Commit Graph

389 Commits (2cd6cdc6a74beb2413383837ffc25cdd902264e8)

Author SHA1 Message Date
Brian Coca 0ff80a15ba
ssh connection avoid parsiing own debug (#76732)
- Avoids false positives on become strings being echoed back 
   by ssh cli itself
  - added test for debug lines
  - also simplified some of existing test code
3 years ago
Matt Clay 97104f1221
Avoid deprecated TestCase functions in unit tests. (#76678)
* Avoid deprecated TestCase functions in unit tests.
* Add assertRaisesRegex for Python 2.7.
* Fix indentation.
3 years ago
Brian Coca b02168d644
better handling of sudo flag replacement (#76389)
* better handling of sudo flag replacement
3 years ago
Martin Krizek 47ee282227
Parser errors from within includes should not be rescueable (#73722)
* Parser errors from within includes should not be rescueable
* Also fixes unit tests
Fixes #73657
3 years ago
Martin Krizek 7621784b94
Require Jinja2 3.0.0 (#75881)
* Require Jinja2 3.0.0

ci_complete

* Fix sanity

* Remove Jinja min/max tests

* ansible-test changes

* ci_complete

* More cleanup

ci_complete

* Revert _count_newlines_from_end :( and other stuff

* Fix sanity

* It's using host_vars ...

* Unused import

* Remove overridden groupby filter

* environmentfilter -> pass_environment

* Explain preserve_trailing_newlines

* Add changelog

* ci_complete

* Deprecated ANSIBLE_JINJA2_NATIVE_WARNING

* native_helpers.py cleanup

* More cleanup in the find intgration test
3 years ago
Daniel Goldman 989eeb243f
Add an `undef` global Jinja function (#75435)
* add tests for fail filter

also tests that fail does not block inspectability

* add fail filter

fallback message is a bit clunky,
since you can't invoke a filter without specifying an input.
That is, "{{ fail }}" doesn't work,
so you have to do "{{ None | fail }}"

* document 'fail' filter

* add changelog fragment

* fail filter uses default message on Undefined or emptystring

makes it slightly easier to use the default message:
```diff
- "{{ None | fail }}"
+ "{{ '' | fail }}"
```

and the user sees a slightly more relevant message
if the message itself is undefined:

```diff
- The error was: {{ failmsg | fail }}: 'failmsg' is undefined
+ The error was: {{ failmsg | fail }}: Mandatory variable has not been overridden
```

* rebuild as the builtin `Undefined`

* harmonise `hint` parameter for make_undefined with jinja

* use code block for documentation item

[ref](https://github.com/ansible/ansible/pull/75435#discussion_r707661035)

* rename to `undef` to expose less Python into the Jinja

[ref](https://github.com/ansible/ansible/pull/75435#pullrequestreview-757799031)

* explicitly instantiate undefined value now that it's possible

see I knew we would break something with reflection

* preserve test coverage of undefined variable

Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
3 years ago
Pilou 3d7f2a1366
Fix an exception when passlib library is used with a wrapped algo (#75527)
* Test a passlib wrapped algo with a password lookup

* Fix error when passlib is used with a wrapped algo

The exception was:

     An unhandled exception occurred while running the lookup plugin 'password'.
     Error was a <class 'TypeError'>, original message: issubclass() arg 1 must be a class

and can be reproduced using the following command:

    ansible localhost -i localhost, -mdebug -amsg="{{ lookup('password', '/dev/null encrypt=ldap_sha512_crypt') }}"

The concerned algo are: bsd_nthash, django_argon2, django_bcrypt, ldap_bcrypt,
ldap_bsdi_crypt, ldap_des_crypt, ldap_hex_md5, ldap_hex_sha1, ldap_md5_crypt,
ldap_pbkdf2_sha1, ldap_pbkdf2_sha256, ldap_pbkdf2_sha512, ldap_sha1_crypt,
ldap_sha256_crypt, ldap_sha512_crypt, roundup_plaintext
3 years ago
Matt Clay 04009a77e6
Clean up unit tests to prepare for pylint update. (#75473)
* Fix argument name in mocked function.
* Use from import in unit tests.
* Remove unused imports.
3 years ago
Brian Coca 8d41b97329
Skip python interpreter discovery for 'forced local' module execution (#74824)
mostly for use with network_os
  use 'remote is local' property as indicator
  ensure task_vars are as expected in test
3 years ago
Sloane Hertel 3b861abce1
add action_groups support to collections (#74039)
* Canonicalize module_defaults actions and action_groups pre-fork and cache them on the play

* Call get_action_args_with_defaults with the resolved FQCN plugin and don't pass the redirect list

* Add validation for action_group metadata and a toggle to disable the warnings

* Handle groups recursively referring to each other

* Remove special-casing for non-fqcn actions in module_defaults groups

* Error for actions and groups in module_defaults that can't be resolved

* Error for fully templated module_defaults

* Add integration tests for action_groups

* Changelog
3 years ago
Sam Doran a8de35e131
task_executor - use correct value for ssh connection retries (#75155)
Since the task and connection both have the same 'retries' keyword, the task default
would override the connection value.

Do not pass 'retries' from the task to the connection options.

* Set ssh_connection retries default value back to 0
  It was 0 before the move to config and was changed to 3 by accident.
3 years ago
s-hamann e2658801f6
Add seed parameter to password lookup (#69775) 4 years ago
David Lee Whiteside 805799ac8b
add pkcs11 support to Ansible ssh connection module (#32829)
* rebased with upstream

* removed extra usetty as it wasnt needed, style changes, added var option setable by inventory for pkcs11

* update pkcs11_provider version_added

* Update lib/ansible/plugins/connection/ssh.py

Co-authored-by: Jordan Borean <jborean93@gmail.com>

* Update lib/ansible/plugins/connection/ssh.py

Correct logic for a password being required for pkcs11_provider

Co-authored-by: Jordan Borean <jborean93@gmail.com>

* style nit fixes for checking pkcs11_provider is set

* fixed duplication when using password_prompt with pkcs11_provider

* added changelog fragment

* added changelog fragment

Co-authored-by: David Whiteside <david.whiteside@nrel.gov>
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
Co-authored-by: Jordan Borean <jborean93@gmail.com>
4 years ago
Sloane Hertel 5640093f1c
Use the module redirect_list when getting defaults for action plugins (#73864)
* Fix module-specific defaults in the gather_facts, package, and service action plugins.

* Handle ansible.legacy actions better in get_action_args_with_defaults

* Add tests for each action plugin

* Changelog

Fixes #72918
4 years ago
Matt Martz 4a4ffbadc5
Remove deprecated PlayContext.make_become_cmd (#74790) 4 years ago
Abhijeet Kasurde 1bd7dcf339
encrypt: add new paramter 'ident' (#74595)
Add a new parameter `ident` for specifying version of BCrypt
algorithm. This parameter is only valid for `blowfish` hash type.
4 years ago
Sam Doran 55b401a3e7
pause - ensure control characters are always set appropriately (#74568)
* pause - ensure control characters are always set appropriately

On some systems, curses.tigetstr() returns None, which does not work as a control character.

* Add unit tests

* Sort imports

* Skip on older Python

This is an action plugin and only runs on the controller, so no need to test of Python 2. Making
the import hackery work on Python 2 would required some more work which I am not sure is
worth it since we are moving away from Python 2 support on the controller.

* Make the tests work on Python 2 and 3
4 years ago
Harm Geerts 9bd70045c9
Fix BaseFileCacheModule#keys to respect prefix (#72789)
* Fix BaseFileCacheModule#keys to respect prefix

Change:
- Previously BaseFileCacheModule#keys would return keys with the cache
  prefix. These keys are impossible to retrieve from the cache without
  removing the prefix or using the cache without a prefix.
  Now it removes the prefix from the key and only returns keys that
  share the same prefix as the cache.

Test Plan:
- New unit tests

* Add explicit BaseFileCacheModule#keys test

Test that files that do not match the cache prefix are ignored.
Test that the prefix is removed from the cache key.
4 years ago
Sam Doran 74b2add460
paramiko_ssh - mark connection as connected when successful (#74459)
* Remove unused import from test
4 years ago
Brian Coca 3cff54d69b
Fix missing delegate display (#74370)
* dont rely on vars, task already gives us info
* ensure we always display delegation in host label
* also added parens with ansible_host to show  target host vs resolved host
* delegating to self is not delegating
* delegated vars restoration for backwards compat
* tests need mock task with delegate_to
4 years ago
Rick Elrod 9f1513d4c0 [become] Add Solaris chmod ACL fallback
Change:
- Newer Solaris drops setfacl. Add a fallback for its chmod ACL syntax.

Test Plan:
- New units

Tickets:
- Fixes #74282

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod 7d64aebdd3 [become] Fix solaris permissions regression
Change:
- Regression introduced in #70785
- When macOS chmod ACL syntax is used, Solaris-derived chmods return
  with a status of 5. This is also used for our sshpass handling,
  because sshpass will return 5 on auth failure. This means on Solaris,
  we incorrectly assume auth failure when we reach this branch of logic
  and try to run chmod with macOS syntax.
- We now wrap this specific use of chmod in an exception handler that
  looks for AnsibleAuthenticationFailure and skips over it. This adds
  another authentication attempt (something we normally avoid to prevent
  account lockout), but seems better than the regression of not allowing
  other fallbacks to be used.
- Without this patch, if setfacl fails on Solaris (and sshpass is used),
  we do not try common_remote_group or world-readable tmpdir fallbacks.

Test Plan:
- New unit

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Alex Willmer 185d410316
Factor out host_label() in default stdout callback plugin (#73814)
This simplifies rendering the hostname (or hostname+delegated host) in
the default callback module, and reduces code duplication

I've chosen not move where in each handler the host label is rendered,
in case subsequent operations has side effects. However I'm happy to
change that if considered safe.

I've chosen not to change the formatting operator used (%), to avoid
changes in rendering that might result.

Signed-off-by: Alex Willmer <alex@moreati.org.uk>
4 years ago
Brian Coca 84e473a26e
All lookups ported to config system (#74108)
* all lookups to support config system

 - added get_options to get full dict with all opts
 - fixed tests to match new error messages
 - kept inline string k=v parsing methods for backwards compat
 - placeholder depredation for inline string k=v parsing
 - updated tests and examples to also show new way
 - refactored and added comments to most custom k=v parsing
 - added missing docs for template_vars to template
 - normalized error messages and exception types
 - fixed constants default
 - better details value errors

Co-authored-by: Felix Fontein <felix@fontein.de>
4 years ago
abikouo 29aea9ff34
constructed - Add keyed_groups suboptions 'default_value' and 'trailing_separator' (#74005)
* Support omitting the trailing separator when a dictionary key's value is an empty string

* Support a default value when the value used in the group name is an empty string

* Add tests

* change log
4 years ago
Sloane Hertel ce96591313
Remove deprecated cache interfaces (#74198)
* update unit test
* Remove FactCache 'update' method
4 years ago
Brian Coca b07a78b4ba
remove deprecated connection password functions (#74155)
* they were moved from connecitons to become plugins
* fixed clog, removed sanity ignore
* fixed tests to use become functions
4 years ago
Felix Fontein af7f3fc266
Revert "Add duplicated set filter and documentation (#72729)" (#74053)
This reverts commit 99a6627c60.

* ci_complete
4 years ago
Matt Martz 88d6a72178
Temporarily disable strategy units (#74048) 4 years ago
Baptiste Mille-Mathias 99a6627c60
Add duplicated set filter and documentation (#72729)
Co-authored-by: Kerry <kerry@flatline-studios.com>
4 years ago
Matt Martz 78f34786dd
Send callbacks directly from the TaskExecutor instead of TaskResults masquerading as callbacks (#73927) 4 years ago
Brian Coca 935528e22e
finish migrating ssh plugin to config system (#73708)
* finish migrating ssh plugin to config system

  fixes #72739
  fixes #57220

* fix connection detection in reset
* correct options for connection meta reset

Co-authored-by: David Shrewsbury <Shrews@users.noreply.github.com>
4 years ago
Brian Coca 2b0cd2c13f
use correct executable and options in all cases (#73323)
Use correct ssh executable and options in all cases on connection plugin

  * Also nicer naming/comments

Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
4 years ago
Martin Krizek ae08c6a639
Ensure Ansible's unique filter preserves order (#67856)
Fixes #63417
4 years ago
Sam Doran 8f9cf456b0
url lookup - set default user agent (#72324)
* Add unit tests
* Add note about when default changed
4 years ago
Sloane Hertel 8b07d46166
Add a toggle for the leading separator for keyed_groups (#60882)
* Add a toggle for the leading separator for keyed_groups if no prefix is given

* changelog

* Add tests for backward compatibility and the new toggle
4 years ago
Evan Van Dam 3db08adbb1
Add optional attribute arg for min and max filters (#50909)
* Pass **kwargs to min and max filters

* Use the jinja2 filters if available

* Add unit tests

* Add examples to docs passing attribute
4 years ago
Jordan Borean 8897d7e2ff
powershell - fix nested CLIXML parser (#71412) 4 years ago
Rick Elrod 0d7c144ce4
Allow macOS ACLs to work for unpriv -> unpriv (#70785)
Change:
- Use `chmod +a` in the fallback chain to allow MacOS to use ACLs to
  allow an unprivileged user to become an unprivileged user.

Test Plan:
- CI, new tests

Tickets:
- Fixes #70648

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod 7f62a9d7b5
Make cache adjudicator's flush call plugin flush (#70987)
Change:
- Previously CachePluginAdjudicator#flush only removed entries from the
  cache backend that it knew about by using them earlier. Now it calls
  the underlying plugin's flush() method.

Test Plan:
- New unit tests

Tickets:
- Fixes #68770

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Matt Davis 4c0af6c808
fix internal cases of actions calling unqualified module names (#70818)
* fix internal cases of actions calling unqualified module names

* add porting_guide entry
* misc other fixes around action/module resolution broken by redirection

ci_complete

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* address review feedback

* pep8

* unit test fixes

* win fixes

* gather_facts fix module args ignores

* docs sanity

* pep8

* fix timeout test

* fix win name rewrites

Co-authored-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod 69472a5f8d
Refactor _fixup_perms2 to remove way-nested logic (#70701)
Change:
- Refactoring to make it harder to get wrong and easier to read.
- Generalize become_unprivileged tests and fix some that never worked
  but also never failed.

Test Plan:
- CI, new units/integration tests

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Jordan Borean e22e103cdf
winrm - Added kinit_args to control the args for kinit calls (#70624) 4 years ago
Brian Coca cf89ca8a03
Make filter type errors 'loop friendly' (#70417)
- ensure we preserve the typeerror part of the exception so loop defereed error handling
 can postpone those caused by undefined variables until the when check is done.
 - fix tests to comply with the 'new normal'

 - human_to_bytes and others can issue TypeError not only on 'non string'
 but also bad string that is not convertable.

Co-authored-by: Sloane Hertel <shertel@redhat.com>

Co-authored-by: Sloane Hertel <shertel@redhat.com>
4 years ago
Felix Fontein 24dcaf8974
plugin loader: return collection name; ansible-doc: handle ansible.builtin correctly (#70026)
* Determine collection in plugin loader.

* Fix test.

* Use PluginPathContext objects in PluginLoader._plugin_path_cache instead of tuples.
4 years ago
Martin Krizek b05e00e99a
Fix delegate_facts with interpreter not being set (#70293)
Fixes #70168

ci_complete

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Rick Elrod 7584e145a9
Nuke _get_item() from callback, deprecated 2.11 (#70233)
Change:
- Remove _get_item() alias as it has been deprecated
- Update tests
- Remove relevant sanity curtailment
- Add changelog

Test Plan:
CI, grep

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Matt Clay 98a0995fd0 Clean up unit test boilerplate. 4 years ago
Sloane Hertel 51f6d129cb
support hard coded module_defaults.yml groups for collections (#69919)
* Only allow groups which were hardcoded in module_defaults.yml

only load action groups from the collection if module_defaults contains a potential group for the action

* Fix tests using modules that override those whitelisted in lib/ansible/config/module_defaults.yml

Third party modules should not be using group/ - use the action name instead

* add externalized module_defaults tests

add the missing group and collections

ci_complete

Co-authored-by: Matt Davis <mrd@redhat.com>

* changelog

ci_complete

* Fix import in tests

ci_complete

* Update with requested changes

ci_complete

* don't traceback since we don't validate the contents of module_defaults

ci_complete

Co-authored-by: Matt Davis <mrd@redhat.com>
5 years ago
Matt Davis 984216f52e
various deprecation, display, warning, error fixes for collections redirection (#69822)
* various deprecation, display, warning, error fixes

* Update lib/ansible/utils/display.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update lib/ansible/utils/display.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update lib/ansible/utils/display.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* cleanup, test fixes

* add collection name to deprecated() calls

* clean up redirect entries from uncommitted tests

* fix dep warning/error header text to match previous

Co-authored-by: Felix Fontein <felix@fontein.de>
5 years ago