Commit Graph

2288 Commits (6e3271aa61bae4b9e4b51801cfe2723bdd7298cc)

Author SHA1 Message Date
Rick Elrod 6e3271aa61
[stable-2.10] Revert default mode changes (#71260)
* Revert "[stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)" (#71236)"

This reverts commit c968020d52.

* Revert "Remove porting guide entry related to reverted change (#71242)"

This reverts commit 006a21eae2.
4 years ago
Sam Doran c968020d52
[stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)" (#71236)
* [stable-2.10] Revert "Fix warning for new default permissions when mode is not specified (#70976) (#70985)"

This reverts commit 5cb96087e6.

* [stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)"

This reverts commit 7e4cffc5d2.
4 years ago
Rick Elrod 4b03d898f3
Update integration tests to support rpmfluff-0.6 (#71155) (#71159)
Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Rick Elrod a187613da8
Add CVE reference to changelog for PR 70762 (#71151) (#71156)
Co-authored-by: David Shrewsbury <Shrews@users.noreply.github.com>
4 years ago
Rick Elrod 3900f82d00 New release v2.10.0rc4 4 years ago
Sloane Hertel 9f4748cb2d
fix downloading collections in git repos and tar.gz artifacts (#70524) (#71000)
* Fix downloading tar files

* Fix downloading SCM collections

* changelog

(cherry picked from commit 54e2ae79e7)
4 years ago
Sam Doran 719c40bfdf
[stable-2.10] facts - fix incorrect time for some date_time_facts (#70665) (#70996)
* [stable-2.10] facts - fix incorrect time for some date_time_facts (#70665)

The iso8601_micro and iso8601 facts incorrectly called now.utcnow(), resulting
in a new timestamp at the time it was called, not a conversion of the previously
stored timestamp.

Correct this by capturing the UTC timestamp once then calculating the local
time using the UTC offset of the current system.

* Use time.time() for getting the current time
* Convert from that stored epoch timestamp to local and UTC times
* Used existing timestamp for epoch time
* Add unit tests that validate the formate of the return value rather than an exact value since mocking time and timezone is non-trivial
(cherry picked from commit c4f442ed5a)

Co-authored-by: Sam Doran <sdoran@redhat.com>

* Remove tests for tz_dst since that only exists in newer versions
4 years ago
Matt Clay b764d381f0
[stable-2.10] Fix ansible-test relative import analysis. (#70993)
(cherry picked from commit 2e0097ada3)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Akira Yokochi abfedb06c3
default_callback: Move 'check_mode_markers' in doc_fragments (#70228) (#70989)
Callback plugin dense, yaml, and debug implement 'check_mode_markers'
so moving documentation to default callback doc_fragments.

Fixes: https://github.com/ansible-collections/community.general/issues/565

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 4885ebad27)

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Sam Doran 5cb96087e6
Fix warning for new default permissions when mode is not specified (#70976) (#70985)
Follow up to #70221
Related to #67794
CVE-2020-1736

When set_mode_if_different() is called with mode of 'None', ensure we issue
a warning about the change in default permissions.

Add integration tests to ensure the warning works properly.

* Fix tests
- actually use custom module 🤦‍♂️
- verify file permission on created files
- use remote_tmp_dir so we're ready for split controller
- improve test module so we can skip the call to set_fs_attributes_if_different()
- fix tests for CentOS 6

(cherry picked from commit dc79528cc6)
4 years ago
Jordan Borean a8217f1bd4
ansible-galaxy - fix fallback for AH searches (#70957) - 2.10 (#70980)
* ansible-galaxy - fix fallback for AH searches (#70957)

(cherry picked from commit b1cb2553af)

* Fix tests after backport
4 years ago
Brian Coca a75b3601d9
Allow changed/failed mgmt on strategy actions (#70919) (#70968)
* Allow changed/failed mgmt on strategy actions

(cherry picked from commit f9c3c6cba6)
4 years ago
Felix Fontein c39e536d84
validate-modules: fix version_added validation for top-level, fix error codes (#70869) (#70947)
* Also validate top-level version_added.

* Fix error code.

* Produce same version_added validation error in schema than in code (and stop returning it twice).

* Return correct error codes for invalid version_added for options and return values.

* Add changelog.

* Fix forgotten closing braket.

* Accept 'historical' for some top-level version_added.

(cherry picked from commit 7e2cc7db12)
4 years ago
Sam Doran 6f70d40d51
[stable-2.10] lineinfile - fix broken exception handling (#70846) (#70944)
* prevent (ExceptionType) is not subscriptable errors
* tweak error message and use text conversion
* add to_text import
(cherry picked from commit 45c2eb6c0a)

Co-authored-by: nitzmahone <nitzmahone@users.noreply.github.com>

Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
4 years ago
Sam Doran 293d6c59bb
[stable-2.10] reboot - fix Void Linux (#70704) (#70916)
Add entry for appropriate commands for Void Linux
(cherry picked from commit 4cc4cebc97)

Co-authored-by: fosslinux <fosslinux@aussies.space>

Co-authored-by: fosslinux <fosslinux@aussies.space>
4 years ago
Felix Fontein 155041d8ee
Fix ansible-test error in community.aws (#70507) (#70873)
* Fix ansible-test error in community.aws

* Add changelog entry for fix

* Change check from None to string_types

* Update changelogs/fragments/70507-validate-null-author.yaml

clarify wording "or a list of strings"

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update test/lib/ansible_test/_data/sanity/validate-modules/validate_modules/schema.py

clarify wording - single string or not specified valid

Co-authored-by: Felix Fontein <felix@fontein.de>

* Do not fail but return None when given outside list

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit b0d9deeae3)

Co-authored-by: Alan Rominger <arominge@redhat.com>
4 years ago
Matt Clay 4280efccc4 [stable-2.10] Cap pytest version to avoid relative import issue.
(cherry picked from commit 3a8ac62596)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Rick Elrod f28fa88448 New release v2.10.0rc3 4 years ago
Brian Coca 9b992c0b78
reset logging to INFO (#70878) (#70881)
- due to CVE-2019-14846
 - also added comments and test to avoid 'oportunistic' reversion

(cherry picked from commit 1223ce656a)
4 years ago
Rick Elrod c528e648a6 New release v2.10.0rc2 4 years ago
Jordan Borean e9c9c02e0a
Do not add connection vars to the output results (#70853) (#70855)
* Do not add connection vars to the output results

* Also revert the delgated scenario JIC

* Added regression test

(cherry picked from commit 5e1a968983)
4 years ago
Rick Elrod 3ee5b46ba7 New release v2.10.0rc1 4 years ago
Matt Davis cc8d180801
fix internal cases of actions calling unqualified module names (#70818) (#70840)
* fix internal cases of actions calling unqualified module names

* add porting_guide entry
* misc other fixes around action/module resolution broken by redirection

ci_complete

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* address review feedback

* pep8

* unit test fixes

* win fixes

* gather_facts fix module args ignores

* docs sanity

* pep8

* fix timeout test

* fix win name rewrites

Co-authored-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 4c0af6c808)
4 years ago
Sloane Hertel 180eea8089
Update default from True to False for CONDITIONAL_BARE_VARS (#70709) (#70838)
ci_complete

(cherry picked from commit 2811d9486f)
4 years ago
Sam Doran 7e4cffc5d2
[stable-2.10] Change default file permissions so they are not world readable (#70221) (#70824)
* Change default file permissions so they are not world readable

CVE-2020-1736

Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.

A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.

- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions.
(cherry picked from commit 5260527c4a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Brian Coca 8c2754e6d3
Allow hostvars delegation (#70331) (#70810)
* ensure hostvars are available on delegation
* also inventory_hostname must point to current host and not delegated one
* fix get_connection since it was still mixing original host vars and delegated ones
* also return connection vars for delegation and non delegation alike
* add test to ensure we have expected usage when directly assigning for non delegated host

(cherry picked from commit 84adaba6f5)
4 years ago
David Shrewsbury 7cdba7c923
Sanitize URI module keys with no_log values (#70762) (#70820)
* Add sanitize_keys() to module_utils.

* More robust tests

* Revert 69653 change

* Allow list or dict

* fix pep8

* Sanitize lists within dict values

* words

* First pass at uri module

* Fix insane sanity tests

* fix integration tests

* Add changelog

* Remove unit test introduced in 69653

* Add ignore_keys param

* Sanitize all-the-things

* Ignore '_ansible*' keys

* cleanup

* Use module.no_log_values

* Avoid deep recursion issues by using deferred removal structure.

* Nit cleanups

* Add doc blurb

* spelling

* ci_complete

(cherry picked from commit bf98f031f3)
4 years ago
Nathaniel Case 4cbfb08da5
[stable-2.10] Document existing ansi_re sequences and add `ESC[m` (#70683) (#70807)
* Document existing ansi_re sequences and add `ESC[m`

* Add changelog
(cherry picked from commit 06a4fc2)

Co-authored-by: Nathaniel Case <ncase@redhat.com>
4 years ago
Abhijeet Kasurde 18dd73c147
[2.10] basic: use PollSelector implementation (#70800)
Some platform such as ESXi does not implement EpollSelector,
which is selected by DefaultSelector. Use PollSelector.
This works perfectly with a platform like VMware ESXi.

Fixes: #70238

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 8cccede0d4)
4 years ago
psi / Ryo Hirafuji 61f8f8ce7f
cron - Allow non-ascii (UTF-8) chars in cron file paths and jobs (#70426) (#70794)
* Encode/Decode files in UTF-8
* Use helper function in ansible
* Add an integration test
* Use emoji in test data.
* add changelog
* Also support non-ascii chars in filepath and add tests about this.
* Also use non-ascii chars in replaced text and ensure not to break cron syntax.
* rename self.existing to self.n_existing
* rename crontab.existing to crontab.n_existing
4 years ago
Matt Martz 7eb5f53294
[stable-2.10] Ensure single vaulted values aren't counted as sequences. Fixes #70784 (#70786) (#70791)
(cherry picked from commit 96b74d3)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Baptiste Mille-Mathias 1eb2afac63
Create home and parent directories only when requested (#70790)
The home user and the parents directories should only be created when
create_home == True

(cherry picked from commit f3dd8d3052)
4 years ago
Martin Krizek 4170786cd9
2.10: Detect failure in always block after rescue (#70094) (#70204)
* Detect failure in always block after rescue (#70094)

* Detect failure in always block after rescue

Fixes #70000

ci_complete

* Add more tests

(cherry picked from commit 0ed5b77377)

* add changelog

Co-authored-by: Matt Davis <mrd@redhat.com>
4 years ago
Matt Martz 448f17e9a5
[stable-2.10] Guard against allowing ansible to ansible-base upgrades (#70529) (#70760)
* Fix building Ansible dist w/ setuptools>=48,<49.1 (#70525)

* Fix building Ansible dist w/ setuptools>=48,<49.1

This change addresses the deprecation of the use of stdlib
`distutils`. It's a short-term hotfix for the problem and we'll
need to consider dropping the use of `distutils` from our `setup.py`.

Refs:
* https://github.com/ansible/ansible/issues/70456
* https://github.com/pypa/setuptools/issues/2230
* https://github.com/pypa/setuptools/commit/bd110264

Co-Authored-By: Jason R. Coombs <jaraco@jaraco.com>

* Add a change note for PR #70525

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
(cherry picked from commit 918388b85f)

* Guard against allowing ansible to ansible-base upgrades (#70529)

* Guard against allowing ansible to ansible-base upgrades

* newline

* use alias

* Add an explicit line detailing this is a 1 time thing

* period

* Read __version__ and __author__ rather than import, update working, and add ability to skip conflict checks

* Remove commented code

* Re introduce removed changes from rebase

* Just use open

* Nuke unused import

(cherry picked from commit 54b002e1ac)

Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
4 years ago
Baptiste Mille-Mathias ffd3757fc3
Fix missing quoting for remote_tmp in second mkdir of shell module. Issue #69577 (#69578) (#70757)
* Fix missing quoting for remote_tmp in second mkdir of shell module. Issue #69577

* adding changelog

* fixing typo in changelog entry

* adding test case

Adding test case written by bmillemayhias.

* using $HOME instead of ~

* fixing commit measage

* Update 69578-shell-remote_tmp-quoting.yaml

Co-authored-by: Brian Kohles <me@briankohles.com>
(cherry picked from commit 77d0effcc5)

Co-authored-by: Brian Kohles <briankohles@users.noreply.github.com>
4 years ago
Abhijeet Kasurde 0d230b4f56
[2.10] debconf: add a note about no_log usage (#70752)
debconf module exposes sensitive information to logs, console.
Add a note to user about using no_log=True to hide such
information from console.

Fixes: #32386

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 84b4387702)
4 years ago
Sam Doran 9b8a649f2e
[stable-2.10] Handle Slackware OS version strings containing a plus (“+”) (#68142) (#70717)
A couple of years ago Slackware -current began using a plus (“+”) at the end of the distribution version string to indicate a future version work-in-progress.

Rearrange distribution_files unit tests to easily support more tests
  - add conftest with common fixtures
  - use parametrize for testing multiple scenarios

* Add changelog
* Add unit tests for Slackware distribution parsing
* Use correct fixtures for Slackware
Data comes from /etc/slackware-version

Co-authored-by: Sam Doran <sdoran@redhat.com>
Co-authored-by: <Eduard Rozenberg <eduardr@pobox.com>>
(cherry picked from commit 566c5e6ce1)

Co-authored-by: Eduard Rozenberg <2648417+edrozenberg@users.noreply.github.com>

Co-authored-by: Eduard Rozenberg <2648417+edrozenberg@users.noreply.github.com>
4 years ago
Jordan Borean a7f4c6a37f
win async - use full path for powershell (#70703) (#70714)
(cherry picked from commit 154efd97f2)
4 years ago
Sloane Hertel d329985d4c
[2.10] template connection variables accessed directly before using (#70657) (#70688)
* template connection variables accessed directly before using (#70657)

* template variables accessed directly when using them instead of FieldAttributes

(cherry picked from commit 8c213c9334)

* changelog
4 years ago
Abhijeet Kasurde ed07821a59
[2.10] api: time.clock compatible code (#70677)
time.clock is removed in Python 3.8. Add time.clock
compatible code.

Fixes: #70649

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 055871cbb8)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Matt Martz 255dfca7f6
[stable-2.10] Allow single vault encrypted values to be used directly as module parameters. Fixes #68275 (#70607) (#70641)
(cherry picked from commit a77dbf0)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Abhijeet Kasurde 963bdd9983
[2.10] pipe: update docs for Popen with shell=True usage (#70602)
pipe lookup plugin uses Popen with shell=True intentionally.
This is considered a security issue if user input is not validated.
Updated docs to reflect this information for the user. Also, added
Bandit B602 documentation link for further reading.

Fixes: #70159

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit e5649ca3e8)
4 years ago
Brian Coca 6cd015d7e2
Make filter type errors 'loop friendly' (#70417) (#70574)
- ensure we preserve the typeerror part of the exception so loop defereed error handling
 can postpone those caused by undefined variables until the when check is done.
 - fix tests to comply with the 'new normal'

 - human_to_bytes and others can issue TypeError not only on 'non string'
 but also bad string that is not convertable.

Co-authored-by: Sloane Hertel <shertel@redhat.com>

Co-authored-by: Sloane Hertel <shertel@redhat.com>
(cherry picked from commit cf89ca8a03)
4 years ago
Felix Fontein 15355ed059
[2.10] ansible-doc: include collection name in text output / plugin loader: return collection name; ansible-doc: handle ansible.builtin correctly (#70572)
* ansible-doc: include collection name in text output (#70401)

* ansible-doc: include collection name in text output

* Be more careful to not accidentally pass ansible.builtin for user-supplied modules.

(cherry picked from commit f4c89eab23)

* plugin loader: return collection name; ansible-doc: handle ansible.builtin correctly (#70026)

* Determine collection in plugin loader.

* Fix test.

* Use PluginPathContext objects in PluginLoader._plugin_path_cache instead of tuples.

(cherry picked from commit 24dcaf8974)
4 years ago
Brian Coca 827c47d9bc
try to capture better winrm/put_file error (#70508) (#70570)
* try to capture better winrm/put_file error

fixes #70361

* Update lib/ansible/plugins/connection/winrm.py

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
(cherry picked from commit 8789d7968d)
4 years ago
Mykola Grygoriev 5ea6de4e7d
Fix decrypt argument in assemble module (#70465) (#70560)
* Do not pass decrypt parameter to assemble module

* Add integration tests where decrypt=True

* Add changelog #70465

(cherry picked from commit 71c378e139)
4 years ago
David Shrewsbury 94a81f7b44
Make sure ansible_become treated as a boolean (#70484) (#70526)
* Make sure ansible_become treated as a boolean

(cherry picked from commit 8aca464b8b)
4 years ago
Felix Fontein a5c0b11913
ansible-doc man formatter: fail with better error message when description isn't there (#70046) (#70485)
* ansible-doc man formatter: do not crash when description isn't there.
* Change to report a better error message when description is not there.
* Add test.

(cherry picked from commit 9164b96774)
4 years ago
Sam Doran 422e976649
[stable-2.10] apt - make errors more transparent (#70099) (#70478)
Include error from apt Python library in module error output

Co-authored-by: Andreas Schleifer <aschleifer@bigpoint.net>
(cherry picked from commit 7d7f15fc9b)

Co-authored-by: Andreas Schleifer <a.schleifer@bigpoint.net>

Co-authored-by: Andreas Schleifer <a.schleifer@bigpoint.net>
4 years ago
Sam Doran df3246b7d1
[stable-2.10] ssh connection - use get_option() rather than _play_context (#70438) (#70443)
The ssh_args were sometimes not correctly applied to the connection
when using _play_context. Use get_option() instead to ensure the
correct ssh_args are always applied.
(cherry picked from commit b4184aa50e)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago