* Allow user to control the trimming of blocks while templating
* Added tests
* Updated documentation and example
Fixes: #75962
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* ssh: Test reset_connection with templated ansible_ssh_executable
Add failing test to confirm subsequent fixes are necessary & sufficient.
* ssh: Fix reset_connection with templated ansible_ssh_executable
Signed-off-by: Alex Willmer <alex@moreati.org.uk>
* Fix callback_default integration test for non-root users
This test compares the test output to previously collected output. However, this
previously assumed that the tests are run as root, even though needs/root in
aliases is not set.
So instead parameterize the output, and use sed to replace the value that
diverge when running it as different users.
* integration tests: Ensure temp file removal doesn't fail as non-root user
* Don't fail when ansible-galaxy integration test runs as non-root
* Update integration test callback list
---------
Co-authored-by: Lee Garrett <lgarrett@rocketjump.eu>
* Additional tests for lookup_sequence
* Follow up for https://github.com/ansible/ansible/pull/83758,
to add tests for stride parameter.
---------
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Fixes the coverage path translation for modules located in integration
test paths. Instead of trying to match by the unique temporary path name
that the module is executed as, the reporting tool will translate it to
the static path that the module is actually located under.
* integrity tests: Tag (destructive) root tests as such
- apt_key needs root to touch the apt key database
- debconf needs root to change debconf values of system packages
- gathering writes to /etc/ansible/*, writeable only to root
- group creates system groups
- noexec mounts/umounts a ramdisk
- systemd requires root to start/stop services
Mark all except noexec as "destructive" as they change the state of the system.
* integration test cron requires root, as it calls setup_cron
* integration test dpkg_selection runs dpkg as root
* integration test facts_linux_network requires root
It adds/removes IP addresses from network interfaces, requiring root for that.
* integration test package requires root
installs/removes system packages
* Integration test service requires root
Creates/starts/stops/removes systemd services
* integration test user requires root to create users
* integration tests using setup_test_user require root
---------
Co-authored-by: Lee Garrett <lgarrett@rocketjump.eu>
* Update resolvelib upperbound to 2.0.0
Minor SemVer releases should not contain breaking changes
* Test the latest minor release and reduce number of resolvelib versions tested for efficiency
Several tasks within the modification_time.yml and state_link.yml task
lists have explicitly enabled diff_mode because these tests previously
assumed a diff attribute would always be returned from the file module.
While showing the deprecation message, mention the collection name
from which the module is removed.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fixes for CVE-2024-8775
* propagate truthy `_ansible_no_log` in action result (previously superseded by task-calculated value)
* always mask entire `include_vars` action result if any file loaded had a false `show_content` flag (previously used only the flag value from the last file loaded)
* update no_log tests for CVE-2024-8775
* include validation of _ansible_no_log preservation when set by actions
* replace static values with dynamic for increased robustness to logging/display/callback changes (but still using grep counts :( )
* changelog
* use ternary, coerce to bool explicitly
* Update triple single quotes to triple double quotes
This change was fully automated.
The updated Python files have been verified to tokenize the same as the originals, except for the expected change in quoting of strings, which were verified through literal_eval.
* Manual conversion of docstring quotes
This greatly reduces run time on large inventories since meta tasks are
executed in the main process sequentially and just executing them is expensive.
This change avoids running the following implicit meta tasks:
* ``flush_handlers`` on hosts where no handlers are notified
* ``noop`` for the linear strategy's lockstep, instead hosts that are
not executing the current task are just not part of the current host loop
A playbook consiting of two simple plays both running on ~6000 hosts
runs in:
devel: 37s
this PR: 1.3s
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
Since we don't really care about the type we don't have to
query for it and just retrieve the filename value.
Unfortunately we cannot use module_utils.urls.get_response_filename
as we don't have the response object, so just utilize
email.message.Message to parse the filename
instead of manually doing the work ourselves.
Fixes: #83690
* Add a mount_facts module capable of gathering mounts skipped by default
fact gathering
* By default, collect mount facts from standard locations including
/etc/mtab, /proc/mounts, /etc/fstab, /etc/mnttab, /etc/vfstab, and on AIX,
/etc/filesystems.
When no file-based source for the current mounts can be found
(like /proc/mounts), the module falls back to using mount as a source.
This allows BSD and AIX to collect the existing mounts by default, without
causing Linux hosts to use both /proc/mounts and mount output.
* Non-standard locations and "mount" can be configured as a sources.
* Support returning an aggregate list of mount points in addition to first
found.
When there are multiple mounts for the same mount point in an
individual source, a warning is given if the include_aggregate_mounts
option is not configured.
* Add options to filter on fstypes and devices (supporting UNIX shell
wildcards).
* Support configuring a timeout and timeout behavior to make it easier
to use the module as a default facts module without risking a hang.
* Include the source and line(s) corresponding to a mount for easier
debugging.
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* Fact gathering fix 'no shm' branhc
* Use concurrent.futures instead of multiprocessing
This entirely avoids the need for fallback logic since the concurrent.futures thread pool does not depend on `/dev/shm`.
Co-authored-by: Matt Clay <matt@mystile.com>
* add a loop_control break_when directive to break out of a loop after any item
* remove loop var as normal exit would
* example usage:
- name: generate a random password up to 10 times, until it matches the policy
set_fact:
password: "{{ lookup('password', '/dev/null', chars=character_set, length=length) }}"
loop: "{{ range(0, 10) }}"
loop_control:
break_when:
- password is match(password_policy)
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
Adds the datastore details to the parser error when attempting to
include tasks that contain include_tasks without a filename set. This
change will now display the exact location of the include_tasks that
failed like any normal syntax error.
Expands the test matrix used for testing on Windows to cover the three
connection plugins we support for all the tasks. This change also
changes how raw commands are run over SSH to avoid starting a
`powershell.exe` process that was uneeded in the majority of cases used
in Ansible. This simplifies our code a bit more by removing extra
Windows specific actions in the ssh plugin and improves the efficiency
when running tasks.
* Fix up raw_params for ansible.windows modules
Fixes up the logic for detecting if using ansible.windows.win_command or
ansible.windows.win_shell with _raw_params. These two modules are
special in that they can be referenced in 4 different ways but the
ansible.windows collection specific prefix needs to be manually added to
the list.
* Fix up sanity issue
* ssh and psrp - Support more complex chars in fetch_file
Fixes the psrp and ssh (with piped) fetch function to work with paths
that contains glob like characters in the path. For Windows this was
needed when using paths that contain `[]` in the path. For ssh this was
a problem with FreeBSD when using the piped transfer method with similar
characters.
Also tidies up the psrp logic to not inject the paths and buffer size
in the script but pass it as an object through an argument/parameter.
* Fix sanity check
Ensure we force mtime/atime update when using copystat
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
* fix creating file in directory with setgid bit
* add a test using the copy module's content option to create a file in a directory with setgid bit
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
* Enable validation of subkeys in rpm key module
A gpg subkey may change while the primary key remains the same. Due to
this behavior, there are situations where validation of the primary gpg
key fingerprint is not sufficient because the desired target is actually
the gpg subkey. This change allows the user to validate against either
the fingerprint of the primary gpg key or its subkey.
Signed-off-by: Kellin <kellin@retromud.org>
* Improve tests, add multi-fingerprint
- Improve tests to cover all cases
- add multi fingerprint validation
Signed-off-by: Kellin <kellin@retromud.org>
add caplevel to display to pass through
also reverse dict order as 'last update wins'
added tests ... and also log severity to log
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
The marker is removed in ansible-test managed environments, but the apt test restores it
by installing/upgrading packages. To avoid breaking later tests, the marker needs to be
removed again.
ci_complete
* winrm - quota retry handling
Add a retry attempt when receiving ERROR_WSMAN_QUOTA_MAX_OPERATIONS when
starting a command. This can occur when running a loop with multiple
iterations or an action plugin that runs multiple commands.
* Update pywinrm constraint for test
* Add verbose hint and mark test as destructive
This change simplifies construction and footprint of testing rpm
repository created by rpmfluff:
* all packages default to noarch
* only when necessary build package for a specific architecture(s)
* do not build several repositories each for specific arch
* remove duplicate "incompatible arch" test
* skip_broken_and_nobest: move testing packages from an external repo
into our dummy repo for transparency
* remove compatibility code from create_repo.py for versions no longer
needed
* remove support for old OS versions from setup_rpm_repo
* simplify representation of an rpm in create_repo.py to allow easier
changes
Notes
* there is one more external testing repo used at
https://ci-files.testing.ansible.com/test/integration/targets/setup_rpm_repo/repo-with-updateinfo
While upgrade process removes a package, module should
report changed=True instead of changed=False
Fixes: #46314
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* lift code that normalizes value type for boolean vtype to cover both
branches of conditional.
* remove obsolete and incomplete conversion of type in set_selection.
Fixes: #83594
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
* dnf: follow-up on is_newer_installed arches fix
* fix for the non package object case
* prevent early bailout in dnf _is_newer_version_installed
* non-installed available arches would fail out of the check early
---------
Co-authored-by: Matt Davis <nitzmahone@redhat.com>
Brian Coca