Fix up bug when attempting to run any module on a Windows host that has
been configured with WDAC and Dynamic Code Security in audit mode. This
does not enable WDAC support with signed scripts so Ansible will still
not pass the audit events but it no longer fails to run.
(cherry picked from commit e5ec1ee76c)
* [fix] `warn_if_reserved` expects a list (#84624)
Fixes#84623
(cherry picked from commit 48d71ba3aa)
* changelog
* Test include_vars reserved variable matching (#84678)
* Add test case for include_vars
* Revise test to catch erroneous warnings
(cherry picked from commit 333ee8d010)
---------
Co-authored-by: Dominique Quatravaux <dominique@quatravaux.org>
Also added automatic retries on HTTP request exceptions, since all currently implemented methods (GET/PUT/DELETE) are idempotent.
(cherry picked from commit 7677bf1c9b)
Use the changelog sanity test requirements instead of the package-data sanity test requirements.
This enables removal of most package-data sanity test requirements, as they are no longer used by the test itself.
The additional requirements were being maintained only to provide pinned requirements for building the changelog during a release.
(cherry picked from commit cd342f76b4)
prompt now only errors if stdin is specifically triggered and not due to lack of other args
fixes#84489
---------
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
(cherry picked from commit a046ef5a95)
gather_facts, fix network_os and smart logic and defaults
setup will be default for smart only if network_os is not set, now you get warnings and errors when missing a valid facts module for a network os
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit c64c389007)
Fixes the coverage path translation for modules located in integration
test paths. Instead of trying to match by the unique temporary path name
that the module is executed as, the reporting tool will translate it to
the static path that the module is actually located under.
(cherry picked from commit f9b58fa13f)
* Make sure we are always using Lock from our multiprocessing context
* add clog frag
(cherry picked from commit 73d8f4ad46)
Co-authored-by: Matt Martz <matt@sivel.net>
* ssh: Test reset_connection with templated ansible_ssh_executable
Add failing test to confirm subsequent fixes are necessary & sufficient.
* ssh: Fix reset_connection with templated ansible_ssh_executable
Signed-off-by: Alex Willmer <alex@moreati.org.uk>
(cherry picked from commit 59d9737788)
Co-authored-by: Alex Willmer <alex@moreati.org.uk>
* fix warnings about reserved variable names to cover all sources (#84432)
Also remove redundant check from tqm
Now covers module output (set_fact/include_vars)
Includes play objects at any stage (tasks that error were not covered)
Added tests, moved them to role structure
(cherry picked from commit 20baf29a2a)
* fix template (#84563)
also fix gather_subset warning and add some comments/notes
---------
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 675d7201d8)
* reserved vars, avoid gather_subset (#84575)
(cherry picked from commit 3398c102b5)
The test has been updated to use a custom type which does not support pickling,
instead of relying on Jinja's `Undefined` type. As of Jinja 3.1.5 that type now
supports pickle, which breaks the original implementation of the test.
(cherry picked from commit 5ec236b)
though the previous docs were the 'intended' outcome,
the current behaviour has been active for a long time and should
not be removed due to backward compatibility issues.
One thing we can do going forward is deprecate substitution enabled by default.
(cherry picked from commit bf48b538f8)
Remove selinux import which was kept for backward compatibility
Fixes: #83657
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit d23a2de5f2)
* Fix installing collections|roles from git repos with GALAXY_IGNORE_CERTS
* Fix installing collections from git repos with --ignore-certs
* Update unit test
* Add test case
(cherry picked from commit d0df3a174a)
* fixes for CVE-2024-8775
* propagate truthy `_ansible_no_log` in action result (previously superseded by task-calculated value)
* always mask entire `include_vars` action result if any file loaded had a false `show_content` flag (previously used only the flag value from the last file loaded)
* update no_log tests for CVE-2024-8775
* include validation of _ansible_no_log preservation when set by actions
* replace static values with dynamic for increased robustness to logging/display/callback changes (but still using grep counts :( )
* changelog
* use ternary, coerce to bool explicitly
(cherry picked from commit c9ac477e53)
This greatly reduces run time on large inventories since meta tasks are
executed in the main process sequentially and just executing them is expensive.
This change avoids running the following implicit meta tasks:
* ``flush_handlers`` on hosts where no handlers are notified
* ``noop`` for the linear strategy's lockstep, instead hosts that are
not executing the current task are just not part of the current host loop
A playbook consiting of two simple plays both running on ~6000 hosts
runs in:
devel: 37s
this PR: 1.3s
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
(cherry picked from commit d6d2251929)
Skip path if the distribution path is directory instead of file.
Handle exception raised while handling distribution path.
Fixes: #84006
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 34f8f55d9e)
* user module avoid conflicts ssh pub key (#84165)
Remove pub key if we are going to generate private
fix tests for os X
(cherry picked from commit 11e4a6a722)
* Restore test import missing from backport
---------
Co-authored-by: Matt Clay <matt@mystile.com>
The shell command sometimes prints a trailing whitespace which breaks
the tests on old RHELs. This patch is supposed to fix that.
(cherry picked from commit cd74c4bcd5)
Matt Martz