Commit Graph

2357 Commits (ae1291004e2d6d127f70a2588012d5b1342d9dee)

Author SHA1 Message Date
Jordan Borean 3f22f79e73
Ensure -k is set to delegated hosts without a pass (#71136)
* Ensure -k is set to delegated hosts without a pass

* Fix up some broken tests

* Update task_executor.py

one possible fix, the other is updating winrm to normalize on 'password' like the other connection plugins

* Add alias for winrm and fix incorrect assumption

* Make sure aliases are used for keyword options

* Conditionally run test if sshpass is present, fix sanity

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
4 years ago
Matt Martz 410b6a7109
Update integration tests to support rpmfluff-0.6 (#71155) 4 years ago
Felix Fontein 050841324c
ansible-test: bump acme test container version to 2.0.0 (#71097) 4 years ago
David Shrewsbury 2f77606aa1
Add CVE reference to changelog for PR 70762 (#71151) 4 years ago
David Shrewsbury 6bf1dd428b
Update 70762 changelog to use security_fixes (#71124) 4 years ago
Felix Fontein fbfc0f99eb
Make changelog tool be more strict about suffixes (#70909)
* Bump antsibull-changelog version.

* Flag all dotfiles, except .keep and .gitkeep.

* Enable ignoring other fragment extensions.
4 years ago
Rick Elrod 4e55b93613
virt facts: allow guest/host to have >1 virt tech (#70832)
Change:
- Allow systems to declare multiple virt techs. For example if a system
  is both a docker container, but virtualized on KVM, show both. If a
  system is set up to run virtualbox and KVM VMs, show both.

- This is done by introducing new facts keys:
  - virtualization_tech_guest
  - virtualization_tech_host

- Backwards compatibility is preserved by keeping track of the previous
  return-points and refusing to update those keys after we would have
  returned, but now returning them at the end, so that the new keys can
  accumulate their data.

Test Plan:
- Local
- CI

Tickets:
- Refs #66304
- Refs #17151
- Refs #17058
- Probably others

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Felix Fontein fc83055425
Fix changelog fragment type. (#70902) 4 years ago
Toshio Kuratomi fb144c4414
Update ansible doc formats (#71070)
* Fix tty_ify bugs and refactor

* Move tty_ify() and supporting attributes to the DocCLI class as that's
  the only thing using it.
* Add unittest for the code.
* Fix a bug where the substitution macros can be detected when they are
  a part of another word.
* Add support for L(), R(), and HORIZONTALLINE which were added to the
  website docs many years ago.

* Update test/units/cli/test_doc.py

Co-authored-by: Matt Clay <matt@mystile.com>

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Brian Coca 662d34b9a7
add jinja2 global to reserved names (#71088)
* add jinja2 global to reserved names

  also allow expansion by additional context provided from caller

  fixes #41955

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Jordan Borean aab9beccf7
Remove ANSIBLE_COLLECTIONS_PATHS dep warning (#71094) 4 years ago
Rick Elrod 0d7c144ce4
Allow macOS ACLs to work for unpriv -> unpriv (#70785)
Change:
- Use `chmod +a` in the fallback chain to allow MacOS to use ACLs to
  allow an unprivileged user to become an unprivileged user.

Test Plan:
- CI, new tests

Tickets:
- Fixes #70648

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod 810a9a5593
find: Allow reading whole file for contains regex (#71083)
Change:
- Add a parameter `read_whole_file` which allows for reading the whole
  file when doing a `contains` regex search.
- This allows for (for example) matching a pattern at the very end of
  a file.

Test Plan:
- New integration tests

Tickets:
- Fixes #63378

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Martin Krizek 5ca3aec3c4
native types: properly handle Undefined in nested data (#68432) 4 years ago
Jordan Borean f6b3b4b430
ansible-galaxy - fix download for subdirs in SCM (#71005) 4 years ago
Felix Fontein 4bd7580dd7
Fix fortimanager httpapi redirect (#71073)
* The fortimanager httpapi plugin is in fortinet.fortimanager, not in fortinet.fortios.

* Add changelog fragment.
4 years ago
Matt Davis 86b6c4bbb6
fix collection package root location under pytest >=6.0.0 (#70963) 4 years ago
Rick Elrod 7f62a9d7b5
Make cache adjudicator's flush call plugin flush (#70987)
Change:
- Previously CachePluginAdjudicator#flush only removed entries from the
  cache backend that it knew about by using them earlier. Now it calls
  the underlying plugin's flush() method.

Test Plan:
- New unit tests

Tickets:
- Fixes #68770

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Sloane Hertel 991714b9d1
copy - redact 'content' from invocation in check mode (#71033)
* sanitize copy module invocation secrets in check mode
4 years ago
Rick Elrod 74c14c6743
Strip spaces in module names in explicit actions (#71040)
* Strip spaces in module names in explicit actions

Change:
- When an action is called like "action: copy foo=bar", strip spaces
  around the action name.
- This allows "action: copy        foo=bar" to work as expected.

Test Plan:
- New integration tests

Tickets:
- Fixes #62136

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Martin Krizek bf7276a4e8
Emit proper error for `x in y` when y is undefined (#70990)
Fixes #70984
4 years ago
Philip Douglass ac5f3f8bef
unarchive - Check 'fut_gid' against 'run_gid' in addition to supplemental groups (#65666)
Add integration tests for unarchiving as unprivileged user
Break tasks into separate files for easier reading and maintenance

Create a user by specifying a default group of 'staff' for macOS.

The user module does not actually remove the user directory on macOS,
so explicitly remove it.

Put the removal tasks in an always block to ensure they always run

Co-authored-by: Philip Douglass <philip.douglass@amadeus.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Abhijeet Kasurde e139739ab3
iptables: Add a note about ipv6-icmp (#70915)
ipv6-icmp ping is valid protocol and adding note about
it in protocol parameter.

Fixes: #70905

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Sloane Hertel 54e2ae79e7
fix downloading collections in git repos and tar.gz artifacts (#70524)
* Fix downloading tar files

* Fix downloading SCM collections

* changelog
4 years ago
Sam Doran e6bf202738
linux facts - return proper broadcast address (#64528)
* linux facts - return proper broadcast address

Check that the value being returned is actually a broadcast address

* Add tests

* Cleanup tests
4 years ago
Sam Doran c4f442ed5a
facts - fix incorrect time for some date_time_facts (#70665)
The iso8601_micro and iso8601 facts incorrectly called now.utcnow(), resulting
in a new timestamp at the time it was called, not a conversion of the previously
stored timestamp.

Correct this by capturing the UTC timestamp once then calculating the local
time using the UTC offset of the current system.

* Use time.time() for getting the current time
* Convert from that stored epoch timestamp to local and UTC times
* Used existing timestamp for epoch time
* Add unit tests that validate the formate of the return value rather than an exact value since mocking time and timezone is non-trivial
4 years ago
Matt Clay 2e0097ada3 Fix ansible-test relative import analysis. 4 years ago
Sam Doran dc79528cc6
Fix warning for new default permissions when mode is not specified (#70976)
Follow up to #70221
Related to #67794
CVE-2020-1736

When set_mode_if_different() is called with mode of 'None', ensure we issue
a warning about the change in default permissions.

Add integration tests to ensure the warning works properly.

* Fix tests
- actually use custom module 🤦‍♂️
- verify file permission on created files
- use remote_tmp_dir so we're ready for split controller
- improve test module so we can skip the call to set_fs_attributes_if_different()
- fix tests for CentOS 6
4 years ago
Jordan Borean b1cb2553af
ansible-galaxy - fix fallback for AH searches (#70957) 4 years ago
Sam Doran a24f51d9e5
package - use existing list of package manages from facts (#70920) 4 years ago
Sam Doran 73a9ad9aea
ansiballz - remove deprecated excommunicate command (#70921) 4 years ago
Rick Elrod 20a7476064
git: verify, only use --raw when we need it (#70900)
Change:
- Allow older git to verify tags again
- Enable verification tests everywhere, even if most of them only work
  on newer git. Some of them work on older git and they test the --raw
  parameter.

Test Plan:
- Re-enabled subset of git tests

Tickets:
- Fixes #64469

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Brian Coca f9c3c6cba6
Allow changed/failed mgmt on strategy actions (#70919)
* Allow changed/failed mgmt on strategy actions
4 years ago
Matt Clay 3a8ac62596 Cap pytest version to avoid relative import issue. 4 years ago
Rick Elrod c19a10e13a
RHEV virt facts: Detect vdsmd in addition to vdsm (#70901)
Change:
- Look for the `vdsmd` process in addition to `vdsm` as before.

Tickets:
- Fixes #66147

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod 7d32129efb
[dnf] show installations/removals in check_mode (#70892)
Change:
- Previously, we only showed that something would have changed, not what
  would have changed. This allows us to show what will chang as well.

Test Plan:
- Local RHEL8 VM
- New integration tests

Tickets:
- Fixes #66132

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Felix Fontein 7e2cc7db12
validate-modules: fix version_added validation for top-level, fix error codes (#70869)
* Also validate top-level version_added.

* Fix error code.

* Produce same version_added validation error in schema than in code (and stop returning it twice).

* Return correct error codes for invalid version_added for options and return values.

* Add changelog.

* Fix forgotten closing braket.

* Accept 'historical' for some top-level version_added.
4 years ago
Matt Davis 45c2eb6c0a
lineinfile - fix broken exception handling (#70846)
* prevent (ExceptionType) is not subscriptable errors
* tweak error message and use text conversion
* add to_text import
4 years ago
Rick Elrod be4be926c4
subversion Give subversion module a validate_certs option (#70890)
* Give subversion module a validate_certs option

Change:
- Add `validate_certs` option to subversion module. Defaults to off for
  backwards compatibility.

Tickets:
- Fixes #22599

Signed-off-by: Rick Elrod <rick@elrod.me>

* Update changelogs/fragments/22599_svn_validate_certs.yml

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>

* test verify_certs codepaths

Signed-off-by: Rick Elrod <rick@elrod.me>

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
fosslinux 4cc4cebc97
reboot - fix Void Linux (#70704)
Add entry for appropriate commands for Void Linux
4 years ago
Amin Vakil 9d2982549d
dnf: Add nobest option (#70318)
* dnf: Add nobest option

* dnf: Fix indent, add nobest specifically to dnf not yum

* Add changelog for dnf: add nobest option

* dnf: Add nobest to yumdnf module argument_spec

* dnf: remove nobest from module paramaters in yumdnf.py

* dnf: Add test for nobest option

* dnf: Cleanup packages in nobest test at last

* dnf: Cleanup manually added repos in nobest test at last

* dnf: Remove dnf-plugins-core as well in nobest test

* dnf: Change nobest release version to 2.11

* Change changelog number according to change in PR number

* Change changelog number according to change in PR number
4 years ago
Brian Coca 1223ce656a
reset logging to INFO (#70878)
- due to CVE-2019-14846
 - also added comments and test to avoid 'oportunistic' reversion
4 years ago
Mykola Grygoriev 953aa26286
Get serial number of NVMe device without sg_inq (#70284)
* Get serial number of NVMe device without sg_inq

* Add changlelog for #70284

* Use get_file_content() to get serial number from a file
4 years ago
Rick Elrod 21ac550828
virtualization facts: check /dev/kvm as a fallback (#70829)
Change:
- On Linux, there are situations where a host might be a KVM host but
  not have the kernel module enabled (it might be compiled in instead).
  In these cases, /dev/kvm will still exist, and rather than reporting
  NA, we should report that the host is a KVM host.

Test Plan:
- Local

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Jordan Borean 5e1a968983
Do not add connection vars to the output results (#70853)
* Do not add connection vars to the output results

* Also revert the delgated scenario JIC

* Added regression test
4 years ago
Matt Davis 4c0af6c808
fix internal cases of actions calling unqualified module names (#70818)
* fix internal cases of actions calling unqualified module names

* add porting_guide entry
* misc other fixes around action/module resolution broken by redirection

ci_complete

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* address review feedback

* pep8

* unit test fixes

* win fixes

* gather_facts fix module args ignores

* docs sanity

* pep8

* fix timeout test

* fix win name rewrites

Co-authored-by: Rick Elrod <rick@elrod.me>
4 years ago
Abhijeet Kasurde e439194c8c
basic: Add name of aliases in error message (#69427)
With this patch, user will be notified with available aliases
of arg parameter.

Fixes: #58752

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Sam Doran 5260527c4a
Change default file permissions so they are not world readable (#70221)
* Change default file permissions so they are not world readable

CVE-2020-1736

Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.

A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.

- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions
4 years ago
David Shrewsbury bf98f031f3
Sanitize URI module keys with no_log values (#70762)
* Add sanitize_keys() to module_utils.

* More robust tests

* Revert 69653 change

* Allow list or dict

* fix pep8

* Sanitize lists within dict values

* words

* First pass at uri module

* Fix insane sanity tests

* fix integration tests

* Add changelog

* Remove unit test introduced in 69653

* Add ignore_keys param

* Sanitize all-the-things

* Ignore '_ansible*' keys

* cleanup

* Use module.no_log_values

* Avoid deep recursion issues by using deferred removal structure.

* Nit cleanups

* Add doc blurb

* spelling

* ci_complete
4 years ago
Brian Coca 84adaba6f5
Allow hostvars delegation (#70331)
* ensure hostvars are available on delegation
* also inventory_hostname must point to current host and not delegated one
* fix get_connection since it was still mixing original host vars and delegated ones
* also return connection vars for delegation and non delegation alike
* add test to ensure we have expected usage when directly assigning for non delegated host
4 years ago