* iptables chain creation does not populate with a rule
fixes#80256
* Add changelog fragment
* Add rules and flush chain during integration tests
* Check chain rule on comment
* Update test/integration/targets/iptables/tasks/chain_management.yml
* User-provided collection type might differ from collection
source. Cross-check the type before proceeding
Fixes: #79463
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Remove datetime.datetime.utcfromtimestamp and datetime.datetime.uctnow
from controller code since they are deprecated in Python 3.12.
* Update target side code to use new utcfromtimestamp and utcnow utils in ansible.module_utils.compat.datetime that return aware datetime objects on Python 2.7 and 3.
Co-authored-by: Matt Clay <matt@mystile.com>
* update docker containers versions to use newer ansible-test ref in the pre-built venvs
* Allow invoking ansible-test with Python 3.12
* Add python3.12 to the INTERPRETER_PYTHON_FALLBACK
* changelog
* add Python 3.12 as a non-default Python version for the test containers
* Update mypy ignores for Python 3.12
* Add Python 3.12 to CI matrix for unit tests, generic tests, and galaxy
* Update unit test for using the Python 2 collection loader path with Python 3.
Skip the existing test on Python 3.12, since find_module is removed.
Suppress the pre-existing deprecation warnings using the Python 2
codepath with Python 3.
Add a test for Python >= 3.12, which doesn't call find_module.
* Ignore sanity test errors on systems without libselinux present.
* Only install collections which can't be satisfied by a collection in any of the configured paths.
* Improve warning for unexpected collection install path
Fix warning when path is configured, but is a pip-managed path
Normalize the path before validating to fix warning consistency
* Add test for 256-color configuration values
See #78607.
* color is not restricted to 16 choices
currently supports up to 256, not listing them all
TOOD: create examples and point to/list the basic 16
---------
Co-authored-by: Brian Coca <brian.coca+git@gmail.com>
Co-authored-by: Matt Clay <matt@mystile.com>
It adds exception treatment when execute a inventory based on script with the --host argument
---------
Co-authored-by: Everson Leal <everson.leal@sonda.com>
* Improve readability of unit test output
This drops the trailing `-expectedXXX` suffixes from test names generated by parametrize.
* Add more splitter unit tests
This fills in code coverage gaps in the exising unit tests.
* Bug fixes and code cleanup
- Fix IndexError exceptions caused by parsing a leading newline, space or escaped space.
- Fix an AttributeError exception in `parse_args` when parsing `None`.
- Fix incorrect parsing of multi-line Jinja2 blocks, which resulted in doubling newlines.
- Remove unreachable exception handlers in the `parse_kv` function.
The unreachable code was verified through analysis of the code as well as use of the `atheris` fuzzer.
- Remove unnecessary code in the `split_args` function.
- Add an optimization to `split_args` for the empty args case.
* Add unit tests for bug fixes
The splitter code is now fully covered by unit tests.
* Add another issue ref in changelog
* Improve coverage of validate-modules unit tests
* Remove unused galaxy unit test code
* Fix galaxy unit test teardown logic
* Improve coverage of galaxy unit test code
* Improve coverage of galaxy unit tests
* Remove unused code in galaxy API tests
* Remove unused galaxy collection unit test code
* Improve coverage of galaxy collection unit tests
* Remove unused galaxy unit test code
* Add test for symbolic to octal when others is omitted
Add case when there should be no permissions for other.
And specific permissions for owner and group.
* Fix permissions test by explicitly setting no permissions for others
* Add additional cases where multiple permissions are specified
* Remove test_real_path_symlink test case
* Check if we do not get `-` return when some value other `-` is passed
Fixes: #80444
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add TTY check and argument to disable it (#50603)
* Fix formatting
* add changelog
* rename flag and updated help description
* add tests for tty check
* replace deprecated uses of assertRaisesRegexp to assertRaisesRegex
* fix yaml syntax
* shorten line 79
* Revert "replace deprecated uses of assertRaisesRegexp to assertRaisesRegex"
This reverts commit cea5fe1655.
* change back to assertRaisesRegexp
* Symbolic modes with X or =[ugo] always use original mode (Fixes#80128)
Here's what's happening, by way of this mode example: u=,u=rX
At the first step in the loop, the "u" bits of are set to 0. On the next
step in the loop, the current stat of the filesystem object is used to
determine X, not the "new_mode" in the previous iteration of the loop. So
while most operations kind of operate left to right, "X" is always going
back to the original file to determine whether to set x bit.
The Linux "chmod" (the only one I've tested) doesn't operate this way. In
it, "X" operates on the current state the loop understands it is in,
based on previous operations (and starting with the file permissions).
This is an issue with "X" and any of the "=[ugo]" settings, because
they are lookups. For example, if a file is 755 and you do "ug=rx,o=u",
file module produces 0557 and chmod produces 0555.
This really becomes a problem when you want to recursively change a
directory of files, and the files are currently 755, but you want to
change the directory to 750 and the files to 640. In chmod you can do
"a=,ug=rX,u+w" (or "a=,u=rwX,g=rX"), and have it apply equally to the
directory and the files. I can't come up with a single way in the ansible
file module to deterministically, recursively, set a directory to 750
and the contents to 640 no matter what the current permissions are,
as the code currently is.
The fix is to pass in "new_mode" to _get_octal_mode_from_symbolic_perms
in lib/ansible/module_utils/basic.py inside _symbolic_mode_to_octal. And
then take "new_mode" as an argument and use it instead of the filesystem
object stat.st_mode value.
* Fixing my new unit test, fixing bug in test comments
* password lookup, handle ident properly when saved
Currently we format and save ident when present but we didn't account for this when reading the saved file
Also added some more robust error handling.
* Create a queue per WorkerProcess to receive intra-task updates
* Update `pause` action to use the worker queue
* Deprecate ConnectionBase()._new_stdin
* Add new `Display` convenience method `prompt_until` to manage both controller- and worker-sourced prompting without cross-fork stdin sharing, in-worker mechanism to handle request-response over new worker queue.
This provides the same test coverage as the previous tests, without the dependency on git.
It also includes many more specific test cases with assertions, instead of simply relying on the code to not raise an exception.
* Add condition that causes a when to skip a task
* Fix up tests
* Use false_condition instead of failed_condition
* Remove formatting accidentially added
* Fix sanity
* Fix detection of available hashlib algorithms
Detection of hashlib algorithms now works on Python 3.x.
The new implementation works on Python 2.7 and later.
Test coverage is provided by both integration and unit tests.
* Add additional details about hashlib in docs
* Update `collections.abc` imports
- Use `six.moves` for modules and module_utils
- Use `collections.abc` for controller code
This avoids using `ansible.module_utils.common._collections_compat`,
which was added before the vendored `six` was updated to provide these
imports.
* Update _collections_compat to use six.moves
Also update the custom pylint rule to reflect this change.
* Remove unused test fixtures
* Removed unused _old_dump_load_cycle method
* Remove Python 2.x compat
* Remove unused code
* Remove unused context manager
* Fix cowsay test
- The test no longer depends on another test to initialize config.
- Also remove unreachable code.
* Remove Python 2.x compat
* Normalize deprecation records.
* Fix alias deprecations in suboptions.
* Report in which option an alias warning happened for suboptions.
* Add deprecation tests for suboptions.
* Also test deprecation in list of dicts.
* Adjust unit tests for toplevel alias deprecation field name change.
* Add support for importlib.resources
* Remove the importlib.resources imports
* return the correct data
* Some code comments, and re-order for consistency
* Disallow traversing packages below an individual collection
* Add a traversable class for namespaces
* Re-use variable
* Utilize itertools.chain.from_iterable
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Simplify logic to check for packages from ansible loaders
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Just a generator expression, instead of a generator
* docstrings
* Add comment about find_spec for our namespaces
* Add some initial unit tests for importlib.resources
* normalize
* Utilize importlib.resources for listing collections
* collections_path is already in config, just use config
* install uses a different default for collections_path
* Remove unused import
* Remove duplicate __truediv__
* Bring back TraversableResources
* Apply some small suggestions from code review
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* Remove cross contamination between plugin loader code and CLI code
* Remove unused import
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
Fix ignoring certs when downloading tarballs
Fix ignoring certs when downloading a collection from a specific source that isn't in the configured servers list
* Remove unused mock from test_password_already_created_encrypt
The _get_paths mock is never used in the
test_password_already_created_encrypt test case.
* Add test to assert the password file is not rewritten
If the password file already contains the salt and the hasing algorithm
does not use the ident parameter, the password lookup should not write
to the password file.
* Fix "changed" if using "encrypt" in password lookup
When using the "encrypt" parameter to the password lookup without the
ident parameter, the password file was always marked as "changed". This
caused the file to be rewritten with the same content. This is fixed by
only marking the file as changed, if an "ident" value needs to be added
to the file.
Fixes#79430.
Add changelog entry
* galaxy: Add license_file to manifest directives
* ag collection build: Test license handling
This adds tests to ensure that
- REUSE licensing files: .reuse/dep5, LICENSES/*, anyfile.license
- galaxy.yml license_file
are always included in the manifest.
After changes:
```
"ansible_locally_reachable_ips": {
"ipv4": [
"127.0.0.0/8",
"127.0.0.1",
"192.168.0.1",
"192.168.1.0/24"
],
"ipv6": [
"::1",
"fe80::2eea:7fff:feca:fe68",
...
]
},
```
192.168.1.0/24 is a local prefix, where any IP address inside this range
is reachable locally (or outside this host if this prefix is announced via
EGP/IGP).
Signed-off-by: Donatas Abraitis <donatas.abraitis@hostinger.com>
When running the unit tests locally, in a git clone, `ansible --test`
prints additional information about the git revision, e.g.
```
~/src/ansible$ ansible --version
ansible 2.10.8
...
~/src/ansible$ source hacking/env-setup
...
Setting up Ansible to run out of checkout...
...
~/src/ansible$ ansible --version
[WARNING]: You are running the development version of Ansible. You
should only run Ansible from "devel" if you are modifying the Ansible
engine, or trying out features under development. This is a rapidly
changing source of code and can become unstable at any point.
ansible [core 2.14.0.dev0] (test_ansible_version-devel df497ea13b) last
updated 2022/08/25 10:37:07 (GMT +100)
...
```
which causes `test_ansible_version()` to fail.
Also removed an unused argument from previous parameterisation.
Co-authored-by: Alex Willmer <alex.willmer@cgi.com>
* Add --offline option to 'ansible-galaxy collection install' to prevent querying distribution servers
This allows installing/upgrading individual tarfiles to have dependency resolution.
Previously needed to be done manually with --no-deps or else all collections and dependencies needed to be included in the requirements.
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Add OSMC to Debian OS_FAMILY_MAP
- os_family fact of the Debian-based OSMC distribution was not detected correctly
* tweak changelog
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* new _fqcn attribute to plugin objects
* unbreak plugins in subdirs
* Fix inadventent changes to _load_name and use existing vars
* add plugin aliases and name property, and replace plugin._load_name where incorrect
* Fix listing plugin names
Fix listing legacy and builtin together
test deprecated plugin documentation
fix doc extensions
remove sometimes inaccurate _load_name handling from plugin.name
* Add tests for REJECT_EXTS and doc extensions
Fix unpredictable collection redirects so non-fqcns in the redirect list are guaranteed to be legacy (instead of determined by the collections keyword)
Move aliases and name properties to _update_object so all plugin types, including doc fragments, can use them
* make legacy plugin names internally consistent
* rename attributes to ansible_name and ansible_aliases
* Fix distro fact handling for Flatcar
The existence of the file /etc/flatcar/update.conf depends on
bootstrap configuration typically provided by the user. For that
reason this file is unsuitable for determining distro facts for
Flatcar Container Linux.
The distribution_release fact is meaningless in the case of Flatcar
since Flatcar doesn't have named releases. The distribution_version
fact, however, IS meaningful and should contain a number such as
"3139.2.0".
- Use /etc/os-release instead of /etc/flatcar/update.conf.
- Drop the distribution_release fact.
- Set the distribution_version fact.
- Update distro test fixture for Flatcar
- Generate the fixture using gen_distribution_version_testcase.py.
- Override result.distribution and result.os_family manually as the
generator script gives wrong values.
- Use a recent Flatcar version.
Signed-off-by: Johanan Liebermann <jliebermann@microsoft.com>
* refactor and remove redundant code in documentation
allow location and building api to be more accessible
fix issues with displaying ansible.legacy and ansible.builtin
ensure we don't x2 process tokens (some modules reference them also) fixes#77764
move to constants vs hardcoded
more informative errors and comments
now have actual filter/test plugins, which expose the filter/test functions
moved filter/test loading/finding logic into jinja2pluginloader, removed dupe implementations
added tests for case in which we unique by basename when listing
Update lib/ansible/utils/plugin_docs.py
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
Sometimes pytest errors out with an `ImportError` during its tests
collection stage when a Python package/directory containing the test
module does not have an `__init__.py` in it. This is being observed
under Python 3.9 and higher.
The patch provides a workaround for this problem but does not address
the root cause which is currently unknown.
Ref:
https://github.com/ansible/ansible/pull/78585#issuecomment-1220885431
* add required file to collection skeleton
This file is required to be able to upload a collection.
It is present in
https://github.com/ansible-collections/collection_template/blob/main/meta/runtime.yml
but that does not get used by default.
Without this, if you use the "ansible-galaxy collection init" command
and you try and publish that collection without adding this file, you
get the error:
"ERROR! Galaxy import process failed: 'requires_ansible' in
meta/runtime.yml is mandatory, but no meta/runtime.yml found (Code:
UNKNOWN)"
Also updates relevant test and adds a changelog fragment
Replace get_persistent_connection_options with get_options
Remove special case for network sub_plugin in _set_plugin_options
Try to avoid mock connection pretending to be persistent
Rename variables->options to reflect what they actually are
Gather options for ssh_type_conn on network_cli
Drop reliance on sub_plugin["type"]