Fix up bug when attempting to run any module on a Windows host that has
been configured with WDAC and Dynamic Code Security in audit mode. This
does not enable WDAC support with signed scripts so Ansible will still
not pass the audit events but it no longer fails to run.
(cherry picked from commit e5ec1ee76c)
Prevents `Group state for \"customenvgroup\" not found` error which may
or may not be a regression in dnf5. Just name groups/envs uniquely to
workaround the issue.
(cherry picked from commit 09391f38f0)
* Link to amazon.aws.aws_ec2 inventory plugin.
* Mention that refresh_inventory does not update the selected hosts for a play.
* Address comments by bcoca.
* Apply suggestions from code review
---------
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit ea2fe793aa)
* [fix] `warn_if_reserved` expects a list (#84624)
Fixes#84623
(cherry picked from commit 48d71ba3aa)
* changelog
* Test include_vars reserved variable matching (#84678)
* Add test case for include_vars
* Revise test to catch erroneous warnings
(cherry picked from commit 333ee8d010)
---------
Co-authored-by: Dominique Quatravaux <dominique@quatravaux.org>
Also added automatic retries on HTTP request exceptions, since all currently implemented methods (GET/PUT/DELETE) are idempotent.
(cherry picked from commit 7677bf1c9b)
Improves the logic for parsing CLIXML values in the stderr returned by
SSH. This fixes encoding problems by having a fallback in case the
output is not valid UTF-8. It also can now extract embedded CLIXML
sequences in all of stderr rather than just at the start.
(cherry picked from commit f86c58e2d2)
Fixes the coverage path translation for modules located in integration
test paths. Instead of trying to match by the unique temporary path name
that the module is executed as, the reporting tool will translate it to
the static path that the module is actually located under.
(cherry picked from commit f9b58fa13f)
prompt now only errors if stdin is specifically triggered and not due to lack of other args
fixes#84489
---------
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
(cherry picked from commit a046ef5a95)
* fix warnings about reserved variable names to cover all sources (#84432)
Also remove redundant check from tqm
Now covers module output (set_fact/include_vars)
Includes play objects at any stage (tasks that error were not covered)
Added tests, moved them to role structure
(cherry picked from commit 20baf29a2a)
* fix template (#84563)
also fix gather_subset warning and add some comments/notes
---------
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 675d7201d8)
* reserved vars, avoid gather_subset (#84575)
(cherry picked from commit 3398c102b5)
gather_facts, fix network_os and smart logic and defaults
setup will be default for smart only if network_os is not set, now you get warnings and errors when missing a valid facts module for a network os
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit c64c389007)
* Make sure we are always using Lock from our multiprocessing context
* add clog frag
(cherry picked from commit 73d8f4ad46)
Co-authored-by: Matt Martz <matt@sivel.net>
The test has been updated to use a custom type which does not support pickling,
instead of relying on Jinja's `Undefined` type. As of Jinja 3.1.5 that type now
supports pickle, which breaks the original implementation of the test.
(cherry picked from commit 5ec236b)
Fixes the logic when attempting to become the SYSTEM user using the
runas plugin. It was incorrectly assumed that calling LogonUser with the
SYSTEM username would produce a new token with all the privileges but
instead it creates a copy of the existing token. This reverts the logic
back to the original process and adds in new logic to avoid any tokens
that are restricted from creating new processes.
(cherry picked from commit 3befdd3d15)
though the previous docs were the 'intended' outcome,
the current behaviour has been active for a long time and should
not be removed due to backward compatibility issues.
One thing we can do going forward is deprecate substitution enabled by default.
(cherry picked from commit bf48b538f8)
When detection of the current container network fails, a warning is now issued and execution continues.
This simplifies usage in cases where the current container cannot be inspected, such as when running in GitHub Codespaces.
(cherry picked from commit 95e3af3e0f)
Matt Clay