Commit Graph

3259 Commits (aa407d8635e6caf9bd1802ea676fea552d1c9d5d)

Author SHA1 Message Date
Matt Martz 6d1e355639
Only use the selectors code path when we are prompt matching (#79931) 2 years ago
Brian Coca 0fd88717c9
password lookup, handle ident properly when saved (#80251)
* password lookup, handle ident properly when saved

  Currently we format and save ident when present but we didn't account for this when reading the saved file
  Also added some more robust error handling.
2 years ago
Matt Martz 42355d181a
Do not double calculate loops and `delegate_to` (#80171) 2 years ago
Martin Krizek cfa7acbc19
Raise an error on invalid FA.isa value (#80040)
Avoids bad definitions of playbook classes
2 years ago
Sloane Hertel 46c08c4467
move test so it runs when the plugin is modified (#80158) 2 years ago
Sloane Hertel 9a03c8f5b3
update paramiko_ssh unit tests load the connection with plugin loader (#80157)
* Load the paramiko_ssh connection plugin properly using plugin loader so it can use config manager when _connect() is called
2 years ago
Sloane Hertel b981a9dfcd
add a worker queue to get updates from the main results thread (#79886)
* Create a queue per WorkerProcess to receive intra-task updates
* Update `pause` action to use the worker queue
* Deprecate ConnectionBase()._new_stdin
* Add new `Display`  convenience method `prompt_until` to manage both controller- and worker-sourced prompting without cross-fork stdin sharing, in-worker mechanism to handle request-response over new worker queue.
2 years ago
Matt Clay c2ea56e12e
Relocate and refactor ansible-test diff unit tests (#80113)
This provides the same test coverage as the previous tests, without the dependency on git.
It also includes many more specific test cases with assertions, instead of simply relying on the code to not raise an exception.
2 years ago
Matt Clay a895cae5a1
Relocate validate-modules unit tests (#80087)
This allows the validate-modules unit tests to run as part of the regular unit test suite.
2 years ago
Yaakov Selkowitz c028006aaf
Define all processor facts on s390x (#19755) (#79806)
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
2 years ago
Miklos Sagi b7ef2c1589
ansible-playbook -K breaks when passwords have quotes (#79837)
Now only 'unquote' when ini config file is the source
2 years ago
Matt Clay 72c59cfd98
Avoid trailing spaces in unit test (#80033) 2 years ago
Jordan Borean 1e6b8249e7
Add condition that causes a when to skip a task to output msg (#78918)
* Add condition that causes a when to skip a task

* Fix up tests

* Use false_condition instead of failed_condition

* Remove formatting accidentially added

* Fix sanity
2 years ago
Martin Krizek bd329dc543
Make using blocks as handlers a parser error (#79993)
Fixes #79968
2 years ago
Matt Clay 9d65e122ff
Fix detection of available hashlib algorithms (#79946)
* Fix detection of available hashlib algorithms

Detection of hashlib algorithms now works on Python 3.x.
The new implementation works on Python 2.7 and later.

Test coverage is provided by both integration and unit tests.

* Add additional details about hashlib in docs
2 years ago
Matt Clay 1ba100a3b4
Fix pointless statements in unit tests (#79940) 2 years ago
Matt Clay 379058e10f
Update collections.abc imports (#79911)
* Update `collections.abc` imports

- Use `six.moves` for modules and module_utils
- Use `collections.abc` for controller code

This avoids using `ansible.module_utils.common._collections_compat`,
which was added before the vendored `six` was updated to provide these
imports.

* Update _collections_compat to use six.moves

Also update the custom pylint rule to reflect this change.
2 years ago
Matt Clay 25d859f8fb
Clean up unused imports in unit tests (#79893) 2 years ago
Matt Clay 91807695c3
Remove unused unit test code (#79879)
* Remove unused test fixtures

* Removed unused _old_dump_load_cycle method

* Remove Python 2.x compat

* Remove unused code

* Remove unused context manager

* Fix cowsay test

- The test no longer depends on another test to initialize config.
- Also remove unreachable code.

* Remove Python 2.x compat
2 years ago
Matt Clay c33c8cf086
Remove unused and unreachable unit test code (#79854) 2 years ago
Felix Fontein 8a7185c224
Argument spec alias handling: actually report deprecated aliases in suboptions, and fix warning message in suboptions when two aliases of the same option are used (#79740)
* Normalize deprecation records.

* Fix alias deprecations in suboptions.

* Report in which option an alias warning happened for suboptions.

* Add deprecation tests for suboptions.

* Also test deprecation in list of dicts.

* Adjust unit tests for toplevel alias deprecation field name change.
2 years ago
Matt Martz 56d142350d
Add support for importlib.resources (#78915)
* Add support for importlib.resources

* Remove the importlib.resources imports

* return the correct data

* Some code comments, and re-order for consistency

* Disallow traversing packages below an individual collection

* Add a traversable class for namespaces

* Re-use variable

* Utilize itertools.chain.from_iterable

Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>

* Simplify logic to check for packages from ansible loaders

Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>

* Just a generator expression, instead of a generator

* docstrings

* Add comment about find_spec for our namespaces

* Add some initial unit tests for importlib.resources

* normalize

* Utilize importlib.resources for listing collections

* collections_path is already in config, just use config

* install uses a different default for collections_path

* Remove unused import

* Remove duplicate __truediv__

* Bring back TraversableResources

* Apply some small suggestions from code review

Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>

* Remove cross contamination between plugin loader code and CLI code

* Remove unused import

Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
2 years ago
Sloane Hertel acbf4cc60e
ansible-galaxy - fix turning off the ConcreteArtifactManager's validate certs at the global level (#79561)
Fix ignoring certs when downloading tarballs

Fix ignoring certs when downloading a collection from a specific source that isn't in the configured servers list
2 years ago
Martin Krizek 60f76436c1
Simplify AnsibleJ2Vars by using ChainMap for vars (#78713)
Co-authored-by: Matt Martz <matt@sivel.net>
2 years ago
Matt Martz 9acca5b3b9
Allow test to run on system with selinux enabled. Fixes #77564 (#79510) 2 years ago
Matt Martz 1998521e2d
Always create new role (#78661)
Don't use role cache for determining whether to create a new instance of role
2 years ago
Gaudenz Steinlin c33a782a9c
Fix password lookup rewrites file when using encrypt (#79431)
* Remove unused mock from test_password_already_created_encrypt

The _get_paths mock is never used in the
test_password_already_created_encrypt test case.

* Add test to assert the password file is not rewritten

If the password file already contains the salt and the hasing algorithm
does not use the ident parameter, the password lookup should not write
to the password file.

* Fix "changed" if using "encrypt" in password lookup

When using the "encrypt" parameter to the password lookup without the
ident parameter, the password file was always marked as "changed". This
caused the file to be rewritten with the same content. This is fixed by
only marking the file as changed, if an "ident" value needs to be added
to the file.

Fixes #79430.

Add changelog entry
2 years ago
Maxwell G ab76916b14
galaxy: Add license_file to manifest directives (#79420)
* galaxy: Add license_file to manifest directives

* ag collection build: Test license handling

This adds tests to ensure that
    - REUSE licensing files: .reuse/dep5, LICENSES/*, anyfile.license
    - galaxy.yml license_file
are always included in the manifest.
2 years ago
Brian Coca 0f18ddca9f
mention acl in permissions errors (#79209)
as chmod/mode is not the only thing we attempt and Ubuntu not shipping acl
  in newer versions can lead to some confusion

  fixes #79146
2 years ago
Matt Martz f53dbf90ea
Don't assume column index for netmask and broadcast (#79121)
* Don't assume column index for netmask and broadcast. Fixes #79117

* fix typo
2 years ago
Sloane Hertel c4d6629bce
fix password unit tests (#79113) 2 years ago
Brian Coca 5d253a1380
fix password lookup's use of f=v settings (#76551)
update tests
2 years ago
Donatas Abraitis 11c1777d56
facts: List all local (scope host) IP address ranges (#79018)
After changes:
```
        "ansible_locally_reachable_ips": {
            "ipv4": [
                "127.0.0.0/8",
                "127.0.0.1",
                "192.168.0.1",
                "192.168.1.0/24"
            ],
            "ipv6": [
                "::1",
                "fe80::2eea:7fff:feca:fe68",
                ...
            ]
        },
```

192.168.1.0/24 is a local prefix, where any IP address inside this range
is reachable locally (or outside this host if this prefix is announced via
EGP/IGP).

Signed-off-by: Donatas Abraitis <donatas.abraitis@hostinger.com>
2 years ago
Jordan Borean ba6da65a0f
Fix connection/become task loop settings (#78565)
* Fix connection/become task loop settings

* Remove old code
2 years ago
Alex Willmer 163819efa2
tests: Fix `test_ansible_version()` when run within a git checkout (#78636)
When running the unit tests locally, in a git clone, `ansible --test`
prints additional information about the git revision, e.g.

```
~/src/ansible$ ansible --version
ansible 2.10.8
...
~/src/ansible$ source hacking/env-setup
...

Setting up Ansible to run out of checkout...
...
~/src/ansible$ ansible --version
[WARNING]: You are running the development version of Ansible. You
should only run Ansible from "devel" if you are modifying the Ansible
engine, or trying out features under development. This is a rapidly
changing source of code and can become unstable at any point.
ansible [core 2.14.0.dev0] (test_ansible_version-devel df497ea13b) last
updated 2022/08/25 10:37:07 (GMT +100)
...
```

which causes `test_ansible_version()` to fail.

Also removed an unused argument from previous parameterisation.

Co-authored-by: Alex Willmer <alex.willmer@cgi.com>
2 years ago
Sloane Hertel a02e22e902
Add --offline option to 'ansible-galaxy collection install' (#78678)
* Add --offline option to 'ansible-galaxy collection install' to prevent querying distribution servers

This allows installing/upgrading individual tarfiles to have dependency resolution.
Previously needed to be done manually with --no-deps or else all collections and dependencies needed to be included in the requirements.

Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2 years ago
Markus Opolka 616ad883ad
Add OSMC to Debian OS_FAMILY_MAP (#78778)
* Add OSMC to Debian OS_FAMILY_MAP

 - os_family fact of the Debian-based OSMC distribution was not detected correctly

* tweak changelog

Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
2 years ago
Sloane Hertel 86b86398f0
add ansible_name/ansible_aliases attrs to plugin objects (#78700)
*  new _fqcn attribute to plugin objects
* unbreak plugins in subdirs
* Fix inadventent changes to _load_name and use existing vars
* add plugin aliases and name property, and replace plugin._load_name where incorrect
* Fix listing plugin names

Fix listing legacy and builtin together
test deprecated plugin documentation
fix doc extensions
remove sometimes inaccurate _load_name handling from plugin.name

* Add tests for REJECT_EXTS and doc extensions

Fix unpredictable collection redirects so non-fqcns in the redirect list are guaranteed to be legacy (instead of determined by the collections keyword)

Move aliases and name properties to _update_object so all plugin types, including doc fragments, can use them

* make legacy plugin names internally consistent
* rename attributes to ansible_name and ansible_aliases
2 years ago
Artur a26c325bd8
uri: added use_netrc argument to allow ignoring netrc (#74397) (#78569) 2 years ago
Matt Martz b8025ac160
Allow selection of TLS/SSL ciphers (#78650)
* Allow selection of TLS/SSL ciphers. Fixes #78633
* Never pass None as the password. Fixes #53373
2 years ago
Johanan Liebermann fbd828673d
Fix distro fact handling for Flatcar (#77635)
* Fix distro fact handling for Flatcar

The existence of the file /etc/flatcar/update.conf depends on
bootstrap configuration typically provided by the user. For that
reason this file is unsuitable for determining distro facts for
Flatcar Container Linux.

The distribution_release fact is meaningless in the case of Flatcar
since Flatcar doesn't have named releases. The distribution_version
fact, however, IS meaningful and should contain a number such as
"3139.2.0".

- Use /etc/os-release instead of /etc/flatcar/update.conf.
- Drop the distribution_release fact.
- Set the distribution_version fact.
- Update distro test fixture for Flatcar
- Generate the fixture using gen_distribution_version_testcase.py.
- Override result.distribution and result.os_family manually as the
  generator script gives wrong values.
- Use a recent Flatcar version.

Signed-off-by: Johanan Liebermann <jliebermann@microsoft.com>
2 years ago
Sam Doran 8ebca4a6a3
fetch_file - properly split files with multi-part file extensions (#75257) 2 years ago
Brian Coca 4260b71cc7
refactor and fixes for doc parsing (#77719)
* refactor and remove redundant code in documentation

  allow location and building api to be more accessible
  fix issues with displaying ansible.legacy and ansible.builtin
  ensure we don't x2 process tokens (some modules reference them also) fixes #77764
  move to constants vs hardcoded
  more informative errors and comments
  now have actual filter/test plugins, which expose the filter/test functions
  moved filter/test loading/finding logic into jinja2pluginloader, removed dupe implementations
  added tests for case in which we unique by basename when listing

Update lib/ansible/utils/plugin_docs.py
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
2 years ago
Matt Martz d8cb9117ac
Skip test if no there are no problematic chars for wcswidth (#78645) 2 years ago
Sviatoslav Sydorenko beb70daf14 Fix pytest collection during test_host partial run
Sometimes pytest errors out with an `ImportError` during its tests
collection stage when a Python package/directory containing the test
module does not have an `__init__.py` in it. This is being observed
under Python 3.9 and higher.

The patch provides a workaround for this problem but does not address
the root cause which is currently unknown.

Ref:
https://github.com/ansible/ansible/pull/78585#issuecomment-1220885431
2 years ago
Matt Martz deb54e4c5b
Relax minimal config to enable manifest functionality (#78574)
* Revert "Fix incorrect docs about how to enable manifest functionality (#78572)"

This reverts commit ac1ca40fb3.
2 years ago
Matt Martz d2f8099118
Use MANIFEST.in style directives to build collections (#78422) 2 years ago
Elijah DeLee f9a450551d
add required file to collection skeleton (#77418)
* add required file to collection skeleton

This file is required to be able to upload a collection.

It is present in
https://github.com/ansible-collections/collection_template/blob/main/meta/runtime.yml
but that does not get used by default.

Without this, if you use the "ansible-galaxy collection init" command
and you try and publish that collection without adding this file, you
get the error:

"ERROR! Galaxy import process failed: 'requires_ansible' in
meta/runtime.yml is mandatory, but no meta/runtime.yml found (Code:
UNKNOWN)"

Also updates relevant test and adds a changelog fragment
2 years ago
Kate Case bf1ef5a1f3
Replace get_persistent_connection_options in task_executor with get_options (#74446)
Replace get_persistent_connection_options with get_options
Remove special case for network sub_plugin in _set_plugin_options
Try to avoid mock connection pretending to be persistent
Rename variables->options to reflect what they actually are
Gather options for ssh_type_conn on network_cli
Drop reliance on sub_plugin["type"]
2 years ago
Martin Krizek 811093f022
Move handler processing into new PlayIterator state (#77955)
Fixes #46447
Fixes #52561
Fixes #54991
Fixes #64611
Fixes #64999
Fixes #65067
Fixes #72725
Fixes #72781
Fixes #77616
2 years ago
Matt Clay 9ee183c4b9
Clean up unit tests. (#78498) 2 years ago
Sloane Hertel 05608b20e8
Fix listing collections that are missing the metadata required by build (#76596)
* Rethread pr/70185 through the dependency resolver

Hang optional metadata toggle on the ConcreteArtifactsManager instead of threading it through whole list codepath

Don't error while listing collections if a collection's metadata is missing keys required for building a collection.

Give an informative warning if metadata has been badly formatted.

Co-authored-by: Sam Doran <sdoran@redhat.com>
2 years ago
Matt Martz f6d2b18322
Correctly get the filename from a url in fetch_file. Fixes #29680 (#78383) 2 years ago
Matt Clay cc5c706681
Update unit test controller requirements. (#78376) 2 years ago
Matt Clay f5c01a8b6e
Remove unit test Python 2.6 compat. (#78369) 2 years ago
Matt Clay b86a18bd27
Remove unit test pytz requirement. (#78368) 2 years ago
Ruediger Pluem 0ef1376966
Make distro.id() report newer versions of OpenSuSE (at least >=15) also report as opensuse (#76121)
* Report OpenSuSE >= 15 as opensuse

Make distro.id() report newer versions of OpenSuSE (at least >=15) also report
as opensuse. They report themselves as opensuse-leap.

* Add a test
2 years ago
Sloane Hertel 5728d72cda
Fix KeyError for ansible-galaxy when caching paginated responses from v3 (#78325)
* Fix KeyError for ansible-galaxy when caching paginated responses from v3

* changelog

* generate responses in loop for test

Co-authored-by: Matt Martz <matt@sivel.net>
2 years ago
Martin Krizek b56b38b3ba
Use classproperty to access field attributes of a class (#78180)
* Use classproperty to access field attributes of a class, consolidate into one class
2 years ago
Matt Clay 9b42f9befe
Revert "Re-enable strategy units (#78293)" (#78300)
This reverts commit c6c9d90ca4.
2 years ago
Matt Martz c6c9d90ca4
Re-enable strategy units (#78293) 2 years ago
Matt Martz d58e69c82d
Add support for gzip decoding responses (#41925) 2 years ago
zorun a6e671db25
Fix AIX processor facts and add unit test (#78223)
- `processor_count` was erroneously set to the number of cores
- `processor_cores` was erroneously set to the number of threads per core
- `processor_vcpus` and `processor_threads_per_core` were not set
- `processor` was a string, while it's supposed to be a list

Before:

```
"ansible_processor": "PowerPC_POWER7",
"ansible_processor_cores": 4,
"ansible_processor_count": 12,
```

After:

```
"ansible_processor": [
    "PowerPC_POWER7"
],
"ansible_processor_cores": 12,
"ansible_processor_count": 1,
"ansible_processor_threads_per_core": 4,
"ansible_processor_vcpus": 48,
```

Also add a unit test.

Co-authored-by: Baptiste Jonglez <git@bitsofnetworks.org>
2 years ago
Kay Yan 2e4b0fefbf
Added Kylin Linux Advanced Server Support (#78232) 2 years ago
Matt Martz b1dd2af4ca
Preflight utf8 encodings check (#78175) 2 years ago
Brian Coca d26801e994
Fix wording for :ref|term: substitution (#78216)
* Fix workding for :ref|term: subsitution

 now matches 'seealso' and makes more sense:

  ```
  delay:
  applies_to:
  - Task
  description: Number of seconds to delay between retries. This setting is only used
    in combination with `until`.
  ```
 vs
  ```
  delay:
  applies_to:
  - Task
  description: Number of seconds to delay between retries. This setting is only used
    in combination with website for `until`.
  ```

* updated unit tests

* match see also

* more sanity
2 years ago
Sloane Hertel 1562672bd1
Make unit test for missing git executable more generic (#78173)
* Make unit test for missing git executable more generic

* use MagicMock side_effect to raise exception instead
2 years ago
Martin Krizek 43153c5831
`FieldAttribute`s as descriptors (#73908) 2 years ago
Brian Coca fa35aa4865
Galaxy server config updates (#77106)
* ansible-galaxy configurable timeouts

  - also fixed issues with precedence,
    so --ignore-certs now overrides config
  - made galaxy_timeout generic setting,
    if set, it becomes default for server configs,
    but now specific servers can override
  - updated tests or added notes (some tests ignore/override precedence)

Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
2 years ago
David Moreau Simard d81a519f25
Remove .travis.yml files from galaxy init skeletons (#75740)
* Remove .travis.yml files from galaxy init skeletons

These files have existed for many years but in light of the recent
circumstances around Travis, we should not include them by default in
the galaxy init skeletons.

* Add breaking_changes changelog fragment with recommendation to use a custom skeleton if the .travis.yml file is still needed.

Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
2 years ago
Matt Martz 5e369604e1
Forked display via queue (#77056)
* Forked Display via queue

* Docs and simple code cleanup

* Only proxy Display.display

* Remove unused import

* comment

* Update deadlock comment, remove py3 check

* Don't flush display, and don't lock from forks

* clog frag

* ci_complete ci_coverage

* Add units for queue proxying

* Cleanup flush

* ci_complete

* Only lock the write, switch to RLock

* Remove unused import
3 years ago
Wouter Schoot 711b51fad6
Remove double spaces in errormessage (#77839) 3 years ago
Sloane Hertel 621e782ed0
Add toggle to fix module_defaults with module-as-redirected-action on a per-module basis (#77265)
* If there is a platform specific handler, prefer the resolved module over the resolved action when loading module_defaults

Add a toggle for action plugins to prefer the resolved module when loading module_defaults

Allow moving away from modules intercepted as actions pattern

Fixes #77059
3 years ago
Matt Clay 2595b42aca
Prefer unittest.mock over mock. (#77886) 3 years ago
Matt Clay 3a9a23fb1a
Use unittest.mock instead of mock. (#77883)
This can only be done for controller tests.
3 years ago
Matt Clay 8ca28acd0d Fix unit tests for Python 3.11. 3 years ago
Matt Clay 5f74350fd5 Avoid deprecated method in unit tests. 3 years ago
Martin Krizek e9af6efee6
Raise a proper error when include/import_role is used as a handler (#77807) 3 years ago
Abhijeet Kasurde 524d30b8b0
distribution: add distribution_minor_version for Debian Distro (#74721)
* Added a fact about minor version details for Debian Distro

Fixes: #74481

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
3 years ago
Martin Krizek ed30fc9a06
Remove deprecated loading cache plugins directly without cache_loader (#77655) 3 years ago
Matt Clay 5c2d830dea
ansible-test - Fix subprocess management. (#77641)
* Run code-smell sanity tests in UTF-8 Mode.
* Update subprocess use in sanity test programs.
* Use raw_command instead of run_command with always=True set.
* Add more capture=True usage.
* Don't expose stdin to subprocesses.
* Capture more output. Warn on retry.
* Add more captures.
* Capture coverage cli output.
* Capture windows and network host checks.
* Be explicit about interactive usage.
* Use a shell for non-captured, non-interactive subprocesses.
* Add integration test to assert no TTY.
* Add unit test to assert no TTY.
* Require blocking stdin/stdout/stderr.
* Use subprocess.run in ansible-core sanity tests.
* Remove unused arg.
* Be explicit with subprocess.run check=False.
* Add changelog.
* Use a Python subprocess instead of a shell.
* Use InternalError instead of Exception.
* Require capture argument.
* Check for invalid raw_command arguments.
* Removed pointless communicate=True usage.
* Relocate stdout w/o capture check.
* Use threads instead of a subprocess for IO.
3 years ago
Brian Coca b439e41a91
expand ansible-doc coverage (#74963)
* Expand ansible-doc to tests/filters and fix existing issues

  enable filter/test docs if in single file or companion yaml
  add docs for several filters/tests plugins
  allow .yml companion for docs for other plugins, must be colocated
  verify plugins are valid (not modules, cannot)
  fix 'per collection' filtering
  limit old style deprecation (_ prefix) to builtin/legacy
  start move to pathlib for saner path handling
  moved some funcitons, kept backwards compat shims with deprecation notice

  Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
  Co-authored-by: Felix Fontein <felix@fontein.de>
  Co-authored-by: Sandra McCann <samccann@redhat.com>
3 years ago
Martin Krizek 3980eb8c09
Prevent losing unsafe from lookups (#77609)
* Prevent losing unsafe from lookups

This patch fixes a bug which under certain conditions results in data
returned from lookups not being marked as unsafe.

Each time Templar.do_template is invoked a new AnsibleContext is
created and stored effectively at two places:
1) as an instance variable in templar_obj.cur_context
2) as a local variable called new_context in do_template method of Templar

Due to custom functionality in Ansible's Context that allows for nested
templating it is possible that during resolving variable's value
template/do_template method is called recursively again, again creating
a new context. At that point the problem manifests itself because as
mentioned in 1) above the context is overwriten on the templar object
which means that any subsequent calls to _lookup will use the new
context to mark it as unsafe which is now different to the local
new_context which is used for testing for unsafe property.

The solution to the problem appears to be to restore the original
context inside do_template and also to eliminate the local variable
new_context to prevent problems in the future.

It appears that we don't have a better way of storing the context other
than as some form of global variable and so this appears to be the
"best" solution possible at this point. Hopefully data tagging will be
the solution here.

For more examples see unit and integration tests included in this patch.

Fixes #77535
3 years ago
Matt Clay 26fd5a8c3a Revert "ansible-test - Fix subprocess management. (#77638)"
This reverts commit 62d03c8e75.
3 years ago
Matt Clay 62d03c8e75
ansible-test - Fix subprocess management. (#77638)
* Run code-smell sanity tests in UTF-8 Mode.
* Update subprocess use in sanity test programs.
* Use raw_command instead of run_command with always=True set.
* Add more capture=True usage.
* Don't expose stdin to subprocesses.
* Capture more output. Warn on retry.
* Add more captures.
* Capture coverage cli output.
* Capture windows and network host checks.
* Be explicit about interactive usage.
* Use a shell for non-captured, non-interactive subprocesses.
* Add integration test to assert no TTY.
* Add unit test to assert no TTY.
* Require blocking stdin/stdout/stderr.
* Use subprocess.run in ansible-core sanity tests.
* Remove unused arg.
* Be explicit with subprocess.run check=False.
* Add changelog.
3 years ago
Sam Doran 1b947eaf92
arg_spec - Return aliases in validation result and update aliases (#77576)
When looking up the `no_log` setting for a parameter that is an alias in
`AnsibleModule._log_invocation()`, the alias value will always be an
empty dictionary since `self.aliases` on the `AnsibleModule` instance is
never updated after initialization. Since the `no_log` setting is on the
canonical parameter not the alias, an incorrect warning is issued if the
parameter matches `PASSWORD_MATCH`.

This PR returns the aliases dictionary as an attribute of the
`ValidationResult` and updates the `aliases` attribute on the
`AnsibleModule` instance.
3 years ago
Jack 4d69c09695
ansible-galaxy collection - ensure dependencies are a dict (#77561)
* fix traceback when installing collection with dependencies set to None
3 years ago
Brian Coca abdd237de7
Yolo (#77554)
* Revert "Revert "Config, ensure templating happens at functions (#77483)""

This reverts commit 94c9106153.

* removed update configdata, which is unused
* removed test for action we don't perform anymore
* removed unused configdata
3 years ago
Martin Krizek cbe42bff7f
Allow for lazy evaluation of Jinja2 expressions (#56116) 3 years ago
Brian Coca f2ab920822
Better info sourcing (#77511)
Task is  authoritative
   also includes latest per loop info
   and fix tests
3 years ago
Brian Coca 3b9592fcaf
Move to display as single source of verbosity (#77498)
* Move to display as single source of verbosity

Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
3 years ago
htol d7fbde4ea9
Make "~/.ansible" path configurable (#76114)
* replace hardcoded '~/.ansible' to C.ANSIBLE_HOME
* rename previously existing env ANSIBLE_HOME in env-setup script
* modify cache dir monkeypatching in galaxy api unit tests
* update "version_added" to 2.14 for ANSIBLE_HOME
* fix description of collections with proper use of ANSIBLE_HOME

Co-authored-by: htol <github@h-tol.net>
Co-authored-by: stefanwascoding <stefan@syntaxhelden.de>
3 years ago
Martin Krizek 94eff70030
PlayIterator - remove deprecated states (#77444) 3 years ago
Sloane Hertel 477c55b0d2
Get git executable for collections in git repos (#77493)
* Fix traceback installing collections from git repos if git is not installed
3 years ago
Sloane Hertel 87a8fedd94
Fix type for ansible-galaxy server config definitions (#77424)
* Fix type for ansible-galaxy server config definitions

* changelog

* check attr without api call

* pep8
3 years ago
Martin Krizek e080bae766
Remove deprecated ALLOW_WORLD_READABLE_TMPFILES config option (#77410)
Fixes #77393
3 years ago
Jordan Borean 60b4200bc6
winrm - ensure callers PATH for kinit is set (#77401)
* winrm - ensure callers PATH for kinit is set

* Fix unit test expectations

* Fix type annotation
3 years ago
Sloane Hertel f96a661ada
ansible-galaxy - add configuration options for more flexible collection signature verification (#77026)
* Add a toggle to control the number of signatures required to verify the authenticity of a collection

* Make the default number of required valid signatures 1

* Add option to make signature verification strict and fail if there are no valid signatures (e.g. "+1")

* Use a regex to validate --required-valid-signature-count

* Add a toggle to limit the gpg status codes that are considered a failure

* Update documentation and changelog

* Add unit and integration tests for the new options

* Fixes #77146

Fix using user-provided signatures when running 'ansible-galaxy collection verify ns.coll --offline'

Add a test for a user-provided signature when running ansible-galaxy collection verify with --offline

Fix displaying overall gpg failure without extra verbosity

Add a test for displaying gpg failure without verbosity

Improve documentation to be more clear that signature verification only currently applies to collections directly sourced from Galaxy servers
3 years ago
ChanthMiao 34e60c0a7a
ansible_distribution: Add support for Uos/Deepin (#77275)
* ansible_distribution: Add support for Uos/Deepin

* Add changelog fragment.
3 years ago
Felix Fontein e3c72230cd
unarchive: fix io_buffer_size option, remove ignore.txt entry (#77271)
* Fix io_buffer_size option.

* Remove ignore.txt entry by adding action plugin only options to module's argument spec.

* Add changelog fragment.

* Adjust unit tests.
3 years ago
Matt Clay f68c66a3ef Remove collections compat from controller code. 3 years ago
Abhijeet Kasurde 4f48f375a0
parameters: handle blank values when argument is a list (#77119)
Fixes: #77108

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
3 years ago
Matt Clay 1a5853d794
Remove obsolete units.compat.mock compat layer. (#77118)
* Remove obsolete units.compat.mock compat layer.
* Update remaining units.compat.mock references.
3 years ago
Matt Clay b613808277 Remove obsolete unit test builtins compat. 3 years ago
Matt Clay 2cd6cdc6a7
Fix duplicate unit test function names. (#77115)
* Fix duplicate unit test function names.
* Disable faulty tests.
3 years ago
Matt Clay 0bd8106d15 Remove unused mock compat code.
The code is unreachable since Python 3 versions before 3.5 are not supported.
3 years ago
Matt Clay de9a3bda2c Fix warning in unit tests for _yaml import. 3 years ago
Sloane Hertel 43e55db208
ansible-galaxy - add signature verification of the MANIFEST.json (#76681)
* ansible-galaxy collection install|verify:

  - Support verifying the origin of the MANIFEST.json when the Galaxy server has provided signatures.
  - Allow supplemental signatures to use during verification on the CLI/requirements file.

* ansible-galaxy collection install:

  - Support disabling signature verification. This silences the warning provided by ansible-galaxy if the Galaxy server provided signatures it cannot use because no keyring is configured.
  - Store Galaxy server metadata alongside installed collections for provenance. This is used by 'ansible-galaxy collection verify --offline'.

* Add unit tests for method that gets signatures from a Galaxy server

* Add integration tests for user-provided signature sources

- Test CLI option combinations
- Test installing collections with valid/invalid signature sources
- Test disabling GPG verification when installing collections
- Test verifying collections with valid/invalid signature sources

* Make signature verification advisory-by-default if signatures are provided by the Galaxy server

- Make the default keyring None
- Warn if the keyring is None but the Galaxy server provided signatures
- Error if the keyring is None but the user supplied signatures
- Error if the keyring is not None but is invalid

* changelog

* add ansible-galaxy user documentation for new options

Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
Co-authored-by: Sandra McCann <samccann@redhat.com>
Co-authored-by: Andy Mott <amott@redhat.com>
Co-authored-by: John R Barker <john@johnrbarker.com>
3 years ago
Thomas Sjögren b145732973
Resubmit: Use SystemdStrategy for Debian in the hostname module (#76929)
* add DebianStrategy tests
* ensure hostname can be changed by using become
* use Systemd strat for debian and Base for generic.
* add test to ensure all strategies are available

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
3 years ago
Éloi Rivard 3889ddeb4b
iptables - added a ``chain_management`` parameter to control chain (#76378)
creation and deletion

fixes #25099
closes #32158
3 years ago
Brian Coca 0ff80a15ba
ssh connection avoid parsiing own debug (#76732)
- Avoids false positives on become strings being echoed back 
   by ssh cli itself
  - added test for debug lines
  - also simplified some of existing test code
3 years ago
Brian Coca 9142be2f6c
Allow specifying specific python via shebang (#76677)
modules with python were always normalized to /usr/bin/python,
  while other interpreters could have specific versions.

* now shebang is always constructed by get_shebang and args are preserved
* only update shebang if interpreter changed
* updated test expectation
* added python shebang test
3 years ago
Adrian Likins 20cc87f059
Expect upper case message 'levels' for galaxy publish results (#63530) 3 years ago
Sloane Hertel 76220c4a7b
ansible-galaxy - fix the --ignore-certs flag for the implicit galaxy server (#76735)
* ansible-galaxy - fix the --ignore-certs flag for the implicit galaxy server

* changelog

* Add a test without the server config

* Fix respecting --ignore-certs for individual --server URLs also

* Update changelogs/fragments/76735-ansible-galaxy-fix-ignore-certs.yaml
3 years ago
Matt Martz 0ef5274a3c Don't assert stdlib behavior, just assert that urllib was called 3 years ago
Jordan Borean aaa7944b02
Fix tests failing on pytest 7 (#76670)
* Fix pytest 7 failures with leaky fixture
3 years ago
Matt Clay 97104f1221
Avoid deprecated TestCase functions in unit tests. (#76678)
* Avoid deprecated TestCase functions in unit tests.
* Add assertRaisesRegex for Python 2.7.
* Fix indentation.
3 years ago
Jaromaz 16def8050a
facts - Set correct OS family for EuroLinux (#76624)
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
3 years ago
Sloane Hertel ed6581e4db
check finder type before passing path (#76448)
* check finder type before passing path

ci_complete

* Reduce nesting

* Test find_module does not cause a traceback with Python 3 FileFinder

* Update lib/ansible/utils/collection_loader/_collection_finder.py
3 years ago
Jordan Borean 8482ee4e9a
galaxy build - ignore existing MANIFEST and FILES (#76479) 3 years ago
James Livulpi 7830e5308e
add tencentos fact distro (#76459)
Fixes #76459

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
3 years ago
Brian Coca 472028c869
catch the case that cowsay is broken (#76326)
* catch the case that cowsay is broken

fixes https://github.com/ansible/ansible/issues/72582

  add changelog
  raise Exception for broken cowsay
  add test for broken cowsay

Co-authored-by: Matthias Bernt <m.bernt@ufz.de>
3 years ago
Brian Coca b02168d644
better handling of sudo flag replacement (#76389)
* better handling of sudo flag replacement
3 years ago
Richie B2B 1b34933414
Fix ansible-doc -l ansible.builtin / ansible.legacy (#76235) 3 years ago
Martijn Pieters 08af0fbf95
Unbreak hostname.RedHatStrategy (#76032)
- On Python 3, decode bytes to str
- Tolerate whitespace around the line.
- Report a missing HOSTNAME line as an error.
- Don't clobber line separators when setting a new hostname.
- Add some tests for this strategy to verify correct operation.
3 years ago
Martin Krizek 5c225dc0f5
Introduce public methods to access PlayIterator._host_states (#74416) 3 years ago
Jan Fader 17ec2d4952
check /.dockerenv and /.dockerinit to guess a dockercontainer (#74349)
* use os.path.exists for docker-check

Co-authored-by: Jacob Floyd <cognifloyd@gmail.com>
3 years ago
Martin Krizek 47ee282227
Parser errors from within includes should not be rescueable (#73722)
* Parser errors from within includes should not be rescueable
* Also fixes unit tests
Fixes #73657
3 years ago
Martin Krizek 26707a3c6b
Heisen jinja2_native (#75587)
* Use NativeEnvironment for all templating

ci_complete

* Keep Templar.copy_with_new_env for backwards compat

* Mention that AnsibleUndefined.__repr__ changed in the porting guide

* Templar.copy_with_new_env backwards compat

* ci_complete
3 years ago
Martin Krizek 395e5e20fa
PlayIterator: use enums for states (#74511) 3 years ago
Martin Krizek 7621784b94
Require Jinja2 3.0.0 (#75881)
* Require Jinja2 3.0.0

ci_complete

* Fix sanity

* Remove Jinja min/max tests

* ansible-test changes

* ci_complete

* More cleanup

ci_complete

* Revert _count_newlines_from_end :( and other stuff

* Fix sanity

* It's using host_vars ...

* Unused import

* Remove overridden groupby filter

* environmentfilter -> pass_environment

* Explain preserve_trailing_newlines

* Add changelog

* ci_complete

* Deprecated ANSIBLE_JINJA2_NATIVE_WARNING

* native_helpers.py cleanup

* More cleanup in the find intgration test
3 years ago
Martin Krizek 23f95300bd
Intentional tests (#76051)
ci_complete
ci_coverage
3 years ago
Miroslav Brabenec bc0caad2ad
Fix parsing of device serial number for RHEL8 (#75876)
* Fix parsing of device serial number for RHEL8

* Add tests and changelog

Co-authored-by: Miroslav Brabenec <miroslav.brabenec@memsource.com>
3 years ago
Martin Krizek f774292439
cli - remove deprecated setting verbosity before sub command (#75840)
* cli - remove deprecated setting verbosity before sub command

Fixes #75823

* Fix tests
3 years ago
Matt Martz 79e9dae292
Don't show params when there is an issue with `set_option(s)` (#75805) 3 years ago
Matt Martz 96b221b344
Update vendored copy of distro to 1.6.0 (#75732)
* Update vendored copy of distro to 1.6.0

* copy pasta mistake

* ci_complete
3 years ago
Ross Bender 7a4b5d14fc
ansible-galaxy role install: download from API response location (#73114)
* download role from api response location

* include changelog fragment

* add unit test for role download url

Co-authored-by: Sam Doran <sdoran@redhat.com>
3 years ago
Thomas Sjögren 57359d0174
use passlib default if `password_hash` option isn't set (#75043)
* add changelog fragment
* password_hash|length == 120
* mention the new default bcrypt format in the porting guide
3 years ago
Sloane Hertel 7ecc227488
ansible-galaxy: Clone git collections using shallow clones (#75722)
* ansible-galaxy: Clone git collections using shallow clones

This ensures the collection obtained via git url is a result of a
shallow git clone (git clone --depth=1). The git history of the
collection is not used by ansible, and as such, cloning the entire
history of the repo is unnecessary.

Signed-off-by: Tomas Babej <tomas@tbabej.com>

* ansible-galaxy: Only perform shallow clones on non-versioned git urls

In general, the version can be anything we can checkout (branch, tag,
but also a commit hash). In particular for commit hashes we cannot
perform a shallow clone.

Err on the safe side and only perform shallow clones for non-versioned
git urls (cloning HEAD).

* galaxy-install: Make shallow cloning compatible with older Python versions

Signed-off-by: Tomas Babej <tomas@tbabej.com>

* Pass args as a tuple

Add tests for the git command created from different repo and version combinations

* changelog

Co-authored-by: Tomas Babej <tomas@tbabej.com>
3 years ago
Matt Clay 4ea8d9a782
ansible-test - split controller/target testing (#75605) 3 years ago
Daniel Goldman 989eeb243f
Add an `undef` global Jinja function (#75435)
* add tests for fail filter

also tests that fail does not block inspectability

* add fail filter

fallback message is a bit clunky,
since you can't invoke a filter without specifying an input.
That is, "{{ fail }}" doesn't work,
so you have to do "{{ None | fail }}"

* document 'fail' filter

* add changelog fragment

* fail filter uses default message on Undefined or emptystring

makes it slightly easier to use the default message:
```diff
- "{{ None | fail }}"
+ "{{ '' | fail }}"
```

and the user sees a slightly more relevant message
if the message itself is undefined:

```diff
- The error was: {{ failmsg | fail }}: 'failmsg' is undefined
+ The error was: {{ failmsg | fail }}: Mandatory variable has not been overridden
```

* rebuild as the builtin `Undefined`

* harmonise `hint` parameter for make_undefined with jinja

* use code block for documentation item

[ref](https://github.com/ansible/ansible/pull/75435#discussion_r707661035)

* rename to `undef` to expose less Python into the Jinja

[ref](https://github.com/ansible/ansible/pull/75435#pullrequestreview-757799031)

* explicitly instantiate undefined value now that it's possible

see I knew we would break something with reflection

* preserve test coverage of undefined variable

Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
3 years ago
Chris Hambridge 1353678f23
Enable ansible-galaxy to specify client id override with Keycloak Token (#75601)
* Enable ansible-galaxy to specify client id override with Keycloak Token

* Specify ability to provide override of client_id

* Test client_id can be configured for individual servers

* Add issue link to changelog

* Document client_id as a config option and add an example

Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
3 years ago
Sloane Hertel 72ba2bdc82
ansible-galaxy - add a per-server validate_certs option (#75710)
* Add a validate_certs option to galaxy server configuration

* Add a unit test for cert validation

* changelog
3 years ago
Abhijeet Kasurde 12734fa21c
yaml dumper: Add YAML respresenter for AnsibleUndefined (#75078)
Fixes: #75072

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
3 years ago
Matt Clay de01db08d0
pip - Use pip from the current Python interpreter. (#75634)
* pip - Use pip from the current Python interpreter.

If `executable` and `virtualenv` were not specified, and
the `pip` Python module is available for the current interpreter,
use that `pip` module instead of searching for a `pip` command.

* Add comment about needing `__main__` to run `pip`.

* Fix unit test.

* Add porting guide entry.

* Update changelog to match porting guide description.

ci_complete
3 years ago
Matt Martz 74f5367673
Ensure `heuristic_log_sanitize` returns correct data if no password found (#75570)
* Ensure heuristic_log_sanitize returns correct data if no password found. See #75542

* Need to allow code to flow through
3 years ago
Pilou 3d7f2a1366
Fix an exception when passlib library is used with a wrapped algo (#75527)
* Test a passlib wrapped algo with a password lookup

* Fix error when passlib is used with a wrapped algo

The exception was:

     An unhandled exception occurred while running the lookup plugin 'password'.
     Error was a <class 'TypeError'>, original message: issubclass() arg 1 must be a class

and can be reproduced using the following command:

    ansible localhost -i localhost, -mdebug -amsg="{{ lookup('password', '/dev/null encrypt=ldap_sha512_crypt') }}"

The concerned algo are: bsd_nthash, django_argon2, django_bcrypt, ldap_bcrypt,
ldap_bsdi_crypt, ldap_des_crypt, ldap_hex_md5, ldap_hex_sha1, ldap_md5_crypt,
ldap_pbkdf2_sha1, ldap_pbkdf2_sha256, ldap_pbkdf2_sha512, ldap_sha1_crypt,
ldap_sha256_crypt, ldap_sha512_crypt, roundup_plaintext
3 years ago
Brian Coca 3ca50a2200
Clarify get_bin_path error message (#75544) 3 years ago
Martin Krizek 51f2f1ac5e
yum: fix parsing of check-update with subsequent empty lines (#75452)
Rather than adding further complexity to the regex, preprocess the output to
remove any empty lines. Now the only purpose of the regex is to fix
wrapped lines.

Fixes #70949
3 years ago
Matt Clay 7450e87615
Fix up string splitting to prepare for pylint update. (#75479)
* Use rsplit with maxsplit in BaseCacheModule.
* Use maxsplit for accessing first item.
* ansible-test - More efficient splitting.
3 years ago