* Refactor CLI prompt mode check for network plugins (#63945)
* Refactor CLI prompt mode check for network plugins
* Move the CLI prompt mode check logic from action plugin
to the controller side with the cliconf plugins.
* This refactor also allows the network modules
to initialise the persistent connection with remote device
only when it is required.
* Fix review comments
(cherry picked from commit c27e47327f)
* Fix cli context check for network_cli connection (#64697)
* Fix cli context check for network_cli connection
Fixes#64575
* Check cli context for network_cli connection
at the start of new task run only.
* Pass task_uuid around to identify start of new task run
* Handle for local connection
(cherry picked from commit ee3f8d28a4)
* Add test for reboot & wait_for_connection on EOS & IOS (#63014)
* Add test for reboot & wait_for_connection
* Add test for ios
* Collection-proof block test
* Add junos test
* Don't try to evaluate cli context unless using the connection
* Prevent infinite recursion
* Update change log
(cherry picked from commit e19b94f43b)
(cherry picked from commit ee3f8d28a4)
(cherry picked from commit e19b94f43b)
devel:
https://github.com/ansible/ansible/pull/63945https://github.com/ansible/ansible/pull/64697https://github.com/ansible/ansible/pull/63014
Co-authored-by: Nathaniel Case <ncase@redhat.com>
* service_facts: fix for systemd 245
Since systemd 245, `systemctl list-unit-files` comes with a new column
"VENDOR PRESET" [1] and breaks the service_facts module:
This patch drops the third column to make it work with old and new
systemd. With the new slice operation, IndexError instead of ValueError
is raised if the output contains less than 2 columns.
Test plan: running `ansible-test integration -v service_facts` on
up-to-date Arch Linux
[1] https://github.com/systemd/systemd/pull/14445
* add changelog
Signed-off-by: Chih-Hsuan Yen <yan12125@gmail.com>
Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit bd4fdb1ca2)
The call to daemonize() in sysvinit.py was missing the module parameter
included in the function definition in service.py.
This pull request simply adds that parameter, as the module is
used for error handling in daemonize().
(cherry picked from commit 339c442250)
Currently if virtualenv_command has arguments, then the
search for the binary in the path does not work so the
user has to specify the full path to it.
To allow arguments to be used without having to specify
the path to the binary, we split the module argument into
the command and anything after the first space.
This makes using this module argument more flexible and
user friendly.
Fixes: #52275
(cherry picked from commit da390b297e)
* update ActionBase._low_level_execute_command to honor executable
* adding changelog fragment
* renaming changelog fragment to .yml
* noop change to bump shippable
* adding raw_executable integration test
* copying aliases from raw
* removing blank lines
* skipping aix and freebsd
* noop to bump shippable
* moving tests to raw/
* removing become_method: sudo ; it doesn't work on AIX
* removing trailing blank line
* forcing become_method: su to try to get AIX to work
Co-authored-by: Rob Wagner <rob.wagner@sas.com>
(cherry picked from commit 977b58740b)
* Bugfix of 67377: postgresql_set converts value to uppercase if "mb" or "gb" or "tb" is in the value string
* fix CI
* add changelog
(cherry picked from commit 59bcc9f739)
* Allow a collection role to call a standalone role by default. Fixes#69101
* tweaked changelog text
* Guard against NoneType
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>.
(cherry picked from commit da98fc267a)
Co-authored-by: Matt Martz <matt@sivel.net>
* Fix fileglob when using 'file*' vs 'stuff/file*'
when not having dir in glob, files/ subdir was being ignored.
* tests for fileglob
(cherry picked from commit d3cab602a5)
Backport of ansible-collections/community.general#189 to stable-2.9
Currently the redfish_config module will convert boolean bios_attribute_value
settings to strings (type str). This will cause BMCs expecting booleans to
error out.
This PR will change the default type of bios_attribute_value to 'raw' in order
to support strings and booleans.
Fixes#68251
With collections migration, inventory scripts are moved from devel (2.10).
Point docs for inventory script to their respective version.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Fixed 'intersect' filter name in constructed inventory plugin example.
(cherry picked from commit 91d02e1c1f)
Co-authored-by: Kenyon Ralph <kenyon@kenyonralph.com>
Change:
Extend the logic for custom error handling in the dnf module, so that on
newer DNF (such as DNF that ships with modern Fedora 31 container
images, and ships with RHEL 8.2) we report errors consistently with
older DNF.
Test Plan:
Ran dnf integration tests against an old Fedora 31 container image and a
brand new Fedora 32 container image; tess passed on both.
Signed-off-by: Rick Elrod <rick@elrod.me>
This reverts commit 5f6427b1fc.
as it breaks netconf connection. This will be a temporary measure
for unlocking CI until a proper fix is shipped.
Fixes#69065
(cherry picked from commit 9217aeeac1)
Signed-off-by: Daniel Mellado <dmellado@redhat.com>
Change:
This corrects an incorrect CVE identifier in the changelog entry for
CVE-2020-1735.
Test Plan:
N/A
Tickets:
Refs #67793, #68720
Signed-off-by: Rick Elrod <rick@elrod.me>
* fixed fetch traversal from slurp
* ignore slurp result for dest
* fixed naming when source is relative
* fixed bug in local connection plugin
* added tests with fake slurp
* moved existing role tests into runme.sh
* normalized on action excepts
* moved dest transform down to when needed
* added is_subpath check
* fixed bug in local connection
fixes#67793
CVE-2019-3828
(cherry picked from commit ba87c225cd)
* when possible, use filedescriptors from mkstemp to avoid race
* when using path strings, ensure we are always creating the file
CVE-2020-1740
Fixes#67798
Co-authored-by: samdoran
(cherry picked from commit 28f9fbdb5e)
* Remove the params module option from ldap_attr and ldap_entry
Module options that circumvent Ansible's option handling were disallowed
in:
https://meetbot.fedoraproject.org/ansible-meeting/2017-09-28/ansible_dev_meeting.2017-09-28-15.00.log.html
Additionally, this particular usage can be insecure if bind_pw is set
this way as the password could end up in a logfile or displayed on
stdout.
Fixes CVE-2020-1746
(cherry picked from commit 0ff609f1bc)
* Fix formatting for option names
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fix fail_json
* fix indentation error
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
- also only replace when needed
- switched from replace to index
- added test to verify bogus_facts are not accepted
CVE-2020-10684
(cherry picked from commit a9d2ceafe4)
* fix vault tmpe file handling
* use local temp dir instead of system temp
* ensure each worker clears dataloader temp files
* added test for dangling temp files
* added notes to data loader
CVE-2020-10685
(cherry picked from commit 6452a82452)
* support rabbitmq 3.8.x in version check (#66855)
* support rabbitmq 3.8.x in version check
* Removed extraneous white space
(cherry picked from commit 6b017db05b)
* Add changelog fragment.
Co-authored-by: bitchkat <kjh@flyballdogs.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* subversion module - provide password securely with svn command line option --password-from-stdin when possible, and provide a warning otherwise.
* Update lib/ansible/modules/source_control/subversion.py.
* Add a test.
Co-authored-by: Sam Doran <sdoran@redhat.com>
(cherry picked from commit d91658ec0c)
* ansible-galaxy - Fix tar path traversal issue during install - CVE-2020-10691 (#68596)
(cherry picked from commit a20a527014)
* Remove extra tests missing from rebase
* [stable-2.9] Fix missing persistent connection messages (#68496)
* Be more proactive about returning module messages
* Move message display to a function, and replace handling already in shutdown().
(cherry picked from commit 5f6427b1fc)
Co-authored-by: Nathaniel Case <ncase@redhat.com>
* Add changelog
* Updated nxos_lacp tests to handle platforms not supporting lacp system mac command
* nxos_lacp: addressing comments
* nxos_lacp: Updating image tag search to include more tags
(cherry picked from commit 00193f27eb)
Add changelog for nxos_lacp fix
* Fix colorization to not extend across newline boundary
* Fix unit test to look for the newline outside the coloration
* Add changelog fragment
(cherry picked from commit 2068131589)
* Always set the discovered interpreter on the delegated host. Fixes#63180
* Make code a little more generic
* Move code into a function
* Implement some changes based on reviews
* Add changelog fragment
(cherry picked from commit 123c624)
Co-authored-by: Matt Martz <matt@sivel.net>
Fixed sphinx theme to navigate "Edit on Github" link to locate correct
plugin, cli source in GitHub repo.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 2728c2476e)
* also consolidated temp dir name generation, added pid for more 'uniqness'
* generalize error message
* added notes about remote expansion
CVE-2020-1733
fixes#67791
(cherry picked from commit 8077d8e401)
* Actually inspect the paths and prevent escape
* Add integration tests
* Generate zip files for use in integration test
* Adjust error message
(cherry picked from commit d30c57ab22)
* Update tests to use RHEL 7.8.
Keeping support for RHEL 7.6 since collections are still using it.
* Fix tests for RHEL 7.7+ due to extras repo name change..
(cherry picked from commit 04edd77c42)
Co-authored-by: Matt Clay <mclay@redhat.com>
* add changelog fragment
Signed-off-by: Rick Elrod <rick@elrod.me>
* Update changelogs/fragments/ansible-test-opensuse-15.1.yml
Co-Authored-By: Matt Clay <matt@mystile.com>
* Update docker.txt to use the OpenSUSE 15.1 container image
Signed-off-by: Rick Elrod <rick@elrod.me>
* handle installing mysql on suse
Signed-off-by: Rick Elrod <rick@elrod.me>
* attempt to get tests passing again
Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Matt Clay <matt@mystile.com>
* galaxy - preserve mode properly on artifact (#68418)
* galaxy - preserve mode properly on artifact
* Fix py2 encoding issue
* Update lib/ansible/galaxy/collection.py
Co-Authored-By: Matt Clay <matt@mystile.com>
* Use sane defaults instead of sourcing from tarfile
Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit 127d54b363)
* added mode to dir creation that was missed in backport
wording in examples changed ios to eos (#66131)
wrong module was used in examples: should be eos_vlans not ios_vlans
(cherry picked from commit 506e2da0ff)
Add changelog for eos_vlans docs fix
Co-authored-by: qoreQyaS <github@gucke.net>
* Fix KeyError for iSCSI parameters (#67463)
The required parameters for the LUN mapping for destination LUN is
address, port and iqn. However if the user doesn't pass parameters
like CHAP authentication parameters, we will get KeyError. The patch
fixes the same.
* add changelog
Co-authored-by: Nijin Ashok <nashok@redhat.com>
Use hostnamectl command to get current hostname for host while using
systemd strategy.
Fixes: #67661
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 53aa258d78)
* Fix implicit string - only looked right because of the vault __repr__
* Add tests for strings and implicit strings
(cherry picked from commit 8eb00dd14c)
* Run modules on windows container
This provides an ability to run Powershell modules on windows container via docker connection. Otherwise, Ansible tries to run python modules on windows containers and fails.
* Removing whitespace in the blank lines
* Adding a changelog fragment
(cherry picked from commit e0eee3c37e)
Co-authored-by: Ruheena Ansari <ruheena0105@tamu.edu>
To make use of the port_security_enabled [a] and mtu [b] parameters,
[c] and [d] need to be present in the openstacksdk or the os_network
module with return an error like:
TypeError: create_network() got an unexpected keyword argument 'port_security_enabled'
or:
TypeError: create_network() got an unexpected keyword argument 'mtu'
To handle this, we fail the module if one of the arguments are used
and the minimum openstacksdk version for that argument is not met.
[a] eaf238b033
[b] c6a8e99d34
[c] 8eb788af07
[d] a1fc820a2f
Backport-of: https://review.opendev.org/708119
Fixes: https://github.com/ansible/ansible/issues/62062
Change-Id: I2b80dc721a08bbdb530af3705ae99cf1b579d9f0
* ansible-galaxy - optimise some paths and use fake galaxy int tests (#67685)
* ansible-galaxy - optimise some paths and use fake galaxy int tests
* Added init, built, and publish tests
* Test against both mocked Galaxy and AH server
* Finish off writing the install tests
* Fix up broken tests
* Rename test target and add migrated tests
* Use cloud provider for Galaxy implementation
* Added blank static config
* Use correct alias group
* Set release version and fix copy typo
* Remove reset step as it is no longer needed
* Use sane env var names for test container name
(cherry picked from commit 26129fcb80)
* Use --api-key and not --token
* Set fallaxy tests as a smoketest
(cherry picked from commit b241c021b7)
* Refactor net_base action plugin to invoke platform
action plugin with implementation module name updated
in the new task copy.
(cherry picked from commit 0d85ab1fe3)
As AnsibleModule._log_invocation is currently implemented, any parameter
with a name that matches PASSWORD_MATCH triggers the no_log warning as a
precaution against parameters that may contain sensitive data, but have not
been marked as sensitive by the module author.
This patch would allow module authors to explicitly mark the aforementioned
parameters as not sensitive thereby bypassing an erroneous warning message,
while still catching parameters which have not been marked at all by the
author.
Adds tests for various no_log states including True, False, and None (as
extracted by AnsibleModule._log_invocation) when applied to an argument with
a name that matches PASSWORD_MATCH.
Fixes: #49465#64656
(cherry picked from commit 3ca4580cb4)
* ansible-test - add constraint for virtualenv
* Limit virtualenv only on macOS.
Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit 8f296a6533)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* nxos_interfaces: RMB state fixes
* shippable fixes
* Add add'l comments per review
* fix long line
* Fix mode/enabled system defaults handling
* fix N3L test skips
* lint
* test updates for titanium images
* doc fix
(cherry picked from commit d72025be75)
Add changelog for nxos_interfaces fix
Co-authored-by: Chris Van Heuveln <cvanheuv@cisco.com>
self._discovered_interpreter_key is None unless a previous iteration
has attempted discovery. In that case, force re-discovery, as the
previous attempt certainly failed.
(cherry picked from commit fd954a9c5c)
* Forgot to pass backend.
* Add changelog.
* Pass on backend from get_fingerprint.
* Handle cryptography backend in get_fingerprint.
(cherry picked from commit a0e5e2e4c5)
With the addition of [a], the minimum openstacksdk version needs to
be bumped to include [b], or the os_network module will return the
error:
TypeError: create_network() got an unexpected keyword argument 'dns_domain'
To handle this, we fail the module if the dns_domain argument is used
and the minimum openstacksdk version for that argument is not met.
[a] 6c74e29618
[b] a3e846e2b9Fixes: #64495Fixes: #64841
* Fixes#66478
* When no quantity is set, then candlepin server usually uses
default value 1. When more quantities are required, then
candlepin server can automatically choose correct minimal
value.
(cherry picked from commit 6f1bb37feb)
Redact GitLab Project variables which might include sensetive information
such as password, api_keys and other project related details.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 84b68aa05f)
* Update user module to support no_log=False. (#66219)
Updates the user module to support pull request #64733. Neither the
update_password or password_lock field contains sensitive information, so
mark them as such.
(cherry picked from commit 40394ed671)
* Backport PR #66219 to support PR #64733
Backport PR #66219 to support the backport of PR #64733
(see: https://github.com/ansible/ansible/pull/66219).
* Delete backport-66219-update-user-module-for-64733.yml
* Update 66219-update-user-module-for-64733.yml
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
* pmrun - quote success command (#66929)
* Recreate the older behavior where the entire success command was quoted
* Use shlex_quote for a correct fix of this
* Add changelog fragment
(cherry picked from commit fd8eb77cc3)
* Backport of 66929-pmrun-quote-entire-success-command-string
* Update changelog fragment
* Delete 66929-pmrun-quote-entire-success-command-string.yml
Unclear from docs, but this is the devel fragment so removing.
* Update changelog
* Make banner detection non-greedy in ios_banner (#63092)
* Make banner detection non-greedy in ios_banner
* Added ios_banner unit test to detect bug #63091
* Corrected PEP8 errors
* Added integration test
* Corrected typo in integration test
(cherry picked from commit 01a92f0191)
* Added changelog fragment
* Update 66274-ios_banner_nongreedy.yml
Co-authored-by: kalimsshar <34369784+kalimsshar@users.noreply.github.com>
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
* ovirt_job: add when job is detected but in state finished (#66810)
* ovirt_job: add when job is detected but in state finished
* add docs
* add changelog
* Fix#63077
If the package is already installed the stdout is not as expected by this function. Either remove `--needed` or just noop if we detect pacman returning. We cannot match the stdout string, as that is most likely localized.
```
[root@archBook user]# /usr/bin/pacman --upgrade --noconfirm --noprogressbar --needed /srv/aur/src/i3cat-git/i3cat-git-r38.c6d29dd-1-x86_64.pkg.tar.xz
loading packages...
warning: i3cat-git-r38.c6d29dd-1 is up to date -- skipping
there is nothing to do
```
* Add comment
Add comment
* Add changelog fragment.
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 14b1febf64)
Co-authored-by: Klaus Frank <agowa338@users.noreply.github.com>
Add integration test
There are a number of other parameters that result in stack traces as well when this module is used ad-hoc. I'm not sure if we're interested in fixing them all since this module isn't meant to be run ad-hoc.
(cherry picked from commit cc2376b782)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* throttle tests: fix detection of parallel execution
The test wasn't able to detect if too many workers were running.
On my laptop:
- without this change, the 'throttle' target takes ~20 seconds
- with this change, the 'throttle' target takes ~70 seconds
- 1 second isn't long enough to encounter the issue
* Fix throttle test when strategy is 'free' based
'free' strategy allows multiple tasks to be executed in parallel: use
one 'throttledir' per task.
Use 'linear' strategy with a dedicated play for cleanup/setup tasks
* throttle: reset worker idx before queuing a new task
* TestStrategyBase: define task.throttle
otherwise '1' will be used instead of the default value due to the
following expression being equal to '1':
int(templar.template(task_mock.throttle))
Co-authored-by: James Cammarata <jimi@sngx.net>
(cherry picked from commit bbbdc1c25c)
* Fix fact gathering for sensor-groups (#66439)
(cherry picked from commit 5c158755fc)
Add changelog for nxos_telemetry fix
* Update 66439_fix_nxos_telemetry_facts.yaml
Co-authored-by: Mike Wiebe <mwiebe@cisco.com>
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
On Python 2, leave all fds open since there is no mechanism to close specific fds with subprocess.Popen() on Python 2
Add unit tests.
Co-authored-by: Matt Martz <matt@sivel.net>
(cherry picked from commit 617fbad743)
Co-authored-by: Sam Doran <sdoran@redhat.com>
Fixes#66263
Signed-off-by: Adam Miller <admiller@redhat.com>
(cherry picked from commit 077a8b4898)
Co-authored-by: Adam Miller <admiller@redhat.com>
Co-authored-by: Adam Miller <admiller@redhat.com>
* Add integration tests
* Handle error in _get_diff_data()
* Change to warning rather than error
* Also change failure to warning in assemble action plugin
(cherry picked from commit 9b7198d25e)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Add constraint for Jinja2 on Python 2.6.
* Fix constraint in inventory_aws_conformance test.
* Add constrraints for template_jinja2_latest test.
(cherry picked from commit 965854fbd2)
Co-authored-by: Matt Clay <matt@mystile.com>
Brian Coca