Commit Graph

2728 Commits (5c171c1b950c4abd48ca5960ab3d24188942df59)

Author SHA1 Message Date
Brian Coca de3844cba9
discourage hexdigits in password lookup (#73106)
* actually add new docs

* Update lib/ansible/plugins/lookup/password.py

Co-authored-by: Sandra McCann <samccann@redhat.com>
4 years ago
Lloyd Parkes e0c75a6756
Replace the use of the function string.replace with the method str.replace (#68793)
* Replace the use of the function string.replace() with the method str.replace()
because that's what works for both Python 2 and 3.

* Cleanup the unused string import.

Added a changelog fragment.

* The documentation for os.write() seems a bit iffy, but in Python 3 we
definitely cannot pass it a string and we need to encode it into
bytes.

The Python documentation at
https://docs.python.org/3/howto/pyporting.html#text-versus-binary-data
says that this code will work in Python 2 as well.

Co-authored-by: Lloyd Parkes <lloyd@must-have-coffee.gen.nz>
4 years ago
Rick Elrod 20509b6507
[facts] fix version facts on FreeBSD RC/PRERELEASE (#73020)
Change:
- The FreeBSD release can contain -RC or -PRERELEASE in addition to
  -RELEASE, -STABLE, or -CURRENT.

Test Plan:
- Added new fixed from an RC version of TrueNAS which uses a -PRERELEASE
  version of FreeBSD.

Tickets:
- Fixes #72331

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Jean-Pierre Matsumoto 3074ede8a3
ExecutionPolicy default value is RemoteSigned (#72993)
* ExecutionPolicy default value is RemoteSigned

##### SUMMARY
In Windows setup steps, settings `ExecutionPolicy` is restored to value `Restricted`. But actually default value for Windows server is not `Restricted` but `RemoteSigned` ([source](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.1#default)).

I have got issue with `win_dsc` because `ExecutionPolicy` was `Restricted`.

##### ISSUE TYPE
- Docs Pull Request

+label: docsite_pr

* Add changelog fragment

* Apply suggestions from code review

Co-authored-by: Sandra McCann <samccann@redhat.com>
4 years ago
pva 42bc03f0f5
[get_url] skip checksum during --check (#66700)
Fix get_url failure in check mode (--check) when using the checksum
format <algorithm>:<url>.

Regression introduced in (#20532)

Fixes: #61369
4 years ago
Abhijeet Kasurde aa56a2ff6a
galaxy: Handle token as dict while loading using yaml (#70911)
Malformed galaxy_token file creates stacktrace.

Fixes: #70887

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Sam Doooran 5ecfb19cad
arg_spec - move validator lookup method to a function (#72667)
* arg_spec - move type checking lookup method to a function

* Change get_wanted_type name and behavior

Change the name to get_validator to bette describe what it is doing.

Change the interface to always return a value. This lines up with the behavior of get_*
functions always returning something or None and check_* functions raising an
Exception if something went wrong during the check.

* Add param to check_type_str()

Not meant to be a long term fix, but gets tests passing. More work is needed to figure
out how to solve this cleanly.

* Remove private attribute mapping types to validator

Since the function that needs it has moved to parameters.py, there is no need to have it as
a attribute of AnsibleModule.

Update tests that were referencing the private attribute.

* Use private method for 'str' type

To avoid having to put the string conversion warning behavior in the check_type_str() method,
use the private _check_type_str() method for 'str' type.

Import CHECK_ARGUMENT_TYPES_DISPATCHER for backwards compalitibility and store it as
a private attribute.

Revert changes to support plugins that are referencing serf._CHECK_ARGUMENT_TYPES_DISPATCHER.

* Add changelog

* Change function name to better reflect its... function

* Change dict name to better reflect its contents

CHECK_ARGUMENT_TYPES_DISPATCHER --> DEFAULT_TYPE_VALIDATORS

* Fix changelog
4 years ago
Sam Doooran 48803604cd
systemd - do not overwrite unit name when searching (#72985)
* systemd - do not overwrite unit name when searching

PR #72702 introduced a bug that changed the unit name when splitting it up for the purpose
of searching for the unit. This only happens on unit file templates on systems that have a 5.8
or newer kernel and a version of systemd that does not contain a bugfix that causes systmed
to fail to parse dbus.

* Use facts rather than a manual probe to determine if systmed is present

* Remov unnecessary block

* Use vars files instead of set_fact

* Add tests for using a templated unit file

* Update changelog fragment

* Use template to get correct path to sleep binary
4 years ago
Sam Doooran 8e022ef00a
import_playbook - change additional params to deprecation (#72987)
* import_playbook - change additional params to deprecation

I incorrectly recommended this be set as a warning when it should have been a deprecation.

* Fix deprecation sanity test to not required a collection name when not inside a collection
4 years ago
Sam Doooran 850a77f639
ansible-test - prefer venv over virtualenv on Python 3 (#73000)
Also pin virtualenv to 16.7.10 for older Mac OS X systems. This was the version being installed
anway with the previous constraint (<20).

On systems with Python 3, now prefer venv over virtualenv. Test to see if venv is functional since
some systems have a non-functional venv installation (such as Debian).
4 years ago
Sloane Hertel 5e03e322de
Pass the top level dictionaries to combine_vars (#72979)
* Pass the top level dictionaries to combine_vars

combine_vars uses dict.update() to replace keys
4 years ago
Matt Clay 37d09f2488
Update ansible-test pylint Python support. (#72972)
* Update ansible-test pylint Python support.

* Python 3.8 is now officially supported.
* Python 3.9 is now skipped with a warning.
4 years ago
Felix Fontein 0ba96d2be8
Compare removal and deprecation dates and versions in runtime metadata against current version and today (#72625)
* Check deprecation and removal versions w.r.t. current version.

* Check removal dates from tombstones w.r.t. today.

* Add changelog.
4 years ago
Brian Coca d22804c4fb
saner path dir management (#72648)
* saner path dir management

   fixes #72628

   ensure we always store paths w/o a_c

Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
4 years ago
Martin Zimmermann 83fb24b923
iptables: Adding multiport module support (#72928) 4 years ago
Adam Miller 0044091a05
Update yum/dnf module docs to include version comp (#72763)
* Update yum/dnf module docs to include version comp

Fixes #61234

Signed-off-by: Adam Miller <admiller@redhat.com>

* fix up docs syntax to sanity tests are happy

Signed-off-by: Adam Miller <admiller@redhat.com>
4 years ago
Toshio Kuratomi e7dee73774
Collection list site packages (#70173)
* ansible-galaxy collection list and verify now utilize collections in site-packages.

This is a short term fix for #70147.  The long term fix needs to handle
install (but that discussion is also bound up in how upgrade is going to
work and where things can get installed so it's deferred for 2.11.)

* Add test for ansible-galaxy collection list with site-packages

* Fix sanity issue

Co-authored-by: David Moreau Simard <moi@dmsimard.com>
Co-authored-by: Jordan Borean <jborean93@gmail.com>
4 years ago
Matt Martz a3b6485073
Fix reset_connection paramiko, winrm, psrp (#72688)
* Ensure we only reset the connection when one has been previously established. Fixes #65812

* Ensure psrp doesn't trace

* winrm too

* Indentation fix
4 years ago
Matt Clay 36ab3d1189
Fix cryptography constraints in ansible-test. (#72914) 4 years ago
Matt Martz 83764ad506
Fix async interpreter parsing (#72636)
* Fix async interpreter parsing. Fixes #70690

* Target localhost instead of remote host

* Don't forget inventory

* Address shellcheck issue
4 years ago
Martin Krizek 1b70260d5a
Add implicit role_complete block instead of role._eor (#72208)
Co-authored-by: Matt Martz <matt@sivel.net>

Fixes #69848
4 years ago
Martin Krizek 252685092c
Use _wrap_native_text only for builtin STRING_TYPE_FILTERS (#71801) 4 years ago
Sven Wegener 08cc6edc64
vault: Read stdin data as binary on python3 (#52229)
On python3 sys.stdin is an encoded file object that does not support
reading raw binary data. Use the supplied buffer object to do so.

Signed-off-by: Sven Wegener <sven.wegener@inovex.de>

Co-authored-by: Sven Wegener <sven.wegener@inovex.de>
4 years ago
log-e 8f77e95765
Add alinux hostname module support (#72894) 4 years ago
David Shrewsbury fe17cb6eba
Fix fileglob parameter order bug (#72879) 4 years ago
David Shrewsbury be2c376ab8
Extract embedded function to RoleMixin method and add tests (#72754)
* Add changelog
* Simplify return
4 years ago
Sijis Aviles 034e9b0252
unarchive - add include option (#40522)
This should allow users to extract specific files from an archive as
desired.

Fixes #16130, #27081.

* Rebase and make a few minor changes
* Add changelog
* Improve tests

- move to separate tasks file
- change assertions to check for exactly one file
- use remote_tmp_dir for output dir

* Make exclude and include mutually exclusive
* Don't remove files needed by other tasks
* Fix sanity tests
* Improve feature documentation
* Skip tests that use map() on CentOS 6
* Use fnmatch on include for zip archives
  This matches the behavior of exclude

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Felix Fontein f569d80fde
Improve deprecations (#72697)
* Remove space before comma in '... bla , use ...'

* 'why' is inserted in the middle of a sentence, between two commas.

* Make deprecations from base.yml show source ansible-core.

* Add changelog fragment.

* Improve some more 'why's.

* Add PR URL to fragment.
4 years ago
Pilou b464d18fd1
AnsibleModule.set_mode_if_different: handle symlink is in a sticky directory (#45198)
* file: add symlink is in a sticky directory tests
* file: handle symlink in a sticky directory

Co-Authored-By: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>

* Add changelog and fix unit test
The builtins import was removed since it was unused, but it is now needed.
4 years ago
Felix Fontein 5226ac5778
The implicit default for type=bool options is not 'false', but 'none' (#72699)
* The implicit default for type=bool options is not 'false', but 'none'.

* Fix modules, resp. add ignore.txt entries.
4 years ago
Felix Fontein f94ba68d8f
ansible-test sanity: fix UnicodeDecodeError for `--python 2.7 --docker` (#72623)
* Store target paths as unicode.

* Add changelog fragment.
4 years ago
Matt Clay 08842cd6bb
Fix Azure Pipelines change detection. (#72824) 4 years ago
Matt Clay 2b24fae429 Replace `exit` with `sys.exit` in Galaxy CLI. 4 years ago
Sam Doran a788ea0132
systemd - account for templated unit files when searching for service (#72702)
Related to issue #71528 and PR #72337

Co-authored-by: Martin Polden <mpolden@mpolden.no>
4 years ago
Rick Elrod a59825128d [centos6] update container for EOL
Change:
- Reference:
  https://lists.centos.org/pipermail/centos-devel/2020-December/056208.html
- Bump centos6 container to 1.25.0

Test Plan:
- ci_complete

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Paul Belanger a95213d2f5
Switch to hashlib.sha256() for ansible-test (#72411)
When FIPs mode is enable on centos-8, we are not able to load md5
functions.

Signed-off-by: Paul Belanger <pabelanger@redhat.com>
4 years ago
Abhijeet Kasurde a223ea5185
distribution - handle NetBSD OS Family (#70799)
Fixes: #43739

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Sam Doran 1db9588279
ansible-test - add cryptography constraint for cffi (#72761)
The recently released version of cffi fails to install on systems with an older version of gcc. In
our case, this in the CentOS 6 test image. There is a fix but it has not yet been released.

https://foss.heptapod.net/pypy/cffi/-/issues/480
4 years ago
Martin Krizek ae08c6a639
Ensure Ansible's unique filter preserves order (#67856)
Fixes #63417
4 years ago
Yadnesh Kulkarni 3add96909d
Fix parsing of values when using an empty string as key (#57132) (#72545)
Signed-off-by: Yadnesh Kulkarni <ykulkarn@redhat.com>
4 years ago
Matt Martz 46198cf80a
Add orig_exc context to error messages (#72677)
* Add orig_exc context to error messages. Fixes #68605

* Fix string formatting
4 years ago
Jordan Borean fb092a82a1
ansible-galaxy - source deps from all servers and not just parent (#72576)
* ansible-galaxy - source deps from all servers and not just parent

* Added integration tests for this scenario
4 years ago
Matt Martz f8ef34672b
Provide better decryption errors for single vault values (#72362)
Fixes #72276
Fixes #72281
4 years ago
Sam Doran e889b1063f
arg_spec - rework _check_arguments() (#72447)
* Move _syslog_facitily to __init__
  No good reason it should not be set for each object

* Move internal property setting to private method
* Create check_arguments() function
* Remove unused import
* Rename function to better match its behavior
  Change the behavior to return a set, either empty or populated, with unsupported keys.
  Accept legal_inputs as optional which will not required calling handle_aliases before calling
  get_unsupported_parameters().

* Add changelog
* Rework function behavior and documentation
  I realized I missed the original intent of this method when moving it to a function. It
  is meant to compared the parameter keys to legal inputs always, not compare
  parameter keys to argument spec keys, even though the argument spec keys should
  be a subset of legal inputs.

* Add tests
* Fix typo.
* Set internal properties when handling suboptions
4 years ago
Alan Rominger 1fbac24739
Update ansible-runner tests version and deps (#72197)
We could not find reason for the docutils install so trying out removing it.
Also bumping to latest version of ansible-runner

Skip all python2 versions because next ansible-runner drops it

Co-authored-by: Elijah DeLee <kdelee@redhat.com>
4 years ago
Brian Coca 07248e5ec1
avoid key errors on environment access (#72620) 4 years ago
Brian Coca d8baf4d38d
Document and warn when max_fail and free are used (#72616)
Fixes #16666
4 years ago
Brian Coca 13bc35e13c
actual min changes needed for rhel8 (#72477)
* actual min changes needed for rhel8

 - specifiy releaserver as dnf/vars is ignored
4 years ago
Rick Elrod 6894ae7d1d
Rename to ansible-core (#72594)
Change:
- Initial set of changes for renaming to ansible-core
- Includes changelog fragment changes from base -> core
- Does NOT include docs changes
- Modifies detection stuff in setup.py to support ansible<2.9 and ansible-base

Test Plan:
- ci_complete
4 years ago
Sam Doran bbef250c2b
Fix super annoying Python 2.6 multiprocessing.Queue stack trace in CI (#72604)
* Fix super annoying Python 2.6 multiprocessing.Queue stack trace in CI

A bug exists in Python 2.6 that sometimes raises an exception during interpreter shutdown. We
encounter this frequently in our CI since we run tests on CentOS 6 as the control node, which
has Python 2.6.6 with this bug.

This PR adds a very minor sleep only on Python 2.6 which gets around this issue. I did lot of testing
using a standalon script I found that easily duplicated the issue to find the minimum sleep value
needed to avoid this issue.

CPython issue: https://bugs.python.org/issue4106
Fix in CPython: https://hg.python.org/cpython/rev/d316315a8781

* Use correct attribute
4 years ago
Sam Doran 4b8cb6582b
pause - do not hang if run in the background (#72065)
* Consolidate logic for determining whether or not session is interactive
  into a single function, is_interactive()
* Increase test coverage

I wasn't able to find a good way of simulating running a backgrounded test with CI since the
whole test is essentially run not in a TTY, which is similar enough to cause the new is_interactive()
function to always return false.
4 years ago
Paul 44a38c9f33
add return documentation for unarchive. (#72546)
* add return documentation for unarchive, add fragment for changelog, apply suggestions from code review

Co-authored-by: Amin Vakil <info@aminvakil.com>
4 years ago
Jordan Borean bdd0c48837
Added changelog for RHEL 7.9 (#72572) 4 years ago
Brian Coca 4f0e2fff95
avoid fatal exception on invalid collection name (#72296)
* avoid fatal exception on invalid collection name used in ansible-doc filter
4 years ago
Brian Coca 48c08f410c
allow any type of unsafe data (#72547)
* allow any type of unsafe data

  dont limit to strings
4 years ago
Egor Margineanu e879f12fb9
Fix AIX networks facts when nestat is either missing or has incorrect permissions (#72516)
* Added check for none on netstat_path variable

* Added changelog
4 years ago
Matt Clay fa2be89cd4 Add coverage exporting to ansible-test
A new `--export` option for `ansible-test coverage combine` allows multi-step aggregation of code coverage for CI pipelines.
4 years ago
Matt Clay f022dedd0a Fix container discovery for the acme test plugin. 4 years ago
Brian Coca aa4d53ccdf
ensure local exposes correct user (#72543)
* ensure local exposes correct user

  avoid corner case in which delegation relied on
  playcontext fallback which was removed

  fixes #72541
4 years ago
Jordan Borean de5858f48d
Added caching mechanism for Galaxy API requests (#71904)
* Added caching mechanism for Galaxy API requests

* Add cache options and split up code

* Added unit tests

* Fix sanity test

* Use modified date and fix up caching for explicit servers

* Make sure credentials are not in cached server name

* Added test for getting updated cache version

* Changes from review
4 years ago
Brian Coca a1730af91f
Ensure blockinfile correctly returns backupfile (#72544)
* Ensure blockinfile correctly returns backupfile

  Fixes #27626
  based on #27859

Co-authored-by: Giovanni Sciortino (@giovannisciortino)
4 years ago
Rick Elrod e7bf0696ef
[ansible-test] use newer container images (#72126)
Change:
- Bump default, ansible-base, distro containers
- We do NOT add fedora33 yet, because it doesn't work right on Shippable
  due to an old kernel. This will be added post-AZP.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Amin Vakil c1da427a5e
iptables: Reorder comment postition (#71496)
* Reorder comment postition

* Add comment unit test

* Fix unit test

* Fix unit test

* Add changelog

* Add paramaters which would be problematic without this fix

* Fix typo

* Fix unit test

* Fix unit test
4 years ago
Rick Elrod 3b379f372e [ansible-test] first attempt at freebsd 12.2
Change:
- Add freebsd/12.2 remote target

Test Plan:
- ci_complete

Tickets:
- Fixes #72366

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Brian Coca 8eab113cb1
show keyword documentation in ansible-doc (#72476)
* show keyword documentation in ansible-doc

Co-authored-by: Felix Fontein <felix@fontein.de>
4 years ago
Matt Martz 96ad5b799e
Emit warning when running on the controller with a Python older than 3.8 (#72467)
* Emit warning when running on the controller with a Python older than 3.8

* Add spaces

Co-authored-by: Matt Clay <matt@mystile.com>

* and more spaces

Co-authored-by: Matt Clay <matt@mystile.com>

* s/Py/Python/

Co-authored-by: Matt Clay <matt@mystile.com>

* Add note to Control node requirements about Py3.8 requirement

* Add collection_name to deprecated call

* more spaces

Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>

* Clarify that we are only packaging for py3.8+

Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
4 years ago
Sloane Hertel 0ed7bfc694
Fix task get_name to always prepend the role name (#72511)
* Fix 'role_name : tast_name' notation if task contains role name

* Add tests for notifying handler names which contain the role name

Co-authored-by: Thomas Wouters <thomaswouters@gmail.com>
4 years ago
Martin Krizek a2593b5e27 CLI - Specify jinja version in --version output 4 years ago
Brian Coca 488b9d6c35 remove redundant remote_user for local setting
local action plugin already does and this also should fix
  fork/thread issue by removing use of pwd library

  fixes #59642
4 years ago
Sam Doran b33d7e2e29
Add changelog (#72502) 4 years ago
Felix Fontein c7a4b39633
Adjust action groups to moved modules (#72428)
* Support docker and k8s action groups for moved modules in community.docker and community.kubevirt.

* Also support k8s action group for community.okd.

* Also add kubernetes.core.

* Adjust PR #.

* Fix changelog fragment.

* Remove community.okd.

* Revert "Remove community.okd."

This reverts commit 812b5aa6e2.
4 years ago
Alexei Znamensky 5654de6fce
Return error if cwd directory does not exist (#72390)
* Return warning or error if cwd directory does not exist, in AnsibleModule.run_command()
4 years ago
Felix Fontein da60525610
Fix missing ansible.builtin FQCNs in hardcoded action names (#71824)
* Make sure hard-coded action names also check for FQCN.
* Use _add_internal_fqcn() to avoid hardcoded lists and typoes.
4 years ago
Felix Fontein 64a809d2b6
Improve ansible-test classifications for collections (#72353) 4 years ago
Jordan Borean 809d5fc398
ansible-test - skip installing PowerShell sanity test reqs if they are already installed (#72423) 4 years ago
Felix Fontein 4fb336cef1
ansible-doc: export has_action when --json is used (#72359)
* ansible-doc: export has_action when --json is used.
* Remove docuri and now_data, which were not used resp. ignored in format_plugin_doc and the functions it calls anyway.
* Add function _combine_plugin_doc.
4 years ago
Brian Coca cb94c0cc55
added timeout options to adhoc and console (#71230)
* added timeout options to adhoc and console

* added test

* fix typosesz

* fix conflict

* task_timeout

* fix timeout option, added extra vars to console

* actually use right cli switch .. DUH!

* added timeout to include 'valid' but ignored keys

* fix default

* fixes per review
4 years ago
Brian Coca 96c1972439
find will give more specific reasons on skip (#68823)
* find will give more specific reasons on skip

 - added more error handling
 - use random path for test
4 years ago
Sam Doran fb09fd2a23
wait_for - ignore psutil related errors (#72401)
When enumerating connections with psutil, catch and ignore errors to avoid returning a stack trace.

Co-authored-by:  Matt Martz <matt@sivel.net>
4 years ago
Matt Martz e73a0b2460
Explicitly get the include task, and not assume it is the parent (#72378)
* Explicitly get the include task, and not assume it is the parent. Fixes #6571
4 years ago
Sam Doran a51a6f4a25
reboot - add reboot_command parameter (#69847)
Fixes #51359
* Update default search paths
* Fix returns for args and command, don't allow conversion
* Reorganize tests
* Fix test for Azure Pipelines
4 years ago
Sam Doran 8f9cf456b0
url lookup - set default user agent (#72324)
* Add unit tests
* Add note about when default changed
4 years ago
Sam Doran d6115887fa
systemd - use list-unit-files rather than list-units (#72363)
list-unit-files will return all files on the system. list-units omits those
that are disabled.

Co-authored-by: Ken Dreyer <ktdreyer@ktdreyer.com>
4 years ago
Sam Doran 7352457e7b
hostname - add macOS (#54439)
* Add DarwinStrategy class and integration tests

macOS has three seprate hostname params that need to be set. One of those params, LocalHostName, has more stringent requirements than the other two, which accept special characters and spaces. Create a method to scrub the hostname to ensure it works well with the system requirements.

* Update documentation

* Account for virtualization type returned on Azure Pipelines

* Do not be dependent on order of self.name_types

Use the scrubbed name when the name type is LocalHostName
4 years ago
Sam Doran c51438312a
blockinfile - properly insert block when no trailing new line exists (#72350) 4 years ago
Felix Fontein 233e7beb5b
Fix processing of add_file_common_args=True when argument_spec is not specified as kwarg. (#72334) 4 years ago
Sloane Hertel dee8a4a8f1
Use type 'path' for fact_caching_connection in jsonfile cache plugin (#72317) 4 years ago
Sam Doran db84e2c989
systemd - fix issue with capbpf and newer kernel (#72337)
A bug existed in systemd 245 that did not properly handle unknown kernel
capabilities gracefully. This resulted in incomplete output when querying
for the service status. It is possible to get service status by other means.
This PR works around this issue by getting service status using other commands
in the event of a failure due to this bug.
4 years ago
Rick Elrod 2293b327c0
[ansible-test] Limit cryptography to <3.2 (#72342)
Change:
- Cryptography 3.2 drops support for OpenSSL 1.0.2. Some of our CI
  infrastructure still uses this version (FreeBSD, namely). For now,
  just add a constraint to use old cryptography.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Sloane Hertel 8b07d46166
Add a toggle for the leading separator for keyed_groups (#60882)
* Add a toggle for the leading separator for keyed_groups if no prefix is given

* changelog

* Add tests for backward compatibility and the new toggle
4 years ago
Felix Fontein 0b2b82c0b6
Add changelog fragment for #71736. (#72323) 4 years ago
Matt Davis 83909bfa22
Remove ansible-galaxy login (#72288)
* GitHub is removing the underlying API used to implement the `login` command. Since the general consensus seems to be that relatively nobody currently uses this command (in favor of explicit token passing), support was simply removed for interactive login. If a future need arises, this command should be reimplemented via OAuth Device Auth Grants.
* login or role login commands now produce a fatal error with a descriptive message
* updated 2.10 and 2.11 porting guide entries

* remove dead code/config, update messages and porting guides
4 years ago
Matt Clay 3c2e8b99be
Fix ansible-test handling of user-defined docker networks. (#72256)
* Fix ansible-test docker container detection.

* Attach test containers to the correct network.

* Do not assume `localhost` for accesing Docker.

* Look for containers on current network.

* Always map /var/run/docker.sock into containers.

This fixes issues when using a remote Docker host.

* Support container IP lookup from networks list.

* Fix container network attachment.

* Remove redundant container detection messages.

* Limit DOCKER_HOST parsing to TCP.

* Restore docker socket existence check.

The check is skipped if the docker hostname is not localhost.

* Correct changelog entry.
4 years ago
Ruediger Pluem e64ba97e8a
Fix the reversed order of return values (#72088)
* Fix the reversed order of return values

AnsibleModule.run_command returns a tuple of return code, stdout and stderr.
The module main function of the user module expects user.create_user to
return a tuple of return code, stdout and stderr.
Fix the locations where stdout and stderr got reversed.

* Fix another missed occurance

* Add changelog

* Fix further reversed order of return values occurrences

Followup to 72c3ba62c8e2606a6a35d51075fba29ce5faf34e:
Fix further reversed order of return values occurrences.
4 years ago
Rick Elrod 69e510e767
[virt facts] recognize containerd as a container (#72210)
Change:
- containerd is now recognized as container tech

Test Plan:
- Tested with Docker inside Github Actions in a private repo:

        "ansible_virtualization_role": "guest",
        "ansible_virtualization_tech_guest": [
            "containerd",
            "container",
            "VirtualPC"
        ],
        "ansible_virtualization_tech_host": [],
        "ansible_virtualization_type": "containerd",

Tickets:
- Fixes #66304 because this is what docker containers show up as
  in Github Actions.

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Jordan Borean c9fa1d0e7e
Fix race condition when creating async dir (#72069)
* Fix race condition when creating async dir

* Simplify exception wrapper

* Remove var used for testing
4 years ago
Matt Martz be5fc4e642
Ensure we call action_loader.get with collection_list (#72206)
* Ensure we call action_loader.get with collection_list. Fixes #72170

* Add tests and changelog

* Remove grep, do assertion in playbook. ci_complete

* Skip old jinja2 versions

* ci_complete

* dedupe
4 years ago
Brian Coca 5ec53f9db8
make collection callbacks follow normal flow (#59932)
make collections whitelist follow normal flow

* fixes missing set_options call and adhoc and stdout processing rules
* avoid dupes
* fixed to handle redirects
* also updated tests with new and more accurate skip message
* fix callback tests for envs with cowsay installed
* lots MOAR comments on why the code is as it is, some todos to refactor in future

Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
4 years ago
Matt Clay 2ef4b7e07e Fix ansible-test Azure Pipelines container auth. 4 years ago
Rick Elrod 3b40c6f3b7
[config] coerce more to string when 'type: str' (#72172)
Change:
- When a plugin defines `type: str` on a parameter, treat more kinds of
  input as a string instead of whatever it is parsed as.

Test Plan:
- New unit tests
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
dberg1 cdf62edc65
service_facts: return service state information on AIX (#72073)
* service_facts: return service state information on AIX

AIX uses the System Resource Controller (SRC) to manage services.
See https://www.ibm.com/support/knowledgecenter/ssw_aix_72/osmanagement/sysrescon.htm
Use lssrc command on AIX to return service state information.


Co-authored-by: dberg1 <dberg1@github.com>
4 years ago
Jordan Borean caba47dd3f
Add support for GSSAPI/Kerberos to urls.py (#72113)
* Add support for GSSAPI/Kerberos to urls.py

* Test out changes with the latest test container

* Get remote hosts working

* Fix up httptester_krb5_password reader

* Fix tests for opensuse and macOS

* Hopefully last lot of testing changes

* Dont do CBT on macOS

* Fixes from review
4 years ago
Matt Martz c4acd41d6e
Ensure delegate vars calculation has correct loop context. Fixes #37132 (#71477) 4 years ago
Matt Clay 5f76bd2af7 Support collection constraints in ansible-test.
This allows collections to specify requirements and constraints for packages that ansible-test has requirements or constraints for.
4 years ago
Abhijeet Kasurde 9ffa84cc1c
basic: Handle exception in default selector (#72101)
In Python 2.7, default selector raises IOError
instead of OSError. Fix handles this exception.

Fixes: #71704

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Rick Elrod ebc91a9b93
[unarchive] work on older RHEL with group: <gid> (#72098)
Change:
- No longer fail due to old Fedora/RHEL and our failure to try to cast
  gids to integers before trying to pass them to getgrgid() before
  trying to use them.
- Add tests for user/mode for various unarchive formats.

Test Plan:
- New integration tests, ran against centos6 container

Tickets:
- Fixes #71903
4 years ago
Rick Elrod a90e37d017
[virt facts] identify KubeVirt properly (#72092)
Change:
- Make KubeVirt be identified as such, and with a guest role.
- This is a breaking change, since playbooks could be relying on the
  incorrect behavior previously.

Test Plan:
- Issue author

Tickets:
- Fixes #72001

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod 0332046699
[ansible-test] attempt to work around podman (#72096)
Change:
- podman > 2 && < 2.2 does not support "images --format {{json .}}"
- podman also now outputs images JSON differently than docker
- Work around both of the above.

Test Plan:
- Tested with podman 2.0.6 in Fedora 31.

Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
4 years ago
Evan Van Dam 3db08adbb1
Add optional attribute arg for min and max filters (#50909)
* Pass **kwargs to min and max filters

* Use the jinja2 filters if available

* Add unit tests

* Add examples to docs passing attribute
4 years ago
Rick Elrod 709484969c
sysctl/openbsd fact fixes (#72070)
Change:
- Use `sysctl -n` for openbsd uptime information
- Allow `get_sysctl()` to account for multi-line sysctl settings
- Add unit tests for `get_sysctl()`

Test Plan:
- New unit tests

Tickets:
- Fixes #71968
- Refs #72025
- Refs #72067

Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Brian Coca <brian.coca+git@gmail.com>
Co-authored-by: Brian Coca <bcoca@ansible.com>
4 years ago
Ruediger Pluem a7170da851
user - allow local users with an expiry date to be created (#72022)
The luseradd / lusermod commands do not support the -e option. Set
the expiry time in this case via lchage after the user was
created / modified.

Fixes: #71942

In Python3 math.floor returns an integer whereas Python2 returns a float.
Hence always convert the result of math.floor to an int to ensure that
lexpires is an integer.

Move local expires tests in a separate file and import the tasks to the
main.yml to keep main.yml smaller.
4 years ago
Sloane Hertel cceba07114
VariableManager - add the 'vars' key before getting delegated variables (#71214)
* VariableManager - add the 'vars' key before getting delegated variables
4 years ago
Matt Martz fb03ac7019
Add libyaml info to version output, and restore git info (#71948)
* Add libyaml info to version, restore git functionality

* Add clog fragment

* Update tests to reflect new version output
4 years ago
Matt Martz 0e480d38dd
uri status_code elements are type int (#72062) 4 years ago
Felix Fontein 1107aace1b
Add deprecation collection name to plugin options (#71735)
* Add changelog fragment.

* Use correct field that's expected by lib/ansible/cli/__init__.py..

* Add basic unit tests.
4 years ago
Amin Vakil e68a638e7c
WIP: OpenBSD: add uptime to gather_facts (#72025)
* OpenBSD: add uptime to gather_facts
4 years ago
Bernhard Dick f1c4a954d5
Close file descriptor of temporary file after building certificate chain (#71825)
* Close file descriptor of temporary file after building certificate chain.

* Add changelog fragment for PR71825
4 years ago
Christian Loos ea119d3089
fix distribution fact for SLES4SAP (#71559)
b6b238a fixed the SLES4SAP detection, which was at this time ok.
Sadly Suse changed with SLES 15 the /etc/os-release file, so the above
change will no longer work.

This commit updates the SLES4SAP detection regarding
https://www.suse.com/support/kb/doc/?id=000019341.

The symlink realpath is matched with endswith, because in SLES 12+ the
link target is SLES_SAP.prod, but in SLES 11 the link target is
SUSE_SLES_SAP.prod.
4 years ago
Martin Krizek 4197666179
Only apply the unroll wrapper once (#72003)
Co-authored-by: Matt Martz <matt@sivel.net>

Fixes #71920
4 years ago
Felix Fontein 8893a244b9
Validate plugin option type 'dict' / 'dictionary' (#71928)
* Validate option type 'dict' / 'dictionary'.

* Add changelog fragment.

* Change type of 'environment' to list.
4 years ago
Felix Fontein a077bca5d5
ansible-test: improve version number validation, validate some semantic versioning properties (#71679)
* Validate removal versions.
* Validate that removal collection versions and version_added collection versions conform to semver spec.
* Validate removal version numbers in meta/runtime.yml.
* Stricter validation for isodates (f.ex. YYYY-M-D is not allowed).
* Improve error reporting.
* Validate removal collection versions.

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
4 years ago
Jordan Borean 3c33618cf6
powershell - remove env var (#72010) 4 years ago
Carlos Matos cbd3df369f
Adding check to ensure 'container' get's added to guest_tech when appropriate (#71385) 4 years ago
Felix Fontein 0c3a9c7ae6
ansible-doc: show correct plugin name (#71966) 4 years ago
Alicia Cozine 91b0dfb659
adds changelog for already-merged PR (#71947)
* adds changelog for already-merged PR

* Update changelogs/71921-raise-bytes-for-binary-test

Co-authored-by: Matt Clay <matt@mystile.com>

* adds yaml extension, corrects placement

Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay 92b66e3e31
CI provider fixes for ansible-test. (#71929)
* Make Azure Pipelines resource_prefix lowercase.

* Make classification of CI files consistent.

* Update package-data sanity test for AZP.
4 years ago
Brian Coca 9a39452a31
update the definition of changed (#71865)
* add nuance to the definition of changed, add notes to modules that return "changed" without changing state
4 years ago
René Moser 5348e7bf61
test: cloudstack: Use test-container 1.4.0 (#71905) 4 years ago
Rick Elrod 5cd489af06
Let get_file_attributes() work without `lsattr -v` (#71845)
* Let get_file_attributes() work without `lsattr -v`

Change:
- module_utils's get_file_attributes() expects `lsattr -v` to work, but
  in some cases, it may not.
- The function now takes an optional include_version bool parameter,
  which removes this expectation.
- Places where we call get_file_attributes() without using the 'version'
  it returns, we now call it with include_version=False.

Test Plan:
- New unit tests

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Amin Vakil 3e9943bc5e
Reduce ignored module sanity tests (#70319)
* Reorder test/sanity/ignore.txt to better see changes
* Remove extra empty line causing pass fail
* Apply suggestions made by Akasurde
* Minor fix in package_facts and remove two unnecessary ignores
* Fix subversion based on a suggestion made by felixfontein
* Apply suggestions made by felixfontein and Andersson007
* Fix subversion.py as suggested by felixfontein
* Minor reformatting in yum_repository description
* Reformat changelog
* Add key to apt_key, add deprecated changelog
* Add PR url to changelog
* Ignore paramater-type-not-in-doc in favour of adding key back to apt_key
* Fix apt_key
* Remove undocumented-paramater from apt_key ignore
* Ignore doc-choices-do-not-match-spec in package_facts
* Fix package_facts
* Fix filter option in setup module
4 years ago
Rick Elrod abfb7919dc
[default callback] Show include_tasks task banner (#71821)
Change:
- In some cases (always with free strategy, sometimes with linear), the
  default callback would not show the task banner for include_tasks.
- This only affects the include_tasks task itself, not the tasks in the
  included file.

Test Plan:
- Updated default callback tests

Tickets:
- Fixes #71277

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Martin Krizek 00b22ab55e
Provide more information in AnsibleUndefinedVariable (#71666)
* Provide more information in AnsibleUndefinedVariable

Fixes #55152
4 years ago
Rick Elrod fdf80690e4
[dnf] accumulate update filters (#71726)
Change:
- Previously when `security: true` and `bugfix: true` were both given,
  only security updates would get applied. Filters now accumulate so
  that both get applied in this case.

Test Plan:
- New integration tests for both check_mode and not. These tests make
  use of a contrived yum repository which is stored in S3.

Tickets:
- Fixes #70854

Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Matt Martz <matt@sivel.net>

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Sloane Hertel 7048542199
Fix passing the connection timeout to connection plugins (#71722)
* Fix passing the connection timeout to connection plugins
4 years ago
Abhijeet Kasurde 173091e2e3
distro: Add support for Pardus distribution (#71663)
Fixes: #71636

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Jordan Borean fc08c1f3c5
runas - create new SYSTEM token on become (#71714) 4 years ago
Matt Davis e813b0151c
fix coverage output from synthetic packages (#71727)
* fix coverage output from synthetic packages

* synthetic packages (eg, implicit collection packages without `__init__.py`) were always created at runtime with empty string source, which was compiled to a code object and exec'd during the package load. When run with code coverage, it created a bogus coverage entry (since the `__synthetic__`-suffixed `__file__` entry didn't exist on disk).
* modified collection loader `get_code` to preserve the distinction between `None` (eg synthetic package) and empty string (eg empty `__init__.py`) values from `get_source`, and to return `None` when the source is `None`. This allows the package loader to skip `exec`ing things that truly have no source file on disk, thus not creating bogus coverage entries, while preserving behavior and coverage reporting for empty package inits that actually exist.

* add unit test
4 years ago
Tadej Borovšak 74a103d655 Remove em dash from the pytest configuration file
On some systems (tested with official Debian Buster-based Python 3.6
docker image), setting the LC_ALL environment variable to en_US.UTF-8
will trigger Python into switching its preferred encoding to ASCII.
If any python process tries to read a non-ASCII file in this scenario,
it will terminate with an error.

And this is exactly what happens to pytest when it tries to load its
configuration that ansible-test supplies because the configuration
contains an em dash.

In order to bypass this issue, we replaced the em dash with a regular
dash and things started working again.

An alternative solution would be to replace the en_US.UTF-8 locale with
something safer, but unfortunately, the en_US.UTF-8 is probably as safe
as it gets.
4 years ago
Jérôme Loyet daca3ade99
Allow list of filters for the setup module (#68551)
The setup module can now filter out multiple pattern by providing a list
to the filter parameter instead of just a string. Single string sill
works. Previous behaviour remains.

(cherry picked from commit b5c36dac483fdd74d6c570d77cc8f3e396720366)
4 years ago
Matt Martz 61f6aa55b6
Add semver support to the jinja2 version test (#71600) 4 years ago
Jordan Borean b615789fcc
psrp - fix hang when copying an empty file (#71649) 4 years ago
Matt Martz 48f12c14e9
AnsibleVaultEncryptedUnicode should be considered a string (#71609)
* AnsibleVaultEncryptedUnicode should be considered a string

* linting fix

* clog frag
4 years ago
Matt Martz 0cf4aabc55
Ensure we clean up if an exception kills strategy.run. Fixes #23958 (#71513) 4 years ago
Andrew Klychkov d398a4b4f0
file: module should warn in check_mode when path and owner/group don't exist (#69640)
* file: module must fail in check_mode when path and owner/group don't exist
4 years ago
Martin Krizek a3b954e5c9
Force template module to use non-native Jinja2 (#68560)
Fixes #46169
4 years ago
Matt Martz db98433e7a
Use InventoryManager for inventory_hostnames lookup (#71573)
* Use InventoryManager for inventory_hostnames lookup. Fixes #17268

* Add test for using patterns

* s/it's/its/

* Allow bypassing parse_sources in InventoryManager

* Remove unneeded method call
4 years ago
Rick Elrod db519bc17c
[tests] Bump container versions (#71518)
Change:
- This pulls in python 3.9.0rc1

Test Plan:
- CI, hopefully

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Matt Clay 98febab975 Use new endpoint for Parallels based instances. 4 years ago
Abhijeet Kasurde 159544610e
get_url: Handle same SHA sum for downloaded files (#71435)
Fixes: #71420

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Rick Elrod 9bea33ffa3
[dnf] ensure packages are gpg-verified (#71537)
Change:
- By default the dnf API does not gpg-verify packages. This is a feature
  that is executed in its CLI code. It never made it into Ansible's
  usage of the API, so packages were previously not verified.
- This fixes CVE-2020-14365.

Test Plan:
- New integration tests

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Martin Krizek d083307e36
Set global skipped result flag for looped tasks (#67847)
This allows for the skipped filter to be used on a registered looped
task results.

Fixes #16949
4 years ago
Matt Clay 2bbcbe99fd Support macOS 10.15 for ansible-test --remote.
Use of this new version is experimental, so it is not enabled in CI yet.
4 years ago
Martin Krizek 50f221c63e
Fix incorrect msg in the results dict in loops (#71482) 4 years ago
Matt Martz a1a624b150
Normalize how None is handled in quote filter. Fixes #32174 (#71473) 4 years ago
Matt Martz fdf5dd02b3
Updates for password hashing (#71120)
* Validate salt when using crypt. Respect salt_size in password lookup. Repair salt for bcrypt. Fixes #71107. Fixes #53750. Fixes #36129.

* Handle algorithms we don't know about, and make sure to return the salt

* Account for old passlib

* Add tests for salt constraints

* Add changelog fragment

* Add test for #36129
4 years ago
Martin Krizek 9792d631b1
_check_failed_state: always use the current/nested state (#71347)
Fixes #71306
4 years ago
Matt Clay f5b6df14ab
Fix ansible-test coverage traceback. (#71446)
* Add integration test for ansible-test coverage.

* Fix ansible-test coverage traceback.

* Fix coverage reporting on Python 2.6.
4 years ago
Jordan Borean 72a7cb4a2c
powershell - fix quoting values (#71411)
* powershell - fix quoting values

* Add ignore for smart quote skip
4 years ago
Jordan Borean 8897d7e2ff
powershell - fix nested CLIXML parser (#71412) 4 years ago
Jordan Borean 985ba187b2
psrp - use native copy mechanism (#71409)
* psrp - use native copy mechanism

* Fix sanity issues

* Split the bugfix and deprecation into separate changelog fragments
4 years ago
Matt Clay d099591964
Update ansible-test remote endpoint handling. (#71413)
* Request ansible-core-ci resources by provider.
* Remove obsolete us-east-2 CI endpoint.
* Add new --remote-endpoint option.
* Add warning for --remote-aws-region option.
* Update service endpoints.
* Allow non-standard remote stages.
* Add changelog fragment.
4 years ago
Brian Coca 6fedcaa3a6
added configurable dir for tree callback (#71348)
* added configurable dir for tree callback

 - allows usage in playbooks
 - also made errors more specific if bad dir is supplied
 - ensure we expand paths

* docfix
4 years ago
Abhijeet Kasurde 3f3bcbf05e
galaxy: Add examples for galaxy section in ansible.cfg (#70931)
Add example section for galaxy section in ansible.cfg

Fixes: #68402

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Sloane Hertel 1425e3597b
Allow meta tasks to use tags (#67508)
* Support tags for explicit meta tasks

Add --list-tasks tests for meta tags

Add breaking_changes changelog fragment and porting guide
4 years ago
Rick Elrod e5bb7b1a16
Add skip_reason to meta task skips (#71355)
Change:
- Make them more consistent with other tasks.

Test Plan:
- CI, new test

Tickets:
- Refs #71009

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Brian Coca f8aa307659
add extra vars to inventory plugins (#70970)
* add extra vars to inventory plugins
* disable by default for backwards compat
* also allow extra vars for options
4 years ago
Brian Coca f7ade8e61c
allow per conditonal item debugging (#70966)
* allow per conditonal item debugging
* offloaded a bit from _check_c
4 years ago
Tatsunori Uchino b87944926d
Improve proposed fix for bare variables (#70687)
* Make proposed fix for bare variables clearer

* Add changelog fragment
4 years ago
Rick Elrod ea58d7c233
Make it so callback plugins can act on implicit/explicit meta tasks (#71009)
Change:
- Now sends meta tasks to the task start callback
- Lets callback plugins opt-in to receiving implicit tasks

Test Plan:
- New integration tests

Tickets:
- Indirectly fixes #71007 by allowing custom callbacks with this data

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Abhijeet Kasurde 6d17736ef4
subelements: Clarify parameter docs (#71177)
skip_missing parameter in subelements lookup plugin is accepted from
inside the dictionary.

Fixes: #38182

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Sloane Hertel 88bfc7977d
Fix meta tasks used with --flush-cache (#71311)
* Remove incorrect code
4 years ago
David Shrewsbury f2f6c34632
Fix play stats when rescue block is a child block (#70922)
* check run state of current block only

* Add changelog and test

* Add test for issue 29047

* Fix for both tests

* blerg

* Change test messages

* fix tests

* Add multi-level block in rescue test case

* Add recursive rescue check and multi-level test

* Should probably run the new test

* ci_complete

* Merge new tests

* ci_complete
4 years ago
Matt Martz 6289570234
epoch can be a float with strftime filter. Fixes #71257 (#71314) 4 years ago
Matt Martz 9da880182b
Allow the TOML inventory to dump unsafe. Fixes #71307 (#71309) 4 years ago
Matt Martz 959af7d90b
Don't do conflict check on sdist and egg_info (#71310)
* Don't do conflict check on sdist and egg_info. Fixes #71279

* Add changelog

* adjust changelog PR link

Co-authored-by: Rick Elrod <rick@elrod.me>

* add warning about bdist_wheel

Co-authored-by: Rick Elrod <rick@elrod.me>
4 years ago
Edwin Hermans eb8b3a8479
get_url - Allow checksum file to be local file:// url (#71205)
This would be a partial solution for #69364 in that the SHASUMS file can be downloaded and gpg verified but then used from the downloaded location to verify the get_url's file.
* Make checksum url parsing more explicit

Use urlsplit to test if the checksum string has a (currently tested and) supported url scheme.

* Fix whitespace
* Changelog fragment
* Added tests
* Fix typo in test setup
4 years ago
Lorenzo Castelli a1a50bb3cd
systemd - supports new systemctl output message for chroot (#71197)
The message generated by systemctl has been updated in 9321e23c40, which requires a corresponding change in the systemd module.

In addition, this fixes the module when the SYSTEMD_OFFLINE environment variable is set.
4 years ago
Matt Martz 5821128995
Allow callbacks from forks (#70501)
* POC for supporting callback events that come from the worker

* linting fixes. ci_complete

* fix up units. ci_complete

* Try moving the sentinel put higher. ci_complete

* safeguards. ci_complete

* Move queue killing to terminate

* LINTING. ci_complete

* Subclass Queue, to add helper send_callback method

* Just use _final_q instead of adding another queue and thread

* Revert a few changes

* Add helper for inserting a TaskResult into the _final_q

* Add changelog fragment

* Address rebase issue

* ci_complete

* Add test to assert async poll callback from fork

* Don't use full path

* ci_complete

* Use _results_lock as a context manager

* Add new generic lock decorator, and use it with send_callback
4 years ago
Felix Fontein 9f72ff80e3
Redirect gluster modules to gluster.gluster. (#71240) 4 years ago
Florent PIGOUT 336c176ebc
Fix cron file regression (#71207) 4 years ago
Sam Doran 888be697cb
Revert "Change default file permissions so they are not world readable (#70221)" (#71231)
* Revert "Change default file permissions so they are not world readable (#70221)"

This reverts commit 5260527c4a.

* Revert "Fix warning for new default permissions when mode is not specified (#70976)"

This reverts commit dc79528cc6.
4 years ago
Matt Martz c59472715a
Add support for non-yaml EXAMPLES (#71184)
* Add support for non-yaml EXAMPLES

* Make pattern raw string

* fmt tag should be the first non-whitespace line

* Add changelog fragment
4 years ago
Martin Krizek b66d66027e
Skip literal_eval for string filters results in native jinja. (#70988)
Fixes #70831
4 years ago
Jordan Borean 3f22f79e73
Ensure -k is set to delegated hosts without a pass (#71136)
* Ensure -k is set to delegated hosts without a pass

* Fix up some broken tests

* Update task_executor.py

one possible fix, the other is updating winrm to normalize on 'password' like the other connection plugins

* Add alias for winrm and fix incorrect assumption

* Make sure aliases are used for keyword options

* Conditionally run test if sshpass is present, fix sanity

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
4 years ago
Matt Martz 410b6a7109
Update integration tests to support rpmfluff-0.6 (#71155) 4 years ago
Felix Fontein 050841324c
ansible-test: bump acme test container version to 2.0.0 (#71097) 4 years ago
David Shrewsbury 2f77606aa1
Add CVE reference to changelog for PR 70762 (#71151) 4 years ago
David Shrewsbury 6bf1dd428b
Update 70762 changelog to use security_fixes (#71124) 4 years ago
Rick Elrod 4e55b93613
virt facts: allow guest/host to have >1 virt tech (#70832)
Change:
- Allow systems to declare multiple virt techs. For example if a system
  is both a docker container, but virtualized on KVM, show both. If a
  system is set up to run virtualbox and KVM VMs, show both.

- This is done by introducing new facts keys:
  - virtualization_tech_guest
  - virtualization_tech_host

- Backwards compatibility is preserved by keeping track of the previous
  return-points and refusing to update those keys after we would have
  returned, but now returning them at the end, so that the new keys can
  accumulate their data.

Test Plan:
- Local
- CI

Tickets:
- Refs #66304
- Refs #17151
- Refs #17058
- Probably others

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Felix Fontein fc83055425
Fix changelog fragment type. (#70902) 4 years ago
Toshio Kuratomi fb144c4414
Update ansible doc formats (#71070)
* Fix tty_ify bugs and refactor

* Move tty_ify() and supporting attributes to the DocCLI class as that's
  the only thing using it.
* Add unittest for the code.
* Fix a bug where the substitution macros can be detected when they are
  a part of another word.
* Add support for L(), R(), and HORIZONTALLINE which were added to the
  website docs many years ago.

* Update test/units/cli/test_doc.py

Co-authored-by: Matt Clay <matt@mystile.com>

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Brian Coca 662d34b9a7
add jinja2 global to reserved names (#71088)
* add jinja2 global to reserved names

  also allow expansion by additional context provided from caller

  fixes #41955

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Jordan Borean aab9beccf7
Remove ANSIBLE_COLLECTIONS_PATHS dep warning (#71094) 4 years ago
Rick Elrod 0d7c144ce4
Allow macOS ACLs to work for unpriv -> unpriv (#70785)
Change:
- Use `chmod +a` in the fallback chain to allow MacOS to use ACLs to
  allow an unprivileged user to become an unprivileged user.

Test Plan:
- CI, new tests

Tickets:
- Fixes #70648

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod 810a9a5593
find: Allow reading whole file for contains regex (#71083)
Change:
- Add a parameter `read_whole_file` which allows for reading the whole
  file when doing a `contains` regex search.
- This allows for (for example) matching a pattern at the very end of
  a file.

Test Plan:
- New integration tests

Tickets:
- Fixes #63378

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Martin Krizek 5ca3aec3c4
native types: properly handle Undefined in nested data (#68432) 4 years ago
Jordan Borean f6b3b4b430
ansible-galaxy - fix download for subdirs in SCM (#71005) 4 years ago
Felix Fontein 4bd7580dd7
Fix fortimanager httpapi redirect (#71073)
* The fortimanager httpapi plugin is in fortinet.fortimanager, not in fortinet.fortios.

* Add changelog fragment.
4 years ago
Matt Davis 86b6c4bbb6
fix collection package root location under pytest >=6.0.0 (#70963) 4 years ago
Rick Elrod 7f62a9d7b5
Make cache adjudicator's flush call plugin flush (#70987)
Change:
- Previously CachePluginAdjudicator#flush only removed entries from the
  cache backend that it knew about by using them earlier. Now it calls
  the underlying plugin's flush() method.

Test Plan:
- New unit tests

Tickets:
- Fixes #68770

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Sloane Hertel 991714b9d1
copy - redact 'content' from invocation in check mode (#71033)
* sanitize copy module invocation secrets in check mode
4 years ago
Rick Elrod 74c14c6743
Strip spaces in module names in explicit actions (#71040)
* Strip spaces in module names in explicit actions

Change:
- When an action is called like "action: copy foo=bar", strip spaces
  around the action name.
- This allows "action: copy        foo=bar" to work as expected.

Test Plan:
- New integration tests

Tickets:
- Fixes #62136

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Martin Krizek bf7276a4e8
Emit proper error for `x in y` when y is undefined (#70990)
Fixes #70984
4 years ago
Philip Douglass ac5f3f8bef
unarchive - Check 'fut_gid' against 'run_gid' in addition to supplemental groups (#65666)
Add integration tests for unarchiving as unprivileged user
Break tasks into separate files for easier reading and maintenance

Create a user by specifying a default group of 'staff' for macOS.

The user module does not actually remove the user directory on macOS,
so explicitly remove it.

Put the removal tasks in an always block to ensure they always run

Co-authored-by: Philip Douglass <philip.douglass@amadeus.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Abhijeet Kasurde e139739ab3
iptables: Add a note about ipv6-icmp (#70915)
ipv6-icmp ping is valid protocol and adding note about
it in protocol parameter.

Fixes: #70905

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Sloane Hertel 54e2ae79e7
fix downloading collections in git repos and tar.gz artifacts (#70524)
* Fix downloading tar files

* Fix downloading SCM collections

* changelog
4 years ago
Sam Doran e6bf202738
linux facts - return proper broadcast address (#64528)
* linux facts - return proper broadcast address

Check that the value being returned is actually a broadcast address

* Add tests

* Cleanup tests
4 years ago
Sam Doran c4f442ed5a
facts - fix incorrect time for some date_time_facts (#70665)
The iso8601_micro and iso8601 facts incorrectly called now.utcnow(), resulting
in a new timestamp at the time it was called, not a conversion of the previously
stored timestamp.

Correct this by capturing the UTC timestamp once then calculating the local
time using the UTC offset of the current system.

* Use time.time() for getting the current time
* Convert from that stored epoch timestamp to local and UTC times
* Used existing timestamp for epoch time
* Add unit tests that validate the formate of the return value rather than an exact value since mocking time and timezone is non-trivial
4 years ago
Matt Clay 2e0097ada3 Fix ansible-test relative import analysis. 4 years ago
Sam Doran dc79528cc6
Fix warning for new default permissions when mode is not specified (#70976)
Follow up to #70221
Related to #67794
CVE-2020-1736

When set_mode_if_different() is called with mode of 'None', ensure we issue
a warning about the change in default permissions.

Add integration tests to ensure the warning works properly.

* Fix tests
- actually use custom module 🤦‍♂️
- verify file permission on created files
- use remote_tmp_dir so we're ready for split controller
- improve test module so we can skip the call to set_fs_attributes_if_different()
- fix tests for CentOS 6
4 years ago
Jordan Borean b1cb2553af
ansible-galaxy - fix fallback for AH searches (#70957) 4 years ago
Sam Doran a24f51d9e5
package - use existing list of package manages from facts (#70920) 4 years ago
Sam Doran 73a9ad9aea
ansiballz - remove deprecated excommunicate command (#70921) 4 years ago
Rick Elrod 20a7476064
git: verify, only use --raw when we need it (#70900)
Change:
- Allow older git to verify tags again
- Enable verification tests everywhere, even if most of them only work
  on newer git. Some of them work on older git and they test the --raw
  parameter.

Test Plan:
- Re-enabled subset of git tests

Tickets:
- Fixes #64469

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Brian Coca f9c3c6cba6
Allow changed/failed mgmt on strategy actions (#70919)
* Allow changed/failed mgmt on strategy actions
4 years ago
Matt Clay 3a8ac62596 Cap pytest version to avoid relative import issue. 4 years ago
Rick Elrod c19a10e13a
RHEV virt facts: Detect vdsmd in addition to vdsm (#70901)
Change:
- Look for the `vdsmd` process in addition to `vdsm` as before.

Tickets:
- Fixes #66147

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod 7d32129efb
[dnf] show installations/removals in check_mode (#70892)
Change:
- Previously, we only showed that something would have changed, not what
  would have changed. This allows us to show what will chang as well.

Test Plan:
- Local RHEL8 VM
- New integration tests

Tickets:
- Fixes #66132

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Felix Fontein 7e2cc7db12
validate-modules: fix version_added validation for top-level, fix error codes (#70869)
* Also validate top-level version_added.

* Fix error code.

* Produce same version_added validation error in schema than in code (and stop returning it twice).

* Return correct error codes for invalid version_added for options and return values.

* Add changelog.

* Fix forgotten closing braket.

* Accept 'historical' for some top-level version_added.
4 years ago
Matt Davis 45c2eb6c0a
lineinfile - fix broken exception handling (#70846)
* prevent (ExceptionType) is not subscriptable errors
* tweak error message and use text conversion
* add to_text import
4 years ago
Rick Elrod be4be926c4
subversion Give subversion module a validate_certs option (#70890)
* Give subversion module a validate_certs option

Change:
- Add `validate_certs` option to subversion module. Defaults to off for
  backwards compatibility.

Tickets:
- Fixes #22599

Signed-off-by: Rick Elrod <rick@elrod.me>

* Update changelogs/fragments/22599_svn_validate_certs.yml

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>

* test verify_certs codepaths

Signed-off-by: Rick Elrod <rick@elrod.me>

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
fosslinux 4cc4cebc97
reboot - fix Void Linux (#70704)
Add entry for appropriate commands for Void Linux
4 years ago
Amin Vakil 9d2982549d
dnf: Add nobest option (#70318)
* dnf: Add nobest option

* dnf: Fix indent, add nobest specifically to dnf not yum

* Add changelog for dnf: add nobest option

* dnf: Add nobest to yumdnf module argument_spec

* dnf: remove nobest from module paramaters in yumdnf.py

* dnf: Add test for nobest option

* dnf: Cleanup packages in nobest test at last

* dnf: Cleanup manually added repos in nobest test at last

* dnf: Remove dnf-plugins-core as well in nobest test

* dnf: Change nobest release version to 2.11

* Change changelog number according to change in PR number

* Change changelog number according to change in PR number
4 years ago
Brian Coca 1223ce656a
reset logging to INFO (#70878)
- due to CVE-2019-14846
 - also added comments and test to avoid 'oportunistic' reversion
4 years ago
Mykola Grygoriev 953aa26286
Get serial number of NVMe device without sg_inq (#70284)
* Get serial number of NVMe device without sg_inq

* Add changlelog for #70284

* Use get_file_content() to get serial number from a file
4 years ago
Rick Elrod 21ac550828
virtualization facts: check /dev/kvm as a fallback (#70829)
Change:
- On Linux, there are situations where a host might be a KVM host but
  not have the kernel module enabled (it might be compiled in instead).
  In these cases, /dev/kvm will still exist, and rather than reporting
  NA, we should report that the host is a KVM host.

Test Plan:
- Local

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Jordan Borean 5e1a968983
Do not add connection vars to the output results (#70853)
* Do not add connection vars to the output results

* Also revert the delgated scenario JIC

* Added regression test
4 years ago
Matt Davis 4c0af6c808
fix internal cases of actions calling unqualified module names (#70818)
* fix internal cases of actions calling unqualified module names

* add porting_guide entry
* misc other fixes around action/module resolution broken by redirection

ci_complete

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* address review feedback

* pep8

* unit test fixes

* win fixes

* gather_facts fix module args ignores

* docs sanity

* pep8

* fix timeout test

* fix win name rewrites

Co-authored-by: Rick Elrod <rick@elrod.me>
4 years ago
Abhijeet Kasurde e439194c8c
basic: Add name of aliases in error message (#69427)
With this patch, user will be notified with available aliases
of arg parameter.

Fixes: #58752

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Sam Doran 5260527c4a
Change default file permissions so they are not world readable (#70221)
* Change default file permissions so they are not world readable

CVE-2020-1736

Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.

A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.

- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions
4 years ago
David Shrewsbury bf98f031f3
Sanitize URI module keys with no_log values (#70762)
* Add sanitize_keys() to module_utils.

* More robust tests

* Revert 69653 change

* Allow list or dict

* fix pep8

* Sanitize lists within dict values

* words

* First pass at uri module

* Fix insane sanity tests

* fix integration tests

* Add changelog

* Remove unit test introduced in 69653

* Add ignore_keys param

* Sanitize all-the-things

* Ignore '_ansible*' keys

* cleanup

* Use module.no_log_values

* Avoid deep recursion issues by using deferred removal structure.

* Nit cleanups

* Add doc blurb

* spelling

* ci_complete
4 years ago
Brian Coca 84adaba6f5
Allow hostvars delegation (#70331)
* ensure hostvars are available on delegation
* also inventory_hostname must point to current host and not delegated one
* fix get_connection since it was still mixing original host vars and delegated ones
* also return connection vars for delegation and non delegation alike
* add test to ensure we have expected usage when directly assigning for non delegated host
4 years ago
Nathaniel Case 06a4fc2833
Document existing ansi_re sequences and add `ESC[m` (#70683)
* Document existing ansi_re sequences and add `ESC[m`

* Add changelog
4 years ago
Abhijeet Kasurde 8cccede0d4
basic: use PollSelector implementation (#70352)
Some platform such as ESXi does not implement EpollSelector,
which is selected by DefaultSelector. Use SelectSelector which is
based upon 'select' implementation. This works perfectly with
a platform like VMware ESXi.

Fixes: #70238

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Matt Martz 96b74d3e0b
Ensure single vaulted values aren't counted as sequences. Fixes #70784 (#70786) 4 years ago
Baptiste Mille-Mathias 0ead4306a8
user - Create home and parent directories only when requested (#70600)
The home user and the parents directories should only be created when
create_home == True
4 years ago
psi / Ryo Hirafuji 5ce47646ad
cron - Allow non-ascii (UTF-8) chars in cron file paths and jobs (#70426)
* Encode/Decode files in UTF-8
* Use helper function in ansible
* Add an integration test
* Use emoji in test data.
* add changelog
* Also support non-ascii chars in filepath and add tests about this.
* Also use non-ascii chars in replaced text and ensure not to break cron syntax.
* rename self.existing to self.n_existing
* rename crontab.existing to crontab.n_existing
4 years ago
Abhijeet Kasurde 4f96f9826c
distribution: Add support for DragonFly (#70748)
partially fixes #43739

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Rick Elrod 69472a5f8d
Refactor _fixup_perms2 to remove way-nested logic (#70701)
Change:
- Refactoring to make it harder to get wrong and easier to read.
- Generalize become_unprivileged tests and fix some that never worked
  but also never failed.

Test Plan:
- CI, new units/integration tests

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Matt Martz eb06488e1d
Remove preview status from TOML inventory (#70770) 4 years ago
Brian Kohles 77d0effcc5
Fix missing quoting for remote_tmp in second mkdir of shell module. Issue #69577 (#69578)
* Fix missing quoting for remote_tmp in second mkdir of shell module. Issue #69577

* adding changelog

* fixing typo in changelog entry

* adding test case

Adding test case written by bmillemayhias.

* using $HOME instead of ~

* fixing commit measage

* Update 69578-shell-remote_tmp-quoting.yaml

Co-authored-by: Brian Kohles <me@briankohles.com>
4 years ago
Abhijeet Kasurde 84b4387702
debconf: add a note about no_log usage (#70738)
debconf module exposes sensitive information to logs, console.
Add a note to user about using no_log=True to hide such
information from console.

Fixes: #32386

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Sloane Hertel 2811d9486f
Update default from True to False for CONDITIONAL_BARE_VARS (#70709)
ci_complete
4 years ago
Matt Martz f90aa5599f
Don't treat empty excludes as a match. Fixes #70640 (#70710) 4 years ago
Eduard Rozenberg 566c5e6ce1
Handle Slackware OS version strings containing a plus (“+”) (#68142)
A couple of years ago Slackware -current began using a plus (“+”) at the end of the distribution version string to indicate a future version work-in-progress.

Rearrange distribution_files unit tests to easily support more tests
  - add conftest with common fixtures 
  - use parametrize for testing multiple scenarios

* Add changelog
* Add unit tests for Slackware distribution parsing
* Use correct fixtures for Slackware
Data comes from /etc/slackware-version

Co-authored-by: Sam Doran <sdoran@redhat.com>
Co-authored-by: <Eduard Rozenberg <eduardr@pobox.com>>
4 years ago
Jordan Borean 154efd97f2
win async - use full path for powershell (#70703) 4 years ago
Matt Davis c616e54a6e
refactor Python module_utils locator (#70610)
* refactor Python module_utils locator

* no longer recursive
* embed special-case module code internally
* share common code between collections/not cases
* fixes #70134
* properly support subpackage redirection
* adds support for FQCN redirect targets used by migration (expands to FQ Python name)
* add tests

* add changelog
4 years ago
Abhijeet Kasurde 055871cbb8
api: time.clock compatible code (#70650)
time.clock is removed in Python 3.8. Add time.clock
compatible code.

Fixes: #70649

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Rick Elrod 4a735adc21
fix typo in changelog (#70673)
Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Sam Doran 9d27d7c8b1
ansible_runner test - Add constraints (#70667)
A recent updated to psutil, which is a dependency of ansible-runner, fails
to install on older versions of pip.

Commit with the breaking change:

  135628639b
4 years ago