Fixed case in which listing modules for docs failed to get sidecar
(cherry picked from commit 7e495f4b20)
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* ansible-pull fix adhoc output inconsistencies on changed (#84869)
Two fixes for single bug:
- ignore callback changes for adhoc
- allow 'yaml' change matching
---------
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 4bc4030988)
* missing test play
* tests for other non backed change
---------
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* Git allows embedding username and password in repo URL for
https authentication. This may lead to exposing the user sensitive
information to logs and unautheticated users.
Adding no_log will partially solve this.
* Added documentation warning user about URL embedded with username
and password.
* Added logic to remember user sensitive information for later sanitization
Fixes: #84557
(cherry picked from commit 19e9f3d)
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
* uri: form location correctly from relative redirect
Previously, the original URL would be combined with the relative location incorrectly, especially for URL of any complexity.
Add simple tests demonstrating the problem that fail without the fix
* fix pylint error, import the method similar to other uri methods
* add changelog fragment
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
(cherry picked from commit 61a6222e0e)
Co-authored-by: Robert Muir <rmuir@apache.org>
Prevents `Group state for \"customenvgroup\" not found` error which may
or may not be a regression in dnf5. Just name groups/envs uniquely to
workaround the issue.
(cherry picked from commit 09391f38f0)
* [fix] `warn_if_reserved` expects a list (#84624)
Fixes#84623
(cherry picked from commit 48d71ba3aa)
* changelog
* Test include_vars reserved variable matching (#84678)
* Add test case for include_vars
* Revise test to catch erroneous warnings
(cherry picked from commit 333ee8d010)
---------
Co-authored-by: Dominique Quatravaux <dominique@quatravaux.org>
Fixes the coverage path translation for modules located in integration
test paths. Instead of trying to match by the unique temporary path name
that the module is executed as, the reporting tool will translate it to
the static path that the module is actually located under.
(cherry picked from commit f9b58fa13f)
* fix warnings about reserved variable names to cover all sources (#84432)
Also remove redundant check from tqm
Now covers module output (set_fact/include_vars)
Includes play objects at any stage (tasks that error were not covered)
Added tests, moved them to role structure
(cherry picked from commit 20baf29a2a)
* fix template (#84563)
also fix gather_subset warning and add some comments/notes
---------
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 675d7201d8)
* reserved vars, avoid gather_subset (#84575)
(cherry picked from commit 3398c102b5)
gather_facts, fix network_os and smart logic and defaults
setup will be default for smart only if network_os is not set, now you get warnings and errors when missing a valid facts module for a network os
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit c64c389007)
The test has been updated to use a custom type which does not support pickling,
instead of relying on Jinja's `Undefined` type. As of Jinja 3.1.5 that type now
supports pickle, which breaks the original implementation of the test.
(cherry picked from commit 5ec236b)
* fixes for CVE-2024-8775
* propagate truthy `_ansible_no_log` in action result (previously superseded by task-calculated value)
* always mask entire `include_vars` action result if any file loaded had a false `show_content` flag (previously used only the flag value from the last file loaded)
* update no_log tests for CVE-2024-8775
* include validation of _ansible_no_log preservation when set by actions
* replace static values with dynamic for increased robustness to logging/display/callback changes (but still using grep counts :( )
* changelog
* use ternary, coerce to bool explicitly
(cherry picked from commit c9ac477e53)
The shell command sometimes prints a trailing whitespace which breaks
the tests on old RHELs. This patch is supposed to fix that.
(cherry picked from commit cd74c4bcd5)
This greatly reduces run time on large inventories since meta tasks are
executed in the main process sequentially and just executing them is expensive.
This change avoids running the following implicit meta tasks:
* ``flush_handlers`` on hosts where no handlers are notified
* ``noop`` for the linear strategy's lockstep, instead hosts that are
not executing the current task are just not part of the current host loop
A playbook consiting of two simple plays both running on ~6000 hosts
runs in:
devel: 37s
this PR: 1.3s
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
(cherry picked from commit d6d2251929)
Also remove redundant msg now that we fixed yaml case
So no more need to %s % e.
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 0c8efa29b2)
* [stable-2.17] Unsafe persistence (#82779)
* Ensure that unsafe is more difficult to lose [stable-2.16] (#82293)
* Ensure that unsafe is more difficult to lose
* Add Task.untemplated_args, and switch assert over to use it
* Don't use re in first_found, switch to using native string methods
* If nested templating results in unsafe, just error, don't continue
* ci_complete
(cherry picked from commit 270b39f6ff)
* Fix various issues in unsafe_proxy (#82326)
- Use str/bytes directly instead of text_type/binary_type
- Fix AnsibleUnsafeBytes.__str__ implementation
- Fix AnsibleUnsafeBytes.__format__ return type
- Remove invalid methods from AnsibleUnsafeBytes (casefold, format, format_map)
- Use `chars` instead of `bytes` to match stdlib naming
- Remove commented out code
(cherry picked from commit 59aa0145d2)
* Additional Unsafe fixes (#82376)
* Allow older pickle protocols to pickle unsafe classes. Fixes#82356
* Address issues when iterating or getting single index from AnsibleUnsafeBytes. Fixes#82375
* clog frag
(cherry picked from commit afe3fc184f)
* [stable-2.16] Enable directly using `AnsibleUnsafeText` with Python `pathlib` (#82510)
* Enable directly using `AnsibleUnsafeText` with Python `pathlib`. Fixes#82414
(cherry picked from commit c6a652c081)
* Prevent failures due to unsafe plugin name (#82759)
(cherry picked from commit 56f31126ad)
* Address issues from merge conflicts
---------
Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
(cherry picked from commit 9e622ddb67)
* rewrite illegal templated conditional in find test
---------
Co-authored-by: Matt Martz <matt@sivel.net>
* Add a mount_facts module capable of gathering mounts skipped by default
fact gathering
* By default, collect mount facts from standard locations including
/etc/mtab, /proc/mounts, /etc/fstab, /etc/mnttab, /etc/vfstab, and on AIX,
/etc/filesystems.
When no file-based source for the current mounts can be found
(like /proc/mounts), the module falls back to using mount as a source.
This allows BSD and AIX to collect the existing mounts by default, without
causing Linux hosts to use both /proc/mounts and mount output.
* Non-standard locations and "mount" can be configured as a sources.
* Support returning an aggregate list of mount points in addition to first
found.
When there are multiple mounts for the same mount point in an
individual source, a warning is given if the include_aggregate_mounts
option is not configured.
* Add options to filter on fstypes and devices (supporting UNIX shell
wildcards).
* Support configuring a timeout and timeout behavior to make it easier
to use the module as a default facts module without risking a hang.
* Include the source and line(s) corresponding to a mount for easier
debugging.
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* Fact gathering fix 'no shm' branhc
* Use concurrent.futures instead of multiprocessing
This entirely avoids the need for fallback logic since the concurrent.futures thread pool does not depend on `/dev/shm`.
Co-authored-by: Matt Clay <matt@mystile.com>
* add a loop_control break_when directive to break out of a loop after any item
* remove loop var as normal exit would
* example usage:
- name: generate a random password up to 10 times, until it matches the policy
set_fact:
password: "{{ lookup('password', '/dev/null', chars=character_set, length=length) }}"
loop: "{{ range(0, 10) }}"
loop_control:
break_when:
- password is match(password_policy)
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
Matt Clay