* password lookup, handle ident properly when saved
Currently we format and save ident when present but we didn't account for this when reading the saved file
Also added some more robust error handling.
* ansible-galaxy - support `resolvelib >= 0.5.3, < 1.1.0`
<https://pypi.org/project/resolvelib/1.0.1> released on 2023-03-09:
- <https://github.com/sarugaku/resolvelib/blob/main/CHANGELOG.rst#101-2023-03-09>
- <https://github.com/sarugaku/resolvelib/releases/tag/1.0.1>
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
* Trigger CI by pinning resolvelib with latest version
Since resolvelib is pre-installed in our test containers, we should temporarily pin the latest version allowed to force the tests to run with that version. Once the tests have passed that commit can be reverted.
Please make those changes without force pushing, so that we keep the reference to the passing CI run. We can squash the commits when merging the PR so the temporary commits won't be in the final commit merged to the devel branch.
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
* https://github.com/ansible/ansible/pull/80196#discussion_r1136003637
Also test resolvelib with multiple supported versions.
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
* Revert "Trigger CI by pinning resolvelib with latest version"
This reverts commit 5518e5dbca.
---------
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
* clog frag
* Fix retries so that each explicit call to _call_galaxy is retried for the correct number of attempts. Fixes#80174
* Extend retry logic to common URL related connection errors. Fixes#80170
* Extend retries to downloading artifacts
* Extend param docs for change
* Rework the exception handling
* Don't be overly broad, reduce to TimeoutError, and BadStatusLine for now
* _download_file needs to raise AnsibleError.orig_exc
* Remove unused import
* Add IncompleteRead
* Add socket.timeout for py39
* Add 502 to retry codes
* Move http error code checking first
* Use itertools.tee to replay the backoff_iterator instead of using a callable
* Actually set a CLI default of 60s for timeout, to prevent implicit galaxy from using 10s as default from Request.open
* Import typing
* fix type hints
* Use http.HTTPStatus instead of int HTTP error codes where feasible
* Split exception handling
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Add missing import
---------
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Add more details about what "true" and "false" mean for the
force_basic_auth setting. Give example scenarios when clients may want
to use this setting.
* unarchive - properly handle relative path for dest
* Add integration test
* Return output of underlying commands with increased verbosity
* Revert "Return output of underlying commands with increased verbosity"
This reverts commit a2790c8275cdc5697b65670a0beffdc74b741bf6.
* Warn when a relative destination path was provided
* Create a queue per WorkerProcess to receive intra-task updates
* Update `pause` action to use the worker queue
* Deprecate ConnectionBase()._new_stdin
* Add new `Display` convenience method `prompt_until` to manage both controller- and worker-sourced prompting without cross-fork stdin sharing, in-worker mechanism to handle request-response over new worker queue.
* Add condition that causes a when to skip a task
* Fix up tests
* Use false_condition instead of failed_condition
* Remove formatting accidentially added
* Fix sanity
* ansible-inventory, add --limit option
* also graph
* optimize the when not providing limit
* added tests and clog
* avoid empty groups, fix tests
* i swear there as an ignore_errors there already!!?!?!?
* Fix stdout test fallback
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
* simpler approach using subset against inventory directly
* tyupose
* renamed funciton to what it actuall does
got yaml in line with others about removing empty groups
* have graph ignore limts, also note same for --host
* fixed typo long line
* better test
* cause hosvars are not a thing
---------
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
* Remove unneeded fallback code for nested defined/undefined tests
The code used to handle defined/undefined tests on objects containing
nested undefined variables. Due to changes in lazy evalution of Jinja2
expressions it is no longer needed, see #56116.
* Change ansible_job_id format
...to be something that does not resemble float or other type which
value could be changed by literal_eval that jinja2_native uses.
Specifically the format of '%d.%d' is converted from str to float and
then back to float which may result in truncating the number resulting
in the job not being found because the job id does not exist.
* Fix detection of available hashlib algorithms
Detection of hashlib algorithms now works on Python 3.x.
The new implementation works on Python 2.7 and later.
Test coverage is provided by both integration and unit tests.
* Add additional details about hashlib in docs
* Improving the documentation on how we generate the default value of the filename parameter
* fix pep8
* removing unnecessary documentation and improving the module's return
* making the RETURN docs
* pep8
* version_added and changelog
* module._diff
* module._diff fix
* add rudimentary tests for new outputs
---------
Co-authored-by: Matt Davis <mrd@redhat.com>
* Update `collections.abc` imports
- Use `six.moves` for modules and module_utils
- Use `collections.abc` for controller code
This avoids using `ansible.module_utils.common._collections_compat`,
which was added before the vendored `six` was updated to provide these
imports.
* Update _collections_compat to use six.moves
Also update the custom pylint rule to reflect this change.
* add null 'manifest' key to metadata for git repo collections containing MANIFEST.json
changelog
* set to Sentinel instead of None
* Test installing a collection in a git repo that contains a MANIFEST.json
* fix test
* Update changelogs/fragments/ansible-galaxy-install-git-src-manifest.yml
* Normalize deprecation records.
* Fix alias deprecations in suboptions.
* Report in which option an alias warning happened for suboptions.
* Add deprecation tests for suboptions.
* Also test deprecation in list of dicts.
* Adjust unit tests for toplevel alias deprecation field name change.
* Fix notes in regex_replace doc
The documentation says that this maps to 'regex.replace' when it should say 're.replace'. The distinction is important because of the third-party 'regex' module that has more features than the built-in 're' module. https://pypi.org/project/regex/
* Fix notes in re.search docs
The documentation says that this maps to 'regex.search' when it should say 're.search'. The distinction is important because of the third-party 'regex' module that has more features than the built-in 're' module. https://pypi.org/project/regex/
* Remove obsolete 'if'
The result dict returned by super.run() will never have a 'skipped' entry.
Without the if, it is more clear that wrap_async is actually defined at the end of the function.
* Remove more dead code.
The result dict will also not contain invocation.
* Remove notes.
* Add support for importlib.resources
* Remove the importlib.resources imports
* return the correct data
* Some code comments, and re-order for consistency
* Disallow traversing packages below an individual collection
* Add a traversable class for namespaces
* Re-use variable
* Utilize itertools.chain.from_iterable
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Simplify logic to check for packages from ansible loaders
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Just a generator expression, instead of a generator
* docstrings
* Add comment about find_spec for our namespaces
* Add some initial unit tests for importlib.resources
* normalize
* Utilize importlib.resources for listing collections
* collections_path is already in config, just use config
* install uses a different default for collections_path
* Remove unused import
* Remove duplicate __truediv__
* Bring back TraversableResources
* Apply some small suggestions from code review
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* Remove cross contamination between plugin loader code and CLI code
* Remove unused import
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
Fix ignoring certs when downloading tarballs
Fix ignoring certs when downloading a collection from a specific source that isn't in the configured servers list
* background threads writing to stdout/stderr can cause children to deadlock if a thread in the parent holds the internal lock on the BufferedWriter wrapper
* prevent writes to std handles during fork by monkeypatching stdout/stderr during display startup to require a mutex lock with fork(); this ensures no background threads can hold the lock during a fork operation
* add integration test that fails reliably on Linux without this fix
* Remove unused mock from test_password_already_created_encrypt
The _get_paths mock is never used in the
test_password_already_created_encrypt test case.
* Add test to assert the password file is not rewritten
If the password file already contains the salt and the hasing algorithm
does not use the ident parameter, the password lookup should not write
to the password file.
* Fix "changed" if using "encrypt" in password lookup
When using the "encrypt" parameter to the password lookup without the
ident parameter, the password file was always marked as "changed". This
caused the file to be rewritten with the same content. This is fixed by
only marking the file as changed, if an "ident" value needs to be added
to the file.
Fixes#79430.
Add changelog entry
* galaxy: Add license_file to manifest directives
* ag collection build: Test license handling
This adds tests to ensure that
- REUSE licensing files: .reuse/dep5, LICENSES/*, anyfile.license
- galaxy.yml license_file
are always included in the manifest.
* local connection: avoid tb when running in container with invalid user
* clog
* cannot use uid, leave empty and ~/ will resolve itself
* get back to what it did
* lib/ansible/executor/playbook_executor.py: fix minor typo in comment
* lib/ansible/executor/playbook_executor.py: move 'running playbook inside collection' from warning to -v debugging output
* give a warning when no roles match the search instead of returning rc 1
* porting guide note
* Update docs/docsite/rst/porting_guides/porting_guide_core_2.15.rst
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Use GalaxyAPI for isinstance check instead of RoleDistributionServer, since the latter is defined in __main__ sometimes (when running integration tests or ansible-galaxy from source) and importing from ansible.cli.galaxy won't reference the same object.
* issue #79022 file parameter import_tasks and include_tasks
* adding details back
* Update lib/ansible/modules/import_tasks.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update lib/ansible/modules/include_tasks.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* use pipe as in original version
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix empty str default for config/base.yml config options by rendering '' instead of ``''``
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
* copy module - fix copying directories containing modified subdirs with remote_src=True. Previously, the first changed subdir would prevent recursively checking for changes for in subdirs at the same level.
* Fix reporting changed for copying empty directories with remote_src=True. If a directory is created on the remote but nothing else, changed is True.
* ensure we only use shorthand for assigned values
* fix ansible-config std display
* split baby
* killed offending whitespace
* moved to func instead
* the revenge of whitespace
* Custom salt for ansible-vault encrypt
add VAULT_ENCRYPT_SALT config
add salt testing
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Piotr Stawarski <p@stawarski.pl>
* Fix installation from source transforms symlinks of dirs to empty dirs
* Add test to check symlinks to dirs are respected when installing from source
* Add changelog for collection install from source symlink to dirs issue
* Ensure that we do not squash keywords in validate. Fixes#79021
* become_user: nobody should only apply to the test tasks, not the setup_test_user role
* Update how become_user is specified
* Add test to ensure keyword inheritance is working for become
* Add clog frag
* Cache fattributes to prevent re-calculation
* ci_complete
* Remove unnecessary getattr
After changes:
```
"ansible_locally_reachable_ips": {
"ipv4": [
"127.0.0.0/8",
"127.0.0.1",
"192.168.0.1",
"192.168.1.0/24"
],
"ipv6": [
"::1",
"fe80::2eea:7fff:feca:fe68",
...
]
},
```
192.168.1.0/24 is a local prefix, where any IP address inside this range
is reachable locally (or outside this host if this prefix is announced via
EGP/IGP).
Signed-off-by: Donatas Abraitis <donatas.abraitis@hostinger.com>
* Use python re to parse service output instead of grep. Fixes#78541
* Add clog frag
* Add an extra guard to abort if rc is 4, and /etc/init.d is missing
* ansible-vault: add newline to the output of the 'encrypt_string' command
* Add comment with issue description and improve string joining
* Add changelog fragment
* Update changelogs/fragments/79017-ansible-vault-string-encryption-ending-with-newline.yml
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Fixed some typos in changelog fragment
* Improve comment regarding newline character at the end of file
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Do not crash templating when filter/test name is not a valid Ansible plugin name.
* Store and re-raise KeyError if there was one.
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
* omit keyword should reset to context
ensure we use context/inheritance when calculating value,
using default only when context is unavailable.
fixes#75692
- correct 'vars:' precedence to allow phasing out of include_params
- actually merge vars and always include role_vars
- avoided dupe deps from giving wrong vars
- use 'first' instance of dep as others are from previous instances/invocations
and can have diff values for vars
- ensured deps only provide exportable vars themselves
- added COMMENTS
- added tests
- apply export restrictions setting to defaults
- use 'public' as cutoff
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
ci_complete
* winrm - fix reducing 'Read timed out' error
This fix reduces the exceptiopn 'Read timed out. (read timeout=nnn)' occurring seemingly randomly and
unpredictable on some networks (which have long latency and/or many hops or other problems). The fix
ensures that the involved timeout is set to a value so this issue is reduced.
* Add changelog fragment
Co-authored-by: Jordan Borean <jborean93@gmail.com>
* Add --offline option to 'ansible-galaxy collection install' to prevent querying distribution servers
This allows installing/upgrading individual tarfiles to have dependency resolution.
Previously needed to be done manually with --no-deps or else all collections and dependencies needed to be included in the requirements.
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Add OSMC to Debian OS_FAMILY_MAP
- os_family fact of the Debian-based OSMC distribution was not detected correctly
* tweak changelog
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* new _fqcn attribute to plugin objects
* unbreak plugins in subdirs
* Fix inadventent changes to _load_name and use existing vars
* add plugin aliases and name property, and replace plugin._load_name where incorrect
* Fix listing plugin names
Fix listing legacy and builtin together
test deprecated plugin documentation
fix doc extensions
remove sometimes inaccurate _load_name handling from plugin.name
* Add tests for REJECT_EXTS and doc extensions
Fix unpredictable collection redirects so non-fqcns in the redirect list are guaranteed to be legacy (instead of determined by the collections keyword)
Move aliases and name properties to _update_object so all plugin types, including doc fragments, can use them
* make legacy plugin names internally consistent
* rename attributes to ansible_name and ansible_aliases
This fixes bug which prevents identification of broken playbook when
passing multiple playbooks as arguments, something that is common
especially with `--syntax-check`.
Affects: ansible-lint
* Recover unix load average into an ansible_loadavg fact
The average load is available out of the box with os.getloadavg().
It adds useful context to the existing ansible_memory_mb and ansible_mounts
facts that provide size and utilization or memory and disk space.
* Add an integration test
* Fix distro fact handling for Flatcar
The existence of the file /etc/flatcar/update.conf depends on
bootstrap configuration typically provided by the user. For that
reason this file is unsuitable for determining distro facts for
Flatcar Container Linux.
The distribution_release fact is meaningless in the case of Flatcar
since Flatcar doesn't have named releases. The distribution_version
fact, however, IS meaningful and should contain a number such as
"3139.2.0".
- Use /etc/os-release instead of /etc/flatcar/update.conf.
- Drop the distribution_release fact.
- Set the distribution_version fact.
- Update distro test fixture for Flatcar
- Generate the fixture using gen_distribution_version_testcase.py.
- Override result.distribution and result.os_family manually as the
generator script gives wrong values.
- Use a recent Flatcar version.
Signed-off-by: Johanan Liebermann <jliebermann@microsoft.com>
* Limit Galaxy API calls during ansible-galaxy collection dependency resolution when possible
Installing a tarfile with a dependency from a Galaxy server (e.g. dependencies: {'ns.coll': '>=1.0.0'}) does not get the available versions of the dependency from the galaxy server if a sufficient version is already installed.
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* refactor and remove redundant code in documentation
allow location and building api to be more accessible
fix issues with displaying ansible.legacy and ansible.builtin
ensure we don't x2 process tokens (some modules reference them also) fixes#77764
move to constants vs hardcoded
more informative errors and comments
now have actual filter/test plugins, which expose the filter/test functions
moved filter/test loading/finding logic into jinja2pluginloader, removed dupe implementations
added tests for case in which we unique by basename when listing
Update lib/ansible/utils/plugin_docs.py
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
* Add a warning for collections that are attempting to be autoloaded to no effect
* Deprecate REQUIRES_WHITELIST and add support for REQUIRES_ENABLED so the docs are accurate
* Fix documentation
* add more vars plugin tests
* Simplify code and add a FIXME for another bug
* fix precedence
* Make setting the class attr at all a warning, even if it's True
* Add fun parsing for _load_name
* include _load_name in messages
* add required file to collection skeleton
This file is required to be able to upload a collection.
It is present in
https://github.com/ansible-collections/collection_template/blob/main/meta/runtime.yml
but that does not get used by default.
Without this, if you use the "ansible-galaxy collection init" command
and you try and publish that collection without adding this file, you
get the error:
"ERROR! Galaxy import process failed: 'requires_ansible' in
meta/runtime.yml is mandatory, but no meta/runtime.yml found (Code:
UNKNOWN)"
Also updates relevant test and adds a changelog fragment
* yum_repository: Do not set default value for async
The `async` repository option is deprecated in RHEL 8, but Ansible sets
```ini
async = 1
```
even when it's omitted from the module options, which causes `dnf` to complain
about an unknown configuration option.
This commit removes the default value from the `async` parameter, which means
it won't be added to the repository file if omitted from the module parameters.
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
* Document the specific versions with the default True and the option deprecation for RHEL 8
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
Replace get_persistent_connection_options with get_options
Remove special case for network sub_plugin in _set_plugin_options
Try to avoid mock connection pretending to be persistent
Rename variables->options to reflect what they actually are
Gather options for ssh_type_conn on network_cli
Drop reliance on sub_plugin["type"]
* ansible-config init fixes
now handles --disabled correctly for 'vars' format
also does not display internal config entries anymore
fixes#78438
note plugins have _prefixed settings that are public, this should change