* Git allows embedding username and password in repo URL for
https authentication. This may lead to exposing the user sensitive
information to logs and unautheticated users.
Adding no_log will partially solve this.
* Added documentation warning user about URL embedded with username
and password.
* Added logic to remember user sensitive information for later sanitization
Fixes: #84557
(cherry picked from commit 19e9f3d)
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
* [fix] `warn_if_reserved` expects a list (#84624)
Fixes#84623
(cherry picked from commit 48d71ba3aa)
* changelog
* Test include_vars reserved variable matching (#84678)
* Add test case for include_vars
* Revise test to catch erroneous warnings
(cherry picked from commit 333ee8d010)
---------
Co-authored-by: Dominique Quatravaux <dominique@quatravaux.org>
gather_facts, fix network_os and smart logic and defaults
setup will be default for smart only if network_os is not set, now you get warnings and errors when missing a valid facts module for a network os
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit c64c389007)
Fixes the coverage path translation for modules located in integration
test paths. Instead of trying to match by the unique temporary path name
that the module is executed as, the reporting tool will translate it to
the static path that the module is actually located under.
(cherry picked from commit f9b58fa13f)
* ssh: Test reset_connection with templated ansible_ssh_executable
Add failing test to confirm subsequent fixes are necessary & sufficient.
* ssh: Fix reset_connection with templated ansible_ssh_executable
Signed-off-by: Alex Willmer <alex@moreati.org.uk>
(cherry picked from commit 59d9737788)
Co-authored-by: Alex Willmer <alex@moreati.org.uk>
* fix warnings about reserved variable names to cover all sources (#84432)
Also remove redundant check from tqm
Now covers module output (set_fact/include_vars)
Includes play objects at any stage (tasks that error were not covered)
Added tests, moved them to role structure
(cherry picked from commit 20baf29a2a)
* fix template (#84563)
also fix gather_subset warning and add some comments/notes
---------
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 675d7201d8)
* reserved vars, avoid gather_subset (#84575)
(cherry picked from commit 3398c102b5)
The test has been updated to use a custom type which does not support pickling,
instead of relying on Jinja's `Undefined` type. As of Jinja 3.1.5 that type now
supports pickle, which breaks the original implementation of the test.
(cherry picked from commit 5ec236b)
* fixes for CVE-2024-8775
* propagate truthy `_ansible_no_log` in action result (previously superseded by task-calculated value)
* always mask entire `include_vars` action result if any file loaded had a false `show_content` flag (previously used only the flag value from the last file loaded)
* update no_log tests for CVE-2024-8775
* include validation of _ansible_no_log preservation when set by actions
* replace static values with dynamic for increased robustness to logging/display/callback changes (but still using grep counts :( )
* changelog
* use ternary, coerce to bool explicitly
(cherry picked from commit c9ac477e53)
This greatly reduces run time on large inventories since meta tasks are
executed in the main process sequentially and just executing them is expensive.
This change avoids running the following implicit meta tasks:
* ``flush_handlers`` on hosts where no handlers are notified
* ``noop`` for the linear strategy's lockstep, instead hosts that are
not executing the current task are just not part of the current host loop
A playbook consiting of two simple plays both running on ~6000 hosts
runs in:
devel: 37s
this PR: 1.3s
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
(cherry picked from commit d6d2251929)
* user module avoid conflicts ssh pub key (#84165)
Remove pub key if we are going to generate private
fix tests for os X
(cherry picked from commit 11e4a6a722)
* Restore test import missing from backport
---------
Co-authored-by: Matt Clay <matt@mystile.com>
The shell command sometimes prints a trailing whitespace which breaks
the tests on old RHELs. This patch is supposed to fix that.
(cherry picked from commit cd74c4bcd5)
Ensure we force mtime/atime update when using copystat
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
(cherry picked from commit 26375e7f12)
Co-authored-by: dkuji <daisuke.kuji@gmail.com>
Also remove redundant msg now that we fixed yaml case
So no more need to %s % e.
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 0c8efa29b2)
Adds the datastore details to the parser error when attempting to
include tasks that contain include_tasks without a filename set. This
change will now display the exact location of the include_tasks that
failed like any normal syntax error.
(cherry picked from commit 1503805b70)
* Fix broken, circumvented test for missing vault ids
* verify the command returns a non-zero exit code
Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit fe7e68bfcb)
* ssh and psrp - Support more complex chars in fetch_file
Fixes the psrp and ssh (with piped) fetch function to work with paths
that contains glob like characters in the path. For Windows this was
needed when using paths that contain `[]` in the path. For ssh this was
a problem with FreeBSD when using the piped transfer method with similar
characters.
Also tidies up the psrp logic to not inject the paths and buffer size
in the script but pass it as an object through an argument/parameter.
* Fix sanity check
(cherry picked from commit 520fa688ba)
* csvfile lookup - fix giving an error when no search term is provided (#83710)
Fixes#83689
(cherry picked from commit 26c8a28d05)
* Fix csvfile test - quote file argument (#83751)
file was intended to be a string, not an undefined variable
(cherry picked from commit 97a60c1e86)
* fix creating file in directory with setgid bit
* add a test using the copy module's content option to create a file in a directory with setgid bit
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
(cherry picked from commit 2b91c57c85)
* lift code that normalizes value type for boolean vtype to cover both
branches of conditional.
* remove obsolete and incomplete conversion of type in set_selection.
Fixes: #83594
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
(cherry picked from commit c904bffc7d)
Co-authored-by: Peter A. Bigot <pab@pabigot.com>
* Revert "[stable-2.17] dnf: follow-up on is_newer_installed arches fix (#83556) (#83563)"
This reverts commit fa40503191.
* Revert "[stable-2.17] dnf - arches must be the same in the is_newer_installed check (#83417)"
This reverts commit 6966b53b5b.
* dnf: follow-up on is_newer_installed arches fix
* fix for the non package object case
* prevent early bailout in dnf _is_newer_version_installed
* non-installed available arches would fail out of the check early
---------
(cherry picked from commit 28cef00576)
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
Matt Martz