* fix script failed_when bypass
* misuse of AnsibleActionFail for a retryable/alterable error case
* add tests
Co-authored-by: Matt Clay <matt@mystile.com>
* type annotation fixes
---------
Co-authored-by: Matt Clay <matt@mystile.com>
* Add test for a handler including tasks from a variable filename
* Add FieldAttributeBase attribute to indicate if the object should be post validated
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* always allow Marker args to pass through
* always disable pre-emptive trip-on-retrieval for Macro JinjaCallContext
* add macro-callable template expression result test cases
Co-authored-by: Matt Clay <matt@mystile.com>
* replace usage of `IOError` as it is an alias to `OSError`
* replace usage of `socket.error` as it is an alias to `OSError`
* use subclasses of `OSError` rather than inspecting `errno`s
* utilize `exist_ok` parameter of `os.makedirs` rather than ignoring
`FileExistsError`
Make the following changes to the exception handling this patch already
updates to be consistent with the new code:
* use `ex` as a name for exception being handled
* use `from ex` when re-raising exception for additional context
* use f-strings and `!r` for quoting
* pass exceptions to the `exception` parameter of `fail_json`
* use `display.error_as_warning` rather than passing stringified
exception into `display.warning`
Co-authored-by: Matt Clay <matt@mystile.com>
* deprecate DEFAULT_MANAGED_STR and prevent masking of ansible_managed var
* adjust public API behavior
* restore backward-compatible behavior on existing public API
- from_yaml/from_yaml_all filters now preserve trust
- YAML dumping can once again handle undecryptable vaulted values
- increased test coverage
Co-authored-by: Matt Davis <nitzmahone@redhat.com>
* doc - Dynamically document jinja builtins
This change has `ansible-doc` dynamically generate the documentation for
any Jinja builtin filter and test plugins. These dynamic stubs will
point to the official Jinja documentation pages for more information.
* Fix sanity issues
* Add tests
* Update Jinja builtin doc gen
Co-authored-by: Matt Clay <matt@mystile.com>
---------
Co-authored-by: Matt Davis <nitzmahone@redhat.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* Clean up TE error handling, wrap sigalrm handler
* Preserve error detail on AnsibleAction and Connection exceptions.
* Remove multiple layers of unreachable or redundant error handling.
* Wrap manual alarm signal/timeout handling into a context manager, add tests.
Co-authored-by: Matt Clay <matt@mystile.com>
* update error message check in test
* update test timeout message assertions
---------
Co-authored-by: Matt Clay <matt@mystile.com>
async_status and async_wrrapper now use booleans instead of 0/1 for 'thruthyness'
gather_facts also updated
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Matt Clay <matt@mystile.com>
* Add support for Windows App Control/WDAC
Adds preview support for Windows App Control, formerly known as WDAC.
This is a tech preview feature and is designed to test out improvements
needed in future versions of Ansible.
* Use psd1 and parse it through the Ast to avoid any unexpected execution results
* Add tests for various manifest permutations
* Ignore test shebang failure
* Apply suggestions from code review
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* Use more flexible test expectations
* Add type annotations for shell functions
---------
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* ansible-test - Improve deprecated checking type inference
Also disabled the ``bad-super-call`` pylint rule due to false positives.
* Add type comment support
* Try without using register_transform
For calling setup_test_user, which adds a user to the system (and thus requiring
root):
- become
- become_su
- become_sudo
- slurp
And also:
- apt, which installs/removes system packages
- deb822_repository, which adds/removes apt repos
- hardware_facts calls losetup, which requires root
- package_facts, which installs/removes system packages
Co-authored-by: Lee Garrett <lgarrett@rocketjump.eu>
Fix the logic for a constructable inventory `keyed_groups` entry to use
the `default_value` if the ``key` expression result is `None` or `omit`
and not just an empty string. This bug was introduced with the changes
in data tagging and goes back to the original behaviour.
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
* template module - render `None` as empty string
* Update changelogs/fragments/template-none.yml
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
---------
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* remove dead config comment noise
* update `list` typed config defaults to be lists
* fix tag preservation/propagation in config
* numerous other ensure_type bugfixes
* 100% unit test coverage of ensure_type
* emit warnings on template_default failures
* fix unhandled exception in convert_bool on unhashable inputs
Co-authored-by: Matt Clay <matt@mystile.com>
---------
Co-authored-by: Matt Clay <matt@mystile.com>
* See changelog fragment for most changes.
* Defer early config warnings until display is functioning, eliminating related fallback display logic.
* Added more type annotations and docstrings.
* ansible-test - pylint sanity for deprecations improved.
* Refactored inline legacy resolutions in PluginLoader.
Co-authored-by: Matt Clay <matt@mystile.com>
* Implement TaskResult backward compatibility for callbacks
* general API cleanup
* misc deprecations
Co-authored-by: Matt Clay <matt@mystile.com>
* fix v2_on_any deprecation exclusion for base
---------
Co-authored-by: Matt Clay <matt@mystile.com>
* Fix test_range_templating on 32-bit architectures
32-bit archtectures like i386, armel, armhf will fail with the error
ansible._internal._templating._errors.AnsibleTemplatePluginRuntimeError: The
filter plugin 'ansible.builtin.random' failed: Python int too large to convert
to C ssize_t
So just pick sys.maxsize (2**31 - 1) so it works on 32 bit machines.
---------
Co-authored-by: Lee Garrett <lgarrett@rocketjump.eu>
Co-authored-by: Matt Clay <matt@mystile.com>
* Use `_UNSET` instead of allowing `ellipsis`
* Fix deprecation warning pre-check
* Deprecation warnings from modules can now be disabled.
* Deprecation warnings from modules get the "can be disabled" notice.
* Include help text in pre-display fatal errors
* Simplify lookup warning/debug messaging
* Fix return type of `timedout` test plugin
* Use `object` for `_UNSET`
* Remove obsolete `convert_data` tests
* Remove unnecessary template from test
* Improve legacy YAML objects backward compat
* Fix templar backward compat for None overrides
* Added support for URL-safe decoding into b64decode
* Added support for URL-safe encoding into b64encode
Fixes: #84147
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
* Add ssh-agent launching, and ssh-agent python client
* Move things around, is this better??
* docs
* postpone creating dir after bin lookup
* fix method name
* changelog ssh agent
* address reviews
* fix typing
* do not redefine public_key
* typing
* more typing
* Catch OSError when starting ssh agent
* likely copy pasted old code
* var type fix
* why is this needed?
ci_complete
* ignoring the change for now
* write out pub key file atomically
* defensive timeout for the socket
* _populate_agent docstring
* do not allow setting these in config
* check expected length before slicing blobs
* test all key types
* remove lock/unlock functionality
* docstring
* private _ssh_agent
* .
* launch agent in cli and ansible_ssh_*
* additional info for ssh-agent comment
* Add tests for remove and remove_all
* comment on os.rename
* hopefully mitigate agent startup/delays problems
* exceptions
* unused import
* fix sanity
* perf
---------
Co-authored-by: Matt Martz <matt@sivel.net>
* Git allows embedding username and password in repo URL for
https authentication. This may lead to exposing the user sensitive
information to logs and unautheticated users.
Adding no_log will partially solve this.
* Added documentation warning user about URL embedded with username
and password.
* Added logic to remember user sensitive information for later sanitization
Fixes: #84557
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
* Clean up interpreter discovery
- Deprecated `auto_legacy` and `auto_legacy_silent`
- Removed obsolete platform fallback config and logic
- Replaced unit tests with integration tests
- Increased test coverage
Fixes the coverage collection for Windows and async tasks. This ensures
the async task still has access to the PSHost so that it can access the
runspace debugger tasks on the host.
Updates the Windows exec runner in preparation for the WDAC changes.
This new process is designed to improve the way modules are run by
Windows and expose common functionality to run PowerShell code in a
common environment. It also includes futher changes to improve the error
handling to make it easier to see where an error occurred in the running
code.
* Fix apt and dpkg_selections tests
The tests now support aarch64.
They also have reduced dependencies on URLs hosted on third-party servers.
* Skip tests on unsupported platforms
* Use same package version for both tests
* Fix multi-arch support for Ubuntu 22.04
* uri: form location correctly from relative redirect
Previously, the original URL would be combined with the relative location incorrectly, especially for URL of any complexity.
Add simple tests demonstrating the problem that fail without the fix
* fix pylint error, import the method similar to other uri methods
* add changelog fragment
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
Refactor the async wrapper and watchdog scripts for Windows. This
attempts to avoid WMI on connection plugins that allow breaking away
from a job like winrm and ssh as an optimisation and changes how WMI is
used so that we can get the error details on a failed process more
easily.
These changes are being made also in preparation for the WDAC
implementation that requires this new execution model where input needs
to be provided through stdin.
This patch marks the `ansible.module_utils.compat.datetime` module as deprecated, including `UTC`, `utcfromtimestamp()` and `utcnow` shims that it provides, scheduling its removal for v2.21.
It also replaces any uses of the compatibility helpers with non-deprecated calls to CPython stdlib.
PR #81874
Co-authored-by: Matt Clay <matt@mystile.com>
Prevents `Group state for \"customenvgroup\" not found` error which may
or may not be a regression in dnf5. Just name groups/envs uniquely to
workaround the issue.
Removes the use of pexpect in the winrm connection plugin and rely on
just subprocess. In the past pexpect was used for macOS compatibility so
that it could handle the TTY prompt but after testing it seems like
subprocess with `start_new_session=True` is enough to get it reading
from stdin on all platforms. This simplifies the code as there's no
longer an optional library changing how things are called and will work
out of the box.
* Simplify conditional for service_facts integration test
This test requires systemd, so just test for that. Also fixes running this on
Debian testing/unstable releases, where ansible_distribution_version is "n/a".
* Clean up after service_facts integration test
* Simplify set_fact in interpreter_discovery_python test
Those vars are always set, either to something discovered, or "n/a". There are
no evaluations against the value "unknown".
* interpreter_discovery_python: Fix Debian test
Debian doesn't set VERSION_ID in /etc/os-release on pre-releases, see
https://bugs.debian.org/1008735
ansible 2.17 onwards does not support python 2.7 anyway.
* fix deb822_repository integration test failure on Debian
* Fix integration test hostname for Debian
* Fix integration test mount_facts
Some VMs might only have a single mount point, so they only have a single UUID.
* Add package deps for integration test subversion
/usr/bin/htpasswd is shipped in apache2-utils and needed by the main playbook.
* Fix integration test "service" on Debian sid
Debian sid does not set ansible_distribution_version, as such any tests assuming
it's a numeric value will fail. Since this is ancient test code that predates
ansible_service_mgr, remove the error-prone heuristic and rely on that var
instead.
* Fix service integration tests not running on *BSD
---------
Co-authored-by: Lee Garrett <lgarrett@rocketjump.eu>
No the file name that caused the error will be apparent
---------
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
Co-authored-by: Abhijeet Kasurde <Akasurde@redhat.com>
* Fixed various become-related issues in `local` connection plugin.
* Fixed various issues in `sudo` and `su` become plugins.
* Added unit and integration test coverage.
Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Davis <nitzmahone@redhat.com>
* test: enable user test for alpine
* Disable user home update tests
* Disable some more tests which are not applicable for Alpine
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Previously, requirement version specs starting with `!=` were
incorrectly considered as pinned release requests because the
comparison was being made against a one-char string while the
operator is two-char. This patch changes the check to test against `!`
which is enough to detect this case.
Previously, the integration test depended on luck. `setuptools` used
to be bundled in Python stdlib's `ensurepip`. Python 3.12 and newer no
longer include it. This test imports `pkg_resources` that is a part of
`setuptools`, meaning that it'll run out of luck at some point, under
newer Python runtimes.
This test does not seem to be useful to us so instead of fixing it, we
remove it from the repo [[1]].
Supersedes #84681.
[1]: https://github.com/ansible/ansible/pull/84681#discussion_r1945525317
Matt Clay