debconf module exposes sensitive information to logs, console.
Add a note to user about using no_log=True to hide such
information from console.
Fixes: #32386
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 84b4387702)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
A couple of years ago Slackware -current began using a plus (“+”) at the end of the distribution version string to indicate a future version work-in-progress.
Rearrange distribution_files unit tests to easily support more tests
- add conftest with common fixtures
- use parametrize for testing multiple scenarios
* Add changelog
* Add unit tests for Slackware distribution parsing
* Use correct fixtures for Slackware
Data comes from /etc/slackware-version
Co-authored-by: Sam Doran <sdoran@redhat.com>
Co-authored-by: <Eduard Rozenberg <eduardr@pobox.com>>.
(cherry picked from commit 566c5e6ce1)
Co-authored-by: Eduard Rozenberg <2648417+edrozenberg@users.noreply.github.com>
Co-authored-by: Eduard Rozenberg <2648417+edrozenberg@users.noreply.github.com>
* Add boilerplate snippet into `examples/`
It is a partial backport of #70224
(partially cherry picked from commit 4816bb4f43)
* Refactor Python API examples and docs
PR #70446: it's a follow-up for #70445.
It includes a merge of `examples/scripts/uptime.py` and a similar
code snippet from `docs/docsite/rst/dev_guide/developing_api.rst`.
This patch also changes the docs RST file to include contents of
the example file instead of holding a copy of a similar code.
(cherry picked from commit 20bb915092)
Some platform such as ESXi does not implement EpollSelector,
which is selected by DefaultSelector. Use PollSelector which is
based upon 'Poll' implementation. This works perfectly with
a platform like VMware ESXi.
Fixes: #70238
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 8cccede0d4)
Previous version initialized the `TaskQueueManager` after calling
`Play.load()` while advertising a way to inject a custom library
location path. This caused the tasks loader not to find any custom
modules because it was triggered before the path was actually added
to the module loader.
This patch changes the order of the operations to ensure that the
customized `context.CLIARGS` actually influences things.
Resolves https://github.com/ansible/ansible/issues/69758.
(cherry picked from commit 8d97c8c222)
* prevent (ExceptionType) is not subscriptable errors
* tweak error message and use text conversion
* add to_text import
(cherry picked from commit 45c2eb6c0a)
Co-authored-by: nitzmahone <nitzmahone@users.noreply.github.com>
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
* [stable-2.9] facts - fix incorrect time for some date_time_facts (#70665)
The iso8601_micro and iso8601 facts incorrectly called now.utcnow(), resulting
in a new timestamp at the time it was called, not a conversion of the previously
stored timestamp.
Correct this by capturing the UTC timestamp once then calculating the local
time using the UTC offset of the current system.
* Use time.time() for getting the current time
* Convert from that stored epoch timestamp to local and UTC times
* Used existing timestamp for epoch time
* Add unit tests that validate the formate of the return value rather than an exact value since mocking time and timezone is non-trivial
(cherry picked from commit c4f442ed5a)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Remove tests for tz_dst since that fact only exists in newer versions
* [stable-2.9] unarchive - Check 'fut_gid' against 'run_gid' in addition to supplemental groups (#65666)
Add integration tests for unarchiving as unprivileged user
Break tasks into separate files for easier reading and maintenance
Create a user by specifying a default group of 'staff' for macOS.
The user module does not actually remove the user directory on macOS,
so explicitly remove it.
Put the removal tasks in an always block to ensure they always run
Co-authored-by: Philip Douglass <philip.douglass@amadeus.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>.
(cherry picked from commit ac5f3f8bef)
Co-authored-by: Philip Douglass <philip@philipdouglass.com>
* [stable-2.9] Fix unstable unarchive test (#71004)
* Add mode to copy tasks
* Fix unreliable test by ignoring errors
(cherry picked from commit f99f96ceb6)
Co-authored-by: Philip Douglass <philip@philipdouglass.com>
* linux facts - return proper broadcast address
Check that the value being returned is actually a broadcast address
* Add tests
* Cleanup tests
(cherry picked from commit e6bf202738)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Ensure we have enough values to split (#56802)
Avoid raising an exception if pkgstr does not complains with expected
value.
(cherry picked from commit 433c98eae0)
* Add changelog
Co-authored-by: Adrián López <adrianlzt+github@gmail.com>
* use security_fix category in changelogs
(cherry picked from commit 3d5217b6d5)
* these fragments do not say CVE but are security fixes
(cherry picked from commit 8d0c1ff51d)
Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
* Make changelog tool be more strict about suffixes
Change:
- Files must end in .yml or .yaml, and must not be dotfiles.
- This is to prevent (for example) emacs backup files (.yml~) from being
included in changelogs during releases.
- Backport of https://github.com/ansible-community/antsibull-changelog/pull/33
Signed-off-by: Rick Elrod <rick@elrod.me>
As Molecule started to use https://github.com/ansible-community/molecule/discussions we need to update documentation before retiring
the molecule-users mailing list.
(cherry picked from commit b7ee07215d)
Co-authored-by: Sorin Sbarnea <ssbarnea@users.noreply.github.com>
* rebase conflicts
* [stable-2.9] Allow single vault encrypted values to be used directly as module parameters. Fixes#68275 (#70607).
(cherry picked from commit a77dbf0866)
Co-authored-by: Matt Martz <matt@sivel.net>
pipe lookup plugin uses Popen with shell=True intentionally.
This is considered a security issue if user input is not validated.
Updated docs to reflect this information for the user. Also, added
Bandit B602 documentation link for further reading.
Fixes: #70159
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit e5649ca3e8)
Added additional condition to detect failed task in
selective callback plugin when ran with loop or with_items.
Fixes: ansible/ansible#63767
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
- ensure we preserve the typeerror part of the exception so loop defereed error handling
can postpone those caused by undefined variables until the when check is done.
- fix tests to comply with the 'new normal'
- human_to_bytes and others can issue TypeError not only on 'non string'
but also bad string that is not convertable.
Co-authored-by: Sloane Hertel <shertel@redhat.com>
Co-authored-by: Sloane Hertel <shertel@redhat.com>
(cherry picked from commit cf89ca8a03)
* Do not pass decrypt parameter to assemble module
* Add integration tests where decrypt=True
* Add changelog #70465
(cherry picked from commit 71c378e139)
* Add user flags before container id in podman exec
When user provides an ansible_ssh_user, podman connection
plugin includes this values as `--user` flag. This patch
fixes the location of this flag according to podman exec command help.
Fixes: ansible/ansible#65220
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Don't use mount in case of specified user
Co-authored-by: Sagi Shnaidman <sshnaidm@redhat.com>
(cherry picked from commit cc8d4bb4510bcc79537ed3fa591fb9cace576ae9)
* Make sure ansible_become treated as a boolean (#70484)
* Make sure ansible_become treated as a boolean
(cherry picked from commit 8aca464b8b)
* Update test/integration/targets/inventory_ini/aliases
Co-authored-by: Sam Doran <sdoran@redhat.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Use the first galaxy server supporting v1 for roles. Fixes#65440
* Add changelog fragment
* This is best effort, fall back to original behavior if something bad happens
(cherry picked from commit 1f1d6e5)
Co-authored-by: Matt Martz <matt@sivel.net>
Fix command line construction in the puppet module
related to check mode and using manifests directly.
Also, fixes 69ead0ba78 which
introduced another if-statement in the middle of a if/elif pair,
which causes the elif to execute together with the original if
which created '--noop --no-noop' commands.
Fixes: #60576
Fixes#70168
ci_complete
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit b05e00e99a)
Abhijeet Kasurde