Although it's not enforced that fail_json['msg'] should be a string
[1], I think it is pretty strongly implied.
In this case the failure_response['msg'] is sent through as the
fail_json['msg'], and the trailing commas here turn it into a tuple.
It's not clear if this is a typo or intended, but it does cause
problems for callbacks that expect this as a string (e.g. [2]).
Since there seems no point to having these values as a tuple, remove
the trailing commas so they return a string as per everywhere else.
[1] 4c589661c2/lib/ansible/module_utils/basic.py (L2078)
[2] https://review.opendev.org/#/c/696081
(cherry picked from commit fc54ae9227)
Since older versions of paramiko do not require cryptography,
we cannot catch the exact exception from cryptography.
Remove other exceptions since we're catching everything now
(cherry picked from commit d35c1a435b)
Co-authored-by: Sam Doran <sdoran@redhat.com>
The check for this parameter was missing from BusyBox.modify_user(), resulting in unexpected password changes to existing user accounts.
(cherry picked from commit 18130e1419)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Parse Healthcheck.StartPeriod properly
* Add changelog fragment
* Use proper markup in changelog
Co-Authored-By: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit f31b8e08b2)
* Fix nxos_file_copy option value path validation (#65423)
* Fix nxos_file_copy option value path validation
* Modify `local_file`, `local_file_directory` and
`remote_file` option type from `str` to `path`
so that the option value is validated in Ansible
for a legitimate path value
* Fix review comments
(cherry picked from commit 88008badb1)
* Fix review comments
CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that.
However, there is no user input validation done while performing actions.
A malicious user could provide a crafted zone name which allows executing commands
into the server manipulating the module behaviour.
Adding user input validation as per Solaris Zone documentation fixes this issue.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 7d2ae7e322)
* DNF Handle Empty AppStream stream definition
Fixes#63683
Signed-off-by: Adam Miller <admiller@redhat.com>
* Switch Fedora dnf test target modularity to stratis
In Fedora 29, the metadata was not properly set for a default stream
for ripgrep even though there is a profile called "default", however
that's an arbitrary string and the module maintainer must set the
default stream (which it never was for the ripgrep module, thus
failing the "empty stream" install test)
Signed-off-by: Adam Miller <admiller@redhat.com>
(cherry picked from commit ed86907587)
Co-authored-by: Adam Miller <admiller@redhat.com>
* fix all modules to be able to get parameter with value false (very important fix) (#65040)
* add import of future and __metaclass__
* fix all modules to be able to get parameter with value false (very importent fix)
* Update ignore.txt
(cherry picked from commit b1e6667664)
* Update ignore.txt
* Create 65043-enable-parameter-value-to-be-false.yaml
* Update 65043-enable-parameter-value-to-be-false.yaml
* renamed module tls client auth params to avoid overlaping with fetch_url (#59522)
* renamed module tls client auth parameters to avoid overlaping with ansible fetch_url
* added version_added info for params
* Updated version_added
Updated version_added info from 2.9 to 2.10
* Update pulp_repo.py
removed version_added for renamed params
* Apply suggestions from code review
added ca_cert alias and 'version_added'
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Apply suggestions from code review
added old behavior for client_cert and client_key which will deprecate in 2.14
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update pulp_repo.py
fix for linting error ansibot is complaining
* added changelog fragment for 59522
* Apply suggestions from code review
more informative depreciation warning and changelog fragment
Co-Authored-By: Felix Fontein <felix@fontein.de>
* added mention for changes in client_key and client_cert behavior
* fixed too long line (linting)
* deprecated ca_cert alias to have consistent module params in Ansible 2.14
* fixed indentation for deprecation warning
* changed deprecated alias handling to argument_spec
* moved deprecated_aliases insied argument dict, thanks tremble
* suggestions from felixfontein
Move doc info about client_cert and client_key into its own paragraph
Co-Authored-By: Felix Fontein <felix@fontein.de>
(cherry picked from commit 1e59017d27)
* 2.10 -> 2.9.2
* * Adjust messages.
* Fix one more.
(cherry picked from commit d1c58bc942)
* [stable-2.9] Do not treat AnsibleUndefined as being unsafe (#65202)
* Do not treat AnsibleUndefined as being unsafe. Fixes#65198
* fix yaml formatting.
(cherry picked from commit b08e7daf46)
Co-authored-by: Matt Martz <matt@sivel.net>
* Linting fix
* additional linting fix
* fix module that it reports the correct status of a change
(cherry picked from commit 2028734ac3)
* postgresql_privs - fix sort comparison (#65125)
The result of .sort() is None, not the sorted object. The comparison was comparing the result of the .sort() method and not the sorted values.
(cherry picked from commit 426e37ea92)
Lookup 'first_found' returns empty list which results in
raw_params checking. Check NoneType for 'raw_params' before
proceeding.
Fixes: #64939
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 8d0c2cd4d5)
* proxmox: use 'release' key for version detection if possible
* proxmox: fix PEP issues
* add changelog fragment
* Uses LooseVersion for proxmox version detection
* move imports
* removes useless comment
(cherry picked from commit 38193f6b60)
* Added changes into changelogs/fragments
* Removed no longer used 'LibraryError'.
Signed-off-by: Satyajit Bulage <sbulage@redhat.com>
(cherry picked from commit 5f8ec4d46e)
* docker_swarm_service: Sort lists when checking for changes
When two lists are checked for changes in this module, the lists are
reported changed when the order of the items is different. This PR
resolves this issue.
* docker_swarm_service: Minor typo fix
* docker_swarm_service: Another minor typo
* docker_swarm_service: Should use sorted(), not sort()
* docker_swarm_service: Sort lists of dictionaries
* docker_swarm_service: Fix style issues in tests
* docker_swarm_service: Updates to integration tests
* docker_swarm_service: Casting string types within lists when comparing
* docker_swarm_service: Special handling of unordered networks with ordered aliases
* docker_swarm_service: Sorting network lists
* docker_swarm_serivce: Better unit test code coverage for lists and networks
* docker_swarm_service: Fixed coding style for sanity tests
* docker_swarm_service: More coding style fixes
* docker_swarm_service: Ignoring test for Python < 3
* docker_swarm_service: Update to version info check for backwards compatibility
* docker_swarm_service: Added change fragment #63887
* docker_swarm_service: Better handling of missing sort key for dictionary of lists
* docker_swarm_service: Preventing sorts from modifying in-place
Co-Authored-By: Felix Fontein <felix@fontein.de>
* docker_swarm_service: Removed spurious import in test
* docker_swarm_service: Preventing sorts from modifying more data in-place
Co-Authored-By: Felix Fontein <felix@fontein.de>
(cherry picked from commit a096cd08c5)
* Set name_version when version is not specified, fix#55097
This will default to installing the latest version available
* Add changelog fragment
* update changelog
(cherry picked from commit 136dc27572)
* Windows coverage - output temp files with UTF-8 BOM
ci_complete ci_coverage
* Remove testing changes to get ready for merge
(cherry picked from commit 200fb00310)
* Revert most of PR #61605 commit e218c9814c
This removes the git error handling that converted all git errors into warnings.
* Fix ansible-test handling of git submodules.
(cherry picked from commit ba273c72d8)
Co-authored-by: Matt Clay <matt@mystile.com>
Due to confusion between 'Custom Attributes' and 'Advanced options',
this change got in devel. Revert to original behavior i.e. customizing
custom values using vmware_guest is done in this PR.
Fixes: #64291
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit a6bc43ba47)
This is a fix for a regression introduced by Perfy. Since then we mainly
operate on host.name instead of the Host object. In a call to
set_nonpersistent_facts where we set ansible_failed_task and
ansible_failed_result variables we were still passing the object which
led to those vars being undefined.
Fixes#64789
(cherry picked from commit 5c0b2c151c)
* win_chocolatey: Fix error when choco.exe not found
* Slight tweak to check and added changelog fragment
* Removed ignore rule that's no longer needed
(cherry picked from commit 521d6465f6)
* win_domain_computer module: Minor documentation error
* Fix idempotence when name != samaccountname
* Added changelog
* Added unsupported alias for CI check
(cherry picked from commit 04b8f75ffa)
* allow using --check on win_iis_webapppool module
* Added changelog and slight logic tweak
* Fix typo in changelog fragment
(cherry picked from commit 23a751323b)
Since https://github.com/ansible/ansible/pull/56733, we were not able to apply
firewall rules with no `allowed_hosts` key.
closes: #61332
In addition, this patch ensures the `allowed_hosts` key accepts a dict,
instead of a dict in a single entry list.
```yaml
vmware_host_firewall_manager:
esxi_hostname: "{{ esxi1 }}"
rules:
- name: NFC
enabled: True
allowed_hosts:
- all_ip: False
ip_address:
- "1.2.3.4"
```
Should be written:
```yaml
vmware_host_firewall_manager:
esxi_hostname: "{{ esxi1 }}"
rules:
- name: NFC
enabled: True
allowed_hosts:
all_ip: False
ip_address:
- "1.2.3.4"
```
(cherry picked from commit ab2aaca61d)
* [stable-2.9] Eos vlan override (#63639)
* Fix overridden & deleted in eos_vlans
* Fix vlan creation in overridden
* Right, Python 2.6
(cherry picked from commit 741d529)
Co-authored-by: Nathaniel Case <ncase@redhat.com>
* eos_vlans: Never try to set vlan_id as a property (#63689)
(cherry picked from commit d98482c294)
* Add changelog
* win_acl no longer needs SeSecurityPrivilege
Set-ACL raises missing SeSecurityPrivilege error when the inheritance
from the parent directory is disabled.
* fixes test sanity
* registry rights can only be modified with Set-ACL
* add changelog
(cherry picked from commit 95d613f3ab)
* Corrected Get-adcomputer
Corrected Get-adcomputer on "Remove-ConstructedState" and "Set-ConstructedState" functions.
resolved error: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.
* Update lib/ansible/modules/windows/win_domain_computer.ps1
Co-Authored-By: Daniel-Sanchez-Fabregas <33929811+Daniel-Sanchez-Fabregas@users.noreply.github.com>
* Update win_domain_computer.ps1
changed
"-credential $credential" to "@extra_args" (Line 115 and 150)
corrected exception message (Line 122)
* Added changelog fragment, minor code tweak
(cherry picked from commit e77426dad3)
Improve tests
- add more unit test cases
- add specific integration test with more cases
Testing shows no major downside to calling .strip() twice in a comprehension vs. using a regular for loop and only calling .strip() once. Going with the comprehension for ease of maintenance and because comprehensions are optimized in CPython.
(cherry picked from commit 987265a6ef)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Fix network plugin config option load from collection
Fixes#63975
* Update the complete sub-plugin name within network
connection plugins to handle sub-plugin in collection
scenario.
* Fix review comments
(cherry picked from commit 60276d3d8d)
* Master (#62626)
* Update win_package.ps1
Update Test-Path to use -LiteralPath instead of -Path to fix issue where powershell will not detect path with special characters such as '=' and '[]'.
* Update win_package.ps1
modified other instances of -Path and changed to -LiteralPath. All except line L243 since it is a different function.
* added literal path to get-itemproperty
(cherry picked from commit 153a322f54)
* add fragment
* Fix up role version pagination for Galaxy install
* Fix sanity issue
(cherry picked from commit 7acae62fa8)
Co-authored-by: Jordan Borean <jborean93@gmail.com>
This fixes a regression that was caused by switching from copy() to
deepcopy() when 'saving' variables before templating. Since HostVars
did not implement the __deepcopy__() method, deepcopy returned incorrect
results when host vars were present in the variables.
Fixes#63940
(cherry picked from commit cd8ce16d48)
update_resource and delete_resource takes and requires four argument.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 21c8dae83b)
This isn't used any place, lets remove it to fix lint checks on our
network collections.
(cherry picked from commit 119acc1afe)
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
* [stable-2.9] Set alter_sys=True instead of False to address backwards incompat (#64670)
* Set alter_sys=True instead of False to address backwards incompat
* ci_complete
* Add integration test
* ci_complete
* sanity
* ci_complete
* Changelog fragment
* Update import test and validate-modules to match.
(cherry picked from commit b93d92ef9a)
Co-authored-by: Matt Martz <matt@sivel.net>
* Rebase and add alter_sys to validate-modules
wait_for_connection creates AnsiballZ_ping.py in temp directory,
which remains on remote machine even after playbook run.
Fixes: #62407
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 68428efc39)
* Move X25519, X448, Ed25519 and Ed448 feature tests to module_utils.
* Correctly sign with Ed25519 and Ed448 keys.
* Fix public key comparison. Ed25519 and Ed448 do not have public_numbers().
* Add tests.
* Add changelog.
* Give better errors for cryptography 2.6.x and 2.7.x.
* Test for new errors.
* Forgot one.
* Used wrong private key.
* Use private key password for CA key. Add more stuff to its certificate.
(cherry picked from commit fed267df03)
* docker_login: Use with statement for accessing files (#64382)
* Update changelogs/fragments/64382-docker_login-fix-invalid-json.yml
Co-Authored-By: Felix Fontein <felix@fontein.de>
(cherry picked from commit 52c4c1b00d)
The error is not always an invalid username/password. It could be a connection timeout or refusal.
(cherry picked from commit d5fbe6573b)
Co-authored-by: Sam Doran <sdoran@redhat.com>
Add integration test for copy: deep recursive with remote_src=True
(cherry picked from commit b7e38dfa52)
Co-authored-by: Alexander Korsunsky <A.Korsunsky@gmail.com>
* Fix#63919: don't run os.makedirs on empty dir path
* integration test for lineinfile create: yes without path (Sam Doran <sdoran@redhat.com>)
(cherry picked from commit 3c978a3225)
* check status code value lower boundary
Any HTTP code below 200 cannot be considered a success, should be
handled like a failure instead.
This is particularly true for below zero status codes.
Fixes#63139
* provide changelog fragment
* ensure connection errors are handled in Acme module
* add fetch_url check to ACME.send_signed_request
* remove module.fail_json
* move _assert_fetch_url_success out of ACMEAccount
* fix ansible-lint errors
* use simplified syntax status checking
(cherry picked from commit 0d905a0496)
* Make acl module to work with whitespaces in path
* Added a changelog fragment
* Add quotes to changelog fragment
(cherry picked from commit 504d76e956)
* Fix issue when setting an empty pass to no_log param (#62804)
* Fix issue when setting an empty pass to no_log param
* Fix typo
(cherry picked from commit 322e225830)
* Fix up actual get for older versions
This fixes ansible-test so it no longer tries to install sanity test dependencies on unsupported Python versions.
(cherry picked from commit 437e9b7063)
Co-authored-by: Matt Clay <matt@mystile.com>
* Fix validate-modules support for collections.
- Relative imports now work correctly.
- The collection loader is now used.
- Modules are invoked as `__main__`.
* Remove obsolete validate-modules code ignores.
* Handle sys.exit in validate-modules.
* Add check for AnsibleModule initialization.
* Remove `missing-module-utils-import` check.
This check does not support relative imports or collections.
Instead of trying to overhaul the test, we can rely on the `ansible-module-not-initialized` test instead.
* Fix badly named error codes with `c#` in the name.
The `#` conflicts with comments in the sanity test ignore files.
* Add changelog entries.
(cherry picked from commit e9f8a34dce)
Co-authored-by: Matt Clay <matt@mystile.com>
* clear configuration candidate when return to user-view.
* add a changelog fragment for the pr.
* Update 63513-ce_action_wait_prompt_trigger_time_out.yaml
* Update 63513-ce_action_wait_prompt_trigger_time_out.yaml
(cherry picked from commit 47c31c201b)
Use a separate variable for the boolean test rather than having the same variable sometimes be a boolean and sometimes be a regular expression match object
Add integration tests to cover this scenario
(cherry picked from commit 29d4d318a5)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* crypto modules: improve return value list documentation (#62929)
* Improve return value documentation by allowing entry for return values.
* Add docs formatting, adjust styling.
* Fix sample return value. (Taken from https://tools.ietf.org/html/rfc7517#appendix-A.1.)
* Work around abuse of .
(cherry picked from commit 054285c34c)
* Add changelog.
Initialize variables in case the shadow file is not found.
Handle IndexErrors if something goes wrong with file parsing.
(cherry picked from commit e9d10f94b7)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* ce_netstream_global: bugs fix(list index out of range) (#63332)
* update to fix bugs:index out of range
* list index out of range
* list index out of range
* update for bad-whitespace
* Update ce_netstream_aging.py
* Update ce_netstream_aging.py
* Update ce_netstream_global.py
* Update ce_netstream_global.py
* Update ce_netstream_global.py
* Update ce_netstream_template.py
* Update ce_netstream_global.py
* Update ce_netstream_global.py
* Update ce_netstream_template.py
* Update ce_netstream_aging.py
(cherry picked from commit b7f12f9ff3)
* add a changelog fragment.
* Update 63389_ce_netsream_list_index_out_of_range.yml
empty-lines too many blank lines (1 > 0)
* clean "changed" after it has been processed
without this change, a loop of `debug` tasks with `changed_when`
causes the "changed" status to get lost before output
* runme.sh tests for debug loop status
(cherry picked from commit bfd32c9b00)