Commit Graph

4002 Commits (29cf8b599ef32c75f8a1c512c4f730a679e6f986)

Author SHA1 Message Date
Martin Krizek 29cf8b599e any_errors_fatal: do not fail unreachable hosts
Fixes #82834

ci_complete
8 months ago
Sloane Hertel 2bb09bfd12
atomic_move - fix preserving extended acls (#82818)
* use copystat to copy as many attributes as possible before os.rename

update unit test mocks for updated method of attribute preservation

add integration test for lineinfile case

remove erroneous `- meta: end_play` from lineinfile test suite

* add keep_dest_attrs parameter to control whether src attributes are
copied initially, and for existing destinations, whether the src is
updated using the dest before being renamed

consolidate with copy unsetting extended attrs

ci_complete
9 months ago
Sloane Hertel 7adc146e2f
Fix traceback and allow installing roles with version None (#81849)
* Allow installing roles with version `None` from Galaxy

Co-authored-by: Matt Martz <matt@sivel.net>
9 months ago
sedrubal 4000656849
git: Rename option gpg_whitelist to gpg_allowlist (#82377)
Signed-off-by: Sebastian Endres <sebastian.endres@dlr.de>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
9 months ago
tobixx 3b823d908e
Enable file cache for vaulted host_vars_files vars plugin (#81995)
Enable file cache for vaulted host_vars_files vars plugin

* fixes #81994
* Changed cache arg from bool to str to allow 'vaulted' only file cache
* removed unused used var
---------
Co-authored-by: Steffen Oschatz <so@ypsilon.net>
9 months ago
Rudnei Bertol Junior 9a0a5d834e
Fixes permission for cache json file from 600 to 644 (#82761)
Until ansible-core 2.12 the facts cache file created by this module, have permission set as 644 which allows the other users to read the cache, since ansible-core 2.13, we create the temporary file, but we do not set the permission after renaming the temporary file.  Adding the line to set the permission to allow other users/groups to read this file.
9 months ago
Abhijeet Kasurde d9e798b48f
debconf: allow a list for value when vtype is multiselect (#82757)
* allow user to specify a list for value when vtype is multiselect

Fixes: #81345

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
9 months ago
0x546f6d-W f02081b391
Fix discrepancy in behaviour between apt-get clean and its equivalent ansible.builtin.apt: clean=True (#82800)
* added integration test for issue 82611 regarding discrepency between apt-get clean and ansible.builtin.apt: clean

* fixed new line issue

* Implementation of bug fix for 82611

Fixed discrepancy in behaviour between apt-get clean and its equivalent ansible.builtin.apt: clean=True

Co-authored-by: Martin Krizek <martin.krizek@gmail.com>

---------

Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
9 months ago
Martin Krizek f1ded0f417
dnf: utilize the API for the installed checks (#82725)
Fixes #71808
Fixes #76463
Fixes #81018
9 months ago
Martin Krizek a28709f92d
dnf: fix installing a package based the file it provides (#82744)
Fixes #82461
9 months ago
Matt Martz e0c91af45f
Remove os.environ compat for py2 and deprecate ansible.utils.py3compat (#82794) 9 months ago
Thomas W 6db7a3bd64
Fix handling of ansible_loop_var and ansible_index_var inside ansible.builtin.include_tasks (#82789)
* added integration test for issue 82655 regarding ansible_loop_var and ansible_index_var inside included yml

* ensure correct handling of ansible_loop_var and ansible_index_var inside ansible builtin include_tasks Co-authored-by: Matt <matt@sivel.net>

* added changelog

* fixed new line issue
9 months ago
Abhijeet Kasurde 2cf52daa03
Handle error raised when argument validation (#82783)
* Handle error raised when argument validation with elements=int
  and value is not within choices

Fixes: #82776

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
9 months ago
Jordan Borean 942424e10b
Avoid winrm hang on stdin write failure (#82766)
If the connection plugin fails to write the data to run to stdin we will
only attempt to get the output with one operation attempt. If this times
out we will consider the command to have failed and raise an exception
instead of forever attempting to get the output.
9 months ago
Abhijeet Kasurde 03246dc0ae
galaxy: Skip verification for unwanted files (#82162)
Fixes: #81628

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
9 months ago
tikfj 4edd6ba04f
Add MIRACLE LINUX as RedHat OS Family (#82722)
Co-authored-by: Taiki Fujiwara <taiki.fujiwara@miraclelinux>
9 months ago
Martin Krizek 77ab7afc3d
dnf: obey the keepcache setting (#82735)
Fixes #81954
9 months ago
Davide Sbetti 79ea21a39f
Fix error when templating an unsafe string leading to a type error in Python (#82675)
Fixes #82600
9 months ago
Jordan Borean 1b209d742e
Galaxy trailing slash (#82732)
* fix: ensure path argument doesn't have a backslash

* feat: add changelog

* Update lib/ansible/cli/__init__.py

Co-authored-by: Matt Clay <matt@mystile.com>

* Simplify logic and add tests

---------

Co-authored-by: dorkamotorka <teo.podobnik1234@gmail.com>
Co-authored-by: Teodor Janez Podobnik <48418580+dorkamotorka@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
9 months ago
Matt Clay a1edb61ce7
ansible-test - Add work-around for pytest>=8 errors (#82723)
* ansible-test - Add work-around for pytest>=8 errors
* Update changelogs/fragments/ansible-test-pytest-8.yml

Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
9 months ago
Sviatoslav Sydorenko (Святослав Сидоренко) 386edc666e
Add macOS 14.3 to CI and `ansible-test`
Additionally, this patch takes care of installing GPG within the
`ansible-galaxy-collection` test when running under macOS 14 and higher.

PR #82697

ci_complete
10 months ago
Matt Martz 5566a655ae
Updates to interpreter discovery for 2.17 (#82420) 10 months ago
Sloane Hertel 4bcc27ca99
add --extra-vars for ansible-galaxy role|collection init (#82605)
allow extra vars when templating j2 files in the skeleton, for example:

ansible-galaxy init --role-skeleton /path/to/skeleton --extra-vars @/path/to/vars_file.yml newrole

ansible-galaxy init --extra-vars "min_ansible_version=2.17.0" newrole
10 months ago
Matt Martz 6c21c545e1
Deprecate support for the v2 galaxy API (#82543)
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
10 months ago
Abhijeet Kasurde a23ea2aef2
Reword warning if the reserved keyword `_ansible_` is used (#82657)
Extend the wordings in warning if the reserved keyword _ansible_
is used as a module parameter.

Fixes: #82514

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Jordan Borean <jborean93@gmail.com>
10 months ago
Matt Clay c8d6f7b95e ansible-test - Fix validate-modules Python handling
The ``validate-modules`` sanity test no longer attempts to process files with unrecognized extensions as Python.

Integration tests have been added to verify Python-specific checks do not apply to these files.

The `invalid-extension` and `missing-gplv3-license` checks still apply to these files. This may change in the future.
10 months ago
Abhijeet Kasurde e78be30baa
apt_repository: Update PPA URL to point to HTTPS (#82599)
Fixes: #82463

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
10 months ago
Matt Martz 11efa5c48b
Reduce complexity of Request.open (#81988) 10 months ago
Sloane Hertel a452c53375
import_role - allow subdirectories with _from options (#82642)
* Allow subdirectories with import_role _from options

Add tests that tasks_from is restricted to the role

Note that a task like:

- import_role:
    name: role
    tasks_from: tasks/entrypoint.yml

will now load tasks from "{{ role_path }}/tasks/tasks/entrypoint.yml"
instead of "{{ role_path }}/tasks/entrypoint.yml". This change in
behavior matches include_role.

* better test case (filename doesn't match one in tasks/)

Fixes #82584
10 months ago
Abhijeet Kasurde da26e2a5eb
iptables: added choices in match_set_flags option (#82641)
* 'src,src', 'dst,dst' added as new option choices in
  match_set_flags option

Fixes: #81281

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
10 months ago
Martin Krizek a10d255e0b
dnf,dnf5 - add the best option and fix nobest (#82627)
best/nobest options are one of the options whose default values are set
by an OS distribution. For example in our CI, both Fedora and RHEL set
the best option to different default values. As such we should defer to
the distributions for the default value and not change it by default but
if users wish to change it they can do so explicitly.

Currently the dnf module sets the nobest option inconsistenly and not for
all cases. This patch fixes that to reflect the behavior described
above. In addition adding the best option for both dnf and dnf5 modules
since the best option is prefer to nobest in dnf while in dnf5 nobest is
completely removed in favor of best.

Fixes #82616
10 months ago
Matt Martz e458cbac61
Allow for arbitrary key 'context' in argument spec (#82183)
* Allow for arbitrary key 'context' in argument spec
10 months ago
Abhijeet Kasurde 7a0c321054
Remove redundant undefined error message (#81867)
Fixes: #78703

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
10 months ago
Brian Coca bec27fb4c0
prettyfy ansible-doc (#75116)
* prettify ansibile-doc output

delimiters when no color
avoid triggering color mode for existing tests
all use _format to observe nocolor
more v more info
imporoved conditional display
updated version on -v
normalize role errors
expand role data, dedupe code, fix formatting on warning
fix bug with galaxy info
role list improvements:
 lists all roles (even w/o meta/argspec)
 specs now indented under role
 role only listed once
Updated tests to reflect format changes

Co-authored-by: Felix Fontein <felix@fontein.de>
10 months ago
Martin Krizek 6d34eb88d9
Do not ignore SyntaxError from jinja2.Environment.from_string (#82607)
Jinja may generate an invalid Python source code from a template. Trying
to compile such source code into a Python code object results in
SyntaxError being thrown. An example of such a template is providing the
same keyword argument into a lookup twice, resulting in:
`SyntaxError: keyword argument repeated`.

Since `jinja2.exceptions.TemplateSyntaxError` does not cover such a
case, as it is not a Jinja parsing error, we need to catch SyntaxError
explicitly ourselves.

Fixes #82606
10 months ago
Sloane Hertel 13e6d8487a
fix loading vars_plugins in roles (#82273)
* Fix loading legacy vars plugins when the plugin loader cache is reset

* Remove extra cache layer by ensuring vars plugin names are cached (stateless or not) so that the plugin loader cache can double as the load order
10 months ago
Steffen Scheib 8641144375
Adding note about implicit groups (#82580)
clarifying usage in conjunction with use_group_vars
10 months ago
Brian Coca 8b2dd5fdd3
updated looups to use set_option in custom parse (#82425)
limit password params
  updated test error message catching
  make sure we reset params for each term
  ensure we only update options if we have em
10 months ago
Abhijeet Kasurde f73d72e830
find: do not fail on PermissionError (#82282)
* Log and skip permission errors on files and directories

Fixes: #82027

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
10 months ago
Martin Krizek f024cf35d7
Remove the yum module, redirect it to dnf (#81895)
Fixes #81728
10 months ago
Yacht Shaver c7334ea92c
Fix url encoded credentials in netloc (#82552)
Prior to this commit, it was impossible to use a module like dnf with a
URL that contains a username with an @ such as an email address
username, because:

  dnf:
    name: https://foo@example.com:bar@example.com/some.rpm

Would cause netloc parsing to fail. However, the following:

  dnf:
    name: https://foo%40example.com:bar@example.com/some.rpm

Would also fail because ansible would *not* URL-decode the credentials,
causing the following to be base64 encoded in the Authorization header:

  Zm9vJTQwZXhhbXBsZS5jb206YmFyCg==

Which decodes to:

  foo%40example.com:foo

Which is *not* the authorized username, and as such, *won't* pass basic
auth.

With this commit, Ansible's url lib behaves like curl, chromium, wget,
etc, and encodes the above to:

  Zm9vQGV4YW1wbGUuY29tOmJhcgo=

Which decodes to:

  foo@example.com:bar

Which will actually pass the HTTP Basic Auth, and is the same behaviour
that you will find ie. with:

  curl -vvI https://foo%40bar:test@example.com 2>&1 |grep Auth | awk '{ print $4 }'
10 months ago
Martin Krizek 06cd285901
Play recap stats and callbacks for include_role, consolidate with include_tasks (#79260)
This moves handling of callbacks and play recap stats from
_load_included_file to individual strategies so include_role tasks are
accounted for, not just include_tasks.

Fixes #77336
10 months ago
Mike Bonnet 9c5d3060e5
uri: Handle the "force" parameter properly (#82187)
* uri: Two tests that demonstrate missing handling of the "force" parameter

Add unit and integration tests that demonstrate that the uri module is not
handling the "force" parameter.

The unit test demonstrates that when "force" is present in the module parameters,
it is not being passed through to fetch_url().

The integration test demonstrates that "force" does not disable caching as
documented, and calls with a "dest" parameter that points to an existing file
can result in a "304 Not Modified" response.

* uri: Handle the "force" parameter properly

The uri module documents a "force" parameter that can be used to disable caching.
The module accepted the parameter but didn't pass it through to the fetch_url() method
which implements the logic to handle setting the appropriate headers for disabling
caching. This change passes the "force" parameter through as expected, allowing caching
to be disabled when requested by the module caller.
10 months ago
ShIRannx aa40167f40
find - add encoding option to use in conjunction with contains (#82284)
*  when doing a 'contains' search, determine the encoding of the files to be searched

* set default encoding to None for backwards compatibility

* changelog, error handling, tests added

* add sanity ignore.txt for non-utf-8 test
10 months ago
Nilashish Chakraborty b01f1f207c
Support `action_plugin` in plugin_routing_schema (#82562)
now validation schema matches reality

Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
11 months ago
Matt Martz 6935c8e303
Ensure ANSIBLE_NO_LOG is respected (CVE-2024-0690) (#82565) 11 months ago
tachyontec 48bed1e15a
Fix ansible.builtin.include_vars - depth (#80995)
* Changes as suggested by sivel

* Add changelog fragment and tests

Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
11 months ago
Martin Krizek 3f74bc08ce
Remove crypt support from ansible.utils.encrypt (#81721)
Fixes #81717

Co-authored-by: Matt Clay <matt@mystile.com>
11 months ago
Martin Krizek d9709c5ae9
module_utils/basic.py: remove PY2 compat (#81989) 11 months ago
Brian Coca b8c7ed39e4
Reboot timeout fix (#82526)
reboot now uses fallback as some plugins or older versions on ssh one use 'timeout' instead of 'connect_timeout'
11 months ago