Fixes the logic when attempting to become the SYSTEM user using the
runas plugin. It was incorrectly assumed that calling LogonUser with the
SYSTEM username would produce a new token with all the privileges but
instead it creates a copy of the existing token. This reverts the logic
back to the original process and adds in new logic to avoid any tokens
that are restricted from creating new processes.
* Update resolvelib upperbound to 2.0.0
Minor SemVer releases should not contain breaking changes
* Test the latest minor release and reduce number of resolvelib versions tested for efficiency
* Removed deprecated pycompat24 and importlib
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Make CI green
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Ignore basic.py
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Make CI green III
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Make CI green IV
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
---------
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Several tasks within the modification_time.yml and state_link.yml task
lists have explicitly enabled diff_mode because these tests previously
assumed a diff attribute would always be returned from the file module.
While showing the deprecation message, mention the collection name
from which the module is removed.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fixes for CVE-2024-8775
* propagate truthy `_ansible_no_log` in action result (previously superseded by task-calculated value)
* always mask entire `include_vars` action result if any file loaded had a false `show_content` flag (previously used only the flag value from the last file loaded)
* update no_log tests for CVE-2024-8775
* include validation of _ansible_no_log preservation when set by actions
* replace static values with dynamic for increased robustness to logging/display/callback changes (but still using grep counts :( )
* changelog
* use ternary, coerce to bool explicitly
* Fix installing collections|roles from git repos with GALAXY_IGNORE_CERTS
* Fix installing collections from git repos with --ignore-certs
* Update unit test
* Add test case
This greatly reduces run time on large inventories since meta tasks are
executed in the main process sequentially and just executing them is expensive.
This change avoids running the following implicit meta tasks:
* ``flush_handlers`` on hosts where no handlers are notified
* ``noop`` for the linear strategy's lockstep, instead hosts that are
not executing the current task are just not part of the current host loop
A playbook consiting of two simple plays both running on ~6000 hosts
runs in:
devel: 37s
this PR: 1.3s
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
Since we don't really care about the type we don't have to
query for it and just retrieve the filename value.
Unfortunately we cannot use module_utils.urls.get_response_filename
as we don't have the response object, so just utilize
email.message.Message to parse the filename
instead of manually doing the work ourselves.
Fixes: #83690
* INVENTORY_IGNORE_EXTS stop ignoring ini
Originally added to avoid configuration files for inventory scripts
now clashes with the much more common ini inventory files.
* add a note to script plugin
* Update lib/ansible/plugins/inventory/script.py
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* facts: Skip path if the distribution path is directory
Skip path if the distribution path is directory instead of file.
Handle exception raised while handling distribution path.
Fixes: #84006
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Review requests
---------
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>