* Use vault_id when encrypted via vault-edit
On the encryption stage of
'ansible-vault edit --vault-id=someid@passfile somefile',
the vault id was not being passed to encrypt() so the files were
always saved with the default vault id in the 1.1 version format.
When trying to edit that file a second time, also with a --vault-id,
the file would be decrypted with the secret associated with the
provided vault-id, but since the encrypted file had no vault id
in the envelope there would be no match for 'default' secrets.
(Only the --vault-id was included in the potential matches, so
the vault id actually used to decrypt was not).
If that list was empty, there would be an IndexError when trying
to encrypted the changed file. This would result in the displayed
error:
ERROR! Unexpected Exception, this is probably a bug: list index out of range
Fix is two parts:
1) use the vault id when encrypting from edit
2) when matching the secret to use for encrypting after edit,
include the vault id that was used for decryption and not just
the vault id (or lack of vault id) from the envelope.
add unit tests for #30575 and intg tests for 'ansible-vault edit'
Fixes#30575
(cherry picked from commit a14d0f3586)
params could be logged so never use it for passwords.
Also add code to raise an error if passwords are used in that field.
References #30874
(cherry picked from commit 863fcb5ace)
Allow empty wasn't breaking out of the process_dist_files
loop, so a empty /etc/arch-release would continue searching
and eventually try /etc/os-release. The os-release parsing
works, but the distro name there is 'Arch Linux' which does
not match the 2.3 behavior of 'Archlinux'
Add a OS_RELEASE_ALIAS map for the cases where we need to get
the distro name from os-release but use an alias.
We can't include 'Archlinux' in SEARCH_STRING because a name match on its keys
but without a match on the content causes a fallback to using the first
whitespace seperated item from the file content as the name.
For os-release, that is in form 'NAME=Arch Linux'
With os-release returning the right name, this also supports the
case where there is no /etc/arch-release, but there is a /etc/os-release
Fixes#30600
* pep8 and comment cleanup
(cherry picked from commit 3eab636b3f)
On sparc64, /proc/cpuinfo has no usual 'model name', 'Processor', 'vendor_id', 'Vendor',
as a result "ansible_processor_vcpus" is always 1.
Add check element "ncpus active" to fix the issue.
(cherry picked from commit e93ecac0da)
As reported on the mailing list, if ssh_executable (from a config
setting) contains nonascii characters then we could get a UnicodeError
here. Transform into bytes before passing to subprocess so that
subprocess doesn't transform to bytes for us.
(cherry picked from commit 86d8a4ff50)
* Fix pkg_mgr fact on OpenBSD
Add a OpenBSDPkgMgrFactCollector that hardcodes pkg_mgr
to 'openbsd_pkg'. The ansible collector will choose the
OpenBSD collector if the system is OpenBSD and the 'Generic'
one otherwise.
This removes PkgMgrFactCollectors depenency on the
'system' fact being in collected_facts, which also
avoids ordering issues (if the pkg mgr fact is collected
before the system fact...)
Fixes#30623
(cherry picked from commit 12404f470a)
Looks like this is supposed to operate on native strings so there's no
need to encode or decode at all here
Fixes#30354
(cherry picked from commit f66c74915c)
* Split ec2_elb_* modules in service of rename/interface changes (#30532)
* Undeprecate ec2_elb_*
* Make ec2_elb* full fledged modules rather than aliases
* Split tests for ec2_elb_lb and elb_classicb_lb
* Change names in documentation of old and new elb modules
Add tests for ec2_elb_lb
* Update CHANGELOG with new status of ec2_elb_* vs. elb_classic_*
with new configuration the sudo flags are always set and become cannot override,
switching to simle 'or' will result in become_flags working.
also sudo_flags are deprecated.
also changed from YAML null causing a 'None' str
fixes#30629
(cherry picked from commit 236d13ac3a)
Previously to use the modes put or get the object had to be specified with a leading /. Since the boto call doesn't take an object like that this was overlooked and removed. Added a check to remove that leading character.
* Increase persistent connection local socket
retry timeout to fix intermittent failure in
network integration test
(cherry picked from commit 869cd6f729)
* made callbacks backwards compatible
* note about porting guide
* deprecation notice so those callbacks get updated.
This fixes#30597 for those that were not inheriting from base.
Callback must either inherit from base (directly or indirectly),
which already implements this or implement set_options themselves.
(cherry picked from commit 131d417c7a)
This is to catch vault secrets from config and
cli. Previously vault_password_file in config was
missed since it was added by setup_vault_secrets,
so check after setup_vault_secrets.
Related to #30514
(cherry picked from commit 174cb1f33c)
This is to match the 2.3 behavior on:
ansible-vault edit encrypted_file.yml
Previously, the above command would consider that a 'new password'
scenario and prompt accordingly, ie:
$ ansible-vault edit encrypted_file.yml
New Password:
Confirm New Password:
The bug was cause by 'create_new_password' being used for
'edit' action. This also causes the previous implicit 'auto prompt'
to get triggered and prompt the user.
Fix is to make auto prompt explicit in the calling code to handle
the 'edit' case where we want to auto prompt but we do not want
to request a password confirm.
Fixes#30491
(cherry picked from commit 307be59092)
* Restore correct coloring to selective callback
This fixes the bug raised in #30506
* Fix format issues for Python 2.6 & indent
Removed the zero length fields to support format under Python 2.6
Fixed E128 continuation line under-indented for visual indent issue
(cherry picked from commit d74c871559)
updated clog
Brian Coca