* Limit askpass prompts to single attempt
OpenSSH client option NumberOfPasswordPrompts defaults to 3 so in case
an incorrect connection password is provided it is excessively tried 3
times. Not only that but running the `_ssh_askpass` entry point multiple
times (via ssh) results in `json.decoder.JSONDecodeError` as after the
first run the shared memory is zero'd and the subsequent runs end up
calling `json.loads` on empty data.
`json.decoder.JSONDecodeError` does not happen prior to Python 3.13 as
the share memory is unlinked automatically on `.close()` and the
`_ssh_askpass` entry point exits with return code 1 before attempting to
load zero'd memory.
Fixes#85359
* changelog and tests
* Update changelogs/fragments/85359-askpass-incorrect-password-retries.yml
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* Update lib/ansible/cli/_ssh_askpass.py
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
* Avoid race condition in second unlink
---------
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* The redundant FA declaration was not static, which broke a number of automatic validation behaviors.
* Added tests to assert deferred validation and lack of templating on `import_playbook.vars`.
Co-authored-by: Matt Clay <matt@mystile.com>
* Errors raised in most Jinja operations and plugin invocations are now propagated as Markers, allowing template pipeline to continue execution when a Marker-aware consumer is present.
* Added ability to inspect ExceptionMarkers to Protomatter `dump_object` filter.
* Added tests.
Co-authored-by: Matt Clay <matt@mystile.com>
* deprecate invalid variable names in inventory
* was previously a hard error for `Host`
* added missing check to `Group`
* swapped blanket Python keyword prohibition with Jinja singleton and `not` check
Co-authored-by: Matt Clay <matt@mystile.com>
* fix invalid variable name test
---------
Co-authored-by: Matt Clay <matt@mystile.com>
* use declarative FA validation
* deleted redundant/broken imperative validation
* added test case to ensure templating
Co-authored-by: Matt Clay <matt@mystile.com>
* added ansible-test integration env/set directive for aliases
* applied to module-serialization-profiles test to enable feature flag
Co-authored-by: Matt Clay <matt@mystile.com>
* fix script failed_when bypass
* misuse of AnsibleActionFail for a retryable/alterable error case
* add tests
Co-authored-by: Matt Clay <matt@mystile.com>
* type annotation fixes
---------
Co-authored-by: Matt Clay <matt@mystile.com>
* Add test for a handler including tasks from a variable filename
* Add FieldAttributeBase attribute to indicate if the object should be post validated
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* replace usage of `IOError` as it is an alias to `OSError`
* replace usage of `socket.error` as it is an alias to `OSError`
* use subclasses of `OSError` rather than inspecting `errno`s
* utilize `exist_ok` parameter of `os.makedirs` rather than ignoring
`FileExistsError`
Make the following changes to the exception handling this patch already
updates to be consistent with the new code:
* use `ex` as a name for exception being handled
* use `from ex` when re-raising exception for additional context
* use f-strings and `!r` for quoting
* pass exceptions to the `exception` parameter of `fail_json`
* use `display.error_as_warning` rather than passing stringified
exception into `display.warning`
Co-authored-by: Matt Clay <matt@mystile.com>
* deprecate DEFAULT_MANAGED_STR and prevent masking of ansible_managed var
* adjust public API behavior
* restore backward-compatible behavior on existing public API
- from_yaml/from_yaml_all filters now preserve trust
- YAML dumping can once again handle undecryptable vaulted values
- increased test coverage
Co-authored-by: Matt Davis <nitzmahone@redhat.com>
* doc - Dynamically document jinja builtins
This change has `ansible-doc` dynamically generate the documentation for
any Jinja builtin filter and test plugins. These dynamic stubs will
point to the official Jinja documentation pages for more information.
* Fix sanity issues
* Add tests
* Update Jinja builtin doc gen
Co-authored-by: Matt Clay <matt@mystile.com>
---------
Co-authored-by: Matt Davis <nitzmahone@redhat.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* Clean up TE error handling, wrap sigalrm handler
* Preserve error detail on AnsibleAction and Connection exceptions.
* Remove multiple layers of unreachable or redundant error handling.
* Wrap manual alarm signal/timeout handling into a context manager, add tests.
Co-authored-by: Matt Clay <matt@mystile.com>
* update error message check in test
* update test timeout message assertions
---------
Co-authored-by: Matt Clay <matt@mystile.com>
async_status and async_wrrapper now use booleans instead of 0/1 for 'thruthyness'
gather_facts also updated
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Matt Clay <matt@mystile.com>
Martin Krizek