* user: do not pass ssh_key_passphrase on cmdline
* user: do not pass ssh_key_passphrase on cmdline
CVE-2018-16837
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
(cherry picked from commit a0aa53d1a1)
* Ignore user module use of subprocess.
(cherry picked from commit 8d00afc013)
* Fix python3 problem in user module cve fix
(cherry picked from commit 9088671c4e)
* Fix changelog entry for user module CVE fix
(cherry picked from commit 210a43ebeb)
(cherry picked from commit b618339c32)
* Remove E210
* win_nssm: add failing tests for issue #44079
(cherry picked from commit a5d1241fa1)
* win_nssm: add more failing tests
These tests highlight several issues with this module:
* Service not started when state=started
* Errors with app_parameters (see #25265)
* Exception when passing several dependencies separated by comma as specified in doc
(cherry picked from commit e50234bdb3)
* win_nssm: use Run-Command instead of Invoke-Expression to prevent interpretation issue
Fix#44079
(cherry picked from commit 20a0d90ebe)
* win_nssm: fix service not started when state=started
Nssm status returns a multiline output that doesn't match any of the strict patterns in the switch statement.
(cherry picked from commit 8180a7c39b)
* win_nssm: fix incorrect separator in doc for service dependencies
The dependencies parameter works with space as separator, but not with comma as shown in the documentation
(cherry picked from commit ddd4b4bea6)
* win_nssm: fix error with app_parameters parameter
Fix#25265
(cherry picked from commit aba0d48ba5)
* win_nssm: add idempotence tests
(cherry picked from commit 46a5e4f3bf)
* win_nssm: fix several idempotence issues and misbehaviors
Add missing space between arguments when app_parameters contains several keys.
Use Argv-ToString and Escape-Argument to improve arguments handling (parameters with quotes, backslashes or spaces).
(cherry picked from commit 933a4092bf)
* win_nssm: test parameters with spaces, quotes or backslashes
(cherry picked from commit 51843a7b3c)
* win_nssm: restore comma as separator for service dependencies
Revert commit ddd4b4b
(cherry picked from commit ead882bb9b)
* win_nssm: restore support of string as dict form for app_parameters and remove support of literal YAML dict
(cherry picked from commit 862855252b)
* win_nssm: wrong variable in tests
(cherry picked from commit 9b9c839461)
* win_nssm: add changelog fragment
* modules/systemd: fix logic: disabled means disabled
Fix logic determining whether a service with both systemd and initd files is enabled or disabled.
In situations where systemd thinks service is disabled, but rc.d symlinks mark it as enabled,
this module wrongly assumes the service is enabled.
Fix this logic: disabled means disabled
Only when the output from systemctl is-enabled does NOT include disabled, consider the status of rc.d symlinks.
This essentially replicates the fixes done to the systemd handling in the "service" module in 3c89a21e0cFixes#22303Fixes#44409Fixes#39116
* backport/2.6/46245: add changelog fragment
This prevents a stack trace in Python 3 when the result is an empty file since
the file is open in binary mode and a native string in Python 3 is str,
not bytes.
(cherry picked from commit 8b1ae30e2e)
If enable_snat is False, this should be used to build the
request, because the default value in the OpenStack Networking
API is True.
Fixes the issue #45915.
(cherry picked from commit 452a4ab781)
* Don't simply ignore container in present() if image is not specified.
* Use image from existing container for recreation if not specified.
* Added changelog.
* Improve comment.
(cherry picked from commit 895019c59b)
* [aws] route53 module: fix idempotency for CAA records (#46049)
* Fixing record order for CAA records to properly handle idempotency.
* Add integration tests that reproduce CAA failure
(cherry picked from commit a727a1ee67)
* Added changelog.
* Sorting args.
* Doing comparisons of options with container parameters in a more context-sensitive way.
This prevents unnecessary restarts, or missing restarts (f.ex. if parameters are removed from ``cmd``).
* Make blkio_weight work.
* Fix cap_drop idempotency problem.
* Making groups idempotent if it contains integers.
* Make cpuset_mems work.
* Make dns_opts work.
* Fixing log_opts: docker expects string values, returns error for integer.
* Adding tests from felixfontein/ansible-docker_container-test#2.
* Make uts work.
* Adding changelog entry.
* Forgot option security_opts.
* Fixing typo.
* Explain strict set(dict) comparison a bit more.
* Improving idempotency tests.
* Making dns_servers a list, since the ordering is relevant.
* Making dns_search_domains a list, since the ordering is relevant.
* Improving dns_search_domains/dns_servers.
* Fixing entrypoint test.
* Making sure options are only supported for correct docker-py versions.
* [stable-2.7] Fix logic to not re-download existing files when force=no (#45495)
* Fix logic to not re-download existing files when force=no. Fixes#45491
* Reduce logic complexity.
(cherry picked from commit 5785de582f)
Co-authored-by: Matt Martz <matt@sivel.net>
* Backport of get_url fix cannot use result
result was only added in 2.8+.
(cherry picked from commit 99171a9c6f)
Co-authored-by: Matt Martz <matt@sivel.net>
* Fix targets that may be a list containing strings and lists which worked prior to 2.6.
(cherry picked from commit 450fb9f855)
* Add ec2_group integration tests for lists of nested targets
(cherry picked from commit 14e3399db1)
* changelog
(cherry picked from commit fb17db0876)
* Don't pass file_name to DataLoader.load in script inventory plugin. Fixes#34164
* Add changelog fragment
(cherry picked from commit 263b9fa)
Co-authored-by: Matt Martz <matt@sivel.net>
* Return correct version on installed VyOS (#39115)
* Return correct version on installed VyOS
Previously existing regexp will shows only "VyOS" without numeric output of router version.
For example: from "Version: VyOS 1.1.6" only VyOS will be written in ansible_net_version variable
For more informative output numeric value should be returned as well
* Fixed unittests
(cherry picked from commit 235b11f681)
* Added changelog
* fixes#45941
* corrects regression introduced by #26104; when the resource group doesn't exist, the module exits prematurely with an error instead of creating it.
(cherry picked from commit 3b52d968e6)
* Support nested JSON decoding in AnsibleJSONDecoder
* Add tests for vault portion of AnsibleJSONDecoder
(cherry picked from commit c0915e2)
Co-authored-by: Matt Martz <matt@sivel.net>
* Ensure that the value of PLUGIN_FILTERS_CFG is treated as type=path, and that we use the standard section of 'defaults' instead of 'default'
* deprecate the default section
* Don't add version_added for the corrected section
(cherry picked from commit 172137c)
Co-authored-by: Matt Martz <matt@sivel.net>
* fix tempating issues with no_log and loops (#44468)
* fix tempating issues with no_log and loops
- task is no log if any item is
- added test cases
fixes#43294
(cherry picked from commit bda074d34e)
* use play context to avoid bug when jinja2+py3
* Fix pkg_mgr_name fact finding for Fedora (#40922)
* Properly handle default package manager vs apt
For distros where apt might be installed but is not the default
package manager for the distro, properly identify the default distro
package manager during fact finding and re-use fact finding from
DistributionFactCollector and instead of reimplementing small
portions of it in PkgMgrFactCollector
Add unit test to always check the apt + Fedora combination to test
the new code.
Fixes#34014
Signed-off-by: Adam Miller <admiller@redhat.com>
* remove q debugging output I accidentally left behind
Signed-off-by: Adam Miller <admiller@redhat.com>
* add os_family to the conditional so we're only hitting that code path when needed
Signed-off-by: Adam Miller <admiller@redhat.com>
* setup for a _check* pattern for general os_family group pkg_mgr checking
Signed-off-by: Adam Miller <admiller@redhat.com>
* use Mock.patch decorator for os.path.exists in TestPkgMgrFactsAptFedora
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix fedora version dnf fact, default pkg_mgr detection per distro family (#43261)
* fix fedora version dnf fact, default pkg_mgr detection per distro family
* loop over possible dnf/yum paths in case there are multiple canonical sources later in life
Signed-off-by: Adam Miller <admiller@redhat.com>
* pkg_mgr: fixed apt_rpm detection (#43769)
Instead of checking the distribution name (which apparently is tricky to find out)
check if /usr/bin/apt-get is managed by RPM.
Fixes#43539
* Ensure that apt is always chosen on debian/ubuntu
One can install alternate packages managers on debuntu machines.
However, doing so doesn't mean you want to suddenly start using them.
Add in a check similar to the fedora yum/dnf check that sets apt as the
pkg_mgr if the ansible_os_family is Debian.
Martin Krizek