* Restore role attributes.
* Add a deprecation warning for role argument specs containing attributes
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
When using winrm over HTTP with message encryption enabled and a task
has timed out the connection plugin will fail to cleanup the WinRM
command. This will change that exception into a warning as a timeout is
already an exception event and a failure to clean the operation should
not override the timeout error shown.
* Allow check mode async task disabling check_mode
Allows running an async task with check_mode: False when the playbook is
being run in check mode.
* Add check_mode attribute to internal cleanup task
* install recommended packages while installing deb files and
install_recommends is set to true.
Fixes: #29726
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* use copystat to copy as many attributes as possible before os.rename
update unit test mocks for updated method of attribute preservation
add integration test for lineinfile case
remove erroneous `- meta: end_play` from lineinfile test suite
* add keep_dest_attrs parameter to control whether src attributes are
copied initially, and for existing destinations, whether the src is
updated using the dest before being renamed
consolidate with copy unsetting extended attrs
ci_complete
Enable file cache for vaulted host_vars_files vars plugin
* fixes#81994
* Changed cache arg from bool to str to allow 'vaulted' only file cache
* removed unused used var
---------
Co-authored-by: Steffen Oschatz <so@ypsilon.net>
Until ansible-core 2.12 the facts cache file created by this module, have permission set as 644 which allows the other users to read the cache, since ansible-core 2.13, we create the temporary file, but we do not set the permission after renaming the temporary file. Adding the line to set the permission to allow other users/groups to read this file.
* added integration test for issue 82611 regarding discrepency between apt-get clean and ansible.builtin.apt: clean
* fixed new line issue
* Implementation of bug fix for 82611
Fixed discrepancy in behaviour between apt-get clean and its equivalent ansible.builtin.apt: clean=True
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
---------
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
* added integration test for issue 82655 regarding ansible_loop_var and ansible_index_var inside included yml
* ensure correct handling of ansible_loop_var and ansible_index_var inside ansible builtin include_tasks Co-authored-by: Matt <matt@sivel.net>
* added changelog
* fixed new line issue
* Handle error raised when argument validation with elements=int
and value is not within choices
Fixes: #82776
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
If the connection plugin fails to write the data to run to stdin we will
only attempt to get the output with one operation attempt. If this times
out we will consider the command to have failed and raise an exception
instead of forever attempting to get the output.
Additionally, this patch takes care of installing GPG within the
`ansible-galaxy-collection` test when running under macOS 14 and higher.
PR #82697
ci_complete
allow extra vars when templating j2 files in the skeleton, for example:
ansible-galaxy init --role-skeleton /path/to/skeleton --extra-vars @/path/to/vars_file.yml newrole
ansible-galaxy init --extra-vars "min_ansible_version=2.17.0" newrole
Extend the wordings in warning if the reserved keyword _ansible_
is used as a module parameter.
Fixes: #82514
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Jordan Borean <jborean93@gmail.com>
The ``validate-modules`` sanity test no longer attempts to process files with unrecognized extensions as Python.
Integration tests have been added to verify Python-specific checks do not apply to these files.
The `invalid-extension` and `missing-gplv3-license` checks still apply to these files. This may change in the future.
* Allow subdirectories with import_role _from options
Add tests that tasks_from is restricted to the role
Note that a task like:
- import_role:
name: role
tasks_from: tasks/entrypoint.yml
will now load tasks from "{{ role_path }}/tasks/tasks/entrypoint.yml"
instead of "{{ role_path }}/tasks/entrypoint.yml". This change in
behavior matches include_role.
* better test case (filename doesn't match one in tasks/)
Fixes#82584
best/nobest options are one of the options whose default values are set
by an OS distribution. For example in our CI, both Fedora and RHEL set
the best option to different default values. As such we should defer to
the distributions for the default value and not change it by default but
if users wish to change it they can do so explicitly.
Currently the dnf module sets the nobest option inconsistenly and not for
all cases. This patch fixes that to reflect the behavior described
above. In addition adding the best option for both dnf and dnf5 modules
since the best option is prefer to nobest in dnf while in dnf5 nobest is
completely removed in favor of best.
Fixes#82616
* prettify ansibile-doc output
delimiters when no color
avoid triggering color mode for existing tests
all use _format to observe nocolor
more v more info
imporoved conditional display
updated version on -v
normalize role errors
expand role data, dedupe code, fix formatting on warning
fix bug with galaxy info
role list improvements:
lists all roles (even w/o meta/argspec)
specs now indented under role
role only listed once
Updated tests to reflect format changes
Co-authored-by: Felix Fontein <felix@fontein.de>
Jinja may generate an invalid Python source code from a template. Trying
to compile such source code into a Python code object results in
SyntaxError being thrown. An example of such a template is providing the
same keyword argument into a lookup twice, resulting in:
`SyntaxError: keyword argument repeated`.
Since `jinja2.exceptions.TemplateSyntaxError` does not cover such a
case, as it is not a Jinja parsing error, we need to catch SyntaxError
explicitly ourselves.
Fixes#82606
* Fix loading legacy vars plugins when the plugin loader cache is reset
* Remove extra cache layer by ensuring vars plugin names are cached (stateless or not) so that the plugin loader cache can double as the load order
Prior to this commit, it was impossible to use a module like dnf with a
URL that contains a username with an @ such as an email address
username, because:
dnf:
name: https://foo@example.com:bar@example.com/some.rpm
Would cause netloc parsing to fail. However, the following:
dnf:
name: https://foo%40example.com:bar@example.com/some.rpm
Would also fail because ansible would *not* URL-decode the credentials,
causing the following to be base64 encoded in the Authorization header:
Zm9vJTQwZXhhbXBsZS5jb206YmFyCg==
Which decodes to:
foo%40example.com:foo
Which is *not* the authorized username, and as such, *won't* pass basic
auth.
With this commit, Ansible's url lib behaves like curl, chromium, wget,
etc, and encodes the above to:
Zm9vQGV4YW1wbGUuY29tOmJhcgo=
Which decodes to:
foo@example.com:bar
Which will actually pass the HTTP Basic Auth, and is the same behaviour
that you will find ie. with:
curl -vvI https://foo%40bar:test@example.com 2>&1 |grep Auth | awk '{ print $4 }'
This moves handling of callbacks and play recap stats from
_load_included_file to individual strategies so include_role tasks are
accounted for, not just include_tasks.
Fixes#77336
* uri: Two tests that demonstrate missing handling of the "force" parameter
Add unit and integration tests that demonstrate that the uri module is not
handling the "force" parameter.
The unit test demonstrates that when "force" is present in the module parameters,
it is not being passed through to fetch_url().
The integration test demonstrates that "force" does not disable caching as
documented, and calls with a "dest" parameter that points to an existing file
can result in a "304 Not Modified" response.
* uri: Handle the "force" parameter properly
The uri module documents a "force" parameter that can be used to disable caching.
The module accepted the parameter but didn't pass it through to the fetch_url() method
which implements the logic to handle setting the appropriate headers for disabling
caching. This change passes the "force" parameter through as expected, allowing caching
to be disabled when requested by the module caller.
* when doing a 'contains' search, determine the encoding of the files to be searched
* set default encoding to None for backwards compatibility
* changelog, error handling, tests added
* add sanity ignore.txt for non-utf-8 test
* Changes as suggested by sivel
* Add changelog fragment and tests
Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
When ansible-test installs requirements, it now instructs pip to allow installs on externally managed environments as defined by PEP 668.
This only occurs in ephemeral environments managed by ansible-test, such as containers,
or when the `--requirements` option is used.
* Remove role name conversion based on whether the repo name starts with
ansible-role
This was added in 2.3 to match the Galaxy ui behavior of truncating the
'ansible-role-' prefix automatically, but the new backend requires an
alternate name to be provided or defined in the ``galaxy_info``
metadata.
Roles that were imported using the ansible-role-$name convention will
need to use ``--role-name`` or add ``role_name`` to the ``galaxy_info``
dictionary in ``meta/main.yml``.
changelog
* Update changelogs/fragments/fix-default-ansible-galaxy-role-import-name.yml
* Update changelogs/fragments/fix-default-ansible-galaxy-role-import-name.yml
Co-authored-by: flowerysong <junk+github@flowerysong.com>
---------
Co-authored-by: flowerysong <junk+github@flowerysong.com>
* deb822_repository: handle idempotency
Sort the parameters in order to handle idempotency
Fixes: #82454
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Deprecate `required` param in get_bin_path
* The parameter `required` in process.get_bin_path API
is deprecated. Will be removed in 2.21
Fixes: #82464
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
* Add the task info for tombstoned plugins
* Fix deprecation for 'include' by removing it from BUILTIN_TASKS which skip the plugin loader lookup
* changelog
remove obsolete unit test using 'include'
* Update changelogs/fragments/improve-tombstone-error.yml
* Various fixes to roles
- static property is now properly set
- role_names and other magic vars now have full list
- role public/private var loading is now done when adding to play.roles instead of on each var query
- added tests
Co-authored-by: Felix Fontein <felix@fontein.de>
* plugin config, ensure set_option correctly casts
until now we relied on plugin author getting the right type, now
the config system itself will process as it would for set_options
* lookups, make file searching use better is_role
The dwim function will internally try by detecting tasks/main['','.yml','.yaml]
but this is far from optimial, the existince of role path in vars is much better
indicator that we can use to pass a hint
* updated test to avoid main.yml
Set the tarfile attribute to a normalized value from unfrackpath instead
of validating path parts and omiting potentially invald parts
Allow tarfile paths/links containing '..', '$', '~' as long as the
normalized realpath is in the tarfile's role directory
* apt_repository: Do not convert symlink repo to a normal file
* module manually writes to repo files. If the file is a symlink
module used to re-write and convert a symlink to a normal file.
This fix tracks the symlink and keeps the changes intact.
Fixes: #49809
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* ValueError exception is raised when Null Character is sent
to syslog.syslog with Python 3.12.
* Handle this error gracefully instead of stacktrace
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This replaces the regex based check previously used within the validate-modules sanity test.
NOTE: The pylint check overlaps with a similar check for pep8.
Both are used, since the pep8 based check is more nuanced than the one in pylint.
For example, allowing `is` checks, but not `==` comparisons.
If the pylint check is ignored, the pep8 check would still be relevant.
* Remove unused argument in call to build_vault_ids
* Remove obsolete build_vault_ids tests
* Change tests to account for argument removal
* Remove redundant test
TLS 1.3 adds a different method it can use to request a client
certificate after the handshake but Python does not allow this by
default. This commit sets the attribute needed to enable this scenario
when using client certificates on Python 3.8+, 3.7.1+.
* dont warn about using a yescrypt hash as password
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* add changelog
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* add yescrypt test
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
---------
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
* Fix locale related parsing error in git.py
This fixes the issue found at https://github.com/ansible/ansible/issues/77213 which got introduced by changing over to "best parseable locale" approach, but missing out the requirement of locales other than `L` having to have `LANGUAGE` specified as well. For further details, check this post within the issue discussion: https://github.com/ansible/ansible/issues/77213#issuecomment-1446919617
* Add changelog
Create 81931-locale-related-parsing-error-git.yml
Also update tests to support the format on modules/plugins
Co-authored-by: Brian Scholer <1260690+briantist@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Python 3.10 is the minimum version on the controller, and it requires openssl 1.1.1 or later.
As a result, there's no need to check the openssl version any longer.
Adds an option that can have an action plugin tell the module to ignore
options that do not fit its arg spec. This is to enable support for core
running modules that exist outside of the collection that may not be new
enough to support some of the options supplied to it.
* Reword the error message when the module fails to parse parameters
in JSON format
* misc typo fixes
Fixes: #81188
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Improve host_group_vars efficiency:
* normalize the basedir with `os.path.realpath()` once and cache it
* cache missing paths/files
* reduce the calls to `isinstance`
Add a couple more general improvements in vars/plugins.py get_vars_from_path():
* call `PluginLoader.all()` once for vars plugins and reload specific
plugins subsequently
* don't reload legacy/builtin vars plugins that are not enabled
Add a test for host_group_vars and legacy plugin loading
Co-authored-by: Matt Davis <mrd@redhat.com>
* changelog
* Add a new is_stateless attribute to the vars plugin baseclass
update integration tests to be quieter and use the same test pattern
Fix deprecation and adjust test that didn't catch the issue (deprecation only occured when the value was False)
move realpath cache to host_group_vars (do not smuggle call state as instance data)
refactor under a single 'if cache:' statement
Call os.path.isdir instead of always calling os.path.exists first. Just call os.path.exists to differentiate between missing and non-directory.
remove call to super(VarsModule, self).get_vars()
use the entity name as the cache key instead of variable location
Remove isinstance checks and use a class attribute just in case any plugins are subclassing Host/Group
Replace startswith by checking index 0 of the name instead, since host/group names are required
* rename is_stateless to cache_instance to make it more clear what it does
* add plugin instance cache using the path to plugin loader
reduce loading stage option if a new instance isn't created
don't require a known subdir on PluginLoader instantiation for backwards
compatibility
rename attribute again
contain reading from/initializing cached instances to a plugin loader method
* Deprecate v2 vars plugins
* Refactor to use the cache in existing plugin loader methods
Rename the attribute again
Refactor host_group_vars with requested changes
Make changelog a bugfixes fragment
Add a deprecation fragment for v2 vars plugins.
Add type hints
* unbreak group_vars
* Apply suggestions from code review
* misc tweaks
* always cache instance by both requested and resolved FQ name
* add lru_cache to stage calculation to avoid repeated config consultation
* handle KeyError from missing stage option
---------
Co-authored-by: Matt Davis <mrd@redhat.com>
When templating tags (which happens outside of standard `post_validate`) we
need to template each object in the inheritance chain and set the templated
values on those objects individually. That way when `task.tags` is called the
`extend` functionality properly picks up the templated values of all
parents into one flatten list.
Fixes#81053
revert to previous behavior to push vars to play at compile time
add `public` parameter to allow per import control of exporting (vs just the global config)
Co-authored-by: tchernomax <maxime.deroucy@gmail.com>
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
Provide more information about plugin usage which needs to be
used instead of the deprecated plugin in the deprecation message.
Fixes: #80561
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* ansible-galaxy fix scm dependency error
also changed usage of 'virtual colleciton' to actual type
avoid error by filtering out virtual collections that dont have
expected properties
simplified as per webknjaz
* Update lib/ansible/galaxy/collection/__init__.py
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Make sure paths are correct when building collection files manifest
This commit makes sure the path of the files part of
the collection build manifest are correct.
This commit uses os.path.commonprefix instead of
dealing with strings.
Signed-off-by: Carlos Camacho <ccamacho@redhat.com>
Bugfix Pull Request
Fixes: #81618
* Revert the change note type to `minor_changes`
* Clarify the change note with user-oriented details
---------
Signed-off-by: Carlos Camacho <ccamacho@redhat.com>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
PR #81606.
Prior to this patch, when `--pre` CLI flag was not passed, the
dependency resolver would treat concrete collection dependency
candidates (Git repositories, subdirs, tarball URLs, or local dirs or
files etc) as not meeting the requirements.
This patch makes it so pre-releases in any concrete artifact
references, and the ones being specifically pinned dependencies or
user requests, met anywhere in the dependency tree, are allowed
unconditionally.
This is achieved by moving the pre-release check from
`is_satisfied_by()` to the `find_matches()` hook, following the
Pip's example.
As a bonus, this change also fixes the situation when a collection
pre-releases weren't considered if it didn't have any stable releases.
This now works even if `--pre` wasn't requested explicitly.
Finally, this patch partially reverts commit
6f4b4c345b, except for the tests. And it
also improves the `--pre` hint warning to explain that it mostly
affects Galaxy/Automation Hub-hosted collection releases.
Ref #73416
Ref #79112Fixes#79168Fixes#80048Resolves#81605
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
* Symlinks in the collection might be pointing to non-existent
targets. Check and report the failure to the user.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* when --diff is used with content parameter, print destination
path instead of temporary file path.
Fixes: #79749
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* If all tasks in the role are skipped or unreachable, the role is not marked as complete for the host.
* Only mark the role as complete if a task in the role succeeds or fails for the host.
The `handler_templar` in `StrategyBase._process_pending_results` was
used for templating handler names which is no longer the case. Now it is
only used for templating `changed_when`/`failed_when`. To prevent
re-creating templars each time results are processed, just create it
on-demand when whens are processed.
* Before performing shredding the original file, check if the
destination file location is writable or not. This will
prevent corruption of original file.
Fixes: #81455
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add type hints to ansible.utils.display::Display
Fixes#80841
* Avoid circular import
* Fix sanity
* type hint some of the functions of the module?
* Fix units
* Not sure about this
* Fix some of the issues from reviews
* Add changelog
* ...
* Update lib/ansible/utils/display.py
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* remove py2 boilerplate
---------
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Python 3.11.4 introduces a new parameter 'filter' in extract and
extractall in tarfile. Handle deprecation warning message emitted
in Python 3.12.
* added probing mechanism in ansible-galaxy code to detect broken
data filter implementation in tarfile.
Fixes: #80832
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Matt Clay <matt@mystile.com>
Improves the error checking when running PowerShell modules using
Ansible.ModuleUtils.Legacy. It will only return an rc of 1 if both the
PowerShell module runner signalled an error occurred and those error
records were present in the output. This should reduce some false
positive errors when using the older module style.
* apt: ignore fail_on_autoremove and allow_downgrade when using aptitude
* fail_on_autoremove (--no-remove) and allow_downgrade (--allow-downgrades)
parameters are only valid for apt-get and not for aptitude. Ignore them when
aptitude is detected and used.
Fixes: #77868