previouslly we recorded but did not show to avoid spam
since we could not dedup from forks, that was already
fixed in another PR so now we can show/display them.
Also:
* funcitonalize deprecation msg construct from docs
* reuse formatting func in cli
* normalize alternatives: most of the code used intended plural
but some and most data/tests used the singular
* update schemas and tests
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Enable Ubuntu 24.04 group 6 in CI
* Disable rootfull Podman on Ubuntu
* Disable unix-chkpwd AppArmor profile on Ubuntu for Fedora 40 tests
* Document AppArmor and rootfull issues
Previously, if the checksum of the downloaded file did not match the
specified checksum, the *destination* file was removed. This possibly
leaves the system that is being provisioned in an invalid state.
Instead, the checksum should be calculated on the temporary file only.
If there's a mismatch, delete the *temporary* file, not the destination
file.
This requires checking the checksum before moving the file.
The timezone support module was used only for changing the timezone in the user module integration tests.
Changing the timezone for the tests is unecessarily complex for the purpose of asserting proper parsing of user expiration times.
When vault password file env variable is set to blank,
this value is converted to CWD and passed for further
processing.
Check if ANSIBLE_VAULT_PASSWORD_FILE is not a directory.
Fixes: #42960
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
also make the YAML booleanization the same as spec/JSON/module function
previous 'aproximation' was missing several options.
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Improves the Add-Type temporary directory handler to include a retry
mechanism and not fail on an error. Deleting a temporary file used in
compilation is not a critical error and should improve the reliability
of Ansible on Windows hosts.
* Fix task.resolved_action for callbacks when playbooks use action or local_action
* Fix using module_defaults with 'action' and 'local_action' task FA and add a test case
Fixes#81905
* Disable cipher suite integration tests
When the client and server both support TLS 1.3, cipher suite selection is effectively a no-op.
Python provides no way to disable TLS 1.3 cipher suites, and no way to prefer user-selected cipher suites.
Since TLS 1.3 includes a mandatory cipher suite, this makes it impossible to induce a cipher suite related error when using TLS 1.3.
* Update multipart form-data integration test
* Fix netrc integration tests
* Update HTTP test host substring
* ansible-test - Update http-test-container
* remove no longer needed tasks
* remove workarounds
* consolidate conditionals
* remove distros/versions from conditionals that are no longer present
in CI
* Add version ceiling for pypsrp
Add a version ceiling for the pypsrp requirements. This ensures that the
future v1.0.0 release won't impact existing users who install the
library using the version range specified.
* Use constraints file
* Add changelog for this change
* decrypt option is used by assemble action plugin.
Add this parameter to remove failure raised by
validate-modules:nonexistent-parameter-documented
Fixes: #80840
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Fix installing roles containing symlinks
Fix sanitizing tarfile symlinks relative to the link directory instead of the archive
For example:
role
├── handlers
│ └── utils.yml -> ../tasks/utils/suite.yml
The link ../tasks/utils/suite.yml will resolve to a path outside of the link's directory, but within the role
role/handlers/../tasks/utils/suite.yml
the resolved path relative to the role is tasks/utils/suite.yml, but if the symlink is set to that value, tarfile would extract it from role/handlers/tasks/utils/suite.yml
* Replace overly forgiving test case with tests for a symlink in a subdirectory of the archive and a symlink in the archive dir when these are not equivalent.
* Build test case from role files to make it easier to add test cases
Fixes#82702Fixes#81965Fixes#82051
This fixes "Arch dependent binaries in noarch package" error cause by
including files created by make_elf function in noarch packages. While the
error only manifests itself on EL 7 and 8 it is better to use files
suitable for noarch packages to prevent the error potentially
re-occuring in the future.
* test: remove ansible-examples.git repo
* To speed up git tests remove reference to ansible-examples.git
Fixes: #81327
* Make CI green
Signed-off-by: Ansible Test Runner <noreply@example.com>
Co-authored-by: Ansible Test Runner <noreply@example.com>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
In #80094 support for var substitution for cachedir was added but there
are more options that should be supported. Using an API for
prepend_installroot which should be done anyway provide that feature
so use that. In addition, perform the operation once all substitutes
are in place (releasever as well).
In general the existence of a runtime-enabled unit should not prevent
a persistent enable being set.
Specifically this handles the case where there is an entry in fstab
for a mount point (which is retained to allow manual mount/umount to
take place) and yet a systemd mount unit needs to be deployed to
handle other unit options. There will be a generator-created unit file
which shows the unit as enabled-runtime and the persistent enable of
the mount unit will fail.
Additionally improve the comments and modify the code to use rsplit()
and the "in" notation since "systemctl is-enabled" is documented to
return specific values in the cases of interest.
---------
Signed-off-by: David Greaves <david@dgreaves.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
The cache directory can be specified with variables that are expanded by DNF, for example,
```
cachedir=/var/cache/yum/$basearch/$releasever
```
But the `dnf` module would use that path literally, instead of replacing
`$basearch` and `$releasever` with their values.
This commit ensures that variables in `cachedir` are properly substituted.
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
Instead, set module_defaults at the play level, which will apply to the
gather_facts keyword as well as any
ansible.builtin.setup/ansible.builtin.gather_facts tasks.
- hosts: all
gather_facts: yes
module_defaults:
ansible.builtin.setup:
fact_path: /path/to/facts.d/
gather_subset: '!all,!min,local'
gather_timeout: 20
tasks:
# also applies to:
- ansible.builtin.setup:
- ansible.builtin.gather_facts:
If you wish to only apply these to the gather_facts keyword, set as play keywords.
Add explicit error when the calculated dest path for fetch becomes a
local directory. The existing behaviour will not be checked unlike when
the path did not end with a trailing slash.
allow_duplicates is not part of the role uniqueness, so the value on the cached role may not match the current role.
* remove the allow_duplicates check from Role.has_run() which operates on the deduplicated role
* check the current role's allow_duplicates value in the strategy
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
* Allow role name prefix for handler task listen topics
For example,
- name: handler name
debug:
listen: topic1
can be notified using `topic1`, `role : topic1` if the handler is in a
standalone or collection role, and `ns.col.role: topic1` if the role is
in a collection, the same way handler names work.
changelog
* fix changelog and tests
* Add prefix to `origin` when configuration variables come from ini files
Fixes ansible#82387
This change was suggested by @bcoca in
https://github.com/ansible/ansible/pull/82388#discussion_r1424235728 and
https://github.com/ansible/ansible/pull/82388#discussion_r1424249732
When configuration variables come from an ini file, their `origin` is
now set to `ini: <file>`. Similarly, once supported, YAML configuration
files will have their `origin` as `yaml: <file>`.
Consequently, since unquoting configuration strings should happen if and
only if they come from an ini file, this condition boils down to testing
whether their `origin` starts with `ini:`.
* Do not add prefix to `origin` but explicitly pass `origin_ftype`
So as not to rely on a specific format of the `origin` string,
as suggested by @sivel in
https://github.com/ansible/ansible/pull/82388#issuecomment-1881714871
* Restore role attributes.
* Add a deprecation warning for role argument specs containing attributes
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
When using winrm over HTTP with message encryption enabled and a task
has timed out the connection plugin will fail to cleanup the WinRM
command. This will change that exception into a warning as a timeout is
already an exception event and a failure to clean the operation should
not override the timeout error shown.
* Allow check mode async task disabling check_mode
Allows running an async task with check_mode: False when the playbook is
being run in check mode.
* Add check_mode attribute to internal cleanup task
* install recommended packages while installing deb files and
install_recommends is set to true.
Fixes: #29726
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* use copystat to copy as many attributes as possible before os.rename
update unit test mocks for updated method of attribute preservation
add integration test for lineinfile case
remove erroneous `- meta: end_play` from lineinfile test suite
* add keep_dest_attrs parameter to control whether src attributes are
copied initially, and for existing destinations, whether the src is
updated using the dest before being renamed
consolidate with copy unsetting extended attrs
ci_complete
Enable file cache for vaulted host_vars_files vars plugin
* fixes#81994
* Changed cache arg from bool to str to allow 'vaulted' only file cache
* removed unused used var
---------
Co-authored-by: Steffen Oschatz <so@ypsilon.net>
* added integration test for issue 82611 regarding discrepency between apt-get clean and ansible.builtin.apt: clean
* fixed new line issue
* Implementation of bug fix for 82611
Fixed discrepancy in behaviour between apt-get clean and its equivalent ansible.builtin.apt: clean=True
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
---------
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
* added integration test for issue 82655 regarding ansible_loop_var and ansible_index_var inside included yml
* ensure correct handling of ansible_loop_var and ansible_index_var inside ansible builtin include_tasks Co-authored-by: Matt <matt@sivel.net>
* added changelog
* fixed new line issue
* Handle error raised when argument validation with elements=int
and value is not within choices
Fixes: #82776
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
If the connection plugin fails to write the data to run to stdin we will
only attempt to get the output with one operation attempt. If this times
out we will consider the command to have failed and raise an exception
instead of forever attempting to get the output.
Additionally, this patch takes care of installing GPG within the
`ansible-galaxy-collection` test when running under macOS 14 and higher.
PR #82697
ci_complete
allow extra vars when templating j2 files in the skeleton, for example:
ansible-galaxy init --role-skeleton /path/to/skeleton --extra-vars @/path/to/vars_file.yml newrole
ansible-galaxy init --extra-vars "min_ansible_version=2.17.0" newrole
Extend the wordings in warning if the reserved keyword _ansible_
is used as a module parameter.
Fixes: #82514
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Jordan Borean <jborean93@gmail.com>
The ``validate-modules`` sanity test no longer attempts to process files with unrecognized extensions as Python.
Integration tests have been added to verify Python-specific checks do not apply to these files.
The `invalid-extension` and `missing-gplv3-license` checks still apply to these files. This may change in the future.
* Allow subdirectories with import_role _from options
Add tests that tasks_from is restricted to the role
Note that a task like:
- import_role:
name: role
tasks_from: tasks/entrypoint.yml
will now load tasks from "{{ role_path }}/tasks/tasks/entrypoint.yml"
instead of "{{ role_path }}/tasks/entrypoint.yml". This change in
behavior matches include_role.
* better test case (filename doesn't match one in tasks/)
Fixes#82584
best/nobest options are one of the options whose default values are set
by an OS distribution. For example in our CI, both Fedora and RHEL set
the best option to different default values. As such we should defer to
the distributions for the default value and not change it by default but
if users wish to change it they can do so explicitly.
Currently the dnf module sets the nobest option inconsistenly and not for
all cases. This patch fixes that to reflect the behavior described
above. In addition adding the best option for both dnf and dnf5 modules
since the best option is prefer to nobest in dnf while in dnf5 nobest is
completely removed in favor of best.
Fixes#82616
* prettify ansibile-doc output
delimiters when no color
avoid triggering color mode for existing tests
all use _format to observe nocolor
more v more info
imporoved conditional display
updated version on -v
normalize role errors
expand role data, dedupe code, fix formatting on warning
fix bug with galaxy info
role list improvements:
lists all roles (even w/o meta/argspec)
specs now indented under role
role only listed once
Updated tests to reflect format changes
Co-authored-by: Felix Fontein <felix@fontein.de>
Jinja may generate an invalid Python source code from a template. Trying
to compile such source code into a Python code object results in
SyntaxError being thrown. An example of such a template is providing the
same keyword argument into a lookup twice, resulting in:
`SyntaxError: keyword argument repeated`.
Since `jinja2.exceptions.TemplateSyntaxError` does not cover such a
case, as it is not a Jinja parsing error, we need to catch SyntaxError
explicitly ourselves.
Fixes#82606
* Fix loading legacy vars plugins when the plugin loader cache is reset
* Remove extra cache layer by ensuring vars plugin names are cached (stateless or not) so that the plugin loader cache can double as the load order
Prior to this commit, it was impossible to use a module like dnf with a
URL that contains a username with an @ such as an email address
username, because:
dnf:
name: https://foo@example.com:bar@example.com/some.rpm
Would cause netloc parsing to fail. However, the following:
dnf:
name: https://foo%40example.com:bar@example.com/some.rpm
Would also fail because ansible would *not* URL-decode the credentials,
causing the following to be base64 encoded in the Authorization header:
Zm9vJTQwZXhhbXBsZS5jb206YmFyCg==
Which decodes to:
foo%40example.com:foo
Which is *not* the authorized username, and as such, *won't* pass basic
auth.
With this commit, Ansible's url lib behaves like curl, chromium, wget,
etc, and encodes the above to:
Zm9vQGV4YW1wbGUuY29tOmJhcgo=
Which decodes to:
foo@example.com:bar
Which will actually pass the HTTP Basic Auth, and is the same behaviour
that you will find ie. with:
curl -vvI https://foo%40bar:test@example.com 2>&1 |grep Auth | awk '{ print $4 }'
This moves handling of callbacks and play recap stats from
_load_included_file to individual strategies so include_role tasks are
accounted for, not just include_tasks.
Fixes#77336
* uri: Two tests that demonstrate missing handling of the "force" parameter
Add unit and integration tests that demonstrate that the uri module is not
handling the "force" parameter.
The unit test demonstrates that when "force" is present in the module parameters,
it is not being passed through to fetch_url().
The integration test demonstrates that "force" does not disable caching as
documented, and calls with a "dest" parameter that points to an existing file
can result in a "304 Not Modified" response.
* uri: Handle the "force" parameter properly
The uri module documents a "force" parameter that can be used to disable caching.
The module accepted the parameter but didn't pass it through to the fetch_url() method
which implements the logic to handle setting the appropriate headers for disabling
caching. This change passes the "force" parameter through as expected, allowing caching
to be disabled when requested by the module caller.
* when doing a 'contains' search, determine the encoding of the files to be searched
* set default encoding to None for backwards compatibility
* changelog, error handling, tests added
* add sanity ignore.txt for non-utf-8 test
This patch removes an import fallback that was only executed under
Python 2. Now that we don't run tests against that runtime, it
generates an uncovered line. Dropping it will slightly increase the
coverage metric as a side effect.
* Changes as suggested by sivel
* Add changelog fragment and tests
Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
* default svn URL to 127.0.0.1 for subversion integration tests
* svn client gives up before trying IPv4 addresses when localhost->(::1,127.0.0.1) in dual-stack envs (eg podman, most real hosts)
* svn client also requires legacy CN match on cert
* IPv6 works, but setup playbook would need a bunch more templating exceptions to conditionally manage `[::1]`
* explain IPv4 defaults
The timing of the async tasks was a little unpredictable, meaning that
sometimes we would get an unexpected number of v2_runner_on_async_poll
callbacks, and fail the test. This change fixes the issue by increasing
the poll interval to 2 seconds and the sleep duration to 3 seconds, such
that on a reasonably responsive system we will poll twice per task, with
the sleep ending in the middle of the two polls.
The include_me.yml file does not exist in this integration test. It has
been added.
The remote_tmp_dir.path expression is invalid - the setup_remote_tmp_dir
role uses set_fact to set remote_tmp_dir to remote_tmp_dir.path.
The integration tests run with ANSIBLE_HOST_PATTERN_MISMATCH=error,
meaning that the final play was never reached. Set
ANSIBLE_HOST_PATTERN_MISMATCH=warning to continue past the play and
trigger the v2_playbook_on_no_hosts_matched callback.
When ansible-test installs requirements, it now instructs pip to allow installs on externally managed environments as defined by PEP 668.
This only occurs in ephemeral environments managed by ansible-test, such as containers,
or when the `--requirements` option is used.