Commit Graph

2874 Commits (92fb7dbec1f3ba03a4a55d25ea4ca4ce4179516e)

Author SHA1 Message Date
Matt Martz 2cdc3834c9
[stable-2.10] Don't show params when there is an issue with `set_option(s)` (#75805) (#75809)
(cherry picked from commit 79e9dae)

Co-authored-by: Matt Martz <matt@sivel.net>
3 years ago
Sloane Hertel e30ffb8499
[2.10] Fix using module-specific module_defaults in action plugins (#74850)
* Use the module redirect_list when getting defaults for action plugins (#73864)

* Fix module-specific defaults in the gather_facts, package, and service action plugins.

* Handle ansible.legacy actions better in get_action_args_with_defaults

* Add tests for each action plugin

* Changelog

Fixes #72918

(cherry picked from commit 5640093f1c)

* Fix tests for < 3.8

(cherry picked from commit 267b7215b3)
4 years ago
Sloane Hertel 093986dfaf
[2.10] ansible-galaxy - increase page size and add retry decorator (#74649)
* ansible-galaxy - increase page size and add retry decorator for throttling (#74240)

* Get available collection versions with page_size=100 for v2 and limit=100 for v3

* Update unit tests for larger page sizes

* Add a generic retry decorator in module_utils/api.py that accepts an Iterable of delays and a callable to determine if an exception inheriting from Exception should be retried

* Use the new decorator to handle Galaxy API rate limiting

* Add unit tests for new retry decorator

* Preserve the decorated function's metadata with functools.wraps

ci_complete

Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
(cherry picked from commit ee725846f0)

* Add changelog for ansible-galaxy improvements (#74738)

Changelog for #74240

(cherry picked from commit 9cfedcd9c9)
4 years ago
Brian Coca 55ad72992d defend against bad or missing crypt (#74304)
* defend against bad or missing crypt

  fixes #74279

(cherry picked from commit 4494ef3a9d)
4 years ago
Fernando Correia 0d25d392aa
Detect Homebrew on Mac M1 (Apple Silicon) (#74378) (#74400)
Homebrew's default install location for macOS on ARM is /opt/homebrew.
Source: https://docs.brew.sh/FAQ

On a Mac M1 (Apple Silicon), homebrew will be installed at
/opt/homebrew/bin/brew.
4 years ago
Gonéri Le Bouder e85732f7e6
[ansible-test] attempt to work around podman (#72096) (#73569)
Change:
- podman > 2 && < 2.2 does not support "images --format {{json .}}"
- podman also now outputs images JSON differently than docker
- Work around both of the above.

Test Plan:
- Tested with podman 2.0.6 in Fedora 31.

Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
(cherry picked from commit 0332046699)

Co-authored-by: Rick Elrod <rick@elrod.me>
4 years ago
Brian Coca 2f51105936
only add data when there is data to add (#54559) (#73566)
Only add data when there is data to add

  also avoid clobbering existing data with empty file
  fixes #45843

* remove redundant code, update comments
* fix mock dataloader, original does not return None
* added test

(cherry picked from commit ec8a556538)
4 years ago
Sam Doran 77b76a3270
[stable-2.10] Add AlmaLinux to the family of Red Hat-like operating systems (#73541) (#73543)
* Add changelog and fixtures for AlmaLinux support

Co-authored-by: Christoph Schug <com+github@schug.net>
(cherry picked from commit 2f5c83dfb1)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Sam Doran e75570ba83
[stable-2.10] Fix YAML error message when error is at the end of the file (#73241) (#73296)
If a YAML file fails to load due to a syntax error in a file, or there is an error in the last line of a
file, PyYAML reports the last line number of the file as the index where the error occurred.

When reading the file lines, we use that index to the get the relevant line.  If the index value is out
of range, the relevant line is lost for error reporting.

Subtract one from the index value to avoid the IndexError in this specific scenario. It is possible
to still get an IndexError, which will be handled as it is currently.

* Update existing tests and add new tests
(cherry picked from commit e8d4b62b41)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Sam Doran 70fb5ae36a
[stable-2.10] facts - properly report virtualization facts for Linux guests on bhyve (#73204). (#73233)
(cherry picked from commit df451636e7)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Brian Coca 148240099a
ensure unsafe writes fallback (#70722) (#73144)
* Ensure we actually fallback to unsafe_writes when set to true

 add integration test
 add fix for get_url not passing the parameter from args

(cherry picked from commit 932ba36160)

* Added clog missing for issue 70722 (#73175)

(cherry picked from commit d6670da1d7)
4 years ago
Alexei Znamensky 71ef981191
Backport/2.10/72390 (#72690)
* Return error if cwd directory does not exist (#72390)

* Return warning or error if cwd directory does not exist, in AnsibleModule.run_command()

(cherry picked from commit 5654de6fce)

* added flag in run_command signature to control behaviour when cwd does not exist
4 years ago
Sam Doran 7f1ee07634
[stable-2.10] iptables: Reorder comment postition (#71496) (#72548)
(cherry picked from commit c1da427a5e)

Co-authored-by: Amin Vakil <info@aminvakil.com>
4 years ago
Sam Doran ba25a1cdf1
[stable-2.10] AnsibleModule.set_mode_if_different: handle symlink is in a sticky directory (#45198) (#72863)
* file: add symlink is in a sticky directory tests
* file: handle symlink in a sticky directory

Co-Authored-By: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>

* Add changelog and fix unit test
The builtins import was removed since it was unused, but it is now needed.
(cherry picked from commit b464d18fd1)

Co-authored-by: Pilou <pierre-louis.bonicoli@libregerbil.fr>
4 years ago
Matt Davis 69d5ce9b41
Remove ansible-galaxy login (#72288) (#72320)
* GitHub is removing the underlying API used to implement the `login` command. Since the general consensus seems to be that relatively nobody currently uses this command (in favor of explicit token passing), support was simply removed for interactive login. If a future need arises, this command should be reimplemented via OAuth Device Auth Grants.
* login or role login commands now produce a fatal error with a descriptive message
* updated 2.10 porting guide entry

* remove dead code/config, update messages and porting guides

(cherry picked from commit 83909bfa22)
4 years ago
Abhijeet Kasurde 98cc9cb834
[2.10] AnsibleVaultEncryptedUnicode should be considered a string (#72216)
* AnsibleVaultEncryptedUnicode should be considered a string
* linting fix
* clog frag

(cherry picked from commit 48f12c14e9)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Felix Fontein 961ead55c6
Add deprecation collection name to plugin options (#71735) (#72081)
* Add changelog fragment.

* Use correct field that's expected by lib/ansible/cli/__init__.py..

* Add basic unit tests.

(cherry picked from commit 1107aace1b)
4 years ago
Christian Loos 505df0d564
fix distribution fact for SLES4SAP (#71559) (#72026)
b6b238a fixed the SLES4SAP detection, which was at this time ok.
Sadly Suse changed with SLES 15 the /etc/os-release file, so the above
change will no longer work.

This commit updates the SLES4SAP detection regarding
https://www.suse.com/support/kb/doc/?id=000019341.

The symlink realpath is matched with endswith, because in SLES 12+ the
link target is SLES_SAP.prod, but in SLES 11 the link target is
SUSE_SLES_SAP.prod.

(cherry picked from commit ea119d3089)
4 years ago
Rick Elrod 70172dde27
Add intentional unit tests for basic._set_cwd and common.dict_merge (#70283) (#72160)
* Add unit tests for basic._set_cwd

* incidental coverage for dict_merge

* add test for async stderr inclusion

(cherry picked from commit b019029bf3)

Co-authored-by: jctanner <tanner.jc@gmail.com>
4 years ago
Matt Davis 07a9de1247
fix coverage output from synthetic packages (#71727) (#71748)
* fix coverage output from synthetic packages

* synthetic packages (eg, implicit collection packages without `__init__.py`) were always created at runtime with empty string source, which was compiled to a code object and exec'd during the package load. When run with code coverage, it created a bogus coverage entry (since the `__synthetic__`-suffixed `__file__` entry didn't exist on disk).
* modified collection loader `get_code` to preserve the distinction between `None` (eg synthetic package) and empty string (eg empty `__init__.py`) values from `get_source`, and to return `None` when the source is `None`. This allows the package loader to skip `exec`ing things that truly have no source file on disk, thus not creating bogus coverage entries, while preserving behavior and coverage reporting for empty package inits that actually exist.

* add unit test

(cherry picked from commit e813b0151c)
4 years ago
Rick Elrod 9a48ffd61b
Attempt at reverting CVE-2020-1736 changes [2.10] (#71514)
* Revert atomic_move changes
* add note about mode reverts in porting guide

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Jordan Borean b936539ae1
powershell - fix nested CLIXML parser (#71412) (#71451)
(cherry picked from commit 8897d7e2ff)
4 years ago
Toshio Kuratomi 6b639f147d
[stable-2.10] Update ansible doc formats (#71070) (#71111)
* Fix tty_ify bugs and refactor

* Move tty_ify() and supporting attributes to the DocCLI class as that's
  the only thing using it.
* Add unittest for the code.
* Fix a bug where the substitution macros can be detected when they are
  a part of another word.
* Add support for L(), R(), and HORIZONTALLINE which were added to the
  website docs many years ago.

* Update test/units/cli/test_doc.py

Co-authored-by: Matt Clay <matt@mystile.com>

Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit fb144c4)

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
4 years ago
Rick Elrod 6e3271aa61
[stable-2.10] Revert default mode changes (#71260)
* Revert "[stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)" (#71236)"

This reverts commit c968020d52.

* Revert "Remove porting guide entry related to reverted change (#71242)"

This reverts commit 006a21eae2.
4 years ago
Sam Doran c968020d52
[stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)" (#71236)
* [stable-2.10] Revert "Fix warning for new default permissions when mode is not specified (#70976) (#70985)"

This reverts commit 5cb96087e6.

* [stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)"

This reverts commit 7e4cffc5d2.
4 years ago
Sam Doran 719c40bfdf
[stable-2.10] facts - fix incorrect time for some date_time_facts (#70665) (#70996)
* [stable-2.10] facts - fix incorrect time for some date_time_facts (#70665)

The iso8601_micro and iso8601 facts incorrectly called now.utcnow(), resulting
in a new timestamp at the time it was called, not a conversion of the previously
stored timestamp.

Correct this by capturing the UTC timestamp once then calculating the local
time using the UTC offset of the current system.

* Use time.time() for getting the current time
* Convert from that stored epoch timestamp to local and UTC times
* Used existing timestamp for epoch time
* Add unit tests that validate the formate of the return value rather than an exact value since mocking time and timezone is non-trivial
(cherry picked from commit c4f442ed5a)

Co-authored-by: Sam Doran <sdoran@redhat.com>

* Remove tests for tz_dst since that only exists in newer versions
4 years ago
Brian Coca 9b992c0b78
reset logging to INFO (#70878) (#70881)
- due to CVE-2019-14846
 - also added comments and test to avoid 'oportunistic' reversion

(cherry picked from commit 1223ce656a)
4 years ago
Matt Davis cc8d180801
fix internal cases of actions calling unqualified module names (#70818) (#70840)
* fix internal cases of actions calling unqualified module names

* add porting_guide entry
* misc other fixes around action/module resolution broken by redirection

ci_complete

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* address review feedback

* pep8

* unit test fixes

* win fixes

* gather_facts fix module args ignores

* docs sanity

* pep8

* fix timeout test

* fix win name rewrites

Co-authored-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 4c0af6c808)
4 years ago
Sam Doran 7e4cffc5d2
[stable-2.10] Change default file permissions so they are not world readable (#70221) (#70824)
* Change default file permissions so they are not world readable

CVE-2020-1736

Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.

A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.

- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions.
(cherry picked from commit 5260527c4a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
David Shrewsbury 7cdba7c923
Sanitize URI module keys with no_log values (#70762) (#70820)
* Add sanitize_keys() to module_utils.

* More robust tests

* Revert 69653 change

* Allow list or dict

* fix pep8

* Sanitize lists within dict values

* words

* First pass at uri module

* Fix insane sanity tests

* fix integration tests

* Add changelog

* Remove unit test introduced in 69653

* Add ignore_keys param

* Sanitize all-the-things

* Ignore '_ansible*' keys

* cleanup

* Use module.no_log_values

* Avoid deep recursion issues by using deferred removal structure.

* Nit cleanups

* Add doc blurb

* spelling

* ci_complete

(cherry picked from commit bf98f031f3)
4 years ago
Matt Martz 7eb5f53294
[stable-2.10] Ensure single vaulted values aren't counted as sequences. Fixes #70784 (#70786) (#70791)
(cherry picked from commit 96b74d3)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Sam Doran 9b8a649f2e
[stable-2.10] Handle Slackware OS version strings containing a plus (“+”) (#68142) (#70717)
A couple of years ago Slackware -current began using a plus (“+”) at the end of the distribution version string to indicate a future version work-in-progress.

Rearrange distribution_files unit tests to easily support more tests
  - add conftest with common fixtures
  - use parametrize for testing multiple scenarios

* Add changelog
* Add unit tests for Slackware distribution parsing
* Use correct fixtures for Slackware
Data comes from /etc/slackware-version

Co-authored-by: Sam Doran <sdoran@redhat.com>
Co-authored-by: <Eduard Rozenberg <eduardr@pobox.com>>
(cherry picked from commit 566c5e6ce1)

Co-authored-by: Eduard Rozenberg <2648417+edrozenberg@users.noreply.github.com>

Co-authored-by: Eduard Rozenberg <2648417+edrozenberg@users.noreply.github.com>
4 years ago
Abhijeet Kasurde ed07821a59
[2.10] api: time.clock compatible code (#70677)
time.clock is removed in Python 3.8. Add time.clock
compatible code.

Fixes: #70649

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 055871cbb8)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Brian Coca 6cd015d7e2
Make filter type errors 'loop friendly' (#70417) (#70574)
- ensure we preserve the typeerror part of the exception so loop defereed error handling
 can postpone those caused by undefined variables until the when check is done.
 - fix tests to comply with the 'new normal'

 - human_to_bytes and others can issue TypeError not only on 'non string'
 but also bad string that is not convertable.

Co-authored-by: Sloane Hertel <shertel@redhat.com>

Co-authored-by: Sloane Hertel <shertel@redhat.com>
(cherry picked from commit cf89ca8a03)
4 years ago
Felix Fontein 15355ed059
[2.10] ansible-doc: include collection name in text output / plugin loader: return collection name; ansible-doc: handle ansible.builtin correctly (#70572)
* ansible-doc: include collection name in text output (#70401)

* ansible-doc: include collection name in text output

* Be more careful to not accidentally pass ansible.builtin for user-supplied modules.

(cherry picked from commit f4c89eab23)

* plugin loader: return collection name; ansible-doc: handle ansible.builtin correctly (#70026)

* Determine collection in plugin loader.

* Fix test.

* Use PluginPathContext objects in PluginLoader._plugin_path_cache instead of tuples.

(cherry picked from commit 24dcaf8974)
4 years ago
Martin Krizek 7dfda4026e
Fix delegate_facts with interpreter not being set (#70293) (#70384)
Fixes #70168

ci_complete

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit b05e00e99a)
4 years ago
Abhijeet Kasurde e1c0688e43
[2.10] Improve ansible-galaxy STDOUT messages for collections (#70379)
- Fix issue #70010
- Add installation successful message
- This feature targets "collection" sub-command and does not affect "role" sub-command

Signed-off-by: Hideki Saito <saito@fgrep.org>
(cherry picked from commit 2d59e548f6)

Co-authored-by: Hideki Saito <saito@fgrep.org>
4 years ago
Matt Davis 1e03b54d23
refactor Python module_utils locator (#70610) (#70711)
* refactor Python module_utils locator

* no longer recursive
* embed special-case module code internally
* share common code between collections/not cases
* fixes #70134
* properly support subpackage redirection
* adds support for FQCN redirect targets used by migration (expands to FQ Python name)
* add tests

* add changelog

(cherry picked from commit c616e54a6e)
4 years ago
Sam Doran 95ec1618ef
[stable-2.10] Only pass kwargs to our string checker not callable checkers (#70151) (#70170)
Since only check_type_str() accepts extra param, only pass to our checker and
do not pass kwargs to custom checkers.

* Add unit tests
(cherry picked from commit bc05415109)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Matt Clay 8cd66ce95a [stable-2.10] Clean up unit test boilerplate.
(cherry picked from commit 98a0995fd0)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Davis de63cba7e8
transparent downstream vendoring (#69850)
* builtin downstream vendoring support

* allows downstream packagers to install packages to `ansible/_vendor` that will automatically be added to head of sys.path during `ansible` package load
* tests

* sort conflicting package names in warning text

* sanity fixes

* skip unnecessary comparison
5 years ago
Sam Doran d45cb01b84
ansible-galaxy - fix collection installation with trailing slashes (#70016)
If we fail to find a member when extracting a directory, try adding a trailing
slash to the member name. In certain cases, the member in the tarfile will
contain a trailing slash but the file name in FILES.json will never contain
the trailing slash.

If unable to find the member, handle the KeyError and print a nicer error.

Also check if a directory exists before creating it since it may have been
extracted from the archive.

Fixes #70009

* Add unit tests
* Use loop for trying to get members
5 years ago
Matt Clay 8ffaed00f8 Add Azure Pipelines support to ansible-test. 5 years ago
James Cassell 47d14a33bd
config: singular ANSIBLE_COLLECTIONS_PATH (#70007)
* config: singular ANSIBLE_COLLECTIONS_PATH

Every other *_PATH setting in ansible is singular, and the traditional
$PATH variable is also singular despite containing a list of
directories.  Let's be consistent both internally and with POSIX
tradition.

* update all ANSIBLE_COLLECTIONS_PATHS env references to be singular

* deprecate plural ANSIBLE_COLLECTIONS_PATHS setting
5 years ago
Jordan Borean d30fc6c0b3
galaxy - preserve symlinks on build/install (#69959)
* galaxy - preserve symlinks on build/install

* Handle directory symlinks

* py2 compat change

* Updated changelog fragment
5 years ago
Sloane Hertel 51f6d129cb
support hard coded module_defaults.yml groups for collections (#69919)
* Only allow groups which were hardcoded in module_defaults.yml

only load action groups from the collection if module_defaults contains a potential group for the action

* Fix tests using modules that override those whitelisted in lib/ansible/config/module_defaults.yml

Third party modules should not be using group/ - use the action name instead

* add externalized module_defaults tests

add the missing group and collections

ci_complete

Co-authored-by: Matt Davis <mrd@redhat.com>

* changelog

ci_complete

* Fix import in tests

ci_complete

* Update with requested changes

ci_complete

* don't traceback since we don't validate the contents of module_defaults

ci_complete

Co-authored-by: Matt Davis <mrd@redhat.com>
5 years ago
Felix Fontein a862ff2d43
Deprecation revisited (#69926)
* Allow to specify collection_name separately for deprecation.

* Use new functionality in Ansible.

* Use new functionality in tests.

* Update tagging/untagging functions.

* Update pylint deprecated sanity test.

* Update validate-modules. Missing are basic checks for version_added (validate semantic version format for collections).

* Improve version validation. Re-add version_added validation.

* Make sure collection names are added to return docs before schema validation.

* Extra checks to avoid crashes on bad data.

* Make C# module utils code work, and update/extend tests.

* Add changelog fragment.

* Stop extracting collection name from potentially tagged versions/dates.

* Simplify C# code.

* Update Windows modules docs.

* Forgot semicolons.
5 years ago
Matt Davis 984216f52e
various deprecation, display, warning, error fixes for collections redirection (#69822)
* various deprecation, display, warning, error fixes

* Update lib/ansible/utils/display.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update lib/ansible/utils/display.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update lib/ansible/utils/display.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* cleanup, test fixes

* add collection name to deprecated() calls

* clean up redirect entries from uncommitted tests

* fix dep warning/error header text to match previous

Co-authored-by: Felix Fontein <felix@fontein.de>
5 years ago
Brian Coca 062e780a68
starting metadata sunset (#69454)
* starting metadata sunset

 - purged metadata from any requirements
 - fix indent in generic handler for yaml content (whey metadata display was off)
 - make more resilient against bad formed docs
 - removed all metadata from docs template
 - remove metadata from schemas
 - removed mdata tests and from unrelated tests

Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Rick Elrod <rick@elrod.me>
5 years ago
Alex Schultz 247e43b252
Fix IncludedFile equality check (#69524)
In the case of a free style strategy, it is possible to end up with
multiple hosts trying to include from the same role, however the tasks
being included may be different with the use of tasks_from.  Previously
if you had two hosts that were included the same role when the
process_include_results function tries to determine if a included needs
to be run on a specific host, it would end up merging two different
tasks into which ever one was processed first.

This change updates the equality check to also check if the task uuid
associated with the IncludedFile is the same. The previous check only
checked if the task's parent uuid was the same. This breaks down when
both includes have the same parent.

    - hosts: all
      strategy: free
      gather_facts: false
      tasks:
        - include_role:
            name: random_sleep
        - block:
          - name: set a fact (1)
            include_role:
              name: set_a_fact
              tasks_from: fact1.yml
          - name: set a fact (2)
            include_role:
              name: set_a_fact
              tasks_from: fact2.yml
        - name: include didn't run
          fail:
            msg: >
              set_a_fact didn't run
              fact1: {{ fact1 | default('not defined')}}
              fact2: {{ fact2 | default('not defined') }}"
          when: (fact1 is not defined or fact2 is not defined)

Closes #69521
5 years ago