Commit Graph

5804 Commits (7499848cb10b8edc74febbff1af56ba2b3ca6326)

Author SHA1 Message Date
Ruediger Pluem 7499848cb1
user - allow local users with an expiry date to be created (#72022) (#72085)
The luseradd / lusermod commands do not support the -e option. Set
the expiry time in this case via lchage after the user was
created / modified.

Fixes: #71942

In Python3 math.floor returns an integer whereas Python2 returns a float.
Hence always convert the result of math.floor to an int to ensure that
lexpires is an integer.

Move local expires tests in a separate file and import the tasks to the
main.yml to keep main.yml smaller.

(cherry picked from commit a7170da851)
4 years ago
Rick Elrod e6a4585807
[dnf] show installations/removals in check_mode (#70892) (#72180)
Change:
- Previously, we only showed that something would have changed, not what
  would have changed. This allows us to show what will chang as well.

Test Plan:
- Local RHEL8 VM
- New integration tests

Tickets:
- Fixes #66132

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 7d32129efb)
4 years ago
Rick Elrod 2c5e4b5a88
[tests/dnf] work around dnf packaging issue (#72249) (#72251)
Change:
- In this test we end up upgrading dnf (and python3-dnf) so that we can
  test its new logging behavior. However, the latest Fedora 32 dnf had a
  packaging issue which caused it to not pull in the latest
  python3-libdnf. This is fixed, but not synced out to mirrors yet.
  Fixing it in this test will get CI passing again in the meanwhile.

Test Plan:
- CI

Tickets:
- https://bugzilla.redhat.com/show_bug.cgi?id=1887502

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 9ddb1d76af)
4 years ago
Matt Clay 49504da1ed
[stable-2.10] Support collection constraints in ansible-test. (#72157)
This allows collections to specify requirements and constraints for packages that ansible-test has requirements or constraints for.
(cherry picked from commit 5f76bd2af7)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Rick Elrod f57b149ec8
Intentional coverage, incidental_azure_rm_resource (#71052) (#72159)
Change:
- Adds some intentional coverage around PluginLoader for cases that
  incidental_azure_rm_resource covered.
- Specifically, modules starting with an underscore, and starting with
  an underscore but a symlink.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit cdcf0aa42a)
4 years ago
Martin Krizek 4df129c6ae
Provide more information in AnsibleUndefinedVariable (#71666) (#71876)
* Provide more information in AnsibleUndefinedVariable

Fixes #55152

(cherry picked from commit 00b22ab55e)
4 years ago
Sam Doran 988d410e17
[stable-2.10] Test changes to allow using "macos" test image (#71849) (#71861)
* Add link to remote.sh from macos.sh
* Add skip/macos to tests that have skip/osx.
(cherry picked from commit 6984081111)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Jordan Borean 68278f36fd
psrp - fix hang when copying an empty file (#71649) (#71651)
(cherry picked from commit b615789fcc)
4 years ago
Rick Elrod ab100f8ee5
[tests] Make setup_docker clean up better (#71949) (#71959)
Change:
- pip packages should get removed after, not try to add them again
- Try removing containerd.io package too

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 6a7e637c5f)
4 years ago
Rick Elrod d7f6d8c8f0
[incidental_setup_docker] changes to upstream repo (#71897) (#71899)
Change:
- The docker-ce.repo file for centos does not work on RHEL since it uses
  $releasever and on RHEL that is, e.g., "7Server".
- Instead, set up the repo manually.
- Additionally, the docker centos8 repo no longer has old versions, so
  we use the (only) version in the repo instead.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 31ddca4c0d)
4 years ago
Matt Clay df150a2780 [stable-2.10] Fix attribute testing in file integration test. (#71843)
The file test will no longer attempt to test attributes if `lsattr -vd` does not work on the system under test.
(cherry picked from commit 17765cd4e8)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Sam Doran b6637c0afc [stable-2.10] incidental_setup_openssl - Pin version of Python packages
A recent update to cffi that was yanked is still being installed on our
Mac OS X 10.11 test image since the version of pip there is very old and
does not ignore yanked packages.

Pin the version of pyOpenSSL and its dependencies to fix this and avoid
future spontaneous failures.
(cherry picked from commit 65cdb86c8a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Matt Clay fd27c4db71 [stable-2.10] Add pause to avoid same mtime in test.
(cherry picked from commit 3d769f3a76)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay 356ea0b8d0
[stable-2.10] Fix ansible-test coverage traceback. (#71446) (#71578)
* [stable-2.10] Fix ansible-test coverage traceback. (#71446)

* Add integration test for ansible-test coverage.

* Fix ansible-test coverage traceback.

* Fix coverage reporting on Python 2.6.
(cherry picked from commit f5b6df14ab)

Co-authored-by: Matt Clay <mclay@redhat.com>

* Add empty ignore.txt file for tests.
4 years ago
Rick Elrod 9a48ffd61b
Attempt at reverting CVE-2020-1736 changes [2.10] (#71514)
* Revert atomic_move changes
* add note about mode reverts in porting guide

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod 1678577681
[tests] fix fallout from dnf gpg fix (#71552)
Change:
- Missed needed gpg ignores

Test Plan:
- CI
- ci_complete

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod dc97027453
[dnf] ensure packages are gpg-verified (#71539)
Change:
- By default the dnf API does not gpg-verify packages. This is a feature
  that is executed in its CLI code. It never made it into Ansible's
  usage of the API, so packages were previously not verified.
- This fixes CVE-2020-14365.

Test Plan:
- New integration tests

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
David Shrewsbury 393412dc64
Fix play stats when rescue block is a child block (#70922) (#71334)
* check run state of current block only

* Add changelog and test

* Add test for issue 29047

(cherry picked from commit f2f6c34632)
4 years ago
Jordan Borean 7131c75d93
powershell - fix quoting values (#71411) (#71449)
* powershell - fix quoting values

* Add ignore for smart quote skip

(cherry picked from commit 72a7cb4a2c)
4 years ago
Martin Krizek ce7b95499f
native types: properly handle Undefined in nested data (#68432) (#71105)
(cherry picked from commit 5ca3aec3c4)
4 years ago
Sam Doran c39753d7ad
[stable-2.10] linux facts - return proper broadcast address (#64528) (#71064)
Check that the value being returned is actually a broadcast address

(cherry picked from commit e6bf202738)
4 years ago
Martin Krizek 0c32a4f793
Emit proper error for `x in y` when y is undefined (#70990) (#71011)
Fixes #70984

(cherry picked from commit bf7276a4e8)
4 years ago
Sam Doran 0c6edb34f9
[stable-2.10] unarchive - Check 'fut_gid' against 'run_gid' in addition to supplemental groups (#65666) (#71001)
* [stable-2.10] unarchive - Check 'fut_gid' against 'run_gid' in addition to supplemental groups (#65666)

Add integration tests for unarchiving as unprivileged user
Break tasks into separate files for easier reading and maintenance

Create a user by specifying a default group of 'staff' for macOS.

The user module does not actually remove the user directory on macOS,
so explicitly remove it.

Put the removal tasks in an always block to ensure they always run

Co-authored-by: Philip Douglass <philip.douglass@amadeus.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
(cherry picked from commit ac5f3f8bef)

Co-authored-by: Philip Douglass <philip@philipdouglass.com>

* [stable-2.10] Fix unstable unarchive test (#71004)

* Add mode to copy tasks
* Fix unreliable test by ignoring errors

(cherry picked from commit f99f96ceb6)

Co-authored-by: Philip Douglass <philip@philipdouglass.com>
4 years ago
Sloane Hertel 714cd2ad2e
copy - redact 'content' from invocation in check mode (#71033) (#71067)
* sanitize copy module invocation secrets in check mode

(cherry picked from commit 991714b9d1)
4 years ago
Jordan Borean f41ff33ca6
ansible-galaxy - fix download for subdirs in SCM (#71005) (#71093)
(cherry picked from commit f6b3b4b430)
4 years ago
Brian Coca 00caeff928
dont clobber facts in loop (#71032) (#71095)
(cherry picked from commit f9af27c631)
4 years ago
Jordan Borean 092ec680e6
Ensure -k is set to delegated hosts without a pass (#71136) (#71168)
* Ensure -k is set to delegated hosts without a pass

* Fix up some broken tests

* Update task_executor.py

one possible fix, the other is updating winrm to normalize on 'password' like the other connection plugins

* Add alias for winrm and fix incorrect assumption

* Make sure aliases are used for keyword options

* Conditionally run test if sshpass is present, fix sanity

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
(cherry picked from commit 3f22f79e73)
4 years ago
GomathiselviS e95b45c5ec
Update network integration auth timeout (#71057) (#71238)
*  Incase of network integration test for connection local
   test the paramiko_ssh auth_timeout is the value of timeout
   under defaults section which is 10 seconds.
*  For slower connection 10sec timout value result in authentication
   timeout error hence increase the timeout value to 90 seconds

(cherry picked from commit 6160e82bf2)

Co-authored-by: Ganesh Nalawade <ganesh634@gmail.com>
4 years ago
Rick Elrod 7b3d2a00a0
Fix cron file regression (#71207) (#71243)
Co-authored-by: Florent PIGOUT <toopy@users.noreply.github.com>
4 years ago
Martin Krizek 02f4fc1a14
Skip literal_eval for string filters results in native jinja. (#70988) (#71313)
Fixes #70831

(cherry picked from commit b66d66027e)
4 years ago
Matt Martz 6d1cc0dede
[stable-2.10] epoch can be a float with strftime filter. Fixes #71257 (#71314) (#71319)
(cherry picked from commit 6289570)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Lorenzo Castelli ac248cf34a
systemd - supports new systemctl output message for chroot (#71197) (#71330)
The message generated by systemctl has been updated in 9321e23c40, which requires a corresponding change in the systemd module.

In addition, this fixes the module when the SYSTEMD_OFFLINE environment variable is set.

(cherry picked from commit a1a50bb3cd)
4 years ago
Martin Krizek 724b3648ea
_check_failed_state: always use the current/nested state (#71347) (#71457)
Fixes #71306

(cherry picked from commit 9792d631b1)
4 years ago
Rick Elrod 6e3271aa61
[stable-2.10] Revert default mode changes (#71260)
* Revert "[stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)" (#71236)"

This reverts commit c968020d52.

* Revert "Remove porting guide entry related to reverted change (#71242)"

This reverts commit 006a21eae2.
4 years ago
Sam Doran c968020d52
[stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)" (#71236)
* [stable-2.10] Revert "Fix warning for new default permissions when mode is not specified (#70976) (#70985)"

This reverts commit 5cb96087e6.

* [stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)"

This reverts commit 7e4cffc5d2.
4 years ago
Rick Elrod 4b03d898f3
Update integration tests to support rpmfluff-0.6 (#71155) (#71159)
Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Sam Doran be5aab177c
[stable-2.10] Drop "rhui-" prefix from RHEL repositories in AMI (#71130) (#71131)
The repository names seem to have changed and no longer have the "rhui-" prefix
(cherry picked from commit 6ac4439a6a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Sloane Hertel 9f4748cb2d
fix downloading collections in git repos and tar.gz artifacts (#70524) (#71000)
* Fix downloading tar files

* Fix downloading SCM collections

* changelog

(cherry picked from commit 54e2ae79e7)
4 years ago
Sam Doran 5cb96087e6
Fix warning for new default permissions when mode is not specified (#70976) (#70985)
Follow up to #70221
Related to #67794
CVE-2020-1736

When set_mode_if_different() is called with mode of 'None', ensure we issue
a warning about the change in default permissions.

Add integration tests to ensure the warning works properly.

* Fix tests
- actually use custom module 🤦‍♂️
- verify file permission on created files
- use remote_tmp_dir so we're ready for split controller
- improve test module so we can skip the call to set_fs_attributes_if_different()
- fix tests for CentOS 6

(cherry picked from commit dc79528cc6)
4 years ago
Jordan Borean a8217f1bd4
ansible-galaxy - fix fallback for AH searches (#70957) - 2.10 (#70980)
* ansible-galaxy - fix fallback for AH searches (#70957)

(cherry picked from commit b1cb2553af)

* Fix tests after backport
4 years ago
Brian Coca a75b3601d9
Allow changed/failed mgmt on strategy actions (#70919) (#70968)
* Allow changed/failed mgmt on strategy actions

(cherry picked from commit f9c3c6cba6)
4 years ago
Jordan Borean e9c9c02e0a
Do not add connection vars to the output results (#70853) (#70855)
* Do not add connection vars to the output results

* Also revert the delgated scenario JIC

* Added regression test

(cherry picked from commit 5e1a968983)
4 years ago
Matt Davis cc8d180801
fix internal cases of actions calling unqualified module names (#70818) (#70840)
* fix internal cases of actions calling unqualified module names

* add porting_guide entry
* misc other fixes around action/module resolution broken by redirection

ci_complete

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* address review feedback

* pep8

* unit test fixes

* win fixes

* gather_facts fix module args ignores

* docs sanity

* pep8

* fix timeout test

* fix win name rewrites

Co-authored-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 4c0af6c808)
4 years ago
Sam Doran 7e4cffc5d2
[stable-2.10] Change default file permissions so they are not world readable (#70221) (#70824)
* Change default file permissions so they are not world readable

CVE-2020-1736

Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.

A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.

- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions.
(cherry picked from commit 5260527c4a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Brian Coca 8c2754e6d3
Allow hostvars delegation (#70331) (#70810)
* ensure hostvars are available on delegation
* also inventory_hostname must point to current host and not delegated one
* fix get_connection since it was still mixing original host vars and delegated ones
* also return connection vars for delegation and non delegation alike
* add test to ensure we have expected usage when directly assigning for non delegated host

(cherry picked from commit 84adaba6f5)
4 years ago
psi / Ryo Hirafuji 61f8f8ce7f
cron - Allow non-ascii (UTF-8) chars in cron file paths and jobs (#70426) (#70794)
* Encode/Decode files in UTF-8
* Use helper function in ansible
* Add an integration test
* Use emoji in test data.
* add changelog
* Also support non-ascii chars in filepath and add tests about this.
* Also use non-ascii chars in replaced text and ensure not to break cron syntax.
* rename self.existing to self.n_existing
* rename crontab.existing to crontab.n_existing
4 years ago
Baptiste Mille-Mathias 1eb2afac63
Create home and parent directories only when requested (#70790)
The home user and the parents directories should only be created when
create_home == True

(cherry picked from commit f3dd8d3052)
4 years ago
Martin Krizek 4170786cd9
2.10: Detect failure in always block after rescue (#70094) (#70204)
* Detect failure in always block after rescue (#70094)

* Detect failure in always block after rescue

Fixes #70000

ci_complete

* Add more tests

(cherry picked from commit 0ed5b77377)

* add changelog

Co-authored-by: Matt Davis <mrd@redhat.com>
4 years ago
Baptiste Mille-Mathias ffd3757fc3
Fix missing quoting for remote_tmp in second mkdir of shell module. Issue #69577 (#69578) (#70757)
* Fix missing quoting for remote_tmp in second mkdir of shell module. Issue #69577

* adding changelog

* fixing typo in changelog entry

* adding test case

Adding test case written by bmillemayhias.

* using $HOME instead of ~

* fixing commit measage

* Update 69578-shell-remote_tmp-quoting.yaml

Co-authored-by: Brian Kohles <me@briankohles.com>
(cherry picked from commit 77d0effcc5)

Co-authored-by: Brian Kohles <briankohles@users.noreply.github.com>
4 years ago
Sloane Hertel d329985d4c
[2.10] template connection variables accessed directly before using (#70657) (#70688)
* template connection variables accessed directly before using (#70657)

* template variables accessed directly when using them instead of FieldAttributes

(cherry picked from commit 8c213c9334)

* changelog
4 years ago