Commit Graph

157 Commits (797e6bb2204bddb37528ee2ffded2f858b4a0851)

Author SHA1 Message Date
Abhijeet Kasurde c6d5be5cac
test: update tests (#83686)
* Remove commented code
* Enable disabled tests
* Formatting

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 months ago
Lee Garrett 7e3916b767
Typo fixes and other bits and bobs (#83672)
Co-authored-by: Lee Garrett <lgarrett@rocketjump.eu>
4 months ago
Abhijeet Kasurde 6e8a7ed327
Revert warning message in setup/gather_facts (#83427)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
6 months ago
Abhijeet Kasurde d16ad25e4b
Remove extraneous pylint ignore (#83257)
* Pylint issue 511 is closed, remove ignore related to that.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
6 months ago
Abhijeet Kasurde b70248eb22
Warn if the binary is unavailable using get_bin_path (#83258)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
7 months ago
Sloane Hertel 2bb09bfd12
atomic_move - fix preserving extended acls (#82818)
* use copystat to copy as many attributes as possible before os.rename

update unit test mocks for updated method of attribute preservation

add integration test for lineinfile case

remove erroneous `- meta: end_play` from lineinfile test suite

* add keep_dest_attrs parameter to control whether src attributes are
copied initially, and for existing destinations, whether the src is
updated using the dest before being renamed

consolidate with copy unsetting extended attrs

ci_complete
9 months ago
Abhijeet Kasurde dd44449b6e
Use of constant for 644 permission variable (#82762)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
9 months ago
Sviatoslav Sydorenko (Святослав Сидоренко) a3e5546e43
🔥 Exterminate `__builtin__` import from tests (#82569)
This patch removes an import fallback that was only executed under
Python 2. Now that we don't run tests against that runtime, it
generates an uncovered line. Dropping it will slightly increase the
coverage metric as a side effect.
11 months ago
Matt Clay dae4e2f07f
Remove unused/unreachable unit test code (#82160) 1 year ago
Matt Clay 0be33551d7
Remove unit tests dependent on systemd bindings (#82161)
These do no not run as part of our test suite.
1 year ago
Matt Clay 5b1b0ce762 Remove Python 2 compat (via six) from unit tests 1 year ago
Matt Clay 18e8401edd
Remove Python 2.x compat from unit tests (#82109) 1 year ago
Jordan Borean 22568305d6
Add ignore invalid options override for mod wrapper (#81899)
Adds an option that can have an action plugin tell the module to ignore
options that do not fit its arg spec. This is to enable support for core
running modules that exist outside of the collection that may not be new
enough to support some of the options supplied to it.
1 year ago
Matt Clay 9295bb5b5d
Unit test cleanup (#81958)
Remove obsolete Python 2.7 and 3.6 support code and fix up existing tests.
1 year ago
Sviatoslav Sydorenko d2ba76c117
Remove Python `< 3.5` `selectors` fallbacks (#81872) 1 year ago
Matt Clay 9f899f9492
Require `from __future__ import annotations` (#81902) 1 year ago
Matt Clay b94ee1cefd
Drop Python 2.7 and Python 3.6 support (#81866)
* Drop Python 2.7 and Python 3.6 support

* Remove obsolete _json_compat
1 year ago
Matt Martz 553f51e728
Revert logic to use Popen.communicate (#80874)
* Back out use of communicate, add better comments, add bufsize, and align with subprocess._communicate

* tests

* re-order logic slightly

* more comments

* loopty loop

* yet another comment

* Revert "yet another comment"

This reverts commit 96cd8ada5fa0441b92f2298bdaa6cb40594847d2.

* Revert "loopty loop"

This reverts commit 96ea066f6a7d18902c04a14f18dd79b38e56f5e7.

* ci_complete

* Copy in comment too

* Wording updates

Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>

* Back out bufsize

---------

Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
1 year ago
Abhijeet Kasurde 923ede4f72
pep8: fix sanity for 3.12 (#81348)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
1 year ago
Matt Clay 43c31c5dc2
Use isinstance in unit tests for type checks (#80906) 2 years ago
Abhijeet Kasurde 652ddc4078
Fix pylint disallowed-name errors (#80854)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2 years ago
Arne de Laat 070ce87440
Add test for symbolic to octal when others is omitted (#80822)
* Add test for symbolic to octal when others is omitted

Add case when there should be no permissions for other.
And specific permissions for owner and group.

* Fix permissions test by explicitly setting no permissions for others

* Add additional cases where multiple permissions are specified
2 years ago
Matt Clay 2cd1744be3
Use ansible.module_utils.common.text.converters (#80704)
Replace use of old `ansible.module_utils._text` and add a unit test to maintain backwards compatibility.
2 years ago
Matt Martz 2a795e5747
Manage basic.selinux completely, instead of mocking potentially missing module (#80448)
* Manage basic.selinux completely, instead of mocking potentially missing module. Fixes #80436

* pep8
2 years ago
Matt Martz 6d1e355639
Only use the selectors code path when we are prompt matching (#79931) 2 years ago
Matt Clay 9d65e122ff
Fix detection of available hashlib algorithms (#79946)
* Fix detection of available hashlib algorithms

Detection of hashlib algorithms now works on Python 3.x.
The new implementation works on Python 2.7 and later.

Test coverage is provided by both integration and unit tests.

* Add additional details about hashlib in docs
2 years ago
Matt Clay 25d859f8fb
Clean up unused imports in unit tests (#79893) 2 years ago
Matt Martz 9acca5b3b9
Allow test to run on system with selinux enabled. Fixes #77564 (#79510) 2 years ago
Matt Clay 2595b42aca
Prefer unittest.mock over mock. (#77886) 3 years ago
Sam Doran 1b947eaf92
arg_spec - Return aliases in validation result and update aliases (#77576)
When looking up the `no_log` setting for a parameter that is an alias in
`AnsibleModule._log_invocation()`, the alias value will always be an
empty dictionary since `self.aliases` on the `AnsibleModule` instance is
never updated after initialization. Since the `no_log` setting is on the
canonical parameter not the alias, an incorrect warning is issued if the
parameter matches `PASSWORD_MATCH`.

This PR returns the aliases dictionary as an attribute of the
`ValidationResult` and updates the `aliases` attribute on the
`AnsibleModule` instance.
3 years ago
Matt Clay 1a5853d794
Remove obsolete units.compat.mock compat layer. (#77118)
* Remove obsolete units.compat.mock compat layer.
* Update remaining units.compat.mock references.
3 years ago
Matt Clay 2cd6cdc6a7
Fix duplicate unit test function names. (#77115)
* Fix duplicate unit test function names.
* Disable faulty tests.
3 years ago
Martin Krizek 23f95300bd
Intentional tests (#76051)
ci_complete
ci_coverage
3 years ago
Matt Martz 74f5367673
Ensure `heuristic_log_sanitize` returns correct data if no password found (#75570)
* Ensure heuristic_log_sanitize returns correct data if no password found. See #75542

* Need to allow code to flow through
3 years ago
Matt Clay ce6d8a143c
Code cleanup to prepare for pylint update. (#75475)
* user - Remove unused code.
* Replace deprecated abstractproperty decorator.
* Fix __all__ to be a tuple.
* Use a generator in subelements lookup.
* Use from import in basic.py
* Add changelog fragment.
* Fix selinux unit test.
3 years ago
Sam Doran 9a21e24778
get_distribution - Return distribution for all platforms (#71641)
Since moving to distro, it is possible to return this information for all platforms, not just Linux.
Also return version information for all platfrom not just Linux.
Update unit tests.
Remove some duplicate unit tests though I think there are more to remove.

* Fix docstring formatting

* Minor docstring changes

* Mock distro.id for Solaris service test

* Update comment
4 years ago
Matt Martz 98138584b7
Don't mutate os.environ in AnsibleModule.run_command, make a copy, and pass to Popen (#74791)
* Don't mutate os.environ in AnsibleModule.run_command, make a copy, and pass to Popen. Fixes #74783

* Simplify code a bit

* More simple

* Address some other potentially non threadsafe operations

* Add if around umask

* Address unit test assumptions

* Add clog frag

* yaml syntax issue
4 years ago
Matt Clay d4413dac08 Fix unit tests on Python 3.10. 4 years ago
Logistic Bot 7099657dd7
Basic: don't call lstat when check_mode (#64279)
While mode is specified in check_mode, don't call lstat.
Since file may not present.

Fixes: #61185
4 years ago
Matt Martz 17237c1d88
Deprecate Py2.6 support for target nodes (#74165) 4 years ago
Sam Doran abacf6a108
Use ArgumentSpecValidator in AnsibleModule (#73703)
* Begin using ArgumentSpecValidator in AnsibleModule

* Add check parameters to ArgumentSpecValidator

Add additional parameters for specifying required and mutually exclusive parameters.
Add code to the .validate() method that runs these additional checks.

* Make errors related to unsupported parameters match existing behavior

Update the punctuation in the message slightly to make it more readable.
Add a property to ArgumentSpecValidator to hold valid parameter names.

* Set default values after performining checks

* FIx sanity test failure

* Use correct parameters when checking sub options

* Use a dict when iterating over check functions

Referencing by key names makes things a bit more readable IMO.

* Fix bug in comparison for sub options evaluation

* Add options_context to check functions

This allows the parent parameter to be added the the error message if a validation
error occurs in a sub option.

* Fix bug in apply_defaults behavior of sub spec validation

* Accept options_conext in get_unsupported_parameters()

If options_context is supplied, a tuple of parent key names of unsupported parameter will be
created. This allows the full "path" to the unsupported parameter to be reported.

* Build path to the unsupported parameter for error messages.

* Remove unused import

* Update recursive finder test

* Skip if running in check mode

This was done in the _check_arguments() method. That was moved to a function that has no
way of calling fail_json(), so it must be done outside of validation.

This is a silght change in behavior, but I believe the correct one.

Previously, only unsupported parameters would cause a failure. All other checks would not be executed
if the modlue did not support check mode. This would hide validation failures in check mode.

* The great purge

Remove all methods related to argument spec validation from AnsibleModule

* Keep _name and kind in the caller and out of the validator

This seems a bit awkward since this means the caller could end up with {name} and {kind} in
the error message if they don't run the messages through the .format() method
with name and kind parameters.

* Double moustaches work

I wasn't sure if they get stripped or not. Looks like they do. Neat trick.

* Add changelog

* Update unsupported parameter test

The error message changed to include name and kind.

* Remove unused import

* Add better documentation for ArgumentSpecValidator class

* Fix example

* Few more docs fixes

* Mark required and mutually exclusive attributes as private

* Mark validate functions as private

* Reorganize functions in validation.py

* Remove unused imports in basic.py related to argument spec validation

* Create errors is module_utils

We have errors in lib/ansible/errors/ but those cannot be used by modules.

* Update recursive finder test

* Move errors to file rather than __init__.py

* Change ArgumentSpecValidator.validate() interface

Raise AnsibleValidationErrorMultiple on validation error which contains all AnsibleValidationError
exceptions for validation failures.

Return the validated parameters if validation is successful rather than True/False.

Update docs and tests.

* Get attribute in loop so that the attribute name can also be used as a parameter

* Shorten line

* Update calling code in AnsibleModule for new validator interface

* Update calling code in validate_argument_spec based in new validation interface

* Base custom exception class off of Exception

* Call the __init__ method of the base Exception class to populate args

* Ensure no_log values are always updated

* Make custom exceptions more hierarchical

This redefines AnsibleError from lib/ansible/errors with a different signature since that cannot
be used by modules. This may be a bad idea. Maybe lib/ansible/errors should be moved to
module_utils, or AnsibleError defined in this commit should use the same signature as the original.

* Just go back to basing off Exception

* Return ValidationResult object on successful validation

Create a ValidationResult class.
Return a ValidationResult from ArgumentSpecValidator.validate() when validation is successful.
Update class and method docs.
Update unit tests based on interface change.

* Make it easier to get error objects from AnsibleValidationResultMultiple

This makes the interface cleaner when getting individual error objects contained in a single
AnsibleValidationResultMultiple instance.

* Define custom exception for each type of validation failure

These errors indicate where a validation error occured. Currently they are empty but could
contain specific data for each exception type in the future.

* Update tests based on (yet another) interface change

* Mark several more functions as private

These are all doing rather "internal" things. The ArgumentSpecValidator class is the preferred
public interface.

* Move warnings and deprecations to result object

Rather than calling deprecate() and warn() directly, store them on the result object so the
caller can decide what to do with them.

* Use subclass for module arg spec validation

The subclass uses global warning and deprecations feature

* Fix up docs

* Remove legal_inputs munging from _handle_aliases()

This is done in AnsibleModule by the _set_internal_properties() method. It only makes sense
to do that for an AnsibleModule instance (it should update the parameters before performing
validation) and shouldn't be done by the validator.

Create a private function just for getting legal inputs since that is done in a couple of places.

It may make sense store that on the ValidationResult object.

* Increase test coverage

* Remove unnecessary conditional

ci_complete

* Mark warnings and deprecations as private in the ValidationResult

They can be made public once we come up with a way to make them more generally useful,
probably by creating cusom objects to store the data in more structure way.

* Mark valid_parameter_names as private and populate it during initialization

* Use a global for storing the list of additonal checks to perform

This list is used by the main validate method as well as the sub spec validation.
4 years ago
Matt Davis 4c5ce5a1a9
module compat for py3.8+ controller (#73423)
* module compat for py3.8+ controller

* replaced internal usages of selinux bindings with internal ctypes binding (allows basic selinux operations from any Python interpreter), plus tests

* added new respawn_module API to allow modules to import Python packages that are only available under a well-known interpreter, plus tests

* added respawn logic to modules that need Python libs from a specific system interpreter (apt, apt_repository, dnf, yum)

minimize internal HAVE_SELINUX usage

spurious junk

pep8

* pylint fixes

* add RHEL8 Python 3.8 testing

* more pylint

* import sanity

* unit tests

* changelog update

* fix a bunch of stuff

* tweak changelog

* fix setup_rpm_repo on EL8

* misc sanity/test fixes

* misc feedback tweaks

* fix import fallback in test module

* fix selinux MU test

* fix dnf tests to avoid python-dependent test packages

* add trailing LFs to aliases

* fix yum tests to avoid test package with Python deps

* hack create_repo for EL6 to create noarch package
4 years ago
Alexander Sowitzki e6da544310 Let `command` always return stdout & stderr (#73004)
The `command` module does not return stdout & sterr when calling
a non existing executable or an unknown exception arises. This fix
lets the module return empty byte strings in those cases.
4 years ago
Brian Coca 932ba36160
ensure unsafe writes fallback (#70722)
* Ensure we actually fallback to unsafe_writes when set to true

 add integration test
 add fix for get_url not passing the parameter from args
4 years ago
Pilou b464d18fd1
AnsibleModule.set_mode_if_different: handle symlink is in a sticky directory (#45198)
* file: add symlink is in a sticky directory tests
* file: handle symlink in a sticky directory

Co-Authored-By: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>

* Add changelog and fix unit test
The builtins import was removed since it was unused, but it is now needed.
4 years ago
Alexei Znamensky 5654de6fce
Return error if cwd directory does not exist (#72390)
* Return warning or error if cwd directory does not exist, in AnsibleModule.run_command()
4 years ago
Rick Elrod 5cd489af06
Let get_file_attributes() work without `lsattr -v` (#71845)
* Let get_file_attributes() work without `lsattr -v`

Change:
- module_utils's get_file_attributes() expects `lsattr -v` to work, but
  in some cases, it may not.
- The function now takes an optional include_version bool parameter,
  which removes this expectation.
- Places where we call get_file_attributes() without using the 'version'
  it returns, we now call it with include_version=False.

Test Plan:
- New unit tests

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Sam Doran 888be697cb
Revert "Change default file permissions so they are not world readable (#70221)" (#71231)
* Revert "Change default file permissions so they are not world readable (#70221)"

This reverts commit 5260527c4a.

* Revert "Fix warning for new default permissions when mode is not specified (#70976)"

This reverts commit dc79528cc6.
4 years ago
Abhijeet Kasurde e439194c8c
basic: Add name of aliases in error message (#69427)
With this patch, user will be notified with available aliases
of arg parameter.

Fixes: #58752

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Sam Doran 5260527c4a
Change default file permissions so they are not world readable (#70221)
* Change default file permissions so they are not world readable

CVE-2020-1736

Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.

A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.

- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions
4 years ago