Do the right thing on Linux when password lock and a password hash are provided by writing
out the password hash prepended by the appropriate lock string rather than using -U and -L.
This is the correct way to set and lock the account in one command.
On BSD, run separate commands as appropriate since locking and setting the password cannot
be done in a single action.
FreeBSD requires running several commands to get the account in the desired state. As a result,
the rc, output, and error from all commands need to be combined and evaluated so an accurate
and complete summary can be given at the end of module execution.
* Improve integration tests to cover this scenario.
* Break up user integration tests into smaller files
* Properly lock account when creating a new account and password is supplied
* Simplify rc collection in FreeBSD class
Since the _handle_lock() method was added, the rc would be set to None, which could make
task change reporting incorrect. My first attempt to solve this used a set and was a bit too
complicated. Simplify it my comparing the rc from _handle_lock() and the current value of rc.
* Improve the Linux password hash and locking behavior
If password lock and hash are provided, set the hash and lock the account by using a password
hash since -L cannot be used with -p.
* Ensure -U and -L are not combined with -p since they are mutually exclusive to usermod.
* Clarify password_lock behavior..
(cherry picked from commit 264e08f21a)
Co-authored-by: Sam Doran <sdoran@redhat.com>
Change:
- module_utils.basic.is_special_selinux_path() used a string ==
bytestring comparison which returned False and made Ansible think that
certain filesystems aren't, in fact, special-cased, when they should
be. Ensure both sides of the == are bytestrings.
Test Plan:
- Added `copy` integration tests for this case.
Tickets:
- Fixes#70244
Signed-off-by: Rick Elrod <rick@elrod.me>.
(cherry picked from commit 688cd8657b)
PR #72702 introduced a bug that changed the unit name when splitting it up for the purpose
of searching for the unit. This only happens on unit file templates on systems that have a 5.8
or newer kernel and a version of systemd that does not contain a bugfix that causes systmed
to fail to parse dbus.
* Use facts rather than a manual probe to determine if systmed is present
* Remove unnecessary block
* Use vars files instead of set_fact
* Add tests for using a templated unit file
* Update changelog fragment
* Use template to get correct path to sleep binary
(cherry picked from commit 48803604cd)
Co-authored-by: Sam Doooran <sdoran@redhat.com>
* Rename pylint plugin and add tests. (#70225)
* Update ansible-test pylint Python support. (#72972)
* Add integration tests for sanity test failures.
(cherry picked from commit fa48678a08)
* Python 3.8 is now officially supported.
* Python 3.9 is now skipped with a warning.
(cherry picked from commit 37d09f2488)
* Allow key None to prevent errors with import test.
(cherry picked from commit dbc2c996ab)
Backport of https://github.com/ansible/ansible/pull/73003
Co-authored-by: Felix Fontein <felix@fontein.de>
Having the trap exit with a specific code will override
the exit code that caused the trap to run, which could
mask errors
(cherry picked from commit 5157a92139)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* ansible-galaxy collection list and verify now utilize collections in site-packages.
This is a short term fix for #70147. The long term fix needs to handle
install (but that discussion is also bound up in how upgrade is going to
work and where things can get installed so it's deferred for 2.11.)
* Add test for ansible-galaxy collection list with site-packages
Co-authored-by: David Moreau Simard <moi@dmsimard.com>
Co-authored-by: Jordan Borean <jborean93@gmail.com>
(cherry picked from commit e7dee73774)
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
* Ensure we only reset the connection when one has been previously established. Fixes#65812
* Ensure psrp doesn't trace
* winrm too
* Indentation fix
(cherry picked from commit a3b6485)
Co-authored-by: Matt Martz <matt@sivel.net>
* Fix 'role_name : tast_name' notation if task contains role name
* Add tests for notifying handler names which contain the role name
Co-authored-by: Thomas Wouters <thomaswouters@gmail.com>
(cherry picked from commit 0ed7bfc694)
* Update apt.py, add an example that references the suggested workaround in #25414
(cherry picked from commit 1e1b8e7aca)
(cherry picked from commit 180bbfed6a)
* Added changelog fragment
* ansible-test - prefer venv over virtualenv on Python 3 (#73000)
Also pin virtualenv to 16.7.10 for older Mac OS X systems. This was the version being installed
anway with the previous constraint (<20).
On systems with Python 3, now prefer venv over virtualenv. Test to see if venv is functional since
some systems have a non-functional venv installation (such as Debian).
(cherry picked from commit 850a77f639)
* Make the new ansible-test venv behavior opt-in
Co-authored-by: Sam Doooran <sdoran@redhat.com>
Use correct syntax for installation of role from local git repository. Fixes: #72217
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 776274143f)
* Add link to all module and plugin indexes, use glob setting for toctree.
* Adjust .gitignore
* Fix docs make clean: now that there's a static file in rst/collections, we have to be more
explicit about how we clean the generated files out of that directory.
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
(cherry picked from commit b514200126)
The recent update of ptyprocess to 0.7.0 is incompatible with Python 2.6 and
is causing test failures.
* Add setup_pexpect role to expect test
(cherry picked from commit 003a9e890d)
Co-authored-by: Sam Doooran <sdoran@redhat.com>
* Increase fetch depth to reduce the frequency of full test runs for out-of-date PRs.
* Update scripts to match those which will be used in collections.
(cherry picked from commit 3274e02fd8)
Co-authored-by: Matt Clay <mclay@redhat.com>
* remove redundant remote_user for local setting
local action plugin already does and this also should fix
fork/thread issue by removing use of pwd library
fixes#59642
(cherry picked from commit 488b9d6c35)
* ensure local exposes correct user (#72543)
* ensure local exposes correct user
avoid corner case in which delegation relied on
playcontext fallback which was removed
fixes#72541
(cherry picked from commit aa4d53ccdf)
* Consolidate logic for determining whether or not session is interactive
into a single function, is_interactive()
* Increase test coverage
I wasn't able to find a good way of simulating running a backgrounded test with CI since the
whole test is essentially run not in a TTY, which is similar enough to cause the new is_interactive()
function to always return false.
(cherry picked from commit 4b8cb6582b)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Added integration tests for this scenario
(cherry picked from commit fb092a82a1)
* Slight tweak to galaxy source selection (#72685)
(cherry picked from commit 18e5628b19)
* Return error if cwd directory does not exist (#72390)
* Return warning or error if cwd directory does not exist, in AnsibleModule.run_command()
(cherry picked from commit 5654de6fce)
* added flag in run_command signature to control behaviour when cwd does not exist
When enumerating connections with psutil, catch and ignore errors to avoid returning a stack trace.
Co-authored-by: Matt Martz <matt@sivel.net>
(cherry picked from commit fb09fd2a23)
* [stable-2.10] systemd - fix issue with capbpf and newer kernel (#72337)
A bug existed in systemd 245 that did not properly handle unknown kernel
capabilities gracefully. This resulted in incomplete output when querying
for the service status. It is possible to get service status by other means.
This PR works around this issue by getting service status using other commands
in the event of a failure due to this bug.
(cherry picked from commit db84e2c989)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* [stable-2.10] systemd - use list-unit-files rather than list-units (#72363)
list-unit-files will return all files on the system. list-units omits those
that are disabled.
Co-authored-by: Ken Dreyer <ktdreyer@ktdreyer.com>
(cherry picked from commit d6115887fa)
* systemd - account for templated unit files when searching for service (#72702)
Related to issue #71528 and PR #72337
Co-authored-by: Martin Polden <mpolden@mpolden.no>
(cherry picked from commit a788ea0132)
* ansible-doc: export has_action when --json is used.
* Remove docuri and now_data, which were not used resp. ignored in format_plugin_doc and the functions it calls anyway.
* Add function _combine_plugin_doc.
(cherry picked from commit 4fb336cef1)
* Fix missing ansible.builtin FQCNs in hardcoded action names (#71824)
* Make sure hard-coded action names also check for FQCN.
* Use _add_internal_fqcn() to avoid hardcoded lists and typoes.
(cherry picked from commit da60525610)
* Replace some more FQCNs.
(cherry picked from commit 72302dd611)
* Support docker and k8s action groups for moved modules in community.docker and community.kubevirt.
* Also support k8s action group for community.okd.
* Also add kubernetes.core.
* Fix changelog fragment.
* Remove community.okd.
* Revert "Remove community.okd."
This reverts commit 812b5aa6e2.
(cherry picked from commit c7a4b39633)
* file: add symlink is in a sticky directory tests
* file: handle symlink in a sticky directory
Co-Authored-By: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
* Add changelog and fix unit test
The builtins import was removed since it was unused, but it is now needed.
(cherry picked from commit b464d18fd1)
Co-authored-by: Pilou <pierre-louis.bonicoli@libregerbil.fr>
* The implicit default for type=bool options is not 'false', but 'none' (#72699)
* Fix modules, resp. add ignore.txt entries.
(cherry picked from commit 5226ac5778)
* Add ignore.txt entries and fix deprecated option that was already removed in 2.11.