* lookups, make file searching use better is_role
The dwim function will internally try by detecting tasks/main['','.yml','.yaml]
but this is far from optimial, the existince of role path in vars is much better
indicator that we can use to pass a hint
* updated test to avoid main.yml
(cherry picked from commit a9919dd7f6)
* Role fixes (#82339)
* Various fixes to roles
- static property is now properly set
- role_names and other magic vars now have full list
- role public/private var loading is now done when adding to play.roles instead of on each var query
- added tests
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 55065c0042)
* import_role does not get public until next version
Set the tarfile attribute to a normalized value from unfrackpath instead
of validating path parts and omiting potentially invald parts
Allow tarfile paths/links containing '..', '$', '~' as long as the
normalized realpath is in the tarfile's role directory
(cherry picked from commit 3a42a00368)
* Allow older pickle protocols to pickle unsafe classes. Fixes#82356
* Address issues when iterating or getting single index from AnsibleUnsafeBytes. Fixes#82375
* clog frag
* [backport][stable-2.16] 🧪 Replace GitHub SVN integration test with local TLS
PR #82334
* Run svn integration test locally with TLS
This patch uses a `trustme` to make an ephemeral CA, and server, and
client TLS artifacts for testing. These are integrated into the Apache
web server via it's `mod_ssl`.
Resolves#82207
* Replace GitHub SVN HTTPS URL w/ localhost over TLS
This change gets rid of the need to use GitHub, which is just about to
drop support for SVN [[1]]. Moreover, it eliminates the need to use
external network for any SVN commands in the test.
[1]: https://github.blog/2023-01-20-sunsetting-subversion-support/
(cherry picked from commit dd0138ba21)
* Implement compat w/ opensuse15, centos7 & rhel7/8
* Ensure that unsafe is more difficult to lose
* Add Task.untemplated_args, and switch assert over to use it
* Don't use re in first_found, switch to using native string methods
* If nested templating results in unsafe, just error, don't continue
* ci_complete
* wait_for, fallback to read for non mmapable files (#82064)
* also handle oserror, added debug jic
(cherry picked from commit 8b102dca4a)
* skip problem versions
* ansible-pull added missing pasthrough for secrets
Both become and connection password file options were missing.
Also added test
(cherry picked from commit 99e0d25857)
for j2 plugins dedupe on path and not basename
for j2 this is a container file , for other plugins file name == plugin name
(cherry picked from commit b4566c18b3)
- Remove dependency on the htpasswd module (and thus passlib)
- Fix setup/teardown of the httpd process
- Fix cleanup of temporary directories.
(cherry picked from commit 09d943445c)
Co-authored-by: Matt Clay <matt@mystile.com>
When templating tags (which happens outside of standard `post_validate`) we
need to template each object in the inheritance chain and set the templated
values on those objects individually. That way when `task.tags` is called the
`extend` functionality properly picks up the templated values of all
parents into one flatten list.
Fixes#81053
(cherry picked from commit 9b3ed5e)
* Improve host_group_vars efficiency:
* normalize the basedir with `os.path.realpath()` once and cache it
* cache missing paths/files
* reduce the calls to `isinstance`
Add a couple more general improvements in vars/plugins.py get_vars_from_path():
* call `PluginLoader.all()` once for vars plugins and reload specific
plugins subsequently
* don't reload legacy/builtin vars plugins that are not enabled
Add a test for host_group_vars and legacy plugin loading
Co-authored-by: Matt Davis <mrd@redhat.com>
* changelog
* Add a new is_stateless attribute to the vars plugin baseclass
update integration tests to be quieter and use the same test pattern
Fix deprecation and adjust test that didn't catch the issue (deprecation only occured when the value was False)
move realpath cache to host_group_vars (do not smuggle call state as instance data)
refactor under a single 'if cache:' statement
Call os.path.isdir instead of always calling os.path.exists first. Just call os.path.exists to differentiate between missing and non-directory.
remove call to super(VarsModule, self).get_vars()
use the entity name as the cache key instead of variable location
Remove isinstance checks and use a class attribute just in case any plugins are subclassing Host/Group
Replace startswith by checking index 0 of the name instead, since host/group names are required
* rename is_stateless to cache_instance to make it more clear what it does
* add plugin instance cache using the path to plugin loader
reduce loading stage option if a new instance isn't created
don't require a known subdir on PluginLoader instantiation for backwards
compatibility
rename attribute again
contain reading from/initializing cached instances to a plugin loader method
* Deprecate v2 vars plugins
* Refactor to use the cache in existing plugin loader methods
Rename the attribute again
Refactor host_group_vars with requested changes
Make changelog a bugfixes fragment
Add a deprecation fragment for v2 vars plugins.
Add type hints
* unbreak group_vars
* Apply suggestions from code review
* misc tweaks
* always cache instance by both requested and resolved FQ name
* add lru_cache to stage calculation to avoid repeated config consultation
* handle KeyError from missing stage option
---------
Co-authored-by: Matt Davis <mrd@redhat.com>
(cherry picked from commit debf2be913)
* Import role public (#81772)
revert to previous behavior to push vars to play at compile time
add `public` parameter to allow per import control of exporting (vs just the global config)
Co-authored-by: tchernomax <maxime.deroucy@gmail.com>
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
(cherry picked from commit ab6a544e86)
* adapted to prev version
- removed new functionality
- restored global config functioning overriding specific public option
* remove typoe
* quote it
PR #81606.
Prior to this patch, when `--pre` CLI flag was not passed, the
dependency resolver would treat concrete collection dependency
candidates (Git repositories, subdirs, tarball URLs, or local dirs or
files etc) as not meeting the requirements.
This patch makes it so pre-releases in any concrete artifact
references, and the ones being specifically pinned dependencies or
user requests, met anywhere in the dependency tree, are allowed
unconditionally.
This is achieved by moving the pre-release check from
`is_satisfied_by()` to the `find_matches()` hook, following the
Pip's example.
As a bonus, this change also fixes the situation when a collection
pre-releases weren't considered if it didn't have any stable releases.
This now works even if `--pre` wasn't requested explicitly.
Finally, this patch partially reverts commit
6f4b4c345b, except for the tests. And it
also improves the `--pre` hint warning to explain that it mostly
affects Galaxy/Automation Hub-hosted collection releases.
Ref #73416
Ref #79112Fixes#79168Fixes#80048Resolves#81605
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
(cherry picked from commit 7662a05085)
* Symlinks in the collection might be pointing to non-existent
targets. Check and report the failure to the user.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* when --diff is used with content parameter, print destination
path instead of temporary file path.
Fixes: #79749
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* If all tasks in the role are skipped or unreachable, the role is not marked as complete for the host.
* Only mark the role as complete if a task in the role succeeds or fails for the host.
* Before performing shredding the original file, check if the
destination file location is writable or not. This will
prevent corruption of original file.
Fixes: #81455
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Python 3.11.4 introduces a new parameter 'filter' in extract and
extractall in tarfile. Handle deprecation warning message emitted
in Python 3.12.
* added probing mechanism in ansible-galaxy code to detect broken
data filter implementation in tarfile.
Fixes: #80832
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Matt Clay <matt@mystile.com>
Nilashish Chakraborty