Commit Graph

5888 Commits (0cf5666778a3e33ac3abd1c9b99e5097d324c715)

Author SHA1 Message Date
Matt Martz 0cf5666778
[stable-2.10] allow env to override unspecified unsafe_writes (#73282) (#75396)
* allow env var for fallback value for unspecified unsafe_writes
(cherry picked from commit c7d4acc)

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
3 years ago
René Moser 3ee1694dfe
[2.10] get_url: Fix checksum binary validation (#74674)
* get_url: Handle same SHA sum for downloaded files (#71435)

Fixes: #71420

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 159544610e)

* modules: get_url: Fix checksum binary validation (#74502)

From the sha512sum man page:

... The default mode is to print a line with checksum, a character indicating type ('*' for binary, ' ' for text), and name for each FILE.

(cherry picked from commit 403a5d147d)

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
3 years ago
Abhijeet Kasurde e0cb0671af
[bp-2.10] get_url - Allow checksum file to be local file:// (#75052)
This would be a partial solution for #69364 in that the
SHASUMS file can be downloaded and gpg verified but then
used from the downloaded location to verify the get_url's file.

* Make checksum url parsing more explicit

Use urlsplit to test if the checksum string has a (currently tested and) supported url scheme.

(cherry picked from commit eb8b3a8479)

Co-authored-by: Edwin Hermans <edwin@madtech.cx>
3 years ago
Sloane Hertel e30ffb8499
[2.10] Fix using module-specific module_defaults in action plugins (#74850)
* Use the module redirect_list when getting defaults for action plugins (#73864)

* Fix module-specific defaults in the gather_facts, package, and service action plugins.

* Handle ansible.legacy actions better in get_action_args_with_defaults

* Add tests for each action plugin

* Changelog

Fixes #72918

(cherry picked from commit 5640093f1c)

* Fix tests for < 3.8

(cherry picked from commit 267b7215b3)
3 years ago
Brian Coca 8aa850e357
fix unsafe preservation across newlines (#74960) (#74975)
CVE-2021-3583
  ensure we always have unsafe

Co-authored-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 4c8c40fd3d)
4 years ago
Sam Doran ee4e3564f0 [stable-2.10] Remove leftover test file from incidental_setup_rabbitmq removal 4 years ago
elara-leitstellentechnik 2b29428f22
[2.10] Do not remove non-empty cron tabs (#74697)
* Only remove crontabs if they are empty

(cherry picked from commit fefda12827)

* Add integration test to ensure system cron tab doesn't get removed. Increase cron integration tests separation.

(cherry picked from commit 1e37fa86b4)

* Also detect crontab which only contains whitespace as empty.

(cherry picked from commit 4b69c8f501)

* cron integration test: Adjust system crontab path to be distribution specific.

(cherry picked from commit 70be3730db)

* Add changelog fragment for #74497.

(cherry picked from commit c606b50a3d)

Co-authored-by: Fabian Klemp <fabian.klemp@elara-gmbh.de>
4 years ago
David Shrewsbury 62d69fc724
Fix fileglob parameter order bug (#72879) (#72904)
(cherry picked from commit fe17cb6eba)
4 years ago
Sam Doran c34bfc58cc [stable-2.10] Remove incidental_setup_rabbitmq integration test
All tests using this have been removed..
(cherry picked from commit 8d3dce49bf)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Matt Clay a28aa38f6c Remove incidental_lookup_rabbitmq test.
It is no longer contributing unique code coverage.

(cherry picked from commit 26e8c07f32)
4 years ago
Sam Doran d1978c64e8
[stable-2.10] Remove incidental Azure tests (#74681) 4 years ago
Sam Doran b345760393 [stable-2.10] CI and compat fixes for Jinja2 >= 3.0 (#74666)
* Add constraint for MarkupSafe

MarkupSafe >= 2.0.0 requires Python >= 3.6.0. Add a constraint for older Python versions
and fix the `groupby_filter` test.

* Fix template_jinja2_latest test.

* patch filter decorators on newer Jinja2

* Jinja2 >= 3.0 renames several filter decorators used by Ansible itself, as well as by filters in collections. This patch ensures that the old names are usable within Ansible and by collections without warnings or errors.

* Ignore docs-build issues.

Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Davis <mrd@redhat.com>.
(cherry picked from commit f99d024851)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Sam Doran b69a23fe0e
[stable-2.10] incidental_setup_rabbitmq test - Use official repo for rabbitmq-erlang (#74452)
Previously it was hosted on bintray, but that service is shutting down on May 1. Using the new
repository also required using a newer version of RabbitMQ..
(cherry picked from commit 62cba4a6ad)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Martin Krizek 316dbd50ed
Prevent ansible_failed_task from further templating (#74290) (#74307)
(cherry picked from commit 664531d7d6)
4 years ago
Martin Krizek 115e5998f4
Actually run blocks/finalized_task test (#74291) (#74311)
(cherry picked from commit 7fecb7ccc3)
4 years ago
Matt Davis 768f3d75f9
Map Debian 8 to Python 2 (#74152) (#74360)
If Python 3 is installed on Debian 8 Ansible cannot run, as the version
is too old (3.4)

* Add integration test for python interpreter discovery on Debian 8
* fix test issue on Debian 9, add changelog
* un"fix" not broken test :D

Co-authored-by: Fabian Klemp <fabian.klemp@elara-gmbh.de>
Co-authored-by: Matt Davis <mrd@redhat.com>
(cherry picked from commit 437a08eb6d)

Co-authored-by: elara-leitstellentechnik <elara-leitstellentechnik@users.noreply.github.com>
4 years ago
Brian Coca 9f74f0663a
Nonfatal facts (#73804) (#73830)
continue with local facts vs at script error
 actually capture execution errors
 better error messages in general
 add more local facts tests

 fixes #52427

(cherry picked from commit 9db557e431)
4 years ago
Brian Coca 1995b1b6e0
find - set proper default based on use_regex (#73961) (#73965)
When using "use_regex: yes" and setting an excludes: without
specifying a pattern: the existing code passes the file-glob '*' to
the regex matcher.  This results in an internal invalid-regex
exception being thrown.

This maintains the old semantics of a default match-all for pattern:
but switches the default to '.*' when use_regex is specified.

The code made sense as-is before excludes: was added (2.5).  In that
case, it made no sense to set use_regex but *not* set a pattern.
However, with excludes: it now makes sense to only want to exclude a
given regex but not specify a specific matching pattern.

Closes: #50067

* moved change to new location
added changelog

* Update lib/ansible/modules/find.py

Co-authored-by: Ian Wienand <iwienand@redhat.com>
(cherry picked from commit 089d0a0508)

* Fix up bad rebase, nuke duplicate "elements:" lines

Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Brian Coca 7683dfb727
Fix setup subset (#74022) (#74047)
* fix error msg on bad subset
* added test
* handle more raised but not handled fact exceptions

(cherry picked from commit 4a82e2c486)

* Update fix_setup_bad_subset.yml

Co-authored-by: Rick Elrod <rick@elrod.me>
4 years ago
Brian Coca adae63e053
Fix debug factsetter (#74067) (#74084)
* Fix debug factsetter (#74067)

* prevent debug from setting namespaced facts as tlv
* also added tests

(cherry picked from commit f9f839fa08)

* Update debug_dont_set_facts.yml

Co-authored-by: Rick Elrod <rick@elrod.me>
4 years ago
Brian Coca 69d18e61ed
module output is only json objects (#73765) (#73777)
remove json lists as they are not valid from modules
 fixes #73744

(cherry picked from commit 43300e2279)
4 years ago
Matt Davis 51852557df
add optional module_utils import support (#73832) (#73918)
Treat core and collections module_utils imports nested within any Python block statement (eg, `try`, `if`) as optional. This allows Ansible modules to implement runtime fallback behavior for missing module_utils (eg from a newer version of ansible-core), where previously, the module payload builder would always fail when unable to locate a module_util (regardless of any runtime behavior the module may implement).

* sanity test fixes

(cherry picked from commit 3e1f6484d7)
4 years ago
Sloane Hertel 7ce0b390b2
Fix a bug adding unrelated candidates to the plugin loader redirect_list (#73863) (#73958)
* Add tests for the redirect list

  * test redirect list for builtin module
  * test redirect list for redirected builtin module
  * test redirect list for collection module
  * test redirect list for redirected collection module
  * test redirect list for legacy module

* changelog

(cherry picked from commit 48c0fbd1cb)
4 years ago
Matt Martz f01227ea42
[stable-2.10] Ensure task from the worker is finalized/squashed (#73881) (#73928)
* Ensure task from the worker is finalized/squashed. Fixes #57399. Fixes #49942
(cherry picked from commit 832631b)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Sam Doran e29a78104f [stable-2.10] dnf test - update libmodulemd when updating python3-dnf (#74025)
The dependency version is set too low in the latest version of the package.

https://bugzilla.redhat.com/show_bug.cgi?id=1942236
(cherry picked from commit fa1b52ce55)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Brian Coca df5d595984
Don't fail for mixed typed keys (#73726) (#73776)
but warn that content cound not be sorted because of this

* added tests

(cherry picked from commit 527bff6b79)
4 years ago
Abhijeet Kasurde 9a86f8c10e
[2.10][InventoryManager] Fix two unhandled exceptions (#73798)
Change:
- Fix regression: unhandled exception when given inventory directory
  is empty or contains empty subdirectories.
- Fix unhandled exception when limit file is actually a directory
  instead of a file.
- Fix inventory tests which previously could never fail due to missing
  `set -e`. Fixed up tests that failed after `set -e` was added. Added
  several tests.

Test Plan:
- New tests
- Fixed existing tests which previously could never fail

Tickets:
- Fixes #73658

Signed-off-by: Rick Elrod <rick@elrod.me>
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit fa046d302c)

Co-authored-by: Rick Elrod <rick@elrod.me>
4 years ago
Matt Martz 65037d4781
[stable-2.10] Normalize ConfigParser between Python2 and Python3 (#73715) (#73723)
* [stable-2.10] Normalize ConfigParser between Python2 and Python3 (#73715)

* Normalize config parser between py2 and py3

* Add tests and changelog

* Use different config entry, since we supply certain env vars
(cherry picked from commit 950ab74)

* Update config entry
4 years ago
Sloane Hertel 3e95e3c0a0
galaxy: Handle ignored directory names in role skeleton (#72035) (#73806)
* galaxy: restore left hand slicing in assignment

Fix 'ansible-galaxy role init --role-skeleton=role-skeleton' when the role skeleton
contains an ignored directory.

The issue was because the 'dirs' variable was changed to reference a different list,
but needs to be mutated instead to stop os.walk from traversing ignored directories.

Fixes: #71977

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit eb72c36a71)

Co-authored-by: manas-init <70483021+manas-init@users.noreply.github.com>
4 years ago
Sloane Hertel ece31e1b51
[2.10] find module - stop dir traversal when depth is exceeded (#73808)
* find module - stop traversing directories with os.walk when depth is already exceeded (#73718)

(cherry picked from commit 8628c12f30)

* Update tests since there are fewer prior tasks creating files/directories
4 years ago
Alexander Sowitzki ab8bbe269d
[stable-2.10] Let vault lookup output unicode string. (#73571) (#73573)
Until now, the lookup plugin returned a byte string.
Changed this to output a unicode string instead.
(cherry picked from commit d0fda3e901)

Co-authored-by: Alexander Sowitzki <asowitzk@redhat.com>
4 years ago
Brian Coca 2f51105936
only add data when there is data to add (#54559) (#73566)
Only add data when there is data to add

  also avoid clobbering existing data with empty file
  fixes #45843

* remove redundant code, update comments
* fix mock dataloader, original does not return None
* added test

(cherry picked from commit ec8a556538)
4 years ago
Matt Martz d720a5e42c
[stable-2.10] Don't treat host_pinned as lockstep (#73484) (#73504)
* [stable-2.10] Don't treat host_pinned as lockstep (#73484)

* Don't treat host_pinned as lockstep. Fixes #73364

* Add intg tests.
(cherry picked from commit d3f3784b86)

Co-authored-by: Matt Martz <matt@sivel.net>

* Make non-lockstep callback tests more deterministic (#73511)

(cherry picked from commit 125c220343)
4 years ago
Matt Clay b998f7050b
[stable-2.10] Fix ansible-test handling of egg-info. (#73595)
* Add test to verify pkg_resources imports work.

(cherry picked from commit 133a29acb4)

* [stable-2.10] Fix ansible-test handling of egg-info.

Resolves https://github.com/ansible/ansible/issues/67990.
(cherry picked from commit d092356fc5)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Sam Doran a5f0bc0165 Update signing key used in incidental_setup_flatpak_remote tests
The original key was created using the default expiration time of two years.
Signed the repo again using a key that expires in twenty years.
4 years ago
Matt Clay aedc7301f6
[stable-2.10] Temporary fix for cryptography issues. (#73530). (#73533)
(cherry picked from commit 1a2da990a4)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Sam Doran f9572a377d
[stable-2.10] pause - adjust warning when run in background (#73182) (#73231)
When the pause module is run in the background and seconds parameter is provided,
do not warn.

* Add tests
* Fix existing tests
  The test wasn't failing when it should have.
(cherry picked from commit 0e6c334115)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Brian Coca 3ef061bdc4
Use a pty for local connections (#73023) (#73281)
Fixes #38696

Co-authored-by: James Cammarata <jimi@sngx.net>
(cherry picked from commit 30d93995dd)
4 years ago
Brian Coca 9478b59da5
fix inventory source parse error handling (#73160) (#73276)
fixes #51025

added test cases

(cherry picked from commit 1e27d4052a)
4 years ago
Martin Krizek 2c8c02c816
Local vars should have highest precedence in AnsibleJ2Vars (#72830) (#73370)
Ability to add local variables into AnsibleJ2Vars was added in
18a9eff11f to fix #6653. Local variables
are added using ``AnsibleJ2Vars.add_locals()`` method when creating a
new context - typically when including/importing a template with
context. For that use case local template variables created using
``set`` should override variables from higher contexts - either from the
play or any parent template, or both; Jinja behaves the same way.

Also removes AnsibleJ2Vars.extras instance variable which is not used.

Also adds missing test for #6653.

Fixes #72262
Fixes #72615

ci_complete

(cherry picked from commit a2af8432f3)
4 years ago
Jordan Borean e41d1f0a3f
no_log mask suboption fallback values and defaults CVE-2021-20228 (#73487) (#73494)
(cherry picked from commit 0cdc410dce)
4 years ago
Rick Elrod 015ec3eda8
git: verify, only use --raw when we need it (#70900) (#73473)
Change:
- Allow older git to verify tags again
- Enable verification tests everywhere, even if most of them only work
  on newer git. Some of them work on older git and they test the --raw
  parameter.

Test Plan:
- Re-enabled subset of git tests

Tickets:
- Fixes #64469

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Sloane Hertel 6df8a9ec53
Fix warning for nonexistent inventory cache (#72840) (#73443)
* Fix inventory cache warning by checking if the key exists before loading it

(cherry picked from commit 840bdc1e10)
4 years ago
Brian Coca 148240099a
ensure unsafe writes fallback (#70722) (#73144)
* Ensure we actually fallback to unsafe_writes when set to true

 add integration test
 add fix for get_url not passing the parameter from args

(cherry picked from commit 932ba36160)

* Added clog missing for issue 70722 (#73175)

(cherry picked from commit d6670da1d7)
4 years ago
Sam Doran e9c6b382ea
[stable-2.10] import_playbook - change additional params to deprecation (#72987) (#73015)
I incorrectly recommended this be set as a warning when it should have been a deprecation.

* Fix deprecation sanity test to not required a collection name when not inside a collection
(cherry picked from commit 8e022ef00a)

Co-authored-by: Sam Doooran <sdoran@redhat.com>
4 years ago
Rick Elrod 3eafe0f255
[setup_rpm_repo test] Ensure rpm-build is present (#73516) (#73518)
Change:
- Other targets might remove rpm-build as they clean up after
  themselves. Ensure that it's present in setup_rpm_repo because
  rpmfluff needs it.

Test Plan:
- Local experimentation with yum_repository and mysql_db (the latter of
  which depends on a handler which was removing rpm-build) on
  stable-2.9.

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit aca5b0e43b)
4 years ago
Sam Doran 457dcf1313 [stable-2.10] Make yum_repository test more reliable (#73467)
* Improve setup_rpm_repo

- add handlers to remove repos
- add variable to control whethere or not repos are created

* Use local repo for all distros
* Change repo creation script to module.
(cherry picked from commit 997b2d2a19)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Rick Elrod 356aae0e23
[2.10] Add Ubuntu 20.04 to CI and ansible-test (#69161) (#73365)
Change:
- Add Ubuntu 20.04 to CI now that venv is default instead of virtualenv in ansible-test.

Test Plan:
- CI

Tickets:
- Fixes #69203

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Sloane Hertel 08ba838a8e
[2.10] Pass the top level dictionaries to combine_vars (#72979) (#73146)
combine_vars uses dict.update() to replace keys

(cherry picked from commit 5e03e322de)

* Add tests for merging and replacing vars from inventory sources (#73181)

(cherry picked from commit 9de2da8a7e)
4 years ago
Sam Doran abc6658ac2
[stable-2.10] Add macOS 11 to CI (#72622) (#73180)
* [stable-2.10] Add macOS 11 to CI (#72622)

* Fix connection_paramiko_ssh test for macOS 11
* Update Azure Pipelines config
* Add changelog
(cherry picked from commit a7e834071c)

Co-authored-by: Sam Doran <sdoran@redhat.com>

* Prefer venv for tests

* Update pip integration test to use venv on py3.

(cherry picked from commit 456e9b7a33)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago