Commit Graph

10655 Commits (0cf5666778a3e33ac3abd1c9b99e5097d324c715)

Author SHA1 Message Date
Felix Fontein 2ff5bf0f21
Fix processing of add_file_common_args=True when argument_spec is not specified as kwarg. (#72334) (#72361)
(cherry picked from commit 233e7beb5b)
4 years ago
Felix Fontein 27f547b4d3
[2.10] Fix missing ansible.builtin FQCNs in hardcoded action names (#72457)
* Fix missing ansible.builtin FQCNs in hardcoded action names (#71824)

* Make sure hard-coded action names also check for FQCN.
* Use _add_internal_fqcn() to avoid hardcoded lists and typoes.

(cherry picked from commit da60525610)

* Replace some more FQCNs.

(cherry picked from commit 72302dd611)
4 years ago
Sam Doran ba25a1cdf1
[stable-2.10] AnsibleModule.set_mode_if_different: handle symlink is in a sticky directory (#45198) (#72863)
* file: add symlink is in a sticky directory tests
* file: handle symlink in a sticky directory

Co-Authored-By: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>

* Add changelog and fix unit test
The builtins import was removed since it was unused, but it is now needed.
(cherry picked from commit b464d18fd1)

Co-authored-by: Pilou <pierre-louis.bonicoli@libregerbil.fr>
4 years ago
Felix Fontein 6dc2e9c2f4
[2.10] The implicit default for type=bool options is not 'false', but 'none' (#72864)
* The implicit default for type=bool options is not 'false', but 'none' (#72699)

* Fix modules, resp. add ignore.txt entries.

(cherry picked from commit 5226ac5778)

* Add ignore.txt entries and fix deprecated option that was already removed in 2.11.
4 years ago
Felix Fontein a15550c0c8
ansible-test sanity: fix UnicodeDecodeError for `--python 2.7 --docker` (#72623) (#72865)
* Store target paths as unicode.

* Add changelog fragment.

(cherry picked from commit f94ba68d8f)
4 years ago
Felix Fontein 7e2faa25d7 Improve ansible-test classifications for collections (#72353)
(cherry picked from commit 64a809d2b6)
4 years ago
Matt Clay dbdacbd48c [stable-2.10] Use AZP config for integration-aliases test.
No changelog entry since this test is limited to the ansible/ansible repo.

Backport of https://github.com/ansible/ansible/pull/72842
4 years ago
Matt Clay 7813b1248b [stable-2.10] Fix Azure Pipelines change detection. (#72824)
(cherry picked from commit 08842cd6bb)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Matt Clay 99d5afaad0 [stable-2.10] Azure Pipelines configuration. 4 years ago
Rick Elrod 0d7ab375eb
[centos6] update container for EOL (#72795)
Change:
- Reference:
  https://lists.centos.org/pipermail/centos-devel/2020-December/056208.html
- Bump centos6 container to 1.25.0

Test Plan:
- ci_complete

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Jordan Borean 7802ca2b06
Add RHEL 7.9 (#72558) - 2.10 (#72568)
* Add RHEL 7.9 - ci_complete (#72558)

(cherry picked from commit d451433e5d)

* Added changelog for RHEL 7.9 (#72572)

(cherry picked from commit bdd0c48837)
4 years ago
Sam Doran 6322630360 [stable-2.10] ansible-test - add cryptography constraint for cffi (#72761)
The recently released version of cffi fails to install on systems with an older version of gcc. In
our case, this in the CentOS 6 test image. There is a fix but it has not yet been released.

https://foss.heptapod.net/pypy/cffi/-/issues/480
(cherry picked from commit 1db9588279)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
David Shrewsbury 3297c221f1
Test pip fix (#72764)
(cherry picked from commit 2eb9795543)
4 years ago
Matt Clay cfa8075537 [stable-2.10] Add coverage exporting to ansible-test
A new `--export` option for `ansible-test coverage combine` allows multi-step aggregation of code coverage for CI pipelines.
(cherry picked from commit fa2be89cd4)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay 8f767f7180 [stable-2.10] Fix container discovery for the acme test plugin.
(cherry picked from commit f022dedd0a)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Rick Elrod 5bd0df7621
[ansible-test] use newer container images (#72126) (#72550)
Change:
- Bump default, ansible-base, distro containers
- We do NOT add fedora33 yet, because it doesn't work right on Shippable
  due to an old kernel. This will be added post-AZP.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit e7bf0696ef)
4 years ago
Matt Martz 81ce0f8fc4 Remove sanity ignores 4 years ago
Matt Martz 1f5afcd072 Various intentional tests (#72485)
* Add tests for argspec choices type=list

* Add explicit interpreter discovery tests to validate modules returning ansible_facts still set interp

* Add explicit tests for missing_required_lib

* Add explicit tests for recursive_diff

* ci_complete ci_coverage

* Update data to cover more code/tests

* ci_complete ci_coverage

* Add argspec tests for aliases, and no_log

* Forgotten file

* ci_complete ci_coverage

* Add argspec tests for type int

* ci_complete ci_coverage

* Remove incidental_k8s

* ci_complete ci_coverage

* fix missing newline

* Remove incidental_sts_assume_role

* ci_complete ci_coverage

(cherry picked from commit c8590c7482)
4 years ago
Matt Martz 65470f48bd Remove incidental tower integration tests (#72461)
* Add explicit test for dict repr in argspec

* Add explicit test for undefined repr

* ci_complete ci_coverage

* Skip old jinja2

* ci_complete ci_coverage

* Remove incidental_tower_receive

* ci_complete ci_coverage

* Remove incidental_tower_credential_type

* ci_complete ci_coverage

* Remove ignore entries

* ci_complete ci_coverage

(cherry picked from commit 880087748c)
4 years ago
Matt Martz e555358c32 Remove incidental vmware tests (#72420)
* Add explicit tests for ansible.module_utils.common.network.is_mac

* Test missing ANSIBLE_CONFIG

* Add explicit inventory script tests

* Add explicit tests for _consume_options

* Adjust perms, remove extra file

* ci_complete ci_coverage

* remove incidental_inventory_vmware_vm_inventory

* ci_complete ci_coverage

* Remove incidental_script_inventory_vmware_inventory

* ci_complete ci_coverage

* Remove incidental_vmware_guest

* ci_complete ci_coverage

* Remove incidental_vmware_host_hyperthreading and incidental_vmware_prepare_tests

* ci_complete ci_coverage

* newline and comment about what the test is doing

* ci_complete ci_coverage

(cherry picked from commit ccc63abc8e)
4 years ago
Matt Martz 5b5870886b Remove incidental_cs_role_permission (#72380)
* Add explicit argspec tests for choices

* ci_complete ci_coverage

* Remove incidental_cs_role_permission

* ci_complete ci_coverage

* ci_complete ci_coverage

(cherry picked from commit 6543c7bc5d)
4 years ago
Matt Martz 73991233fb Remove incidental_zabbix_host (#72142)
* Add explicit apt tests for fnmatch and update_cache

* Add explicit apt_key tests for fetching key directly from url

* ci_complete ci_coverage

* Remove repo only by repo

* ci_complete ci_coverage

* Add apt cache update after apt_repository to show that the cache doesn't update

* ci_complete ci_coverage

* Add systemd tests for enabling and disabling a service

* ci_complete ci_coverage

* Remove incidental_zabbix_host

* ci_complete ci_coverage

(cherry picked from commit 2f8dbf673e)
4 years ago
Matt Martz dca64d3c74 Remove incidental_aws_codebuild (#72140)
* Remove incidental_aws_codebuild

* ci_complete ci_coverage

(cherry picked from commit cf0cd4b50b)
4 years ago
Sam Doran 8c5910efe7
[stable-2.10] [dnf] Some fixes around filtering (#72483) (#72500)
* [stable-2.10] [dnf] Some fixes around filtering (#72483)

Change:
- Docs: Add note that security/bugfix apply to dependencies too, like
  the dnf command.

- dnf: security/bugfix only makes sense for updates, so limit the
  package query sack to available updates.

- tests: Limit tests to our known-good test packages, so that RHEL
  packages marked security/bugfix without similarly marked dependencies
  don't fail our tests.

Test Plan:
- Tested with `dnf upgrade-minimal --bugfix` and reproduced the same
  error currently seen in CI, showing that we are consistent with what
  dnf does.

Tickets:
- Likely fixes #72316

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit d8c637da37)

Co-authored-by: Rick Elrod <rick@elrod.me>

* Add changelog (#72502)

(cherry picked from commit b33d7e2e29)

Co-authored-by: Rick Elrod <rick@elrod.me>
4 years ago
Matt Martz 7cd080b10d
[stable-2.10] Update pip tests to omit install dev extras to avoid dep issues (#72436) (#72438)
(cherry picked from commit 2ee5af5)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Sloane Hertel 1f485dccaa [stable-2.10] Add intentional coverage for incidental_ec2_instance (#72028)
* Add a test suite for module_utils.common.dict_transformations

* ci_complete

ci_coverage

Add a wait_for test using delegate_to

* Remove incidental_ec2_instance

* Remove unused test support modules

* Requested changes

ci_complete

ci_coverage

* Oops, put everything back to test coverage again

ci_complete

ci_coverage

* Remove incidental_ec2_instance tests and supporting modules
(cherry picked from commit 960e4c0809)

Co-authored-by: Sloane Hertel <shertel@redhat.com>
4 years ago
Matt Clay 522f167d27
Replace incidental tests with intentional argspec tests (#72370)
* Remove incidental_consul tests (#71811)

* Add explicit intg tests for argspec functionality

* ci_complete ci_coverage

* Remove incidental_consul and incidental_setup_openssl

* ci_complete ci_coverage

(cherry picked from commit a99212464c)

* Remove incidental_nios_txt_record (#72009)

* Add explicit coverage of argspec type=dict

* Non string mapping failure

* ci_complete ci_coverage

* Remove incidental_nios_txt_record and associated files

* Don't forget the ignore.txt changes

* ci_complete ci_coverage

(cherry picked from commit 6f4aed5377)

* Remove incidental_vyos_static_route (#72024)

* Add explicit tests for required_together suboptions

* ci_complete ci_coverage

* Remove incidental_vyos_static_route

* ci_complete ci_coverage

* Add explicit coverage of suboptions required_if

* ci_complete ci_coverage

* Remove incidental_vyos_logging

* ci_complete ci_coverage

(cherry picked from commit 9081b22868)

* More explicit argspec tests (#72064)

* Add more explicit coverage of argspec functionality

* fail_on_missing_params

* ci_complete ci_coverage

* Remove incidental_aws_step_functions_state_machine

* ci_complete ci_coverage

* Remove incidental_cs_service_offering

* ci_complete ci_coverage

(cherry picked from commit ab2b339dd6)

* Add explicit coverage of required_together (#72107)

* Add explicit coverage of required_together

* ci_complete ci_coverage

* Remove incidental_hcloud_server

* Remove hcloud from shippable matrix

* ci_complete ci_coverage

(cherry picked from commit 460ba041c8)

* Add explicit coverage of suboptions=list without elements (#72108)

* Add explicit coverage of suboptions=list without elements

* ci_complete ci_coverage

* Remove incidental_vmware_guest_custom_attributes

* ci_complete ci_coverage

(cherry picked from commit 50c8c87fe2)

* Add explicit coverage of argspec choices with strings that shadow YAML bools (#72122)

* Add explicit coverage of argspec choices with strings that shadow YAML bools

* ci_complete ci_coverage

* Remove incidental_ufw

* ci_complete ci_coverage

(cherry picked from commit cfa41898c4)

* Adds argspec tests for required, required_one_of and required_by (#72245)

* Improve variable names.

* Add test for required.

* Add test for required_one_of.

* Add test for required_by.

(cherry picked from commit 1489bf9190)

* Remove incidentals without coverage (#71788)

* Remove incidental_lookup_hashi_vault
* Remove incidental_connection_chroot
* Remove incidental_selinux
* Remove incidental_win_hosts

(cherry picked from commit e6e9840717)

Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: Felix Fontein <felix@fontein.de>
4 years ago
Matt Davis 69d5ce9b41
Remove ansible-galaxy login (#72288) (#72320)
* GitHub is removing the underlying API used to implement the `login` command. Since the general consensus seems to be that relatively nobody currently uses this command (in favor of explicit token passing), support was simply removed for interactive login. If a future need arises, this command should be reimplemented via OAuth Device Auth Grants.
* login or role login commands now produce a fatal error with a descriptive message
* updated 2.10 porting guide entry

* remove dead code/config, update messages and porting guides

(cherry picked from commit 83909bfa22)
4 years ago
Rick Elrod 4159c73db2
[ansible-test] Limit cryptography to <3.2 (#72342) (#72345)
Change:
- Cryptography 3.2 drops support for OpenSSL 1.0.2. Some of our CI
  infrastructure still uses this version (FreeBSD, namely). For now,
  just add a constraint to use old cryptography.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Jordan Borean d4b7b8bae7
Fix example to use correct shebang (#72129) (#72146)
* Fix example to use correct shebang

* Fix other example modules as well

* Ignore shebang test

(cherry picked from commit 1ae3683d0c)
4 years ago
Brian Coca 4293718b2a
make collection callbacks follow normal flow (#59932) (#72227)
* fixes missing set_options call and adhoc and stdout processing rules
* avoid dupes
* fixed to handle redirects
* also updated tests with new and more accurate skip message
* fix callback tests for envs with cowsay installed
* lots MOAR comments on why the code is as it is, some todos to refactor in future
4 years ago
Matt Martz 132346cb6a
[stable-2.10] Ensure we call action_loader.get with collection_list (#72206) (#72252)
(cherry picked from commit be5fc4e)
4 years ago
Sam Doran 775d6e6752
[stable-2.10] Changes required for macOS 10.15 (#71841) (#71954)
* Use default group of staff on macos to prevent sudo issues
* Install gnu-tar for macos in git and unarchive tests
* Enable timezone module to support py3 on macos
* If the virtualenv command is missing, try python -m virtualenv
* Install passlib for filter_core on macos
* Install paramiko via pip on macos for paramiko tests
* Normalize discovered python interpreter on macos
* Get pip tests passing, by ensuring we have wheel installed
* Create /etc/ansible for ca certs on mac, list lookup_url as destructive
* Fixups for CA certs
* Include macos
* Dynamically get cafile instead of hardcoding the path
(cherry picked from commit 35b0fef536)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Rick Elrod 83c34eb7de
[dnf] accumulate update filters (#71726) (#72181)
Change:
- Previously when `security: true` and `bugfix: true` were both given,
  only security updates would get applied. Filters now accumulate so
  that both get applied in this case.

Test Plan:
- New integration tests for both check_mode and not. These tests make
  use of a contrived yum repository which is stored in S3.

Tickets:
- Fixes #70854

Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Matt Martz <matt@sivel.net>

Co-authored-by: Matt Martz <matt@sivel.net>
(cherry picked from commit fdf80690e4)
4 years ago
Matt Clay 3bd6daa4a4 [stable-2.10] Fix ansible-test handling of user-defined docker networks. (#72256)
* Fix ansible-test docker container detection.

* Attach test containers to the correct network.

* Do not assume `localhost` for accesing Docker.

* Look for containers on current network.

* Always map /var/run/docker.sock into containers.

This fixes issues when using a remote Docker host.

* Support container IP lookup from networks list.

* Fix container network attachment.

* Remove redundant container detection messages.

* Limit DOCKER_HOST parsing to TCP.

* Restore docker socket existence check.

The check is skipped if the docker hostname is not localhost.

* Correct changelog entry..
(cherry picked from commit 3c2e8b99be)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Abhijeet Kasurde 98cc9cb834
[2.10] AnsibleVaultEncryptedUnicode should be considered a string (#72216)
* AnsibleVaultEncryptedUnicode should be considered a string
* linting fix
* clog frag

(cherry picked from commit 48f12c14e9)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Ruediger Pluem 7499848cb1
user - allow local users with an expiry date to be created (#72022) (#72085)
The luseradd / lusermod commands do not support the -e option. Set
the expiry time in this case via lchage after the user was
created / modified.

Fixes: #71942

In Python3 math.floor returns an integer whereas Python2 returns a float.
Hence always convert the result of math.floor to an int to ensure that
lexpires is an integer.

Move local expires tests in a separate file and import the tasks to the
main.yml to keep main.yml smaller.

(cherry picked from commit a7170da851)
4 years ago
Matt Clay 6c8d6a3182 [stable-2.10] Fix ansible-test Azure Pipelines container auth.
(cherry picked from commit 2ef4b7e07e)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Felix Fontein 961ead55c6
Add deprecation collection name to plugin options (#71735) (#72081)
* Add changelog fragment.

* Use correct field that's expected by lib/ansible/cli/__init__.py..

* Add basic unit tests.

(cherry picked from commit 1107aace1b)
4 years ago
Christian Loos 505df0d564
fix distribution fact for SLES4SAP (#71559) (#72026)
b6b238a fixed the SLES4SAP detection, which was at this time ok.
Sadly Suse changed with SLES 15 the /etc/os-release file, so the above
change will no longer work.

This commit updates the SLES4SAP detection regarding
https://www.suse.com/support/kb/doc/?id=000019341.

The symlink realpath is matched with endswith, because in SLES 12+ the
link target is SLES_SAP.prod, but in SLES 11 the link target is
SUSE_SLES_SAP.prod.

(cherry picked from commit ea119d3089)
4 years ago
Rick Elrod e6a4585807
[dnf] show installations/removals in check_mode (#70892) (#72180)
Change:
- Previously, we only showed that something would have changed, not what
  would have changed. This allows us to show what will chang as well.

Test Plan:
- Local RHEL8 VM
- New integration tests

Tickets:
- Fixes #66132

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 7d32129efb)
4 years ago
Rick Elrod 2c5e4b5a88
[tests/dnf] work around dnf packaging issue (#72249) (#72251)
Change:
- In this test we end up upgrading dnf (and python3-dnf) so that we can
  test its new logging behavior. However, the latest Fedora 32 dnf had a
  packaging issue which caused it to not pull in the latest
  python3-libdnf. This is fixed, but not synced out to mirrors yet.
  Fixing it in this test will get CI passing again in the meanwhile.

Test Plan:
- CI

Tickets:
- https://bugzilla.redhat.com/show_bug.cgi?id=1887502

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 9ddb1d76af)
4 years ago
Matt Clay 49504da1ed
[stable-2.10] Support collection constraints in ansible-test. (#72157)
This allows collections to specify requirements and constraints for packages that ansible-test has requirements or constraints for.
(cherry picked from commit 5f76bd2af7)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Rick Elrod f57b149ec8
Intentional coverage, incidental_azure_rm_resource (#71052) (#72159)
Change:
- Adds some intentional coverage around PluginLoader for cases that
  incidental_azure_rm_resource covered.
- Specifically, modules starting with an underscore, and starting with
  an underscore but a symlink.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit cdcf0aa42a)
4 years ago
Rick Elrod 70172dde27
Add intentional unit tests for basic._set_cwd and common.dict_merge (#70283) (#72160)
* Add unit tests for basic._set_cwd

* incidental coverage for dict_merge

* add test for async stderr inclusion

(cherry picked from commit b019029bf3)

Co-authored-by: jctanner <tanner.jc@gmail.com>
4 years ago
Martin Krizek 4df129c6ae
Provide more information in AnsibleUndefinedVariable (#71666) (#71876)
* Provide more information in AnsibleUndefinedVariable

Fixes #55152

(cherry picked from commit 00b22ab55e)
4 years ago
Matt Clay c4e3552c8d
[stable-2.10] CI provider fixes for ansible-test. (#71929) (#71932)
* Make Azure Pipelines resource_prefix lowercase.

* Make classification of CI files consistent.

* Update package-data sanity test for AZP.
(cherry picked from commit 92b66e3e31)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Sam Doran 988d410e17
[stable-2.10] Test changes to allow using "macos" test image (#71849) (#71861)
* Add link to remote.sh from macos.sh
* Add skip/macos to tests that have skip/osx.
(cherry picked from commit 6984081111)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Matt Davis 07a9de1247
fix coverage output from synthetic packages (#71727) (#71748)
* fix coverage output from synthetic packages

* synthetic packages (eg, implicit collection packages without `__init__.py`) were always created at runtime with empty string source, which was compiled to a code object and exec'd during the package load. When run with code coverage, it created a bogus coverage entry (since the `__synthetic__`-suffixed `__file__` entry didn't exist on disk).
* modified collection loader `get_code` to preserve the distinction between `None` (eg synthetic package) and empty string (eg empty `__init__.py`) values from `get_source`, and to return `None` when the source is `None`. This allows the package loader to skip `exec`ing things that truly have no source file on disk, thus not creating bogus coverage entries, while preserving behavior and coverage reporting for empty package inits that actually exist.

* add unit test

(cherry picked from commit e813b0151c)
4 years ago
Jordan Borean 68278f36fd
psrp - fix hang when copying an empty file (#71649) (#71651)
(cherry picked from commit b615789fcc)
4 years ago
Rick Elrod ab100f8ee5
[tests] Make setup_docker clean up better (#71949) (#71959)
Change:
- pip packages should get removed after, not try to add them again
- Try removing containerd.io package too

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 6a7e637c5f)
4 years ago
Alicia Cozine 12874bbdea
[2.10] updates intersphinx references for docs links (#71921) (#71945)
* updates intersphinx references for docs links (#71921)

* DOCS: updates intersphinx references for docs links
* TESTS: Raise the number of bytes scanned to determine if a file is binary. The newest ansible-2.10.inv file has its first null byte at position 2261. 4096 is still a cheap chunksize to read so it still makes sense to raise this.

Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
(cherry picked from commit 27826827e9)

* adds changelog for already-merged PR (#71947)
* adds changelogs/fragments/71921-raise-bytes-for-binary-test.yml

Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit 91b0dfb659)
4 years ago
Rick Elrod d7f6d8c8f0
[incidental_setup_docker] changes to upstream repo (#71897) (#71899)
Change:
- The docker-ce.repo file for centos does not work on RHEL since it uses
  $releasever and on RHEL that is, e.g., "7Server".
- Instead, set up the repo manually.
- Additionally, the docker centos8 repo no longer has old versions, so
  we use the (only) version in the repo instead.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 31ddca4c0d)
4 years ago
Matt Clay df150a2780 [stable-2.10] Fix attribute testing in file integration test. (#71843)
The file test will no longer attempt to test attributes if `lsattr -vd` does not work on the system under test.
(cherry picked from commit 17765cd4e8)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Sam Doran b6637c0afc [stable-2.10] incidental_setup_openssl - Pin version of Python packages
A recent update to cffi that was yanked is still being installed on our
Mac OS X 10.11 test image since the version of pip there is very old and
does not ignore yanked packages.

Pin the version of pyOpenSSL and its dependencies to fix this and avoid
future spontaneous failures.
(cherry picked from commit 65cdb86c8a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Matt Clay fd27c4db71 [stable-2.10] Add pause to avoid same mtime in test.
(cherry picked from commit 3d769f3a76)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay ec8878ced4 [stable-2.10] Use new endpoint for Parallels based instances.
(cherry picked from commit 98febab975)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Rick Elrod 333f7bc088
[tests] Bump container versions (#71518) (#71598)
Change:
- This pulls in python 3.9.0rc1

Test Plan:
- CI, hopefully

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit db519bc17c)
4 years ago
Matt Clay 4273443686 [stable-2.10] Support macOS 10.15 for ansible-test --remote.
Use of this new version is experimental, so it is not enabled in CI yet.
(cherry picked from commit 2bbcbe99fd)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay 356ea0b8d0
[stable-2.10] Fix ansible-test coverage traceback. (#71446) (#71578)
* [stable-2.10] Fix ansible-test coverage traceback. (#71446)

* Add integration test for ansible-test coverage.

* Fix ansible-test coverage traceback.

* Fix coverage reporting on Python 2.6.
(cherry picked from commit f5b6df14ab)

Co-authored-by: Matt Clay <mclay@redhat.com>

* Add empty ignore.txt file for tests.
4 years ago
Matt Clay d699d38dd5 [stable-2.10] Update ansible-test remote endpoint handling. (#71413)
* Request ansible-core-ci resources by provider.
* Remove obsolete us-east-2 CI endpoint.
* Add new --remote-endpoint option.
* Add warning for --remote-aws-region option.
* Update service endpoints.
* Allow non-standard remote stages.
* Add changelog fragment.
(cherry picked from commit d099591964)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Rick Elrod 9a48ffd61b
Attempt at reverting CVE-2020-1736 changes [2.10] (#71514)
* Revert atomic_move changes
* add note about mode reverts in porting guide

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod 1678577681
[tests] fix fallout from dnf gpg fix (#71552)
Change:
- Missed needed gpg ignores

Test Plan:
- CI
- ci_complete

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod dc97027453
[dnf] ensure packages are gpg-verified (#71539)
Change:
- By default the dnf API does not gpg-verify packages. This is a feature
  that is executed in its CLI code. It never made it into Ansible's
  usage of the API, so packages were previously not verified.
- This fixes CVE-2020-14365.

Test Plan:
- New integration tests

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
David Shrewsbury 393412dc64
Fix play stats when rescue block is a child block (#70922) (#71334)
* check run state of current block only

* Add changelog and test

* Add test for issue 29047

(cherry picked from commit f2f6c34632)
4 years ago
Jordan Borean 7131c75d93
powershell - fix quoting values (#71411) (#71449)
* powershell - fix quoting values

* Add ignore for smart quote skip

(cherry picked from commit 72a7cb4a2c)
4 years ago
Jordan Borean b936539ae1
powershell - fix nested CLIXML parser (#71412) (#71451)
(cherry picked from commit 8897d7e2ff)
4 years ago
Martin Krizek ce7b95499f
native types: properly handle Undefined in nested data (#68432) (#71105)
(cherry picked from commit 5ca3aec3c4)
4 years ago
Sam Doran c39753d7ad
[stable-2.10] linux facts - return proper broadcast address (#64528) (#71064)
Check that the value being returned is actually a broadcast address

(cherry picked from commit e6bf202738)
4 years ago
Martin Krizek 0c32a4f793
Emit proper error for `x in y` when y is undefined (#70990) (#71011)
Fixes #70984

(cherry picked from commit bf7276a4e8)
4 years ago
Sam Doran 0c6edb34f9
[stable-2.10] unarchive - Check 'fut_gid' against 'run_gid' in addition to supplemental groups (#65666) (#71001)
* [stable-2.10] unarchive - Check 'fut_gid' against 'run_gid' in addition to supplemental groups (#65666)

Add integration tests for unarchiving as unprivileged user
Break tasks into separate files for easier reading and maintenance

Create a user by specifying a default group of 'staff' for macOS.

The user module does not actually remove the user directory on macOS,
so explicitly remove it.

Put the removal tasks in an always block to ensure they always run

Co-authored-by: Philip Douglass <philip.douglass@amadeus.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
(cherry picked from commit ac5f3f8bef)

Co-authored-by: Philip Douglass <philip@philipdouglass.com>

* [stable-2.10] Fix unstable unarchive test (#71004)

* Add mode to copy tasks
* Fix unreliable test by ignoring errors

(cherry picked from commit f99f96ceb6)

Co-authored-by: Philip Douglass <philip@philipdouglass.com>
4 years ago
Sloane Hertel 714cd2ad2e
copy - redact 'content' from invocation in check mode (#71033) (#71067)
* sanitize copy module invocation secrets in check mode

(cherry picked from commit 991714b9d1)
4 years ago
Jordan Borean f41ff33ca6
ansible-galaxy - fix download for subdirs in SCM (#71005) (#71093)
(cherry picked from commit f6b3b4b430)
4 years ago
Brian Coca 00caeff928
dont clobber facts in loop (#71032) (#71095)
(cherry picked from commit f9af27c631)
4 years ago
Toshio Kuratomi 6b639f147d
[stable-2.10] Update ansible doc formats (#71070) (#71111)
* Fix tty_ify bugs and refactor

* Move tty_ify() and supporting attributes to the DocCLI class as that's
  the only thing using it.
* Add unittest for the code.
* Fix a bug where the substitution macros can be detected when they are
  a part of another word.
* Add support for L(), R(), and HORIZONTALLINE which were added to the
  website docs many years ago.

* Update test/units/cli/test_doc.py

Co-authored-by: Matt Clay <matt@mystile.com>

Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit fb144c4)

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
4 years ago
Felix Fontein e33fff922a
ansible-test: bump acme test container version to 2.0.0 (#71097) (#71165)
(cherry picked from commit 050841324c)
4 years ago
Jordan Borean 092ec680e6
Ensure -k is set to delegated hosts without a pass (#71136) (#71168)
* Ensure -k is set to delegated hosts without a pass

* Fix up some broken tests

* Update task_executor.py

one possible fix, the other is updating winrm to normalize on 'password' like the other connection plugins

* Add alias for winrm and fix incorrect assumption

* Make sure aliases are used for keyword options

* Conditionally run test if sshpass is present, fix sanity

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
(cherry picked from commit 3f22f79e73)
4 years ago
GomathiselviS e95b45c5ec
Update network integration auth timeout (#71057) (#71238)
*  Incase of network integration test for connection local
   test the paramiko_ssh auth_timeout is the value of timeout
   under defaults section which is 10 seconds.
*  For slower connection 10sec timout value result in authentication
   timeout error hence increase the timeout value to 90 seconds

(cherry picked from commit 6160e82bf2)

Co-authored-by: Ganesh Nalawade <ganesh634@gmail.com>
4 years ago
Rick Elrod 7b3d2a00a0
Fix cron file regression (#71207) (#71243)
Co-authored-by: Florent PIGOUT <toopy@users.noreply.github.com>
4 years ago
Toshio Kuratomi 7662568bd8
Antsibull build format backport 71080 (#71285)
* Updates to docs build for new antsibull CLI

* --ansible-base-cache renamed to --ansible-base-source
* _acd_version in the .deps file has been renamed to _ansible_version

(cherry picked from commit 22d2c97b81)

* Fix expr regex for MacOSX compat

MacOSX seems to want bare `+` whereas GNU expr wants escaped `+` (`\+`)
to mean match one or more.  Use `\{1,\}` instead which will match one or
more on both MaxOSX and GNU-using systems.

Fixes #71053

(cherry picked from commit 99cac0b135)

* Force an upgrade to a newer version of antsibull

(cherry picked from commit d816a5966e)
4 years ago
Martin Krizek 02f4fc1a14
Skip literal_eval for string filters results in native jinja. (#70988) (#71313)
Fixes #70831

(cherry picked from commit b66d66027e)
4 years ago
Matt Martz 6d1cc0dede
[stable-2.10] epoch can be a float with strftime filter. Fixes #71257 (#71314) (#71319)
(cherry picked from commit 6289570)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Lorenzo Castelli ac248cf34a
systemd - supports new systemctl output message for chroot (#71197) (#71330)
The message generated by systemctl has been updated in 9321e23c40, which requires a corresponding change in the systemd module.

In addition, this fixes the module when the SYSTEMD_OFFLINE environment variable is set.

(cherry picked from commit a1a50bb3cd)
4 years ago
Martin Krizek 724b3648ea
_check_failed_state: always use the current/nested state (#71347) (#71457)
Fixes #71306

(cherry picked from commit 9792d631b1)
4 years ago
Felix Fontein 1252323e34
Make changelog tool be more strict about suffixes (#70909) (#71135)
* Bump antsibull-changelog version.

* Flag all dotfiles, except .keep and .gitkeep.

* Enable ignoring other fragment extensions.

(cherry picked from commit fbfc0f99eb)
4 years ago
Sandra McCann 26bb114ccb
[backport][docs][2.10]Docsbackportapalooza 8 (#71379)
* Move 2.10.0rc1 release date a few days forward. (#71270)

At yesterday's meeting it was decided to have ansible-2.10.0 depend on
ansible-base-2.10.1 so that we can get several fixes for ansible-base's
routing (including adding the gluster.gluster collection).
ansible-base-2.10.1 will release on September 8th.  So we will plan on
releasing ansible-2.10.0rc1 on the 10th.

https://meetbot.fedoraproject.org/ansible-community/2020-08-12/ansible_community_meeting.2020-08-12-18.00.html
(cherry picked from commit e507c127e5)

* a few writing style updates (#71212)

(cherry picked from commit 4f0bd5de38)

* Fix code markups and add link to CVE (#71082)

(cherry picked from commit 92d59a58c0)

* Fix 404 links (#71256)

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit ecea018506)

* Writing style updates to Developing dynamic inventory topic (#71245)

* modified the writing style

* incorporated peer feedback

(cherry picked from commit ecd3b52ad7)

* Fix roadmap formatting. (#71275)

(cherry picked from commit ee48e0b0ad)

* Update password.py (#71295)

List md5_crypt, bcrypt, sha256_crypt, sha512_crypt as hash schemes in the password plugin.

(cherry picked from commit 1d1de2c6fd)

* Update ansible european IRC channel (#71326)

Signed-off-by: Rémi VERCHERE <remi@verchere.fr>
(cherry picked from commit 824cd4cbeb)

* Add warning about copyright year change (#71251)

To simplify project administration and avoid any legal issues,
add a warning in the docs. This reflects - https://github.com/ansible/ansible/issues/45989#issuecomment-423635622 and fixes: #45989

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 606604bb97)

* subelements: Clarify parameter docs (#71177)

skip_missing parameter in subelements lookup plugin is accepted from
inside the dictionary.

Fixes: #38182

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 6d17736ef4)

* Writing style updates to Using Variables topic (#71194)

* updated topic title, underline length for headings, and incorporated peer feedback

(cherry picked from commit 4d68efbe24)

* cron module defaults to current user, not root (#71337)

(cherry picked from commit 4792d83e13)

* Update Network Getting Started for FQCN/collection world (#71188)

* pull out network roles, cleanup, update first playbook examples, update gather facts section, some inventory conversion to .yml, update inventory and roles, simplify the navigation titles, fix tocs, feedback comments

(cherry picked from commit f79a7c5585)

* Add documentation about info/facts module development (#71250)

Fixes: #40151

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 4f993922c8)

* network: Correct documentation (#71246)

ini-style inventory does not support Ansible Vault password.
This fixes network_best_practices_2.5 doc.
Fixes: #69039

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit a1257d75aa)

* tidies up vars page (#71339)

(cherry picked from commit 02ea80f6d7)

* base.yml: Fix typos (#71346)

(cherry picked from commit 41d7d53573)

* quick fix to change main back to devel (#71342)

* quick fix to change main back to devel
* Update docs/docsite/rst/dev_guide/developing_collections.rst

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 74f88c56a5)

* Add note about integration tests for new modules to the dev guide (#71345)

(cherry picked from commit b82889eef5)

* update fest link (#71376)

(cherry picked from commit 80b8fde946)

* incorporate minimalism feedback on debugging page (#71272)

Co-authored-by: bobjohnsrh <50667510+bobjohnsrh@users.noreply.github.com>

(cherry picked from commit 5073cfc8bc)

* fix header problem

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
Co-authored-by: Sayee <57951841+sayee-jadhav@users.noreply.github.com>
Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: rovshango <rovshan.go@gmail.com>
Co-authored-by: Remi Verchere <rverchere@users.noreply.github.com>
Co-authored-by: Jake Howard <RealOrangeOne@users.noreply.github.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
Co-authored-by: Per Lundberg <perlun@gmail.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
4 years ago
Sandra McCann 8775001671
Add the ansible_2_10 intersphinx reference. (#71028) (#71384)
There are links from the scenario guides to collections but collections
docs aren't built in testing or locally when we're on the devel branch.
Due to that we need to make sure those references resolve to the
production docsite.  We can use intersphinx to make sure that happens.

* The test for binary files wasn't reading enough of the file.

Checking for null bytes in the first 1024 bytes failed to diagnose the
ansible_2_10.inv file as binary

(cherry picked from commit e10902d744)

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
4 years ago
Matt Clay fa18566c3e [stable-2.10] Fix ansible-test self-test change classification.
Changes to sanity and unit tests now trigger the ansible-test self-test integration tests.

No changelog entry since this only affects tests for ansible itself and not collections.
(cherry picked from commit b53e7f8720)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Davis 3b9ee86381 [stable-2.10] fix collection package root location under pytest >=6.0.0 (#70963)
(cherry picked from commit 86b6c4bbb6)

Co-authored-by: nitzmahone <nitzmahone@users.noreply.github.com>
4 years ago
Rick Elrod 6e3271aa61
[stable-2.10] Revert default mode changes (#71260)
* Revert "[stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)" (#71236)"

This reverts commit c968020d52.

* Revert "Remove porting guide entry related to reverted change (#71242)"

This reverts commit 006a21eae2.
4 years ago
Sam Doran c968020d52
[stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)" (#71236)
* [stable-2.10] Revert "Fix warning for new default permissions when mode is not specified (#70976) (#70985)"

This reverts commit 5cb96087e6.

* [stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)"

This reverts commit 7e4cffc5d2.
4 years ago
Sandra McCann b9a406f890
Docs [2.10] Backportapalooza 6 (#71129)
* Misc typo fixes (#71089)

(cherry picked from commit 504ef607f3)

* Add some documentation for the format of meta/runtime.yml (#71035)

* Document the format of meta/runtime.yml

* Document multiple Ansible versions

Clarify difference between deprecation and tombstone fields

* add note

(cherry picked from commit a9eb8b0488)

* add note to uninstall older versions of ansible for pip (#71023)

* add note to uninstall older versions of ansible for pip

* combine with the other PR

(cherry picked from commit 72d3d44163)

* VMware: Inventory scenario guide for hostnames (#71055)

Added a scenario guide for ``hostnames`` parameter
for vmware_vm_inventory.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 0055673c70)

* Document string tests a bit more (#71049)

- Explain how `regex` differs from `match` and `search`.
- Document `multiline` and `ignorecase`.

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 701c638757)

* docs: Add a note about package requirements for fact gathering (#70796)

Fixes: #26148

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit a6725d6e2a)

* added note about fakeroot (#71018)

see #70895

(cherry picked from commit 11a31e99e6)

* Update documentation of httpapi's handle_httperror method for clarity (#70991)

(cherry picked from commit a0523e5b8a)

* DOCS: add 2.10 collections roadmap (#70975)

* draft of 2.10 collections roadmap

* incorporates feedback from felixfontein

* gundalow and samccann feedback, fix link

Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
(cherry picked from commit 9879da8e23)

* updates changelog types; some updates for easier translation (#71027)

Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 4f4436c124)

* Document common return values with examples (#71046)

* adding return value examples
* shift to console code blocks
* cleaning up whitespace and shortening invocation example
* reordering diff section

(cherry picked from commit 864573a38d)

* Update intro_getting_started.rst (#71039)

Added two additional learning resources in the See also: section- forgot closing backticks

(cherry picked from commit 9850915bd6)

* Guide users to use ansible-runner (#71063)

Update the docs to guide users to use `ansible-runner` instead of using Python API directly. In many use cases, executing Ansible playbooks are sufficient. In those use cases, `ansible-runner` is easier and much stable to use comparing with Python API, but there is no mention of it.

(cherry picked from commit 0c855dc70b)

* Porting guides for ansible-base 2.10 and ansible 2.10 (#70891)

* Fix changelog link title.

* Rename Ansible 2.10 and 2.11 porting guides to Ansible-base porting guides.

* Add stub for automatically generated 2.10 porting guide.

* Move things that should not be in the ansible-base porting guide to the ansible porting guide.

* Apply changes to base porting guides.

* Add remark that ansible-base is mainly for developers.

* Ansible Base -> Ansible-base

* Fix link in base porting guide.

* Add generated porting guide.

* Use same header signs as antsibull-changelog's RST builder.

* Update generated porting guide.

(cherry picked from commit 61b36c6f30)

* Update network platform guides with FQCN (#70699)

* fqcn all the docs things!

(cherry picked from commit 54bee7152b)

* Document how to upgrade to ansible with pip (#70768)

Fixes #70348

(cherry picked from commit 5019335660)

* document how to migrate between collections (#70243)

* document how to migrate between collections
* Apply suggestions from code review

Co-authored-by: John R Barker <john@johnrbarker.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 58145dff9c)

* remove github link from plugins (#70951)

(cherry picked from commit e28b20d729)

* Add latest rc from ansible-base (#70974)

* Add latest rc from ansible-base

(cherry picked from commit d62dffafb3)

* Document to_json will convert to ASCII strings by default (#70954)

... as reported in issue #68702

(cherry picked from commit 8c48366f1c)

* Update the porting guide for ansible-2.10.0a8 (#71141)

(cherry picked from commit 0a9638ce4b)

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Sloane Hertel <shertel@redhat.com>
Co-authored-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Nathaniel Case <ncase@redhat.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
Co-authored-by: Terciero <terciero@users.noreply.github.com>
Co-authored-by: Brendon O'Sullivan <49501251+bjosullivan@users.noreply.github.com>
Co-authored-by: EthanHur <ethan0311@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com>
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
4 years ago
Rick Elrod 4b03d898f3
Update integration tests to support rpmfluff-0.6 (#71155) (#71159)
Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Sam Doran be5aab177c
[stable-2.10] Drop "rhui-" prefix from RHEL repositories in AMI (#71130) (#71131)
The repository names seem to have changed and no longer have the "rhui-" prefix
(cherry picked from commit 6ac4439a6a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Sloane Hertel 9f4748cb2d
fix downloading collections in git repos and tar.gz artifacts (#70524) (#71000)
* Fix downloading tar files

* Fix downloading SCM collections

* changelog

(cherry picked from commit 54e2ae79e7)
4 years ago
Sam Doran 719c40bfdf
[stable-2.10] facts - fix incorrect time for some date_time_facts (#70665) (#70996)
* [stable-2.10] facts - fix incorrect time for some date_time_facts (#70665)

The iso8601_micro and iso8601 facts incorrectly called now.utcnow(), resulting
in a new timestamp at the time it was called, not a conversion of the previously
stored timestamp.

Correct this by capturing the UTC timestamp once then calculating the local
time using the UTC offset of the current system.

* Use time.time() for getting the current time
* Convert from that stored epoch timestamp to local and UTC times
* Used existing timestamp for epoch time
* Add unit tests that validate the formate of the return value rather than an exact value since mocking time and timezone is non-trivial
(cherry picked from commit c4f442ed5a)

Co-authored-by: Sam Doran <sdoran@redhat.com>

* Remove tests for tz_dst since that only exists in newer versions
4 years ago
Matt Clay b764d381f0
[stable-2.10] Fix ansible-test relative import analysis. (#70993)
(cherry picked from commit 2e0097ada3)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Sam Doran 5cb96087e6
Fix warning for new default permissions when mode is not specified (#70976) (#70985)
Follow up to #70221
Related to #67794
CVE-2020-1736

When set_mode_if_different() is called with mode of 'None', ensure we issue
a warning about the change in default permissions.

Add integration tests to ensure the warning works properly.

* Fix tests
- actually use custom module 🤦‍♂️
- verify file permission on created files
- use remote_tmp_dir so we're ready for split controller
- improve test module so we can skip the call to set_fs_attributes_if_different()
- fix tests for CentOS 6

(cherry picked from commit dc79528cc6)
4 years ago
Jordan Borean a8217f1bd4
ansible-galaxy - fix fallback for AH searches (#70957) - 2.10 (#70980)
* ansible-galaxy - fix fallback for AH searches (#70957)

(cherry picked from commit b1cb2553af)

* Fix tests after backport
4 years ago
Brian Coca a75b3601d9
Allow changed/failed mgmt on strategy actions (#70919) (#70968)
* Allow changed/failed mgmt on strategy actions

(cherry picked from commit f9c3c6cba6)
4 years ago
Felix Fontein c39e536d84
validate-modules: fix version_added validation for top-level, fix error codes (#70869) (#70947)
* Also validate top-level version_added.

* Fix error code.

* Produce same version_added validation error in schema than in code (and stop returning it twice).

* Return correct error codes for invalid version_added for options and return values.

* Add changelog.

* Fix forgotten closing braket.

* Accept 'historical' for some top-level version_added.

(cherry picked from commit 7e2cc7db12)
4 years ago
Felix Fontein 155041d8ee
Fix ansible-test error in community.aws (#70507) (#70873)
* Fix ansible-test error in community.aws

* Add changelog entry for fix

* Change check from None to string_types

* Update changelogs/fragments/70507-validate-null-author.yaml

clarify wording "or a list of strings"

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update test/lib/ansible_test/_data/sanity/validate-modules/validate_modules/schema.py

clarify wording - single string or not specified valid

Co-authored-by: Felix Fontein <felix@fontein.de>

* Do not fail but return None when given outside list

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit b0d9deeae3)

Co-authored-by: Alan Rominger <arominge@redhat.com>
4 years ago
Sviatoslav Sydorenko be28e98cf2
[backport][2.10][PR #70446] Refactor Python API examples and docs (#70850)
* Add boilerplate snippet into `examples/`

It is a partial backport of #70224

(partially cherry picked from commit 4816bb4f43)

* Refactor Python API examples and docs

PR #70446: it's a follow-up for #70445.

It includes a merge of `examples/scripts/uptime.py` and a similar
code snippet from `docs/docsite/rst/dev_guide/developing_api.rst`.

This patch also changes the docs RST file to include contents of
the example file instead of holding a copy of a similar code.

(cherry picked from commit 20bb915092)
4 years ago
Matt Clay 4280efccc4 [stable-2.10] Cap pytest version to avoid relative import issue.
(cherry picked from commit 3a8ac62596)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Brian Coca 9b992c0b78
reset logging to INFO (#70878) (#70881)
- due to CVE-2019-14846
 - also added comments and test to avoid 'oportunistic' reversion

(cherry picked from commit 1223ce656a)
4 years ago
Rick Elrod c53a68bf16
Update ansible-base test container to 1.5.0. (#70856) (#70857)
Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Jordan Borean e9c9c02e0a
Do not add connection vars to the output results (#70853) (#70855)
* Do not add connection vars to the output results

* Also revert the delgated scenario JIC

* Added regression test

(cherry picked from commit 5e1a968983)
4 years ago
Matt Davis cc8d180801
fix internal cases of actions calling unqualified module names (#70818) (#70840)
* fix internal cases of actions calling unqualified module names

* add porting_guide entry
* misc other fixes around action/module resolution broken by redirection

ci_complete

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* address review feedback

* pep8

* unit test fixes

* win fixes

* gather_facts fix module args ignores

* docs sanity

* pep8

* fix timeout test

* fix win name rewrites

Co-authored-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 4c0af6c808)
4 years ago
Sam Doran 7e4cffc5d2
[stable-2.10] Change default file permissions so they are not world readable (#70221) (#70824)
* Change default file permissions so they are not world readable

CVE-2020-1736

Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.

A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.

- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions.
(cherry picked from commit 5260527c4a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Brian Coca 8c2754e6d3
Allow hostvars delegation (#70331) (#70810)
* ensure hostvars are available on delegation
* also inventory_hostname must point to current host and not delegated one
* fix get_connection since it was still mixing original host vars and delegated ones
* also return connection vars for delegation and non delegation alike
* add test to ensure we have expected usage when directly assigning for non delegated host

(cherry picked from commit 84adaba6f5)
4 years ago
David Shrewsbury 7cdba7c923
Sanitize URI module keys with no_log values (#70762) (#70820)
* Add sanitize_keys() to module_utils.

* More robust tests

* Revert 69653 change

* Allow list or dict

* fix pep8

* Sanitize lists within dict values

* words

* First pass at uri module

* Fix insane sanity tests

* fix integration tests

* Add changelog

* Remove unit test introduced in 69653

* Add ignore_keys param

* Sanitize all-the-things

* Ignore '_ansible*' keys

* cleanup

* Use module.no_log_values

* Avoid deep recursion issues by using deferred removal structure.

* Nit cleanups

* Add doc blurb

* spelling

* ci_complete

(cherry picked from commit bf98f031f3)
4 years ago
psi / Ryo Hirafuji 61f8f8ce7f
cron - Allow non-ascii (UTF-8) chars in cron file paths and jobs (#70426) (#70794)
* Encode/Decode files in UTF-8
* Use helper function in ansible
* Add an integration test
* Use emoji in test data.
* add changelog
* Also support non-ascii chars in filepath and add tests about this.
* Also use non-ascii chars in replaced text and ensure not to break cron syntax.
* rename self.existing to self.n_existing
* rename crontab.existing to crontab.n_existing
4 years ago
Matt Martz 7eb5f53294
[stable-2.10] Ensure single vaulted values aren't counted as sequences. Fixes #70784 (#70786) (#70791)
(cherry picked from commit 96b74d3)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Baptiste Mille-Mathias 1eb2afac63
Create home and parent directories only when requested (#70790)
The home user and the parents directories should only be created when
create_home == True

(cherry picked from commit f3dd8d3052)
4 years ago
Martin Krizek 4170786cd9
2.10: Detect failure in always block after rescue (#70094) (#70204)
* Detect failure in always block after rescue (#70094)

* Detect failure in always block after rescue

Fixes #70000

ci_complete

* Add more tests

(cherry picked from commit 0ed5b77377)

* add changelog

Co-authored-by: Matt Davis <mrd@redhat.com>
4 years ago
Baptiste Mille-Mathias ffd3757fc3
Fix missing quoting for remote_tmp in second mkdir of shell module. Issue #69577 (#69578) (#70757)
* Fix missing quoting for remote_tmp in second mkdir of shell module. Issue #69577

* adding changelog

* fixing typo in changelog entry

* adding test case

Adding test case written by bmillemayhias.

* using $HOME instead of ~

* fixing commit measage

* Update 69578-shell-remote_tmp-quoting.yaml

Co-authored-by: Brian Kohles <me@briankohles.com>
(cherry picked from commit 77d0effcc5)

Co-authored-by: Brian Kohles <briankohles@users.noreply.github.com>
4 years ago
Sam Doran 9b8a649f2e
[stable-2.10] Handle Slackware OS version strings containing a plus (“+”) (#68142) (#70717)
A couple of years ago Slackware -current began using a plus (“+”) at the end of the distribution version string to indicate a future version work-in-progress.

Rearrange distribution_files unit tests to easily support more tests
  - add conftest with common fixtures
  - use parametrize for testing multiple scenarios

* Add changelog
* Add unit tests for Slackware distribution parsing
* Use correct fixtures for Slackware
Data comes from /etc/slackware-version

Co-authored-by: Sam Doran <sdoran@redhat.com>
Co-authored-by: <Eduard Rozenberg <eduardr@pobox.com>>
(cherry picked from commit 566c5e6ce1)

Co-authored-by: Eduard Rozenberg <2648417+edrozenberg@users.noreply.github.com>

Co-authored-by: Eduard Rozenberg <2648417+edrozenberg@users.noreply.github.com>
4 years ago
Sloane Hertel d329985d4c
[2.10] template connection variables accessed directly before using (#70657) (#70688)
* template connection variables accessed directly before using (#70657)

* template variables accessed directly when using them instead of FieldAttributes

(cherry picked from commit 8c213c9334)

* changelog
4 years ago
Abhijeet Kasurde ed07821a59
[2.10] api: time.clock compatible code (#70677)
time.clock is removed in Python 3.8. Add time.clock
compatible code.

Fixes: #70649

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 055871cbb8)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Toshio Kuratomi 46b1a999c6
Collections docs generation backport (#70515)
* Build documentation for Ansible-2.10 (formerly known as ACD).

Builds plugin docs from collections whose source is on galaxy

The new command downloads collections from galaxy, then finds the
plugins inside of them to get the documentation for those plugins.

* Update the python syntax checks
  * docs builds can now require python 3.6+.

* Move plugin formatter code out to an external tool, antsibull-docs.
  Collection owners want to be able to extract docs for their own
  websites as well.
* The jinja2 filters, tests, and other support code have moved to antsibull
* Remove document_plugins as that has now been integrated into antsibull-docs

* Cleanup and bugfix to other build script code:
  * The Commands class needed to have its metaclass set for abstractmethod
    to work correctly
  * Fix lint issues in some command plugins

* Add the docs/docsite/rst/collections to .gitignore as
  everything in that directory will be generated so we don't want any of
  it saved in the git repository
* gitignore the build dir and remove edit docs link on module pages

* Add docs/rst/collections as a directory to remove on make clean
* Split the collections docs from the main docs

* remove version and edit on github
* remove version banner for just collections
* clarify examples need collection keyword defined

* Remove references to plugin documentation locations that no longer exist.
  * Perhaps the pages in plugins/*.rst should be deprecated
    altogether and their content moved?
  * If not, perhaps we want to rephrase and link into the collection
    documentation?
  * Or perhaps we want to link to the plugins which are present in
    collections/ansible/builtin?

* Remove PYTHONPATH from the build-ansible calls
  One of the design goals of the build-ansible.py script was for it to
  automatically set its library path to include the checkout of ansible
  and the library of code to implement itself.  Because it automatically
  includes the checkout of ansible, we don't need to set PYTHONPATH in
  the Makefile any longer.

* Create a command to only build ansible-base plugin docs
  * When building docs for devel, only build the ansible-base docs for
    now.  This is because antsibull needs support for building a "devel
    tree" of docs.  This can be changed once that is implemented
  * When building docs for the sanity tests, only build the ansible-base
    plugin docs for now.  Those are the docs which are in this repo so
    that seems appropriate for now.

* Docs: User guide overhaul, part 5 (#70307)

(cherry picked from commit db354c0300)

* Need to return any error code from running antsibull-docs (#70763)

This way we fail early if there's a problem

(cherry picked from commit 1e3989c9f7)

Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
4 years ago
Matt Martz 255dfca7f6
[stable-2.10] Allow single vault encrypted values to be used directly as module parameters. Fixes #68275 (#70607) (#70641)
(cherry picked from commit a77dbf0)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Rick Elrod 86b24498b7
Add intentional coverage for an async_wrapper case (#70593) (#70630)
* Add intentional coverage for an async_wrapper case (#70593)

Change:
- Test async_wrapper when the module it runs has stderr output

Test Plan:
- CI
- Looked at coverage report and saw green for a few lines that weren't
  previously green.

Signed-off-by: Rick Elrod <rick@elrod.me>

* sigh

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod 33e5f1d661
Get m_u.facts.utils coverage up to 100% (#70614) (#70629)
* Get m_u.facts.utils coverage up to 100%

Change:
- Add tests to 'gathering_facts' integration target to get
  module_utils.facts.utils coverage up to 100%.
- This also clears incidental coverage from incidental_selinux.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Brian Coca 6cd015d7e2
Make filter type errors 'loop friendly' (#70417) (#70574)
- ensure we preserve the typeerror part of the exception so loop defereed error handling
 can postpone those caused by undefined variables until the when check is done.
 - fix tests to comply with the 'new normal'

 - human_to_bytes and others can issue TypeError not only on 'non string'
 but also bad string that is not convertable.

Co-authored-by: Sloane Hertel <shertel@redhat.com>

Co-authored-by: Sloane Hertel <shertel@redhat.com>
(cherry picked from commit cf89ca8a03)
4 years ago
Felix Fontein 15355ed059
[2.10] ansible-doc: include collection name in text output / plugin loader: return collection name; ansible-doc: handle ansible.builtin correctly (#70572)
* ansible-doc: include collection name in text output (#70401)

* ansible-doc: include collection name in text output

* Be more careful to not accidentally pass ansible.builtin for user-supplied modules.

(cherry picked from commit f4c89eab23)

* plugin loader: return collection name; ansible-doc: handle ansible.builtin correctly (#70026)

* Determine collection in plugin loader.

* Fix test.

* Use PluginPathContext objects in PluginLoader._plugin_path_cache instead of tuples.

(cherry picked from commit 24dcaf8974)
4 years ago
Mykola Grygoriev 5ea6de4e7d
Fix decrypt argument in assemble module (#70465) (#70560)
* Do not pass decrypt parameter to assemble module

* Add integration tests where decrypt=True

* Add changelog #70465

(cherry picked from commit 71c378e139)
4 years ago
David Shrewsbury 94a81f7b44
Make sure ansible_become treated as a boolean (#70484) (#70526)
* Make sure ansible_become treated as a boolean

(cherry picked from commit 8aca464b8b)
4 years ago
Felix Fontein a5c0b11913
ansible-doc man formatter: fail with better error message when description isn't there (#70046) (#70485)
* ansible-doc man formatter: do not crash when description isn't there.
* Change to report a better error message when description is not there.
* Add test.

(cherry picked from commit 9164b96774)
4 years ago
Sloane Hertel 212d2024f4
[2.10] Handle post_validate templating errors and fix tests (#70240) (#70389)
* Handle post_validate templating errors and fix tests (#70240)

* Handle unexpected templating errors

* Fixes #70050

Fix up tests that weren't running and add tests for graceful templating error handling

(cherry picked from commit 30e70f4b63)

* changelog

ci_complete
4 years ago
Martin Krizek 7dfda4026e
Fix delegate_facts with interpreter not being set (#70293) (#70384)
Fixes #70168

ci_complete

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit b05e00e99a)
4 years ago
Abhijeet Kasurde e1c0688e43
[2.10] Improve ansible-galaxy STDOUT messages for collections (#70379)
- Fix issue #70010
- Add installation successful message
- This feature targets "collection" sub-command and does not affect "role" sub-command

Signed-off-by: Hideki Saito <saito@fgrep.org>
(cherry picked from commit 2d59e548f6)

Co-authored-by: Hideki Saito <saito@fgrep.org>
4 years ago
Matt Davis 1e03b54d23
refactor Python module_utils locator (#70610) (#70711)
* refactor Python module_utils locator

* no longer recursive
* embed special-case module code internally
* share common code between collections/not cases
* fixes #70134
* properly support subpackage redirection
* adds support for FQCN redirect targets used by migration (expands to FQ Python name)
* add tests

* add changelog

(cherry picked from commit c616e54a6e)
4 years ago
Felix Fontein 273159da4c
Include changelogs/changelog.yaml in distribution. (#70260) (#70266)
(cherry picked from commit ebd20ddca6)
4 years ago
Sam Doran 95ec1618ef
[stable-2.10] Only pass kwargs to our string checker not callable checkers (#70151) (#70170)
Since only check_type_str() accepts extra param, only pass to our checker and
do not pass kwargs to custom checkers.

* Add unit tests
(cherry picked from commit bc05415109)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Sam Doran b6f6067dfd
[stable-2.10] ansible_runner test - Add constraints (#70667) (#70669)
A recent updated to psutil, which is a dependency of ansible-runner, fails
to install on older versions of pip.

Commit with the breaking change:

  135628639b
(cherry picked from commit 9d27d7c8b1)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Matt Clay c2b69fd30e [stable-2.10] Fix ansible-test virtualenv management.
(cherry picked from commit 1e02a201a6)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay ddc78622a4 [stable-2.10] Update ansible-test change detection for plugins.
(cherry picked from commit 09f02980a4)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay 957f0c27fc [stable-2.10] Fix boilerplate in setup.py and lib/ansible/ dir..
(cherry picked from commit 234994fc07)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay a707466c0b [stable-2.10] Fix yamllint sanity test line numbers.
Parse errors from libyaml now compensate for the offset of the documentation within a module.
(cherry picked from commit 1a0d8a51cd)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay 8cd66ce95a [stable-2.10] Clean up unit test boilerplate.
(cherry picked from commit 98a0995fd0)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay 3204d260dd [stable-2.10] Add integration tests for basic.py _set_cwd.
These tests verify that AnsibleModule can be instantiated when cwd does not exist or is unreadable.
(cherry picked from commit d6fb42d1c5)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay f28fabe6ef [stable-2.10] Add integration tests for test plugins. (#70576)
(cherry picked from commit df45dcdae0)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Matt Clay ba645400bf [stable-2.10] Correct name of fileglob lookup integration test.
(cherry picked from commit bbd8f15a58)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay 73d9054b32 [stable-2.10] Test netconf plugins in ansible-doc sanity test.
(cherry picked from commit 8d92df4537)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Abhijeet Kasurde 0abb5e597e
[2.10] known_hosts: update documentation (#70406)
* Update documentation as per sanity tests
* Added example about custom SSH port in example section

Fixes: #29236

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 74bedab8a9)
4 years ago
Jordan Borean 70da336de9 ansible-test - do not validate blacklisted ps modules (#70376)
* ansible-test - do not validate blacklisted ps modules

* Update changelogs/fragments/validate-modules-ps-doc-blacklist.yaml

Co-authored-by: Matt Clay <matt@mystile.com>

Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit 40ce448657)
4 years ago
Matt Clay 73ee85145b [stable-2.10] Pin ansible-test requirements for RHEL.
The `packaging` and `pyparsing` packages are now installed by `ansible-test` during provisioning of RHEL instances to match the downstream vendored versions.
(cherry picked from commit 70c59423fc)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Rick Elrod bcd7c860e2 pip tests, use py2 compat sampleproject fork
Change:
- sampleproject has gone py3 only. Use a py2 compatible fork.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Sam Doran 0b7e3694c7 [stable-2.10] Rebalance CI groups to avoid macOS timeouts (#70126)
(cherry picked from commit b2d6db7916)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Matt Clay 8152d8bc1a Disabled inconsistent pylint checks. 5 years ago