf5: replace removed API calls (#83020)
* dnf5: replace removed API calls
bfb6f32e1596c9188f9c
* call set_group_with_name instead of setting group_with_name
c7b88428f3
---------
Co-authored-by: Matt Martz <matt@sivel.net>
(cherry picked from commit 4e57249d59)
* Fallbacks for brand new APIs that don't exist in released dnf5 (#83022)
(cherry picked from commit 57750e2cf7)
---------
Co-authored-by: Matt Martz <matt@sivel.net>
* Allow check mode async task disabling check_mode
Allows running an async task with check_mode: False when the playbook is
being run in check mode.
* Add check_mode attribute to internal cleanup task
(cherry picked from commit c9086061ca)
When using winrm over HTTP with message encryption enabled and a task
has timed out the connection plugin will fail to cleanup the WinRM
command. This will change that exception into a warning as a timeout is
already an exception event and a failure to clean the operation should
not override the timeout error shown.
(cherry picked from commit 8aecd1f9b2)
* centralize and complete the internal static vars
These vars are internal and should not be overridden nor templated
from inventory nor hostvars.
(cherry picked from commit 8704b9fc29)
allow_duplicates is not part of the role uniqueness, so the value on the cached role may not match the current role.
* remove the allow_duplicates check from Role.has_run() which operates on the deduplicated role
* check the current role's allow_duplicates value in the strategy
(cherry picked from commit b3d8cdde5d)
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
Add explicit error when the calculated dest path for fetch becomes a
local directory. The existing behaviour will not be checked unlike when
the path did not end with a trailing slash.
(cherry picked from commit 179bc1dabd)
If the connection plugin fails to write the data to run to stdin we will
only attempt to get the output with one operation attempt. If this times
out we will consider the command to have failed and raise an exception
instead of forever attempting to get the output.
(cherry picked from commit 942424e10b)
* Changes as suggested by sivel
* Add changelog fragment and tests
Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
(cherry picked from commit 48bed1e15a)
Co-authored-by: tachyontec <92679798+tachyontec@users.noreply.github.com>
Jinja may generate an invalid Python source code from a template. Trying
to compile such source code into a Python code object results in
SyntaxError being thrown. An example of such a template is providing the
same keyword argument into a lookup twice, resulting in:
`SyntaxError: keyword argument repeated`.
Since `jinja2.exceptions.TemplateSyntaxError` does not cover such a
case, as it is not a Jinja parsing error, we need to catch SyntaxError
explicitly ourselves.
Fixes#82606
(cherry picked from commit 6d34eb88d9)
* Fix loading legacy vars plugins when the plugin loader cache is reset
* Remove extra cache layer by ensuring vars plugin names are cached (stateless or not) so that the plugin loader cache can double as the load order
(cherry picked from commit 13e6d8487a)
* lookups, make file searching use better is_role
The dwim function will internally try by detecting tasks/main['','.yml','.yaml]
but this is far from optimial, the existince of role path in vars is much better
indicator that we can use to pass a hint
* updated test to avoid main.yml
(cherry picked from commit a9919dd7f6)
* Role fixes (#82339)
* Various fixes to roles
- static property is now properly set
- role_names and other magic vars now have full list
- role public/private var loading is now done when adding to play.roles instead of on each var query
- added tests
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 55065c0042)
* import_role does not get public until next version
* Remove role name conversion based on whether the repo name starts with
ansible-role
This was added in 2.3 to match the Galaxy ui behavior of truncating the
'ansible-role-' prefix automatically, but the new backend requires an
alternate name to be provided or defined in the ``galaxy_info``
metadata.
Roles that were imported using the ansible-role-$name convention will
need to use ``--role-name`` or add ``role_name`` to the ``galaxy_info``
dictionary in ``meta/main.yml``.
changelog
* Update changelogs/fragments/fix-default-ansible-galaxy-role-import-name.yml
* Update changelogs/fragments/fix-default-ansible-galaxy-role-import-name.yml
Co-authored-by: flowerysong <junk+github@flowerysong.com>
---------
Co-authored-by: flowerysong <junk+github@flowerysong.com>
(cherry picked from commit d7be3824fe)
Set the tarfile attribute to a normalized value from unfrackpath instead
of validating path parts and omiting potentially invald parts
Allow tarfile paths/links containing '..', '$', '~' as long as the
normalized realpath is in the tarfile's role directory
(cherry picked from commit 3a42a00368)
* Allow older pickle protocols to pickle unsafe classes. Fixes#82356
* Address issues when iterating or getting single index from AnsibleUnsafeBytes. Fixes#82375
* clog frag
* Ensure that unsafe is more difficult to lose
* Add Task.untemplated_args, and switch assert over to use it
* Don't use re in first_found, switch to using native string methods
* If nested templating results in unsafe, just error, don't continue
* ci_complete
* wait_for, fallback to read for non mmapable files (#82064)
* also handle oserror, added debug jic
(cherry picked from commit 8b102dca4a)
* skip problem versions
* ansible-pull added missing pasthrough for secrets
Both become and connection password file options were missing.
Also added test
(cherry picked from commit 99e0d25857)
for j2 plugins dedupe on path and not basename
for j2 this is a container file , for other plugins file name == plugin name
(cherry picked from commit b4566c18b3)
When templating tags (which happens outside of standard `post_validate`) we
need to template each object in the inheritance chain and set the templated
values on those objects individually. That way when `task.tags` is called the
`extend` functionality properly picks up the templated values of all
parents into one flatten list.
Fixes#81053
(cherry picked from commit 9b3ed5e)
Provide a better error message when encountering a YAML requirements file that is not a dictionary or list.
Fixes: #81901
(cherry picked from commit 8a5ccc9d63)
* Improve host_group_vars efficiency:
* normalize the basedir with `os.path.realpath()` once and cache it
* cache missing paths/files
* reduce the calls to `isinstance`
Add a couple more general improvements in vars/plugins.py get_vars_from_path():
* call `PluginLoader.all()` once for vars plugins and reload specific
plugins subsequently
* don't reload legacy/builtin vars plugins that are not enabled
Add a test for host_group_vars and legacy plugin loading
Co-authored-by: Matt Davis <mrd@redhat.com>
* changelog
* Add a new is_stateless attribute to the vars plugin baseclass
update integration tests to be quieter and use the same test pattern
Fix deprecation and adjust test that didn't catch the issue (deprecation only occured when the value was False)
move realpath cache to host_group_vars (do not smuggle call state as instance data)
refactor under a single 'if cache:' statement
Call os.path.isdir instead of always calling os.path.exists first. Just call os.path.exists to differentiate between missing and non-directory.
remove call to super(VarsModule, self).get_vars()
use the entity name as the cache key instead of variable location
Remove isinstance checks and use a class attribute just in case any plugins are subclassing Host/Group
Replace startswith by checking index 0 of the name instead, since host/group names are required
* rename is_stateless to cache_instance to make it more clear what it does
* add plugin instance cache using the path to plugin loader
reduce loading stage option if a new instance isn't created
don't require a known subdir on PluginLoader instantiation for backwards
compatibility
rename attribute again
contain reading from/initializing cached instances to a plugin loader method
* Deprecate v2 vars plugins
* Refactor to use the cache in existing plugin loader methods
Rename the attribute again
Refactor host_group_vars with requested changes
Make changelog a bugfixes fragment
Add a deprecation fragment for v2 vars plugins.
Add type hints
* unbreak group_vars
* Apply suggestions from code review
* misc tweaks
* always cache instance by both requested and resolved FQ name
* add lru_cache to stage calculation to avoid repeated config consultation
* handle KeyError from missing stage option
---------
Co-authored-by: Matt Davis <mrd@redhat.com>
(cherry picked from commit debf2be913)
* Import role public (#81772)
revert to previous behavior to push vars to play at compile time
add `public` parameter to allow per import control of exporting (vs just the global config)
Co-authored-by: tchernomax <maxime.deroucy@gmail.com>
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
(cherry picked from commit ab6a544e86)
* adapted to prev version
- removed new functionality
- restored global config functioning overriding specific public option
* remove typoe
* quote it
PR #81606.
Prior to this patch, when `--pre` CLI flag was not passed, the
dependency resolver would treat concrete collection dependency
candidates (Git repositories, subdirs, tarball URLs, or local dirs or
files etc) as not meeting the requirements.
This patch makes it so pre-releases in any concrete artifact
references, and the ones being specifically pinned dependencies or
user requests, met anywhere in the dependency tree, are allowed
unconditionally.
This is achieved by moving the pre-release check from
`is_satisfied_by()` to the `find_matches()` hook, following the
Pip's example.
As a bonus, this change also fixes the situation when a collection
pre-releases weren't considered if it didn't have any stable releases.
This now works even if `--pre` wasn't requested explicitly.
Finally, this patch partially reverts commit
6f4b4c345b, except for the tests. And it
also improves the `--pre` hint warning to explain that it mostly
affects Galaxy/Automation Hub-hosted collection releases.
Ref #73416
Ref #79112Fixes#79168Fixes#80048Resolves#81605
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
(cherry picked from commit 7662a05085)
* Symlinks in the collection might be pointing to non-existent
targets. Check and report the failure to the user.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* when --diff is used with content parameter, print destination
path instead of temporary file path.
Fixes: #79749
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* If all tasks in the role are skipped or unreachable, the role is not marked as complete for the host.
* Only mark the role as complete if a task in the role succeeds or fails for the host.
The `handler_templar` in `StrategyBase._process_pending_results` was
used for templating handler names which is no longer the case. Now it is
only used for templating `changed_when`/`failed_when`. To prevent
re-creating templars each time results are processed, just create it
on-demand when whens are processed.
* Before performing shredding the original file, check if the
destination file location is writable or not. This will
prevent corruption of original file.
Fixes: #81455
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add type hints to ansible.utils.display::Display
Fixes#80841
* Avoid circular import
* Fix sanity
* type hint some of the functions of the module?
* Fix units
* Not sure about this
* Fix some of the issues from reviews
* Add changelog
* ...
* Update lib/ansible/utils/display.py
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* remove py2 boilerplate
---------
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Sloane Hertel