Commit Graph

12076 Commits (24d70469ab6f32aa2041a9b2794b4cc5f3e814ef)

Author SHA1 Message Date
Matt Clay 24d70469ab
[stable-2.15] Use build instead of pep517 for integration test (#83640)
(cherry picked from commit f261a6142f)
5 months ago
Sviatoslav Sydorenko (Святослав Сидоренко) 60ff7ddc0f
[2.15] 🧪 Switch CentOS 7 yum repo mirrors to the vault (#83525)
The distro itself reached EoL on June 30, 2024, but these repository
archives live on and should remain usable for testing.

Refs:
* https://www.redhat.com/en/topics/linux/centos-linux-eol
* https://github.com/ansible/pylibssh/commit/01d3442f
* https://gist.github.com/hkneptune/4961532c2df691db79a1c6b72c251b25
* https://vault.centos.org/7.9.2009/

(cherry picked from commit c8c45cdfb4)

(PR #83523)
5 months ago
Matt Clay 25273bf901
[stable-2.15] ansible-test - Update PyPI test container to 3.1.0 (#83432). (#83441)
(cherry picked from commit 5af5b4b6c8)
6 months ago
Martin Krizek 829a32a3eb
[stable-2.15] Use f38 official repo for libdnf5 package (#83419)
The nightly copr repo for Fedora 37 is no longer available
and python3-libdnf5 is not present in the official Fedora 37 repository,
try and use Fedora 38 repo for installing python3-libdnf5 instead.
6 months ago
Matt Clay 852966081e
ansible-test - Drop Windows 2012/2012-R2 support (#83379) 6 months ago
Jordan Borean 3f01fd9be9
Add version ceiling for pypsrp (#83122) (#83162)
* Add version ceiling for pypsrp

Add a version ceiling for the pypsrp requirements. This ensures that the
future v1.0.0 release won't impact existing users who install the
library using the version range specified.

* Use constraints file

* Add changelog for this change

(cherry picked from commit 2ed6c30929)
7 months ago
Matt Clay d65905f998
[stable-2.15] ansible-test - Use PyPI proxy for centos7 (#83226) (#83228)
(cherry picked from commit c0f7e9cc2c)
7 months ago
Sloane Hertel 6fe3b64990
Fix installing roles containing symlinks (#82911) (#83138)
* Fix installing roles containing symlinks

Fix sanitizing tarfile symlinks relative to the link directory instead of the archive

For example:

role
├── handlers
│   └── utils.yml -> ../tasks/utils/suite.yml

The link ../tasks/utils/suite.yml will resolve to a path outside of the link's directory, but within the role

role/handlers/../tasks/utils/suite.yml

the resolved path relative to the role is tasks/utils/suite.yml, but if the symlink is set to that value, tarfile would extract it from role/handlers/tasks/utils/suite.yml

* Replace overly forgiving test case with tests for a symlink in a subdirectory of the archive and a symlink in the archive dir when these are not equivalent.

* Build test case from role files to make it easier to add test cases

Fixes #82702
Fixes #81965
Fixes #82051

(cherry picked from commit e84240db84)
7 months ago
Matt Martz 4403519afe
[stable-2.15] Don't hardcode the dnf module, dynamically select one (#83183). (#83186)
(cherry picked from commit dc6b77beca)
7 months ago
Jordan Borean 8e07b46bde
winrm - Handle task timeout (#82784) (#82863)
When using winrm over HTTP with message encryption enabled and a task
has timed out the connection plugin will fail to cleanup the WinRM
command. This will change that exception into a warning as a timeout is
already an exception event and a failure to clean the operation should
not override the timeout error shown.

(cherry picked from commit 8aecd1f9b2)
8 months ago
Felix Fontein 8ba086ce87
Do not mangle plugin names in collections that start with an underscore. (#82574) (#82886)
(cherry picked from commit c0821346fc)
8 months ago
Sloane Hertel 12239abf72
fix handling allow_duplicates with the role cache (#82691) (#82928)
allow_duplicates is not part of the role uniqueness, so the value on the cached role may not match the current role.

* remove the allow_duplicates check from Role.has_run() which operates on the deduplicated role
* check the current role's allow_duplicates value in the strategy

(cherry picked from commit b3d8cdde5d)

Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
8 months ago
Matt Clay 7bed756498
[stable-2.15] ansible-test - Fix Alpine libexpat bootstrapping (#82897)
(cherry picked from commit ca168eb367)
9 months ago
Jordan Borean 9b07e69822
Re-enable psrp tests that were disabled (#82785) (#82787)
(cherry picked from commit bb030db546)
9 months ago
Jordan Borean 8190a2ad7a
Avoid winrm hang on stdin write failure (#82766) (#82781)
If the connection plugin fails to write the data to run to stdin we will
only attempt to get the output with one operation attempt. If this times
out we will consider the command to have failed and raise an exception
instead of forever attempting to get the output.

(cherry picked from commit 942424e10b)
9 months ago
Martin Krizek 407544f283
Prevent failures due to unsafe plugin name (#82759) (#82790)
(cherry picked from commit 56f31126ad)
9 months ago
Matt Martz 5844f4305e
[stable-2.15] Install crun from Alpine 3.19 for known musl compatibility (#82812). (#82815)
(cherry picked from commit 86f48a526a)
9 months ago
Matt Clay 1eb9b30dce
[stable-2.15] ansible-test - Add work-around for pytest>=8 errors (#82723) (#82728)
* ansible-test - Add work-around for pytest>=8 errors
* Update changelogs/fragments/ansible-test-pytest-8.yml

(cherry picked from commit a1edb61ce7)
9 months ago
Matt Martz d3f1bf138a
[stable-2.15] Disable ansible-test podman container tests on Ubuntu 22.04 (#82748) (#82753)
(cherry picked from commit 9a8be1e)
10 months ago
Mark Goddard fecd89786c
Fix issues with ansible-playbook-callbacks test (#82407) (#82631)
The timing of the async tasks was a little unpredictable, meaning that
sometimes we would get an unexpected number of v2_runner_on_async_poll
callbacks, and fail the test. This change fixes the issue by increasing
the poll interval to 2 seconds and the sleep duration to 3 seconds, such
that on a reasonably responsive system we will poll twice per task, with
the sleep ending in the middle of the two polls.

The include_me.yml file does not exist in this integration test. It has
been added.

The remote_tmp_dir.path expression is invalid - the setup_remote_tmp_dir
role uses set_fact to set remote_tmp_dir to remote_tmp_dir.path.

The integration tests run with ANSIBLE_HOST_PATTERN_MISMATCH=error,
meaning that the final play was never reached. Set
ANSIBLE_HOST_PATTERN_MISMATCH=warning to continue past the play and
trigger the v2_playbook_on_no_hosts_matched callback.

(cherry picked from commit 4a2de764ec)
10 months ago
Nilashish Chakraborty 686fe806f8
Support `action_plugin` in plugin_routing_schema (#82562) (#82582)
now validation schema matches reality

Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
(cherry picked from commit b01f1f207c)
11 months ago
Brian Coca 09879cbe14
Better errors for delegate_to (#82319) (#82341)
Handle empty result of templating
  Also skip work when we omit

(cherry picked from commit 6ebefaceb6)
11 months ago
Brian Coca 74869eb052 ansible-config dedupe ini plugin entries (#82498)
added test for ini file integrity, also ensuring no dupes

(cherry picked from commit 6c2895fd88)
11 months ago
Matt Martz 78db3a3de6
[stable-2.15] Ensure ANSIBLE_NO_LOG is respected (CVE-2024-0690) (#82565) (#82567)
(cherry picked from commit 6935c8e)
11 months ago
Sloane Hertel 2477059be2
Targeted fix for installing roles with symlinks containing '..' (#82165) (#82324)
Set the tarfile attribute to a normalized value from unfrackpath instead
of validating path parts and omiting potentially invald parts

Allow tarfile paths/links containing '..', '$', '~' as long as the
normalized realpath is in the tarfile's role directory

(cherry picked from commit 3a42a00368)
11 months ago
Matt Martz 0db4bb36ba
Enable directly using `AnsibleUnsafeText` with Python `pathlib` (#82510) (#82563)
* Enable directly using `AnsibleUnsafeText` with Python `pathlib`. Fixes #82414.
(cherry picked from commit c6a652c081)
11 months ago
Abhijeet Kasurde 11e50715a3 [backport-2.15] CI: remove FreeBSD 12.4 from test matrix (#81315)
Fixes: #80417

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 11e261b54f)
11 months ago
Matt Martz b19cfb19c2
[stable-2.15] Additional Unsafe fixes (#82376) (#82380)
* Allow older pickle protocols to pickle unsafe classes. Fixes #82356

* Address issues when iterating or getting single index from AnsibleUnsafeBytes. Fixes #82375

* clog frag
(cherry picked from commit afe3fc1)
1 year ago
Sviatoslav Sydorenko (Святослав Сидоренко) a79e410c51
[backport-2.15] Replace FreeBSD 13.1 with 13.2 in CI and ansible-test (#82397)
* [backport-2.15] Add FreeBSD 13.2 to ansible-test (#80698)

(cherry picked from commit d12aa7f69c)

* [backport-2.15] remove Freebsd 13.1 from test matrix (#81058)

* remove Freebsd 13.1 from test matrix

fixes #80416

Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit 534f688a53)

* Revert to the original Python versions for the branch

Co-authored-by: Matt Martz <matt@sivel.net>

---------

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Matt Martz <matt@sivel.net>
1 year ago
Sviatoslav Sydorenko 0474d3da62
[backport][stable-2.15] 🧪 Replace GitHub SVN integration test with local TLS (#82369)
* [backport][stable-2.15] 🧪 Replace GitHub SVN integration test with local TLS

PR #82334

* Run svn integration test locally with TLS

This patch uses a `trustme` to make an ephemeral CA, and server, and
client TLS artifacts for testing. These are integrated into the Apache
web server via it's `mod_ssl`.

Resolves #82207

* Replace GitHub SVN HTTPS URL w/ localhost over TLS

This change gets rid of the need to use GitHub, which is just about to
drop support for SVN [[1]]. Moreover, it eliminates the need to use
external network for any SVN commands in the test.

[1]: https://github.blog/2023-01-20-sunsetting-subversion-support/

(cherry picked from commit dd0138ba21)

* Implement compat w/ opensuse15, centos7 & rhel7/8
1 year ago
Matt Martz 3561008c7e
[stable-2.15] Install upgraded crun from edge (#81833). (#82343)
(cherry picked from commit e78cc1e602)
1 year ago
Matt Martz fea130480d
Ensure that unsafe is more difficult to lose [stable-2.15] (#82294)
* Ensure that unsafe is more difficult to lose

* Add Task.untemplated_args, and switch assert over to use it
* Don't use re in first_found, switch to using native string methods
* If nested templating results in unsafe, just error, don't continue

(cherry picked from commit 586f1924512b01305f896d9ae4732773023013a3)

* ci_complete
1 year ago
Martin Krizek 03330f1431
flush_handlers: handle a failure in a nested block with force_handlers (#81572) (#82198)
Fixes #81532

ci_complete

(cherry picked from commit a8b6ef7e7c)
1 year ago
Matt Martz 7c31e6b1c0
[stable-2.15] Check if skeleton is /dev/null while creating home folder (#75948) (#82103)
* Check if skeleton is /dev/null while creating home folder

* Add test for linux



(cherry picked from commit 25b3d3a)

Co-authored-by: Holger Dörner <42909210+HolgerDoerner@users.noreply.github.com>
1 year ago
Jordan Borean a62ba401be
Remove duplicate winrm test (#82124) (#82126)
(cherry picked from commit f8a9fd4758)
1 year ago
Brian Coca fdbdc2ae35
restore role param precedence (#82106) (#82139)
* add test for setfact/param override

(cherry picked from commit 20a54eb236)
1 year ago
Brian Coca 5623783bcf
ansible-pull: expand destinantion directoy to avoid purgin in / (#82030) (#82222)
* expand destinantion directoy to avoid purgin in /

  bad things could happen and help alone is not enough

(cherry picked from commit 8825e60add)
1 year ago
Brian Coca 23cd32e31e
wait_for, fallback to read for non mmapable files (#82064) (#82234)
* wait_for, fallback to read for non mmapable files (#82064)

(cherry picked from commit 8b102dca4a)
1 year ago
Brian Coca 5b5c26c644
no_log avoid masking booleans (#82217) (#82236)
* no_log avoid masking booleans (#82217)

(cherry picked from commit 6e448edc63)
1 year ago
Brian Coca 0ef9984918
Restore import_role variable exporting behavior (#81840) (#81873)
* Import role public (#81772)

revert to previous behavior to push vars to play at compile time
add `public` parameter to allow per import control of exporting (vs just the global config)

Co-authored-by: tchernomax <maxime.deroucy@gmail.com>
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
(cherry picked from commit ab6a544e86)

* adapted to prev version

 - removed new functionality
 - restored global config functioning overriding specific public option

* remove typoe

* quote it

(cherry picked from commit 9a4bc7e7b3)
1 year ago
Jordan Borean 498cc00b4e
Add test coverage for winrm (#81910) - 2.15 (#81913)
* Add test coverage for winrm (#81910)

(cherry picked from commit 282908c57e)

* Add more winrm coverage (#81923)

(cherry picked from commit 976067c15f)
1 year ago
Martin Krizek 3e2ce2d073
[stable-2.15] run_once: unnotify hosts on handlers that are not run (#81667) (#81919)
Fixes #81666
(cherry picked from commit 2d5861c)
1 year ago
Martin Krizek a05d254ca2
[stable-2.15] Properly template tags in parent blocks (#81624) (#81922)
When templating tags (which happens outside of standard `post_validate`) we
need to template each object in the inheritance chain and set the templated
values on those objects individually. That way when `task.tags` is called the
`extend` functionality properly picks up the templated values of all
parents into one flatten list.

Fixes #81053
(cherry picked from commit 9b3ed5e)
1 year ago
Jordan Borean 1eb437e50d
ansible-galaxy - fix traceback error for invalid req file (#81917) (#81925)
Provide a better error message when encountering a YAML requirements file that is not a dictionary or list.

Fixes: #81901
(cherry picked from commit 8a5ccc9d63)
1 year ago
Brian Coca 8896db97ed
Fix Jinja plugin deduplication (#82002) (#82054)
for j2 plugins dedupe on path and  not basename
for j2 this is a container file , for other plugins file name == plugin name

(cherry picked from commit b4566c18b3)
1 year ago
Matt Clay 0c98b2256c [stable-2.15] ansible-test - Fix parsing of cgroup entries
(cherry picked from commit e933d9d8a6)

Co-authored-by: Matt Clay <matt@mystile.com>
1 year ago
Matt Clay 9aeced838f [stable-2.15] Fix subversion integration test (#82029)
- Remove dependency on the htpasswd module (and thus passlib)
- Fix setup/teardown of the httpd process
- Fix cleanup of temporary directories.
(cherry picked from commit 09d943445c)

Co-authored-by: Matt Clay <matt@mystile.com>
1 year ago
Matt Clay 40b9ed35ce
ansible-test - Use Azure for Windows 2012/2012-R2 (#81971) 1 year ago
Jordan Borean 92447debff
win_fetch - improve test time by not scanning Win dir (#81884) (#81887)
(cherry picked from commit dfc62589f6)
1 year ago
Sviatoslav Sydorenko ccb00b74fe
[backport][stable-2.15] Always allow "no-other-choice" pre-release dependencies when resolving collection dependency tree (#81747)
* Always allow "no-other-choice" pre-release dependencies when resolving collection dependency tree

PR #81606.

Prior to this patch, when `--pre` CLI flag was not passed, the
dependency resolver would treat concrete collection dependency
candidates (Git repositories, subdirs, tarball URLs, or local dirs or
files etc) as not meeting the requirements.

This patch makes it so pre-releases in any concrete artifact
references, and the ones being specifically pinned dependencies or
user requests, met anywhere in the dependency tree, are allowed
unconditionally.

This is achieved by moving the pre-release check from
`is_satisfied_by()` to the `find_matches()` hook, following the
Pip's example.

As a bonus, this change also fixes the situation when a collection
pre-releases weren't considered if it didn't have any stable releases.
This now works even if `--pre` wasn't requested explicitly.

Finally, this patch partially reverts commit
6f4b4c345b, except for the tests. And it
also improves the `--pre` hint warning to explain that it mostly
affects Galaxy/Automation Hub-hosted collection releases.

Ref #73416
Ref #79112
Fixes #79168
Fixes #80048
Resolves #81605

Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
(cherry picked from commit 7662a05085)

* Shorten the collection namespace and name @ tests

This is needed on the 2.15 branch which uses older galaxy containers
that have restricted FQCN size.
1 year ago