Commit Graph

10575 Commits (b4b1bf993269e32056bc5d94c75641757df9d466)

Author SHA1 Message Date
Sam Doran b4b1bf9932
[stable-2.10] user - properly handle password and password lock when used together (#73016) (#73177)
Do the right thing on Linux when password lock and a password hash are provided by writing
out the password hash prepended by the appropriate lock string rather than using -U and -L.
This is the correct way to set and lock the account in one command.

On BSD, run separate commands as appropriate since locking and setting the password cannot
be done in a single action.

FreeBSD requires running several commands to get the account in the desired state. As a result,
the rc, output, and error from all commands need to be combined and evaluated so an accurate
and complete summary can be given at the end of module execution.

* Improve integration tests to cover this scenario.
* Break up user integration tests into smaller files
* Properly lock account when creating a new account and password is supplied

* Simplify rc collection in FreeBSD class
  Since the _handle_lock() method was added, the rc would be set to None, which could make
  task change reporting incorrect. My first attempt to solve this used a set and was a bit too
  complicated. Simplify it my comparing the rc from _handle_lock() and the current value of rc.

* Improve the Linux password hash and locking behavior
  If password lock and hash are provided, set the hash and lock the account by using a password
  hash since -L cannot be used with -p.

* Ensure -U and -L are not combined with -p since they are mutually exclusive to usermod.

* Clarify password_lock behavior..
(cherry picked from commit 264e08f21a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Matt Martz 6ba066fc9e
[stable-2.10] Fix async interpreter parsing (#72636) (#72923)
Fixes #70690
(cherry picked from commit 83764ad)
4 years ago
Sam Doran b22d97b2c1
[stable-2.10] Fix string/bytestring comparsion in m_u.basic (#70439) (#73129)
Change:
- module_utils.basic.is_special_selinux_path() used a string ==
  bytestring comparison which returned False and made Ansible think that
  certain filesystems aren't, in fact, special-cased, when they should
  be. Ensure both sides of the == are bytestrings.

Test Plan:
- Added `copy` integration tests for this case.

Tickets:
- Fixes #70244

Signed-off-by: Rick Elrod <rick@elrod.me>.
(cherry picked from commit 688cd8657b)
4 years ago
Sam Doran 1cd09b1ebc
[stable-2.10] systemd - do not overwrite unit name when searching (#72985) (#73013)
PR #72702 introduced a bug that changed the unit name when splitting it up for the purpose
of searching for the unit. This only happens on unit file templates on systems that have a 5.8
or newer kernel and a version of systemd that does not contain a bugfix that causes systmed
to fail to parse dbus.

* Use facts rather than a manual probe to determine if systmed is present
* Remove unnecessary block
* Use vars files instead of set_fact
* Add tests for using a templated unit file
* Update changelog fragment
* Use template to get correct path to sleep binary
(cherry picked from commit 48803604cd)

Co-authored-by: Sam Doooran <sdoran@redhat.com>
4 years ago
Matt Clay cf21e699d4
Update ansible-test pylint Python support. (#72997)
* Rename pylint plugin and add tests. (#70225)
* Update ansible-test pylint Python support. (#72972)
* Add integration tests for sanity test failures.
(cherry picked from commit fa48678a08)

* Python 3.8 is now officially supported.
* Python 3.9 is now skipped with a warning.
(cherry picked from commit 37d09f2488)

* Allow key None to prevent errors with import test.
(cherry picked from commit dbc2c996ab)

Backport of https://github.com/ansible/ansible/pull/73003

Co-authored-by: Felix Fontein <felix@fontein.de>
4 years ago
Sam Doran 31ef9dffa1
[stable-2.10] Remove exit code from traps in tests (#72968)
Having the trap exit with a specific code will override
the exit code that caused the trap to run, which could
mask errors
(cherry picked from commit 5157a92139)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Jordan Borean c5248f756c
Collection list site packages (#70173) (#72940)
* ansible-galaxy collection list and verify now utilize collections in site-packages.

This is a short term fix for #70147.  The long term fix needs to handle
install (but that discussion is also bound up in how upgrade is going to
work and where things can get installed so it's deferred for 2.11.)

* Add test for ansible-galaxy collection list with site-packages

Co-authored-by: David Moreau Simard <moi@dmsimard.com>
Co-authored-by: Jordan Borean <jborean93@gmail.com>
(cherry picked from commit e7dee73774)

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
4 years ago
Matt Martz 511ffdeff7
[stable-2.10] Fix reset_connection paramiko, winrm, psrp (#72688) (#72925)
* Ensure we only reset the connection when one has been previously established. Fixes #65812

* Ensure psrp doesn't trace

* winrm too

* Indentation fix
(cherry picked from commit a3b6485)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Sloane Hertel 82b75282fc
Fix task get_name to always prepend the role name (#72511) (#72919)
* Fix 'role_name : tast_name' notation if task contains role name

* Add tests for notifying handler names which contain the role name

Co-authored-by: Thomas Wouters <thomaswouters@gmail.com>
(cherry picked from commit 0ed7bfc694)
4 years ago
Matt Clay 4452d98662
Support venv in ansible-test virtualenv scripts (#73163)
* ansible-test - prefer venv over virtualenv on Python 3 (#73000)

Also pin virtualenv to 16.7.10 for older Mac OS X systems. This was the version being installed
anway with the previous constraint (<20).

On systems with Python 3, now prefer venv over virtualenv. Test to see if venv is functional since
some systems have a non-functional venv installation (such as Debian).

(cherry picked from commit 850a77f639)

* Make the new ansible-test venv behavior opt-in

Co-authored-by: Sam Doooran <sdoran@redhat.com>
4 years ago
Sam Doooran db41f2e384 [stable-2.10] Constrain pexpect and ptyprocess (#73109)
The recent update of ptyprocess to 0.7.0 is incompatible with Python 2.6 and
is causing test failures.

* Add setup_pexpect role to expect test
(cherry picked from commit 003a9e890d)

Co-authored-by: Sam Doooran <sdoran@redhat.com>
4 years ago
Matt Clay 12b33c79ee
[stable-2.10] Fix cryptography constraints in ansible-test. (#72914) (#72922)
(cherry picked from commit 36ab3d1189)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Brian Coca 1f55a3d15a
avoid fatal exception on invalid collection name (#72296) (#72570)
* avoid fatal exception on invalid collection name used in ansible-doc filter

(cherry picked from commit 4f0e2fff95)
4 years ago
Brian Coca d852fa4135
remove redundant remote_user for local setting (#72507)
* remove redundant remote_user for local setting

  local action plugin already does and this also should fix
  fork/thread issue by removing use of pwd library

  fixes #59642

(cherry picked from commit 488b9d6c35)

* ensure local exposes correct user (#72543)

* ensure local exposes correct user

  avoid corner case in which delegation relied on
  playcontext fallback which was removed

  fixes #72541

(cherry picked from commit aa4d53ccdf)
4 years ago
Sam Doran ab417f373a
[stable-2.10] pause - do not hang if run in the background (#72065) (#72605)
* Consolidate logic for determining whether or not session is interactive
  into a single function, is_interactive()
* Increase test coverage

I wasn't able to find a good way of simulating running a backgrounded test with CI since the
whole test is essentially run not in a TTY, which is similar enough to cause the new is_interactive()
function to always return false.
(cherry picked from commit 4b8cb6582b)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Alexei Znamensky 71ef981191
Backport/2.10/72390 (#72690)
* Return error if cwd directory does not exist (#72390)

* Return warning or error if cwd directory does not exist, in AnsibleModule.run_command()

(cherry picked from commit 5654de6fce)

* added flag in run_command signature to control behaviour when cwd does not exist
4 years ago
Sam Doran 7f1ee07634
[stable-2.10] iptables: Reorder comment postition (#71496) (#72548)
(cherry picked from commit c1da427a5e)

Co-authored-by: Amin Vakil <info@aminvakil.com>
4 years ago
Sam Doran 2a6b411a80
[stable-2.10] ansible-test - skip installing PowerShell sanity test reqs if they are already installed (#72423) (#72424)
(cherry picked from commit 809d5fc398)

Co-authored-by: Jordan Borean <jborean93@gmail.com>
4 years ago
Sam Doran 4e34aa0c19
[stable-2.10] wait_for - ignore psutil related errors (#72401) (#72406)
When enumerating connections with psutil, catch and ignore errors to avoid returning a stack trace.

Co-authored-by:  Matt Martz <matt@sivel.net>
(cherry picked from commit fb09fd2a23)
4 years ago
Sam Doran c422bc64dc
[stable-2.10] blockinfile - properly insert block when no trailing new line exists (#72350) (#72360)
(cherry picked from commit c51438312a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Felix Fontein 2ff5bf0f21
Fix processing of add_file_common_args=True when argument_spec is not specified as kwarg. (#72334) (#72361)
(cherry picked from commit 233e7beb5b)
4 years ago
Felix Fontein 27f547b4d3
[2.10] Fix missing ansible.builtin FQCNs in hardcoded action names (#72457)
* Fix missing ansible.builtin FQCNs in hardcoded action names (#71824)

* Make sure hard-coded action names also check for FQCN.
* Use _add_internal_fqcn() to avoid hardcoded lists and typoes.

(cherry picked from commit da60525610)

* Replace some more FQCNs.

(cherry picked from commit 72302dd611)
4 years ago
Sam Doran ba25a1cdf1
[stable-2.10] AnsibleModule.set_mode_if_different: handle symlink is in a sticky directory (#45198) (#72863)
* file: add symlink is in a sticky directory tests
* file: handle symlink in a sticky directory

Co-Authored-By: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>

* Add changelog and fix unit test
The builtins import was removed since it was unused, but it is now needed.
(cherry picked from commit b464d18fd1)

Co-authored-by: Pilou <pierre-louis.bonicoli@libregerbil.fr>
4 years ago
Felix Fontein 6dc2e9c2f4
[2.10] The implicit default for type=bool options is not 'false', but 'none' (#72864)
* The implicit default for type=bool options is not 'false', but 'none' (#72699)

* Fix modules, resp. add ignore.txt entries.

(cherry picked from commit 5226ac5778)

* Add ignore.txt entries and fix deprecated option that was already removed in 2.11.
4 years ago
Felix Fontein a15550c0c8
ansible-test sanity: fix UnicodeDecodeError for `--python 2.7 --docker` (#72623) (#72865)
* Store target paths as unicode.

* Add changelog fragment.

(cherry picked from commit f94ba68d8f)
4 years ago
Felix Fontein 7e2faa25d7 Improve ansible-test classifications for collections (#72353)
(cherry picked from commit 64a809d2b6)
4 years ago
Matt Clay dbdacbd48c [stable-2.10] Use AZP config for integration-aliases test.
No changelog entry since this test is limited to the ansible/ansible repo.

Backport of https://github.com/ansible/ansible/pull/72842
4 years ago
Matt Clay 7813b1248b [stable-2.10] Fix Azure Pipelines change detection. (#72824)
(cherry picked from commit 08842cd6bb)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Matt Clay 99d5afaad0 [stable-2.10] Azure Pipelines configuration. 4 years ago
Rick Elrod 0d7ab375eb
[centos6] update container for EOL (#72795)
Change:
- Reference:
  https://lists.centos.org/pipermail/centos-devel/2020-December/056208.html
- Bump centos6 container to 1.25.0

Test Plan:
- ci_complete

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Jordan Borean 7802ca2b06
Add RHEL 7.9 (#72558) - 2.10 (#72568)
* Add RHEL 7.9 - ci_complete (#72558)

(cherry picked from commit d451433e5d)

* Added changelog for RHEL 7.9 (#72572)

(cherry picked from commit bdd0c48837)
4 years ago
Sam Doran 6322630360 [stable-2.10] ansible-test - add cryptography constraint for cffi (#72761)
The recently released version of cffi fails to install on systems with an older version of gcc. In
our case, this in the CentOS 6 test image. There is a fix but it has not yet been released.

https://foss.heptapod.net/pypy/cffi/-/issues/480
(cherry picked from commit 1db9588279)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
David Shrewsbury 3297c221f1
Test pip fix (#72764)
(cherry picked from commit 2eb9795543)
4 years ago
Matt Clay cfa8075537 [stable-2.10] Add coverage exporting to ansible-test
A new `--export` option for `ansible-test coverage combine` allows multi-step aggregation of code coverage for CI pipelines.
(cherry picked from commit fa2be89cd4)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay 8f767f7180 [stable-2.10] Fix container discovery for the acme test plugin.
(cherry picked from commit f022dedd0a)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Rick Elrod 5bd0df7621
[ansible-test] use newer container images (#72126) (#72550)
Change:
- Bump default, ansible-base, distro containers
- We do NOT add fedora33 yet, because it doesn't work right on Shippable
  due to an old kernel. This will be added post-AZP.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit e7bf0696ef)
4 years ago
Matt Martz 81ce0f8fc4 Remove sanity ignores 4 years ago
Matt Martz 1f5afcd072 Various intentional tests (#72485)
* Add tests for argspec choices type=list

* Add explicit interpreter discovery tests to validate modules returning ansible_facts still set interp

* Add explicit tests for missing_required_lib

* Add explicit tests for recursive_diff

* ci_complete ci_coverage

* Update data to cover more code/tests

* ci_complete ci_coverage

* Add argspec tests for aliases, and no_log

* Forgotten file

* ci_complete ci_coverage

* Add argspec tests for type int

* ci_complete ci_coverage

* Remove incidental_k8s

* ci_complete ci_coverage

* fix missing newline

* Remove incidental_sts_assume_role

* ci_complete ci_coverage

(cherry picked from commit c8590c7482)
4 years ago
Matt Martz 65470f48bd Remove incidental tower integration tests (#72461)
* Add explicit test for dict repr in argspec

* Add explicit test for undefined repr

* ci_complete ci_coverage

* Skip old jinja2

* ci_complete ci_coverage

* Remove incidental_tower_receive

* ci_complete ci_coverage

* Remove incidental_tower_credential_type

* ci_complete ci_coverage

* Remove ignore entries

* ci_complete ci_coverage

(cherry picked from commit 880087748c)
4 years ago
Matt Martz e555358c32 Remove incidental vmware tests (#72420)
* Add explicit tests for ansible.module_utils.common.network.is_mac

* Test missing ANSIBLE_CONFIG

* Add explicit inventory script tests

* Add explicit tests for _consume_options

* Adjust perms, remove extra file

* ci_complete ci_coverage

* remove incidental_inventory_vmware_vm_inventory

* ci_complete ci_coverage

* Remove incidental_script_inventory_vmware_inventory

* ci_complete ci_coverage

* Remove incidental_vmware_guest

* ci_complete ci_coverage

* Remove incidental_vmware_host_hyperthreading and incidental_vmware_prepare_tests

* ci_complete ci_coverage

* newline and comment about what the test is doing

* ci_complete ci_coverage

(cherry picked from commit ccc63abc8e)
4 years ago
Matt Martz 5b5870886b Remove incidental_cs_role_permission (#72380)
* Add explicit argspec tests for choices

* ci_complete ci_coverage

* Remove incidental_cs_role_permission

* ci_complete ci_coverage

* ci_complete ci_coverage

(cherry picked from commit 6543c7bc5d)
4 years ago
Matt Martz 73991233fb Remove incidental_zabbix_host (#72142)
* Add explicit apt tests for fnmatch and update_cache

* Add explicit apt_key tests for fetching key directly from url

* ci_complete ci_coverage

* Remove repo only by repo

* ci_complete ci_coverage

* Add apt cache update after apt_repository to show that the cache doesn't update

* ci_complete ci_coverage

* Add systemd tests for enabling and disabling a service

* ci_complete ci_coverage

* Remove incidental_zabbix_host

* ci_complete ci_coverage

(cherry picked from commit 2f8dbf673e)
4 years ago
Matt Martz dca64d3c74 Remove incidental_aws_codebuild (#72140)
* Remove incidental_aws_codebuild

* ci_complete ci_coverage

(cherry picked from commit cf0cd4b50b)
4 years ago
Sam Doran 8c5910efe7
[stable-2.10] [dnf] Some fixes around filtering (#72483) (#72500)
* [stable-2.10] [dnf] Some fixes around filtering (#72483)

Change:
- Docs: Add note that security/bugfix apply to dependencies too, like
  the dnf command.

- dnf: security/bugfix only makes sense for updates, so limit the
  package query sack to available updates.

- tests: Limit tests to our known-good test packages, so that RHEL
  packages marked security/bugfix without similarly marked dependencies
  don't fail our tests.

Test Plan:
- Tested with `dnf upgrade-minimal --bugfix` and reproduced the same
  error currently seen in CI, showing that we are consistent with what
  dnf does.

Tickets:
- Likely fixes #72316

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit d8c637da37)

Co-authored-by: Rick Elrod <rick@elrod.me>

* Add changelog (#72502)

(cherry picked from commit b33d7e2e29)

Co-authored-by: Rick Elrod <rick@elrod.me>
4 years ago
Matt Martz 7cd080b10d
[stable-2.10] Update pip tests to omit install dev extras to avoid dep issues (#72436) (#72438)
(cherry picked from commit 2ee5af5)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Sloane Hertel 1f485dccaa [stable-2.10] Add intentional coverage for incidental_ec2_instance (#72028)
* Add a test suite for module_utils.common.dict_transformations

* ci_complete

ci_coverage

Add a wait_for test using delegate_to

* Remove incidental_ec2_instance

* Remove unused test support modules

* Requested changes

ci_complete

ci_coverage

* Oops, put everything back to test coverage again

ci_complete

ci_coverage

* Remove incidental_ec2_instance tests and supporting modules
(cherry picked from commit 960e4c0809)

Co-authored-by: Sloane Hertel <shertel@redhat.com>
4 years ago
Matt Clay 522f167d27
Replace incidental tests with intentional argspec tests (#72370)
* Remove incidental_consul tests (#71811)

* Add explicit intg tests for argspec functionality

* ci_complete ci_coverage

* Remove incidental_consul and incidental_setup_openssl

* ci_complete ci_coverage

(cherry picked from commit a99212464c)

* Remove incidental_nios_txt_record (#72009)

* Add explicit coverage of argspec type=dict

* Non string mapping failure

* ci_complete ci_coverage

* Remove incidental_nios_txt_record and associated files

* Don't forget the ignore.txt changes

* ci_complete ci_coverage

(cherry picked from commit 6f4aed5377)

* Remove incidental_vyos_static_route (#72024)

* Add explicit tests for required_together suboptions

* ci_complete ci_coverage

* Remove incidental_vyos_static_route

* ci_complete ci_coverage

* Add explicit coverage of suboptions required_if

* ci_complete ci_coverage

* Remove incidental_vyos_logging

* ci_complete ci_coverage

(cherry picked from commit 9081b22868)

* More explicit argspec tests (#72064)

* Add more explicit coverage of argspec functionality

* fail_on_missing_params

* ci_complete ci_coverage

* Remove incidental_aws_step_functions_state_machine

* ci_complete ci_coverage

* Remove incidental_cs_service_offering

* ci_complete ci_coverage

(cherry picked from commit ab2b339dd6)

* Add explicit coverage of required_together (#72107)

* Add explicit coverage of required_together

* ci_complete ci_coverage

* Remove incidental_hcloud_server

* Remove hcloud from shippable matrix

* ci_complete ci_coverage

(cherry picked from commit 460ba041c8)

* Add explicit coverage of suboptions=list without elements (#72108)

* Add explicit coverage of suboptions=list without elements

* ci_complete ci_coverage

* Remove incidental_vmware_guest_custom_attributes

* ci_complete ci_coverage

(cherry picked from commit 50c8c87fe2)

* Add explicit coverage of argspec choices with strings that shadow YAML bools (#72122)

* Add explicit coverage of argspec choices with strings that shadow YAML bools

* ci_complete ci_coverage

* Remove incidental_ufw

* ci_complete ci_coverage

(cherry picked from commit cfa41898c4)

* Adds argspec tests for required, required_one_of and required_by (#72245)

* Improve variable names.

* Add test for required.

* Add test for required_one_of.

* Add test for required_by.

(cherry picked from commit 1489bf9190)

* Remove incidentals without coverage (#71788)

* Remove incidental_lookup_hashi_vault
* Remove incidental_connection_chroot
* Remove incidental_selinux
* Remove incidental_win_hosts

(cherry picked from commit e6e9840717)

Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: Felix Fontein <felix@fontein.de>
4 years ago
Matt Davis 69d5ce9b41
Remove ansible-galaxy login (#72288) (#72320)
* GitHub is removing the underlying API used to implement the `login` command. Since the general consensus seems to be that relatively nobody currently uses this command (in favor of explicit token passing), support was simply removed for interactive login. If a future need arises, this command should be reimplemented via OAuth Device Auth Grants.
* login or role login commands now produce a fatal error with a descriptive message
* updated 2.10 porting guide entry

* remove dead code/config, update messages and porting guides

(cherry picked from commit 83909bfa22)
4 years ago
Rick Elrod 4159c73db2
[ansible-test] Limit cryptography to <3.2 (#72342) (#72345)
Change:
- Cryptography 3.2 drops support for OpenSSL 1.0.2. Some of our CI
  infrastructure still uses this version (FreeBSD, namely). For now,
  just add a constraint to use old cryptography.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Jordan Borean d4b7b8bae7
Fix example to use correct shebang (#72129) (#72146)
* Fix example to use correct shebang

* Fix other example modules as well

* Ignore shebang test

(cherry picked from commit 1ae3683d0c)
4 years ago