A recent update to cffi that was yanked is still being installed on our
Mac OS X 10.11 test image since the version of pip there is very old and
does not ignore yanked packages.
Pin the version of pyOpenSSL and its dependencies to fix this and avoid
future spontaneous failures.
(cherry picked from commit 65cdb86c8a)
Co-authored-by: Sam Doran <sdoran@redhat.com>
Use of this new version is experimental, so it is not enabled in CI yet.
(cherry picked from commit 2bbcbe99fd)
Co-authored-by: Matt Clay <matt@mystile.com>
Change:
- By default the dnf API does not gpg-verify packages. This is a feature
that is executed in its CLI code. It never made it into Ansible's
usage of the API, so packages were previously not verified.
- This fixes CVE-2020-14365.
Test Plan:
- New integration tests
Signed-off-by: Rick Elrod <rick@elrod.me>
* [stable-2.10] unarchive - Check 'fut_gid' against 'run_gid' in addition to supplemental groups (#65666)
Add integration tests for unarchiving as unprivileged user
Break tasks into separate files for easier reading and maintenance
Create a user by specifying a default group of 'staff' for macOS.
The user module does not actually remove the user directory on macOS,
so explicitly remove it.
Put the removal tasks in an always block to ensure they always run
Co-authored-by: Philip Douglass <philip.douglass@amadeus.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
(cherry picked from commit ac5f3f8bef)
Co-authored-by: Philip Douglass <philip@philipdouglass.com>
* [stable-2.10] Fix unstable unarchive test (#71004)
* Add mode to copy tasks
* Fix unreliable test by ignoring errors
(cherry picked from commit f99f96ceb6)
Co-authored-by: Philip Douglass <philip@philipdouglass.com>
* Fix tty_ify bugs and refactor
* Move tty_ify() and supporting attributes to the DocCLI class as that's
the only thing using it.
* Add unittest for the code.
* Fix a bug where the substitution macros can be detected when they are
a part of another word.
* Add support for L(), R(), and HORIZONTALLINE which were added to the
website docs many years ago.
* Update test/units/cli/test_doc.py
Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit fb144c4)
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
* Ensure -k is set to delegated hosts without a pass
* Fix up some broken tests
* Update task_executor.py
one possible fix, the other is updating winrm to normalize on 'password' like the other connection plugins
* Add alias for winrm and fix incorrect assumption
* Make sure aliases are used for keyword options
* Conditionally run test if sshpass is present, fix sanity
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
(cherry picked from commit 3f22f79e73)
* Incase of network integration test for connection local
test the paramiko_ssh auth_timeout is the value of timeout
under defaults section which is 10 seconds.
* For slower connection 10sec timout value result in authentication
timeout error hence increase the timeout value to 90 seconds
(cherry picked from commit 6160e82bf2)
Co-authored-by: Ganesh Nalawade <ganesh634@gmail.com>
* Updates to docs build for new antsibull CLI
* --ansible-base-cache renamed to --ansible-base-source
* _acd_version in the .deps file has been renamed to _ansible_version
(cherry picked from commit 22d2c97b81)
* Fix expr regex for MacOSX compat
MacOSX seems to want bare `+` whereas GNU expr wants escaped `+` (`\+`)
to mean match one or more. Use `\{1,\}` instead which will match one or
more on both MaxOSX and GNU-using systems.
Fixes#71053
(cherry picked from commit 99cac0b135)
* Force an upgrade to a newer version of antsibull
(cherry picked from commit d816a5966e)
The message generated by systemctl has been updated in 9321e23c40, which requires a corresponding change in the systemd module.
In addition, this fixes the module when the SYSTEMD_OFFLINE environment variable is set.
(cherry picked from commit a1a50bb3cd)
* Bump antsibull-changelog version.
* Flag all dotfiles, except .keep and .gitkeep.
* Enable ignoring other fragment extensions.
(cherry picked from commit fbfc0f99eb)
* Move 2.10.0rc1 release date a few days forward. (#71270)
At yesterday's meeting it was decided to have ansible-2.10.0 depend on
ansible-base-2.10.1 so that we can get several fixes for ansible-base's
routing (including adding the gluster.gluster collection).
ansible-base-2.10.1 will release on September 8th. So we will plan on
releasing ansible-2.10.0rc1 on the 10th.
https://meetbot.fedoraproject.org/ansible-community/2020-08-12/ansible_community_meeting.2020-08-12-18.00.html
(cherry picked from commit e507c127e5)
* a few writing style updates (#71212)
(cherry picked from commit 4f0bd5de38)
* Fix code markups and add link to CVE (#71082)
(cherry picked from commit 92d59a58c0)
* Fix 404 links (#71256)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit ecea018506)
* Writing style updates to Developing dynamic inventory topic (#71245)
* modified the writing style
* incorporated peer feedback
(cherry picked from commit ecd3b52ad7)
* Fix roadmap formatting. (#71275)
(cherry picked from commit ee48e0b0ad)
* Update password.py (#71295)
List md5_crypt, bcrypt, sha256_crypt, sha512_crypt as hash schemes in the password plugin.
(cherry picked from commit 1d1de2c6fd)
* Update ansible european IRC channel (#71326)
Signed-off-by: Rémi VERCHERE <remi@verchere.fr>
(cherry picked from commit 824cd4cbeb)
* Add warning about copyright year change (#71251)
To simplify project administration and avoid any legal issues,
add a warning in the docs. This reflects - https://github.com/ansible/ansible/issues/45989#issuecomment-423635622 and fixes: #45989
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 606604bb97)
* subelements: Clarify parameter docs (#71177)
skip_missing parameter in subelements lookup plugin is accepted from
inside the dictionary.
Fixes: #38182
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 6d17736ef4)
* Writing style updates to Using Variables topic (#71194)
* updated topic title, underline length for headings, and incorporated peer feedback
(cherry picked from commit 4d68efbe24)
* cron module defaults to current user, not root (#71337)
(cherry picked from commit 4792d83e13)
* Update Network Getting Started for FQCN/collection world (#71188)
* pull out network roles, cleanup, update first playbook examples, update gather facts section, some inventory conversion to .yml, update inventory and roles, simplify the navigation titles, fix tocs, feedback comments
(cherry picked from commit f79a7c5585)
* Add documentation about info/facts module development (#71250)
Fixes: #40151
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 4f993922c8)
* network: Correct documentation (#71246)
ini-style inventory does not support Ansible Vault password.
This fixes network_best_practices_2.5 doc.
Fixes: #69039
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit a1257d75aa)
* tidies up vars page (#71339)
(cherry picked from commit 02ea80f6d7)
* base.yml: Fix typos (#71346)
(cherry picked from commit 41d7d53573)
* quick fix to change main back to devel (#71342)
* quick fix to change main back to devel
* Update docs/docsite/rst/dev_guide/developing_collections.rst
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 74f88c56a5)
* Add note about integration tests for new modules to the dev guide (#71345)
(cherry picked from commit b82889eef5)
* update fest link (#71376)
(cherry picked from commit 80b8fde946)
* incorporate minimalism feedback on debugging page (#71272)
Co-authored-by: bobjohnsrh <50667510+bobjohnsrh@users.noreply.github.com>
(cherry picked from commit 5073cfc8bc)
* fix header problem
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
Co-authored-by: Sayee <57951841+sayee-jadhav@users.noreply.github.com>
Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: rovshango <rovshan.go@gmail.com>
Co-authored-by: Remi Verchere <rverchere@users.noreply.github.com>
Co-authored-by: Jake Howard <RealOrangeOne@users.noreply.github.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
Co-authored-by: Per Lundberg <perlun@gmail.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
There are links from the scenario guides to collections but collections
docs aren't built in testing or locally when we're on the devel branch.
Due to that we need to make sure those references resolve to the
production docsite. We can use intersphinx to make sure that happens.
* The test for binary files wasn't reading enough of the file.
Checking for null bytes in the first 1024 bytes failed to diagnose the
ansible_2_10.inv file as binary
(cherry picked from commit e10902d744)
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
Changes to sanity and unit tests now trigger the ansible-test self-test integration tests.
No changelog entry since this only affects tests for ansible itself and not collections.
(cherry picked from commit b53e7f8720)
Co-authored-by: Matt Clay <matt@mystile.com>
* Revert "[stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)" (#71236)"
This reverts commit c968020d52.
* Revert "Remove porting guide entry related to reverted change (#71242)"
This reverts commit 006a21eae2.
* [stable-2.10] Revert "Fix warning for new default permissions when mode is not specified (#70976) (#70985)"
This reverts commit 5cb96087e6.
* [stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)"
This reverts commit 7e4cffc5d2.
* Misc typo fixes (#71089)
(cherry picked from commit 504ef607f3)
* Add some documentation for the format of meta/runtime.yml (#71035)
* Document the format of meta/runtime.yml
* Document multiple Ansible versions
Clarify difference between deprecation and tombstone fields
* add note
(cherry picked from commit a9eb8b0488)
* add note to uninstall older versions of ansible for pip (#71023)
* add note to uninstall older versions of ansible for pip
* combine with the other PR
(cherry picked from commit 72d3d44163)
* VMware: Inventory scenario guide for hostnames (#71055)
Added a scenario guide for ``hostnames`` parameter
for vmware_vm_inventory.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 0055673c70)
* Document string tests a bit more (#71049)
- Explain how `regex` differs from `match` and `search`.
- Document `multiline` and `ignorecase`.
Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 701c638757)
* docs: Add a note about package requirements for fact gathering (#70796)
Fixes: #26148
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit a6725d6e2a)
* added note about fakeroot (#71018)
see #70895
(cherry picked from commit 11a31e99e6)
* Update documentation of httpapi's handle_httperror method for clarity (#70991)
(cherry picked from commit a0523e5b8a)
* DOCS: add 2.10 collections roadmap (#70975)
* draft of 2.10 collections roadmap
* incorporates feedback from felixfontein
* gundalow and samccann feedback, fix link
Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
(cherry picked from commit 9879da8e23)
* updates changelog types; some updates for easier translation (#71027)
Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 4f4436c124)
* Document common return values with examples (#71046)
* adding return value examples
* shift to console code blocks
* cleaning up whitespace and shortening invocation example
* reordering diff section
(cherry picked from commit 864573a38d)
* Update intro_getting_started.rst (#71039)
Added two additional learning resources in the See also: section- forgot closing backticks
(cherry picked from commit 9850915bd6)
* Guide users to use ansible-runner (#71063)
Update the docs to guide users to use `ansible-runner` instead of using Python API directly. In many use cases, executing Ansible playbooks are sufficient. In those use cases, `ansible-runner` is easier and much stable to use comparing with Python API, but there is no mention of it.
(cherry picked from commit 0c855dc70b)
* Porting guides for ansible-base 2.10 and ansible 2.10 (#70891)
* Fix changelog link title.
* Rename Ansible 2.10 and 2.11 porting guides to Ansible-base porting guides.
* Add stub for automatically generated 2.10 porting guide.
* Move things that should not be in the ansible-base porting guide to the ansible porting guide.
* Apply changes to base porting guides.
* Add remark that ansible-base is mainly for developers.
* Ansible Base -> Ansible-base
* Fix link in base porting guide.
* Add generated porting guide.
* Use same header signs as antsibull-changelog's RST builder.
* Update generated porting guide.
(cherry picked from commit 61b36c6f30)
* Update network platform guides with FQCN (#70699)
* fqcn all the docs things!
(cherry picked from commit 54bee7152b)
* Document how to upgrade to ansible with pip (#70768)
Fixes#70348
(cherry picked from commit 5019335660)
* document how to migrate between collections (#70243)
* document how to migrate between collections
* Apply suggestions from code review
Co-authored-by: John R Barker <john@johnrbarker.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 58145dff9c)
* remove github link from plugins (#70951)
(cherry picked from commit e28b20d729)
* Add latest rc from ansible-base (#70974)
* Add latest rc from ansible-base
(cherry picked from commit d62dffafb3)
* Document to_json will convert to ASCII strings by default (#70954)
... as reported in issue #68702
(cherry picked from commit 8c48366f1c)
* Update the porting guide for ansible-2.10.0a8 (#71141)
(cherry picked from commit 0a9638ce4b)
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Sloane Hertel <shertel@redhat.com>
Co-authored-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Nathaniel Case <ncase@redhat.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
Co-authored-by: Terciero <terciero@users.noreply.github.com>
Co-authored-by: Brendon O'Sullivan <49501251+bjosullivan@users.noreply.github.com>
Co-authored-by: EthanHur <ethan0311@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com>
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
The repository names seem to have changed and no longer have the "rhui-" prefix
(cherry picked from commit 6ac4439a6a)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* [stable-2.10] facts - fix incorrect time for some date_time_facts (#70665)
The iso8601_micro and iso8601 facts incorrectly called now.utcnow(), resulting
in a new timestamp at the time it was called, not a conversion of the previously
stored timestamp.
Correct this by capturing the UTC timestamp once then calculating the local
time using the UTC offset of the current system.
* Use time.time() for getting the current time
* Convert from that stored epoch timestamp to local and UTC times
* Used existing timestamp for epoch time
* Add unit tests that validate the formate of the return value rather than an exact value since mocking time and timezone is non-trivial
(cherry picked from commit c4f442ed5a)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Remove tests for tz_dst since that only exists in newer versions
Follow up to #70221
Related to #67794
CVE-2020-1736
When set_mode_if_different() is called with mode of 'None', ensure we issue
a warning about the change in default permissions.
Add integration tests to ensure the warning works properly.
* Fix tests
- actually use custom module 🤦♂️
- verify file permission on created files
- use remote_tmp_dir so we're ready for split controller
- improve test module so we can skip the call to set_fs_attributes_if_different()
- fix tests for CentOS 6
(cherry picked from commit dc79528cc6)
* Also validate top-level version_added.
* Fix error code.
* Produce same version_added validation error in schema than in code (and stop returning it twice).
* Return correct error codes for invalid version_added for options and return values.
* Add changelog.
* Fix forgotten closing braket.
* Accept 'historical' for some top-level version_added.
(cherry picked from commit 7e2cc7db12)
* Fix ansible-test error in community.aws
* Add changelog entry for fix
* Change check from None to string_types
* Update changelogs/fragments/70507-validate-null-author.yaml
clarify wording "or a list of strings"
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/lib/ansible_test/_data/sanity/validate-modules/validate_modules/schema.py
clarify wording - single string or not specified valid
Co-authored-by: Felix Fontein <felix@fontein.de>
* Do not fail but return None when given outside list
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit b0d9deeae3)
Co-authored-by: Alan Rominger <arominge@redhat.com>
* Add boilerplate snippet into `examples/`
It is a partial backport of #70224
(partially cherry picked from commit 4816bb4f43)
* Refactor Python API examples and docs
PR #70446: it's a follow-up for #70445.
It includes a merge of `examples/scripts/uptime.py` and a similar
code snippet from `docs/docsite/rst/dev_guide/developing_api.rst`.
This patch also changes the docs RST file to include contents of
the example file instead of holding a copy of a similar code.
(cherry picked from commit 20bb915092)