Fixes the logic when attempting to become the SYSTEM user using the
runas plugin. It was incorrectly assumed that calling LogonUser with the
SYSTEM username would produce a new token with all the privileges but
instead it creates a copy of the existing token. This reverts the logic
back to the original process and adds in new logic to avoid any tokens
that are restricted from creating new processes.
though the previous docs were the 'intended' outcome,
the current behaviour has been active for a long time and should
not be removed due to backward compatibility issues.
One thing we can do going forward is deprecate substitution enabled by default.
* Update resolvelib upperbound to 2.0.0
Minor SemVer releases should not contain breaking changes
* Test the latest minor release and reduce number of resolvelib versions tested for efficiency
* Update the documentation for check_required_by
* Fix return value for check_required_by (now returns empty list on success)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Improve error handling for create-bulk-issues.py
* Add support for setting assignee
* Add example YAML to feature --help output.
* Add additional help message for token issues.
* Removed deprecated pycompat24 and importlib
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Make CI green
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Ignore basic.py
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Make CI green III
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Make CI green IV
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
---------
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Several tasks within the modification_time.yml and state_link.yml task
lists have explicitly enabled diff_mode because these tests previously
assumed a diff attribute would always be returned from the file module.
While showing the deprecation message, mention the collection name
from which the module is removed.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fixes for CVE-2024-8775
* propagate truthy `_ansible_no_log` in action result (previously superseded by task-calculated value)
* always mask entire `include_vars` action result if any file loaded had a false `show_content` flag (previously used only the flag value from the last file loaded)
* update no_log tests for CVE-2024-8775
* include validation of _ansible_no_log preservation when set by actions
* replace static values with dynamic for increased robustness to logging/display/callback changes (but still using grep counts :( )
* changelog
* use ternary, coerce to bool explicitly
variable_manager unit tests are unreachable. These tests
are already covered in integration tests.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
In ``Handler.notify_host`` we ensure that ``Handler.notified_hosts`` can contain
particular host at most once. Therefore for removing a host it should be
faster to use ``list.remove`` which removes the first item in the list,
as opposed to using list comprehension removing all such items.
* Update triple single quotes to triple double quotes
This change was fully automated.
The updated Python files have been verified to tokenize the same as the originals, except for the expected change in quoting of strings, which were verified through literal_eval.
* Manual conversion of docstring quotes
Brian Coca