Change:
- This enables the inventory_kubevirt_conformance test to pass again on
freebsd.
- This was due to a google-auth version bump. The dep chain looks like
this: openshift -> kubernetes -> google-auth -> aiohttp -> multidict
Test Plan:
- ansible-test integration inventory_kubevirt_conformance --remote
freebsd/12.0
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- pip packages should get removed after, not try to add them again
- Try removing containerd.io package too
- Backport of #71949
Test Plan:
- CI
- ci_complete
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- Newer docker versions report the same message whether or not a logout
actually happened.
- Determine change status from looking at the config instead if we can.
- This also allows us to restore check_mode in logout and re-enable that
test.
Test Plan:
- CI, re-enabled tests
Tickets:
- Refs 6248f2fb6f
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- The docker-ce.repo file for centos does not work on RHEL since it uses
$releasever and on RHEL that is, e.g., "7Server".
- Instead, set up the repo manually.
- Additionally, the docker centos8 repo no longer has old versions, so
we use the (only) version in the repo instead.
Test Plan:
- CI
Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 31ddca4c0d)
The file test will no longer attempt to test attributes if `lsattr -vd` does not work on the system under test.
(cherry picked from commit 17765cd4e8)
Co-authored-by: Matt Clay <mclay@redhat.com>
The stat time granularity on macOS is one second. We recently upgrade
to faster macOS hosts, so some tests that run closely together to
see if something changed will have the same timestamp intermittently.
A recent update to cffi that was yanked is still being installed on our
Mac OS X 10.11 test image since the version of pip there is very old and
does not ignore yanked packages.
Pin the version of pyOpenSSL and its dependencies to fix this and avoid
future spontaneous failures.
(cherry picked from commit 65cdb86c8a)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Add encoding.py from devel to support backports.
* Add io.py from devel to support backports.
* Update ansible-test support for CI providers. (#69522)
Refactored CI provider code to simplify multiple provider support and addition of new providers.
(cherry picked from commit d8e0aadc0d)
* Add Shippable request signing to ansible-test. (#69526)
(cherry picked from commit e7c2eb519b)
* ansible-test local change detection: use --base-branch if specified (#69508)
(cherry picked from commit 43acd61901)
* Add Azure Pipelines support to ansible-test.
(cherry picked from commit 8ffaed00f8)
* Update ansible-test remote endpoint handling. (#71413)
* Request ansible-core-ci resources by provider.
* Remove obsolete us-east-2 CI endpoint.
* Add new --remote-endpoint option.
* Add warning for --remote-aws-region option.
* Update service endpoints.
* Allow non-standard remote stages.
* Add changelog fragment.
(cherry picked from commit d099591964)
* Fix ansible-test coverage traceback. (#71446)
* Add integration test for ansible-test coverage.
* Fix ansible-test coverage traceback.
* Fix coverage reporting on Python 2.6.
(cherry picked from commit f5b6df14ab)
* Use new endpoint for Parallels based instances.
(cherry picked from commit 98febab975)
* Add pause to avoid same mtime in test.
(cherry picked from commit 3d769f3a76)
Co-authored-by: Felix Fontein <felix@fontein.de>
Change:
- By default the dnf API does not gpg-verify packages. This is a feature
that is executed in its CLI code. It never made it into Ansible's
usage of the API, so packages were previously not verified.
- This fixes CVE-2020-14365.
Test Plan:
- New integration tests
Signed-off-by: Rick Elrod <rick@elrod.me>
The message generated by systemctl has been updated in 9321e23c40, which requires a corresponding change in the systemd module.
In addition, this fixes the module when the SYSTEMD_OFFLINE environment variable is set.
(cherry picked from commit a1a50bb3cd)
* tests: Use `hg serve` instead of bitbucket for hg
Change:
- Uses `hg serve` instead of a bitbucket repo for hg tests
- bitbucket no longer serves hg
Test Plan:
- CI, fixed integration tests
Signed-off-by: Rick Elrod <rick@elrod.me>
* Disable mongodb_replicaset tests for now
Change:
- 4.0.20 breaks tests, disable for now
Test Plan:
- CI
Tickets:
- https://github.com/ansible-collections/community.mongodb/issues/136
Signed-off-by: Rick Elrod <rick@elrod.me>
* setup_mongodb: Nix RH package installation/removal
Change:
- Our RHEL and CentOS images make these unnecessary and they were
broken.
Test Plan:
- CI
Signed-off-by: Rick Elrod <rick@elrod.me>
* Disable mongodb_shard tests for now
Change:
- 4.0.20 breaks tests, disable for now
Test Plan:
- CI
Tickets:
- https://github.com/ansible-collections/community.mongodb/issues/136
Signed-off-by: Rick Elrod <rick@elrod.me>
* Ensure -k is set to delegated hosts without a pass (#71136)
* Ensure -k is set to delegated hosts without a pass
* Fix up some broken tests
* Update task_executor.py
one possible fix, the other is updating winrm to normalize on 'password' like the other connection plugins
* Add alias for winrm and fix incorrect assumption
* Make sure aliases are used for keyword options
* Conditionally run test if sshpass is present, fix sanity
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
(cherry picked from commit 3f22f79e73)
* Backport subset of https://github.com/ansible/ansible/pull/69670
* template connection variables accessed directly before using (#70657)
* template variables accessed directly when using them instead of FieldAttributes
(cherry picked from commit 8c213c9334)
* changelog
* Detect failure in always block after rescue (#70094)
* Detect failure in always block after rescue
Fixes#70000
ci_complete
* Add more tests
(cherry picked from commit 0ed5b77377)
* add changelog
Co-authored-by: Matt Davis <mrd@redhat.com>
* Allow hostvars delegation (#70331)
* ensure hostvars are available on delegation
* also inventory_hostname must point to current host and not delegated one
* fix get_connection since it was still mixing original host vars and delegated ones
* also return connection vars for delegation and non delegation alike
* add test to ensure we have expected usage when directly assigning for non delegated host
(cherry picked from commit 84adaba6f5)
* avoid returning more data
* remove unused return vars
* Encode/Decode files in UTF-8
* Use helper function in ansible
* Add an integration test
* Use emoji in test data.
* add changelog
* Also support non-ascii chars in filepath and add tests about this.
* Also use non-ascii chars in replaced text and ensure not to break cron syntax.
* rename self.existing to self.n_existing
* rename crontab.existing to crontab.n_existing.
(cherry picked from commit 5ce47646ad)
Co-authored-by: psi / Ryo Hirafuji <ryo.hirafuji@link-u.co.jp>
* try removing name references for state=absent
Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: psi / Ryo Hirafuji <ryo.hirafuji@link-u.co.jp>
Co-authored-by: Rick Elrod <rick@elrod.me>
* [stable-2.9] Change default file permissions so they are not world readable (#70221)
* Change default file permissions so they are not world readable
CVE-2020-1736
Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.
A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.
- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions.
(cherry picked from commit 5260527c4a)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Fix jboss test
* Fix lamdba_policy test
* Fix aws_lamdba test
* Fix warning for new default permissions when mode is not specified (#70976)
Follow up to #70221
Related to #67794
CVE-2020-1736
When set_mode_if_different() is called with mode of 'None', ensure we issue
a warning about the change in default permissions.
Add integration tests to ensure the warning works properly.
* Fix tests
- actually use custom module 🤦♂️
- verify file permission on created files
- use remote_tmp_dir so we're ready for split controller
- improve test module so we can skip the call to set_fs_attributes_if_different()
- fix tests for CentOS 6
(cherry-picked from commit dc79528cc6)
* Use new category in changelog fragments
The repository names seem to have changed and no longer have the "rhui-" prefix.
(cherry picked from commit 6ac4439a6a)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Fix missing quoting for remote_tmp in second mkdir of shell module. Issue #69577
* adding changelog
* fixing typo in changelog entry
* adding test case
Adding test case written by bmillemayhias.
* using $HOME instead of ~
* fixing commit measage
* Update 69578-shell-remote_tmp-quoting.yaml
Co-authored-by: Brian Kohles <me@briankohles.com>
(cherry picked from commit 77d0effcc5)
Co-authored-by: Brian Kohles <briankohles@users.noreply.github.com>
* [stable-2.9] unarchive - Check 'fut_gid' against 'run_gid' in addition to supplemental groups (#65666)
Add integration tests for unarchiving as unprivileged user
Break tasks into separate files for easier reading and maintenance
Create a user by specifying a default group of 'staff' for macOS.
The user module does not actually remove the user directory on macOS,
so explicitly remove it.
Put the removal tasks in an always block to ensure they always run
Co-authored-by: Philip Douglass <philip.douglass@amadeus.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>.
(cherry picked from commit ac5f3f8bef)
Co-authored-by: Philip Douglass <philip@philipdouglass.com>
* [stable-2.9] Fix unstable unarchive test (#71004)
* Add mode to copy tasks
* Fix unreliable test by ignoring errors
(cherry picked from commit f99f96ceb6)
Co-authored-by: Philip Douglass <philip@philipdouglass.com>
* linux facts - return proper broadcast address
Check that the value being returned is actually a broadcast address
* Add tests
* Cleanup tests
(cherry picked from commit e6bf202738)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* rebase conflicts
* [stable-2.9] Allow single vault encrypted values to be used directly as module parameters. Fixes#68275 (#70607).
(cherry picked from commit a77dbf0866)
Co-authored-by: Matt Martz <matt@sivel.net>
- ensure we preserve the typeerror part of the exception so loop defereed error handling
can postpone those caused by undefined variables until the when check is done.
- fix tests to comply with the 'new normal'
- human_to_bytes and others can issue TypeError not only on 'non string'
but also bad string that is not convertable.
Co-authored-by: Sloane Hertel <shertel@redhat.com>
Co-authored-by: Sloane Hertel <shertel@redhat.com>
(cherry picked from commit cf89ca8a03)
Rick Elrod