Commit Graph

6026 Commits (ec78526b976481f3fcdf91a904eeaa68b89ccdea)

Author SHA1 Message Date
Matt Davis 23f8639a4b
[stable-2.18] Preserve `_ansible_no_log` from action result; fix `include_vars` to set properly (#84143) (#84179)
* fixes for CVE-2024-8775

* propagate truthy `_ansible_no_log` in action result (previously superseded by task-calculated value)
* always mask entire `include_vars` action result if any file loaded had a false `show_content` flag (previously used only the flag value from the last file loaded)

* update no_log tests for CVE-2024-8775
* include validation of _ansible_no_log preservation when set by actions
* replace static values with dynamic for increased robustness to logging/display/callback changes (but still using grep counts :( )

* changelog

* use ternary, coerce to bool explicitly
(cherry picked from commit c9ac477e53)
1 month ago
Brian Coca 3b6de811ab
user module avoid conflicts ssh pub key (#84165) (#84171)
Remove pub key if we are going to generate private
fix tests for os X

(cherry picked from commit 11e4a6a722)
1 month ago
Sviatoslav Sydorenko (Святослав Сидоренко) cfdafb9bb6
[2.18] Trim `selinux_policytype` @ integration tests (#84137)
The shell command sometimes prints a trailing whitespace which breaks
the tests on old RHELs. This patch is supposed to fix that.

(cherry picked from commit cd74c4bcd5)
1 month ago
Abhijeet Kasurde 6e4732f8cd
[stable-2.18] debconf: set empty password value (#84033)
Fixes: #83214

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 79e8c4c26c)
2 months ago
Brian Coca c068e45d8d
user module, avoid chmoding symlink'd home file (#83956) (#84080)
also added tests

---------
Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>

(cherry picked from commit 0959472bc6)
2 months ago
Martin Krizek 371564cdc6
Reduce number of implicit meta tasks (#84007) (#84044)
This greatly reduces run time on large inventories since meta tasks are
executed in the main process sequentially and just executing them is expensive.

This change avoids running the following implicit meta tasks:
  * ``flush_handlers`` on hosts where no handlers are notified
  * ``noop`` for the linear strategy's lockstep, instead hosts that are
    not executing the current task are just not part of the current host loop

A playbook consiting of two simple plays both running on ~6000 hosts
runs in:
devel: 37s
this PR: 1.3s

Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
(cherry picked from commit d6d2251929)
2 months ago
Matt Martz 08683073f9
[stable-2.18] Prevent condor from being installed and fulfilling libfmt dependency (#84023) (#84024)
(cherry picked from commit fb7fd51)
2 months ago
Brian Coca 9812e55823
Ansible Errors, Don't hide stacked messages when yaml (#83933) (#84000)
Also remove redundant msg now that we fixed yaml case
So no more need to %s % e.

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 0c8efa29b2)
2 months ago
Matt Martz 3f444d01e0
Remove remaining 2.18 deprecations (#83949)
* Remove remaining 2.18 deprecations. Fixes #82948. Fixes #82946.

* ci_complete

* Ensure non-UTF8 error message is surfaced
2 months ago
Matt Davis 7fed9b06e0
[stable-2.18] forward ports of unsafe persistence fixes (#83922)
* [stable-2.17] Unsafe persistence (#82779)

* Ensure that unsafe is more difficult to lose [stable-2.16] (#82293)

* Ensure that unsafe is more difficult to lose

* Add Task.untemplated_args, and switch assert over to use it
* Don't use re in first_found, switch to using native string methods
* If nested templating results in unsafe, just error, don't continue

* ci_complete

(cherry picked from commit 270b39f6ff)

* Fix various issues in unsafe_proxy (#82326)

- Use str/bytes directly instead of text_type/binary_type
- Fix AnsibleUnsafeBytes.__str__ implementation
- Fix AnsibleUnsafeBytes.__format__ return type
- Remove invalid methods from AnsibleUnsafeBytes (casefold, format, format_map)
- Use `chars` instead of `bytes` to match stdlib naming
- Remove commented out code

(cherry picked from commit 59aa0145d2)

* Additional Unsafe fixes (#82376)

* Allow older pickle protocols to pickle unsafe classes. Fixes #82356

* Address issues when iterating or getting single index from AnsibleUnsafeBytes. Fixes #82375

* clog frag

(cherry picked from commit afe3fc184f)

* [stable-2.16] Enable directly using `AnsibleUnsafeText` with Python `pathlib` (#82510)

* Enable directly using `AnsibleUnsafeText` with Python `pathlib`. Fixes #82414

(cherry picked from commit c6a652c081)

* Prevent failures due to unsafe plugin name (#82759)

(cherry picked from commit 56f31126ad)

* Address issues from merge conflicts

---------

Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
(cherry picked from commit 9e622ddb67)

* rewrite illegal templated conditional in find test

---------

Co-authored-by: Matt Martz <matt@sivel.net>
2 months ago
Martin Krizek aa24e97435
dnf5: re-introduce ``state: installed`` alias (#83961)
Fixes #83960
2 months ago
Brian Coca 6efb30b43e
Do not convert floats to ints when there is truncation (#83864)
Adjusted error messages
fixed tests
removed py2 compat tests, since no more py2

Co-authored-by: Matt Clay <matt@mystile.com>
2 months ago
Sloane Hertel 40ade1f84b
Add mount_facts module (#83508)
* Add a mount_facts module capable of gathering mounts skipped by default
fact gathering

* By default, collect mount facts from standard locations including
/etc/mtab, /proc/mounts, /etc/fstab, /etc/mnttab, /etc/vfstab, and on AIX,
/etc/filesystems.

When no file-based source for the current mounts can be found
(like /proc/mounts), the module falls back to using mount as a source.
This allows BSD and AIX to collect the existing mounts by default, without
causing Linux hosts to use both /proc/mounts and mount output.

* Non-standard locations and "mount" can be configured as a sources.

* Support returning an aggregate list of mount points in addition to first
found.

When there are multiple mounts for the same mount point in an
individual source, a warning is given if the include_aggregate_mounts
option is not configured.

* Add options to filter on fstypes and devices (supporting UNIX shell
wildcards).

* Support configuring a timeout and timeout behavior to make it easier
to use the module as a default facts module without risking a hang.

* Include the source and line(s) corresponding to a mount for easier
debugging.

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
2 months ago
Brian Coca bcee35385b
timedout extended (#83953)
* timedout extended

* add timedout test
2 months ago
Brian Coca d58988d8ff
fact gathering, mounts, fixes for single proc code and tests (#83866)
* Fact gathering fix 'no shm' branhc

* Use concurrent.futures instead of multiprocessing

This entirely avoids the need for fallback logic since the concurrent.futures thread pool does not depend on `/dev/shm`.

Co-authored-by: Matt Clay <matt@mystile.com>
3 months ago
Matt Clay 31d73b0645
Replace binary_modules Makefile with Python script (#83925)
Also update the platform list:

* Remove linux ppc64le
* Add darwin arm64
3 months ago
Brian Coca 4fa512406b
loop_control "early exit" feature (#62151)
* add a loop_control break_when directive to break out of a loop after any item

* remove loop var as normal exit would

* example usage:

- name: generate a random password up to 10 times, until it matches the policy
  set_fact:
    password: "{{ lookup('password', '/dev/null', chars=character_set, length=length) }}"
  loop: "{{ range(0, 10) }}"
  loop_control:
    break_when:
      - password is match(password_policy)

Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
3 months ago
Jordan Borean 1503805b70
Add location on include_tasks fail inside include (#83876)
Adds the datastore details to the parser error when attempting to
include tasks that contain include_tasks without a filename set. This
change will now display the exact location of the include_tasks that
failed like any normal syntax error.
3 months ago
Jordan Borean 9a5a9e48fc
Improve testing for Windows SSH and other connection plugins (#83834)
Expands the test matrix used for testing on Windows to cover the three
connection plugins we support for all the tasks. This change also
changes how raw commands are run over SSH to avoid starting a
`powershell.exe` process that was uneeded in the majority of cases used
in Ansible. This simplifies our code a bit more by removing extra
Windows specific actions in the ssh plugin and improves the efficiency
when running tasks.
3 months ago
Martin Krizek 1f987423fd
Print the name of the option being deprecated (#83761)
Fixes #83759
3 months ago
Matt Davis c6a391c8d8
fix delegate_to integration test (#83865)
* the test was previously passing erroneously due to the `timeout` elapsing in CI, and that the `failed` test does not encompass `unreachable`
3 months ago
Brian Coca 2a676ff897
copy, fix permissions and atime on diff partitions (#83824)
we just set time also, when on diff partitions
3 months ago
Felix Fontein faf446a895
runtime-metadata sanity test: do not fail deprecation version checks if galaxy.yml has empty `version` (#83831)
* Do not create invalid SemanticVersion objects.
* Fix SemanticVersion.parse().
* Add basic runtime-metadata tests.
3 months ago
Jordan Borean b5e0293645
powershell - Improve CLIXML parsing (#83847)
Improves the logic used when parsing CLIXML to support all escaped
character sequences and not just newlines.
3 months ago
Jordan Borean 69fb629355
Fix up raw_params for ansible.windows modules (#83830)
* Fix up raw_params for ansible.windows modules

Fixes up the logic for detecting if using ansible.windows.win_command or
ansible.windows.win_shell with _raw_params. These two modules are
special in that they can be referenced in 4 different ways but the
ansible.windows collection specific prefix needs to be manually added to
the list.

* Fix up sanity issue
3 months ago
Brian Coca 90de03be50
Gather mount facts, fallback for when multiproc is not feasable (#83750)
* fallback to 'single threaded gathering' for when multiproc fails

Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
3 months ago
Jordan Borean 520fa688ba
ssh and psrp - Support more complex characters in fetch_file (#83753)
* ssh and psrp - Support more complex chars in fetch_file

Fixes the psrp and ssh (with piped) fetch function to work with paths
that contains glob like characters in the path. For Windows this was
needed when using paths that contain `[]` in the path. For ssh this was
a problem with FreeBSD when using the piped transfer method with similar
characters.

Also tidies up the psrp logic to not inject the paths and buffer size
in the script but pass it as an object through an argument/parameter.

* Fix sanity check
4 months ago
Jordan Borean dec49e6288
Add explicit winrm/psrp tests for HTTP and HTTPS (#83769) 4 months ago
Jordan Borean 430aaa1960 Fix tests when running against SSH target 4 months ago
Matt Clay 81e025b414 ansible-test - Add Windows remote connection option 4 months ago
Matt Clay a3ee846a64
Use a venv in more integration tests (#83799)
* Use venv for pause test
* Use venv for debugger test
* Use venv for builtin_vars_prompt test
4 months ago
dkuji 26375e7f12
fix copy module update atime/mtime (#83235)
Ensure we force mtime/atime update when using copystat

Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
4 months ago
Martin Krizek 89137cb5a0
Add end_role meta task (#83263)
ci_complete
4 months ago
Sloane Hertel fe7e68bfcb
Fix ansible-vault integration test for missing vault ids (#83777)
* Fix broken, circumvented test for missing vault ids

* verify the command returns a non-zero exit code

Co-authored-by: Matt Clay <matt@mystile.com>
4 months ago
Martin Krizek 9a54ba5a39
Ensure skipped loop iteration register var is available (#83756)
Fixes #83619
4 months ago
Martin Krizek 5c84220dbb
Fix meta tasks breaking host/fork affinity with host_pinned (#83438)
Fixes #83294
4 months ago
Martin Krizek a0f9bbf3f3
ini lookup: add new interpolation option (#83773)
Fixes #83755
4 months ago
Sloane Hertel 2b91c57c85
atomic_move - fix creating file in directory with setgid bit (#83718)
* fix creating file in directory with setgid bit

* add a test using the copy module's content option to create a file in a directory with setgid bit

Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
4 months ago
Kellin 0d6b034103
Enable validation of subkeys in rpm key module (#83716)
* Enable validation of subkeys in rpm key module

A gpg subkey may change while the primary key remains the same. Due to
this behavior, there are situations where validation of the primary gpg
key fingerprint is not sufficient because the desired target is actually
the gpg subkey. This change allows the user to validate against either
the fingerprint of the primary gpg key or its subkey.

Signed-off-by: Kellin <kellin@retromud.org>

* Improve tests, add multi-fingerprint

- Improve tests to cover all cases
- add multi fingerprint validation

Signed-off-by: Kellin <kellin@retromud.org>
4 months ago
Brian Coca e4d7286298
use diff intermediate var to preserve functionality (#83738)
add tests
4 months ago
Brian Coca 797e6bb220
Add vaulted_file test (#83717)
* Add vaulted_file test
* fix is_encrypted_file while we are here
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
4 months ago
Sloane Hertel 97a60c1e86
Fix csvfile test - quote file argument (#83751)
file was intended to be a string, not an undefined variable
4 months ago
Matt Davis a301ae876e
try disabling negative values win_reboot test (#83735)
* hoping to improve CI stability
4 months ago
Sloane Hertel 0be66ed6dc
Fix task-adjacent search path in roles (#83621)
* Restore search path in the current task file’s directory for roles
4 months ago
Sloane Hertel 26c8a28d05
csvfile lookup - fix giving an error when no search term is provided (#83710)
Fixes #83689
4 months ago
Brian Coca c5210ad3eb
Fix display to log severity mapping (#83712)
add caplevel to display to pass through
also reverse dict order as 'last update wins'
added tests ... and also log severity to log

Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
4 months ago
Matt Clay 5ae8b5b3a6
Remove EXTERNALLY-MANAGED marker in apt test (#83706)
The marker is removed in ansible-test managed environments, but the apt test restores it
by installing/upgrading packages. To avoid breaking later tests, the marker needs to be
removed again.

ci_complete
4 months ago
Abhijeet Kasurde 31ad786de1
ansible-doc: handle on_fail (#83676)
Handle errors raised when role doc has errors

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 months ago
skupfer 20465ba11a
Add UID and GID min/max keys (#81770)
Fixes: #72183
4 months ago
Karl G 6bf6844a1c
add error handling when parsing values in ini files (#82718)
Fixes: #82717

Co-authored-by: Karl A. Grindley <kgrindley@ll.mit.edu>
4 months ago