* rebase conflicts
* [stable-2.9] Allow single vault encrypted values to be used directly as module parameters. Fixes#68275 (#70607).
(cherry picked from commit a77dbf0866)
Co-authored-by: Matt Martz <matt@sivel.net>
pipe lookup plugin uses Popen with shell=True intentionally.
This is considered a security issue if user input is not validated.
Updated docs to reflect this information for the user. Also, added
Bandit B602 documentation link for further reading.
Fixes: #70159
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit e5649ca3e8)
Added additional condition to detect failed task in
selective callback plugin when ran with loop or with_items.
Fixes: ansible/ansible#63767
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
- ensure we preserve the typeerror part of the exception so loop defereed error handling
can postpone those caused by undefined variables until the when check is done.
- fix tests to comply with the 'new normal'
- human_to_bytes and others can issue TypeError not only on 'non string'
but also bad string that is not convertable.
Co-authored-by: Sloane Hertel <shertel@redhat.com>
Co-authored-by: Sloane Hertel <shertel@redhat.com>
(cherry picked from commit cf89ca8a03)
* Do not pass decrypt parameter to assemble module
* Add integration tests where decrypt=True
* Add changelog #70465
(cherry picked from commit 71c378e139)
* Make sure ansible_become treated as a boolean (#70484)
* Make sure ansible_become treated as a boolean
(cherry picked from commit 8aca464b8b)
* Update test/integration/targets/inventory_ini/aliases
Co-authored-by: Sam Doran <sdoran@redhat.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Use the first galaxy server supporting v1 for roles. Fixes#65440
* Add changelog fragment
* This is best effort, fall back to original behavior if something bad happens
(cherry picked from commit 1f1d6e5)
Co-authored-by: Matt Martz <matt@sivel.net>
Fix command line construction in the puppet module
related to check mode and using manifests directly.
Also, fixes 69ead0ba78 which
introduced another if-statement in the middle of a if/elif pair,
which causes the elif to execute together with the original if
which created '--noop --no-noop' commands.
Fixes: #60576
Fixes#70168
ci_complete
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit b05e00e99a)
A recent updated to psutil, which is a dependency of ansible-runner, fails
to install on older versions of pip.
Commit with the breaking change:
135628639b
(cherry picked from commit 9d27d7c8b1)
Co-authored-by: Sam Doran <sdoran@redhat.com>
Now empty `*.py` files are ignored during module_utils import analysis for change detection.
This eliminates "No imports found" warnings for files which should have no imports.
(cherry picked from commit ab27680318)
* galaxy - preserve symlinks on build/install (#69959)
* galaxy - preserve symlinks on build/install
* Handle directory symlinks
* py2 compat change
* Updated changelog fragment
(cherry picked from commit d30fc6c0b3)
* Fix integration test
* ansible-galaxy - fix collection installation with trailing slashes (#70016)
If we fail to find a member when extracting a directory, try adding a trailing
slash to the member name. In certain cases, the member in the tarfile will
contain a trailing slash but the file name in FILES.json will never contain
the trailing slash.
If unable to find the member, handle the KeyError and print a nicer error.
Also check if a directory exists before creating it since it may have been
extracted from the archive.
Fixes#70009
* Add unit tests
* Use loop for trying to get members
(cherry picked from commit d45cb01b84)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* added changelog fragment
* added quick and basic test
* Revert "added quick and basic test"
* This reverts commit 75f4141656.
* added better tests
* now also creating files to copy on the remote
* removed tests for recursive copying which is not supported by remote_src
Fixes: #47050
(cherry picked from commit 79dfae9624)
Co-authored-by: Moritz Grimm <memo42@users.noreply.github.com>
* Allow tasks to notify a fqcn handler name
* Add tests. Fixes#68181
* Add changelog fragment
* Add test to ensure handlers are deduped properly with fqcn, role, and just handler names
* Add some docs about new special vars
(cherry picked from commit 087be1da50)
Co-authored-by: Matt Martz <matt@sivel.net>
This prevents PlayIterator having to go through empty blocks
that were created in filter_tagged_tasks. This should
be a performance improvement for playbooks that mostly skip
tasks with tags.
ci_complete
(cherry picked from commit ac20466375)
* fixed missing default (#69972)
* fixed missing default
also deprecated so new options wont have to go through this
(cherry picked from commit 805dff4129)
* remove deprecation
self.client.resources.api_groups is a dict_keys and is not
handled correctly by default callback plugin while JSON serialization.
This fix will typecast it to list so that it can be JSON serialized for
further processing.
Fixes: ansible-collection/community.kubernetes#111
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
In the case of a free style strategy, it is possible to end up with
multiple hosts trying to include from the same role, however the tasks
being included may be different with the use of tasks_from. Previously
if you had two hosts that were included the same role when the
process_include_results function tries to determine if a included needs
to be run on a specific host, it would end up merging two different
tasks into which ever one was processed first.
This change updates the equality check to also check if the task uuid
associated with the IncludedFile is the same. The previous check only
checked if the task's parent uuid was the same. This breaks down when
both includes have the same parent.
- hosts: all
strategy: free
gather_facts: false
tasks:
- include_role:
name: random_sleep
- block:
- name: set a fact (1)
include_role:
name: set_a_fact
tasks_from: fact1.yml
- name: set a fact (2)
include_role:
name: set_a_fact
tasks_from: fact2.yml
- name: include didn't run
fail:
msg: >
set_a_fact didn't run
fact1: {{ fact1 | default('not defined')}}
fact2: {{ fact2 | default('not defined') }}"
when: (fact1 is not defined or fact2 is not defined)
Closes#69521
(cherry picked from commit 247e43b252)
Rick Elrod