* fixed fetch traversal from slurp
* ignore slurp result for dest
* fixed naming when source is relative
* fixed bug in local connection plugin
* added tests with fake slurp
* moved existing role tests into runme.sh
* normalized on action excepts
* moved dest transform down to when needed
* added is_subpath check
* fixed bug in local connection
fixes#67793
CVE-2019-3828
(cherry picked from commit ba87c225cd)
* prevent ansible_facts injection (#68431)
- also only replace when needed
- switched from replace to index
- added test to verify bogus_facts are not accepted
CVE-2020-10684
(cherry picked from commit a9d2ceafe4)
* add to ignore
* fix vault tmpe file handling
* use local temp dir instead of system temp
* ensure each worker clears dataloader temp files
* added test for dangling temp files
* added notes to data loader
CVE-2020-10685
(cherry picked from commit 6452a82452)
* subversion module - provide password securely when possible or warn (#67829)
* subversion module - provide password securely with svn command line option --password-from-stdin when possible, and provide a warning otherwise.
* Update lib/ansible/modules/source_control/subversion.py.
* Add a test.
Co-authored-by: Sam Doran <sdoran@redhat.com>
(cherry picked from commit d91658ec0c)
* Create the OUTPUT_DIR and make sure it is removed at the end
* fix sanity test
* win_unzip - normalize and compare paths to prevent path traversal (#67799)
* Actually inspect the paths and prevent escape
* Add integration tests
* Generate zip files for use in integration test
* Adjust error message
(cherry picked from commit d30c57ab22)
* Fix tests for 2.7
* Update tests to use RHEL 7.8.
Keeping support for RHEL 7.6 since collections are still using it.
* Fix tests for RHEL 7.7+ due to extras repo name change..
(cherry picked from commit 04edd77c42)
Co-authored-by: Matt Clay <mclay@redhat.com>
* add changelog fragment
Signed-off-by: Rick Elrod <rick@elrod.me>
* Update changelogs/fragments/ansible-test-opensuse-15.1.yml
Co-Authored-By: Matt Clay <matt@mystile.com>
* handle installing mysql on suse
Signed-off-by: Rick Elrod <rick@elrod.me>
* attempt to get tests passing again
Signed-off-by: Rick Elrod <rick@elrod.me>
* Update docker.txt to use the OpenSUSE 15.1 container image
Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Matt Clay <matt@mystile.com>
* Remove Tower module tests from CI.
The required AMIs are no longer available.
* Mark Tower tests as unsupported..
(cherry picked from commit b041d96762)
Co-authored-by: Matt Clay <mclay@redhat.com>
* Add constraint for Jinja2 on Python 2.6.
* Fix constraint in inventory_aws_conformance test.
* Add constrraints for template_jinja2_latest test..
(cherry picked from commit 965854fbd2)
Co-authored-by: Matt Clay <matt@mystile.com>
* Add test constraint for setuptools.
* Update pip test to work on centos6 container..
(cherry picked from commit 51e5b714e0)
Co-authored-by: Matt Clay <matt@mystile.com>
* [stable-2.7] Wrap CLI passwords as AnsibleUnsafeText (#63352)
* isa string should rewrap as unsafe in get_validated_value
* _is_unsafe shouldn't be concerned with underlying types
* Start with passwords as text, instead of bytes
* Remove unused imports
* Add changelog fragment
* Update changelog with CVE.
(cherry picked from commit baeff7462d)
Co-authored-by: Matt Martz <matt@sivel.net>
* Update tests
- use include_vars to set appropriate packages and pip packages per distribution and version
- install an older version of Docker CE on RHEL 8 since a dependency is unavailable
- disable warnings on tasks that are ok
- skip tests for CentOS/RHEL 6.
(cherry picked from commit d50c8c2b83)
Co-authored-by: Sam Doran <sdoran@redhat.com>
- use single include_vars task rather than multiple set_fact tasks
- use multi-line YAML to break up long conditionals
- use version() test rather than direct comparisions
- use different appstream package on RHEL since '@swig:3.0/default' is not working in the GA.
(cherry picked from commit 16d6fcf514)
Co-authored-by: Sam Doran <sdoran@redhat.com>
- don't background the nuage-vsd-sim
- increase the asncy timeout
- use uri to actually query the simulator API to make sure it is ready for connections
(cherry picked from commit 911a2ec6d3)
- Replace private key that expired an 2019-06-20 with a key that does not expire
- Document how to generate a new GPG key using an input file
(cherry picked from commit b9d77b997e)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Use different package for DNF tests
Ninja caused errors in Fedora 30. This works in both Fedora 29 and 30.
* Fix git integration tests
Git >= 2.21.0 has either a bug or change in behavior where it errors when fetching a
repository containing submodules that are behind the upstream submodule commits.
It's weird and I don't fully understand it.
Get around this my checking out specific commits from a repository rather than
switch the origin URL.
* Fix PostgreSQL tests
The error message is slightly different.
(cherry picked from commit 18feeb51a8)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* [stable-2.7] win_get_url: ignore defender false positive in tests (#56812)
(cherry picked from commit 124400f319)
Co-authored-by: Jordan Borean <jborean93@gmail.com>
* Adapt tests to work without remote_tmp_dir.
* sysctl will now return an error if the value is invalid
sysctl can fail to set a value even if it returns an exit status 0. More
details: https://bugzilla.redhat.com/show_bug.cgi?id=1264080. Because of
this in case of an invalid value or a read-only file system, sysctl
module would return OK, even though it didn't set anything. To be sure
that sysctl correctly applied the changes we also need to check the
output of stderr.
(cherry picked from commit 0432b7f252)
* Run sysctl with LANG=C
Because we are parsing sysctl stderr we need to make sure that errors
are persistent across different system language settings.
(cherry picked from commit a16128f778)
* Add changelog fragment for sysctl
(cherry picked from commit 3ad9d4d83c)
This has been broken for some time, but only noticed recently. Because
vyos_command isn't supported on ansible_connection=local, update our
testing to account for that.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
(cherry picked from commit 59d20e004e)
* psrp - Fix raw and script tests for connection plugin
* Fix error propagation with raw in psrp
* uncomment test
(cherry picked from commit fdf9df89f5)
* Warn when log_options values are not strings.
* Add changelog.
* Improve message.
* Improve formatting and formulation of other messages.
* Add test for warning.
* Trying double escaping.
(cherry picked from commit d64b17731d)
* Allow all of yum version compare operators
* * yum: name="foo >= VERSION" integration test
* changelog fragment
(cherry picked from commit 1532e31ec0)
Brian Coca