Commit Graph

3207 Commits (f5431321a295c4f67946c85ee5acd96c5213f44c)

Author SHA1 Message Date
Matt Martz f6d2b18322
Correctly get the filename from a url in fetch_file. Fixes #29680 (#78383) 2 years ago
Matt Clay cc5c706681
Update unit test controller requirements. (#78376) 2 years ago
Matt Clay f5c01a8b6e
Remove unit test Python 2.6 compat. (#78369) 2 years ago
Matt Clay b86a18bd27
Remove unit test pytz requirement. (#78368) 2 years ago
Ruediger Pluem 0ef1376966
Make distro.id() report newer versions of OpenSuSE (at least >=15) also report as opensuse (#76121)
* Report OpenSuSE >= 15 as opensuse

Make distro.id() report newer versions of OpenSuSE (at least >=15) also report
as opensuse. They report themselves as opensuse-leap.

* Add a test
2 years ago
Sloane Hertel 5728d72cda
Fix KeyError for ansible-galaxy when caching paginated responses from v3 (#78325)
* Fix KeyError for ansible-galaxy when caching paginated responses from v3

* changelog

* generate responses in loop for test

Co-authored-by: Matt Martz <matt@sivel.net>
2 years ago
Martin Krizek b56b38b3ba
Use classproperty to access field attributes of a class (#78180)
* Use classproperty to access field attributes of a class, consolidate into one class
2 years ago
Matt Clay 9b42f9befe
Revert "Re-enable strategy units (#78293)" (#78300)
This reverts commit c6c9d90ca4.
2 years ago
Matt Martz c6c9d90ca4
Re-enable strategy units (#78293) 2 years ago
Matt Martz d58e69c82d
Add support for gzip decoding responses (#41925) 2 years ago
zorun a6e671db25
Fix AIX processor facts and add unit test (#78223)
- `processor_count` was erroneously set to the number of cores
- `processor_cores` was erroneously set to the number of threads per core
- `processor_vcpus` and `processor_threads_per_core` were not set
- `processor` was a string, while it's supposed to be a list

Before:

```
"ansible_processor": "PowerPC_POWER7",
"ansible_processor_cores": 4,
"ansible_processor_count": 12,
```

After:

```
"ansible_processor": [
    "PowerPC_POWER7"
],
"ansible_processor_cores": 12,
"ansible_processor_count": 1,
"ansible_processor_threads_per_core": 4,
"ansible_processor_vcpus": 48,
```

Also add a unit test.

Co-authored-by: Baptiste Jonglez <git@bitsofnetworks.org>
2 years ago
Kay Yan 2e4b0fefbf
Added Kylin Linux Advanced Server Support (#78232) 2 years ago
Matt Martz b1dd2af4ca
Preflight utf8 encodings check (#78175) 2 years ago
Brian Coca d26801e994
Fix wording for :ref|term: substitution (#78216)
* Fix workding for :ref|term: subsitution

 now matches 'seealso' and makes more sense:

  ```
  delay:
  applies_to:
  - Task
  description: Number of seconds to delay between retries. This setting is only used
    in combination with `until`.
  ```
 vs
  ```
  delay:
  applies_to:
  - Task
  description: Number of seconds to delay between retries. This setting is only used
    in combination with website for `until`.
  ```

* updated unit tests

* match see also

* more sanity
2 years ago
Sloane Hertel 1562672bd1
Make unit test for missing git executable more generic (#78173)
* Make unit test for missing git executable more generic

* use MagicMock side_effect to raise exception instead
2 years ago
Martin Krizek 43153c5831
`FieldAttribute`s as descriptors (#73908) 2 years ago
Brian Coca fa35aa4865
Galaxy server config updates (#77106)
* ansible-galaxy configurable timeouts

  - also fixed issues with precedence,
    so --ignore-certs now overrides config
  - made galaxy_timeout generic setting,
    if set, it becomes default for server configs,
    but now specific servers can override
  - updated tests or added notes (some tests ignore/override precedence)

Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
2 years ago
David Moreau Simard d81a519f25
Remove .travis.yml files from galaxy init skeletons (#75740)
* Remove .travis.yml files from galaxy init skeletons

These files have existed for many years but in light of the recent
circumstances around Travis, we should not include them by default in
the galaxy init skeletons.

* Add breaking_changes changelog fragment with recommendation to use a custom skeleton if the .travis.yml file is still needed.

Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
3 years ago
Matt Martz 5e369604e1
Forked display via queue (#77056)
* Forked Display via queue

* Docs and simple code cleanup

* Only proxy Display.display

* Remove unused import

* comment

* Update deadlock comment, remove py3 check

* Don't flush display, and don't lock from forks

* clog frag

* ci_complete ci_coverage

* Add units for queue proxying

* Cleanup flush

* ci_complete

* Only lock the write, switch to RLock

* Remove unused import
3 years ago
Wouter Schoot 711b51fad6
Remove double spaces in errormessage (#77839) 3 years ago
Sloane Hertel 621e782ed0
Add toggle to fix module_defaults with module-as-redirected-action on a per-module basis (#77265)
* If there is a platform specific handler, prefer the resolved module over the resolved action when loading module_defaults

Add a toggle for action plugins to prefer the resolved module when loading module_defaults

Allow moving away from modules intercepted as actions pattern

Fixes #77059
3 years ago
Matt Clay 2595b42aca
Prefer unittest.mock over mock. (#77886) 3 years ago
Matt Clay 3a9a23fb1a
Use unittest.mock instead of mock. (#77883)
This can only be done for controller tests.
3 years ago
Matt Clay 8ca28acd0d Fix unit tests for Python 3.11. 3 years ago
Matt Clay 5f74350fd5 Avoid deprecated method in unit tests. 3 years ago
Martin Krizek e9af6efee6
Raise a proper error when include/import_role is used as a handler (#77807) 3 years ago
Abhijeet Kasurde 524d30b8b0
distribution: add distribution_minor_version for Debian Distro (#74721)
* Added a fact about minor version details for Debian Distro

Fixes: #74481

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
3 years ago
Martin Krizek ed30fc9a06
Remove deprecated loading cache plugins directly without cache_loader (#77655) 3 years ago
Matt Clay 5c2d830dea
ansible-test - Fix subprocess management. (#77641)
* Run code-smell sanity tests in UTF-8 Mode.
* Update subprocess use in sanity test programs.
* Use raw_command instead of run_command with always=True set.
* Add more capture=True usage.
* Don't expose stdin to subprocesses.
* Capture more output. Warn on retry.
* Add more captures.
* Capture coverage cli output.
* Capture windows and network host checks.
* Be explicit about interactive usage.
* Use a shell for non-captured, non-interactive subprocesses.
* Add integration test to assert no TTY.
* Add unit test to assert no TTY.
* Require blocking stdin/stdout/stderr.
* Use subprocess.run in ansible-core sanity tests.
* Remove unused arg.
* Be explicit with subprocess.run check=False.
* Add changelog.
* Use a Python subprocess instead of a shell.
* Use InternalError instead of Exception.
* Require capture argument.
* Check for invalid raw_command arguments.
* Removed pointless communicate=True usage.
* Relocate stdout w/o capture check.
* Use threads instead of a subprocess for IO.
3 years ago
Brian Coca b439e41a91
expand ansible-doc coverage (#74963)
* Expand ansible-doc to tests/filters and fix existing issues

  enable filter/test docs if in single file or companion yaml
  add docs for several filters/tests plugins
  allow .yml companion for docs for other plugins, must be colocated
  verify plugins are valid (not modules, cannot)
  fix 'per collection' filtering
  limit old style deprecation (_ prefix) to builtin/legacy
  start move to pathlib for saner path handling
  moved some funcitons, kept backwards compat shims with deprecation notice

  Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
  Co-authored-by: Felix Fontein <felix@fontein.de>
  Co-authored-by: Sandra McCann <samccann@redhat.com>
3 years ago
Martin Krizek 3980eb8c09
Prevent losing unsafe from lookups (#77609)
* Prevent losing unsafe from lookups

This patch fixes a bug which under certain conditions results in data
returned from lookups not being marked as unsafe.

Each time Templar.do_template is invoked a new AnsibleContext is
created and stored effectively at two places:
1) as an instance variable in templar_obj.cur_context
2) as a local variable called new_context in do_template method of Templar

Due to custom functionality in Ansible's Context that allows for nested
templating it is possible that during resolving variable's value
template/do_template method is called recursively again, again creating
a new context. At that point the problem manifests itself because as
mentioned in 1) above the context is overwriten on the templar object
which means that any subsequent calls to _lookup will use the new
context to mark it as unsafe which is now different to the local
new_context which is used for testing for unsafe property.

The solution to the problem appears to be to restore the original
context inside do_template and also to eliminate the local variable
new_context to prevent problems in the future.

It appears that we don't have a better way of storing the context other
than as some form of global variable and so this appears to be the
"best" solution possible at this point. Hopefully data tagging will be
the solution here.

For more examples see unit and integration tests included in this patch.

Fixes #77535
3 years ago
Matt Clay 26fd5a8c3a Revert "ansible-test - Fix subprocess management. (#77638)"
This reverts commit 62d03c8e75.
3 years ago
Matt Clay 62d03c8e75
ansible-test - Fix subprocess management. (#77638)
* Run code-smell sanity tests in UTF-8 Mode.
* Update subprocess use in sanity test programs.
* Use raw_command instead of run_command with always=True set.
* Add more capture=True usage.
* Don't expose stdin to subprocesses.
* Capture more output. Warn on retry.
* Add more captures.
* Capture coverage cli output.
* Capture windows and network host checks.
* Be explicit about interactive usage.
* Use a shell for non-captured, non-interactive subprocesses.
* Add integration test to assert no TTY.
* Add unit test to assert no TTY.
* Require blocking stdin/stdout/stderr.
* Use subprocess.run in ansible-core sanity tests.
* Remove unused arg.
* Be explicit with subprocess.run check=False.
* Add changelog.
3 years ago
Sam Doran 1b947eaf92
arg_spec - Return aliases in validation result and update aliases (#77576)
When looking up the `no_log` setting for a parameter that is an alias in
`AnsibleModule._log_invocation()`, the alias value will always be an
empty dictionary since `self.aliases` on the `AnsibleModule` instance is
never updated after initialization. Since the `no_log` setting is on the
canonical parameter not the alias, an incorrect warning is issued if the
parameter matches `PASSWORD_MATCH`.

This PR returns the aliases dictionary as an attribute of the
`ValidationResult` and updates the `aliases` attribute on the
`AnsibleModule` instance.
3 years ago
Jack 4d69c09695
ansible-galaxy collection - ensure dependencies are a dict (#77561)
* fix traceback when installing collection with dependencies set to None
3 years ago
Brian Coca abdd237de7
Yolo (#77554)
* Revert "Revert "Config, ensure templating happens at functions (#77483)""

This reverts commit 94c9106153.

* removed update configdata, which is unused
* removed test for action we don't perform anymore
* removed unused configdata
3 years ago
Martin Krizek cbe42bff7f
Allow for lazy evaluation of Jinja2 expressions (#56116) 3 years ago
Brian Coca f2ab920822
Better info sourcing (#77511)
Task is  authoritative
   also includes latest per loop info
   and fix tests
3 years ago
Brian Coca 3b9592fcaf
Move to display as single source of verbosity (#77498)
* Move to display as single source of verbosity

Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
3 years ago
htol d7fbde4ea9
Make "~/.ansible" path configurable (#76114)
* replace hardcoded '~/.ansible' to C.ANSIBLE_HOME
* rename previously existing env ANSIBLE_HOME in env-setup script
* modify cache dir monkeypatching in galaxy api unit tests
* update "version_added" to 2.14 for ANSIBLE_HOME
* fix description of collections with proper use of ANSIBLE_HOME

Co-authored-by: htol <github@h-tol.net>
Co-authored-by: stefanwascoding <stefan@syntaxhelden.de>
3 years ago
Martin Krizek 94eff70030
PlayIterator - remove deprecated states (#77444) 3 years ago
Sloane Hertel 477c55b0d2
Get git executable for collections in git repos (#77493)
* Fix traceback installing collections from git repos if git is not installed
3 years ago
Sloane Hertel 87a8fedd94
Fix type for ansible-galaxy server config definitions (#77424)
* Fix type for ansible-galaxy server config definitions

* changelog

* check attr without api call

* pep8
3 years ago
Martin Krizek e080bae766
Remove deprecated ALLOW_WORLD_READABLE_TMPFILES config option (#77410)
Fixes #77393
3 years ago
Jordan Borean 60b4200bc6
winrm - ensure callers PATH for kinit is set (#77401)
* winrm - ensure callers PATH for kinit is set

* Fix unit test expectations

* Fix type annotation
3 years ago
Sloane Hertel f96a661ada
ansible-galaxy - add configuration options for more flexible collection signature verification (#77026)
* Add a toggle to control the number of signatures required to verify the authenticity of a collection

* Make the default number of required valid signatures 1

* Add option to make signature verification strict and fail if there are no valid signatures (e.g. "+1")

* Use a regex to validate --required-valid-signature-count

* Add a toggle to limit the gpg status codes that are considered a failure

* Update documentation and changelog

* Add unit and integration tests for the new options

* Fixes #77146

Fix using user-provided signatures when running 'ansible-galaxy collection verify ns.coll --offline'

Add a test for a user-provided signature when running ansible-galaxy collection verify with --offline

Fix displaying overall gpg failure without extra verbosity

Add a test for displaying gpg failure without verbosity

Improve documentation to be more clear that signature verification only currently applies to collections directly sourced from Galaxy servers
3 years ago
ChanthMiao 34e60c0a7a
ansible_distribution: Add support for Uos/Deepin (#77275)
* ansible_distribution: Add support for Uos/Deepin

* Add changelog fragment.
3 years ago
Felix Fontein e3c72230cd
unarchive: fix io_buffer_size option, remove ignore.txt entry (#77271)
* Fix io_buffer_size option.

* Remove ignore.txt entry by adding action plugin only options to module's argument spec.

* Add changelog fragment.

* Adjust unit tests.
3 years ago
Matt Clay f68c66a3ef Remove collections compat from controller code. 3 years ago
Abhijeet Kasurde 4f48f375a0
parameters: handle blank values when argument is a list (#77119)
Fixes: #77108

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
3 years ago
Matt Clay 1a5853d794
Remove obsolete units.compat.mock compat layer. (#77118)
* Remove obsolete units.compat.mock compat layer.
* Update remaining units.compat.mock references.
3 years ago
Matt Clay b613808277 Remove obsolete unit test builtins compat. 3 years ago
Matt Clay 2cd6cdc6a7
Fix duplicate unit test function names. (#77115)
* Fix duplicate unit test function names.
* Disable faulty tests.
3 years ago
Matt Clay 0bd8106d15 Remove unused mock compat code.
The code is unreachable since Python 3 versions before 3.5 are not supported.
3 years ago
Matt Clay de9a3bda2c Fix warning in unit tests for _yaml import. 3 years ago
Sloane Hertel 43e55db208
ansible-galaxy - add signature verification of the MANIFEST.json (#76681)
* ansible-galaxy collection install|verify:

  - Support verifying the origin of the MANIFEST.json when the Galaxy server has provided signatures.
  - Allow supplemental signatures to use during verification on the CLI/requirements file.

* ansible-galaxy collection install:

  - Support disabling signature verification. This silences the warning provided by ansible-galaxy if the Galaxy server provided signatures it cannot use because no keyring is configured.
  - Store Galaxy server metadata alongside installed collections for provenance. This is used by 'ansible-galaxy collection verify --offline'.

* Add unit tests for method that gets signatures from a Galaxy server

* Add integration tests for user-provided signature sources

- Test CLI option combinations
- Test installing collections with valid/invalid signature sources
- Test disabling GPG verification when installing collections
- Test verifying collections with valid/invalid signature sources

* Make signature verification advisory-by-default if signatures are provided by the Galaxy server

- Make the default keyring None
- Warn if the keyring is None but the Galaxy server provided signatures
- Error if the keyring is None but the user supplied signatures
- Error if the keyring is not None but is invalid

* changelog

* add ansible-galaxy user documentation for new options

Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
Co-authored-by: Sandra McCann <samccann@redhat.com>
Co-authored-by: Andy Mott <amott@redhat.com>
Co-authored-by: John R Barker <john@johnrbarker.com>
3 years ago
Thomas Sjögren b145732973
Resubmit: Use SystemdStrategy for Debian in the hostname module (#76929)
* add DebianStrategy tests
* ensure hostname can be changed by using become
* use Systemd strat for debian and Base for generic.
* add test to ensure all strategies are available

Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
3 years ago
Éloi Rivard 3889ddeb4b
iptables - added a ``chain_management`` parameter to control chain (#76378)
creation and deletion

fixes #25099
closes #32158
3 years ago
Brian Coca 0ff80a15ba
ssh connection avoid parsiing own debug (#76732)
- Avoids false positives on become strings being echoed back 
   by ssh cli itself
  - added test for debug lines
  - also simplified some of existing test code
3 years ago
Brian Coca 9142be2f6c
Allow specifying specific python via shebang (#76677)
modules with python were always normalized to /usr/bin/python,
  while other interpreters could have specific versions.

* now shebang is always constructed by get_shebang and args are preserved
* only update shebang if interpreter changed
* updated test expectation
* added python shebang test
3 years ago
Adrian Likins 20cc87f059
Expect upper case message 'levels' for galaxy publish results (#63530) 3 years ago
Sloane Hertel 76220c4a7b
ansible-galaxy - fix the --ignore-certs flag for the implicit galaxy server (#76735)
* ansible-galaxy - fix the --ignore-certs flag for the implicit galaxy server

* changelog

* Add a test without the server config

* Fix respecting --ignore-certs for individual --server URLs also

* Update changelogs/fragments/76735-ansible-galaxy-fix-ignore-certs.yaml
3 years ago
Matt Martz 0ef5274a3c Don't assert stdlib behavior, just assert that urllib was called 3 years ago
Jordan Borean aaa7944b02
Fix tests failing on pytest 7 (#76670)
* Fix pytest 7 failures with leaky fixture
3 years ago
Matt Clay 97104f1221
Avoid deprecated TestCase functions in unit tests. (#76678)
* Avoid deprecated TestCase functions in unit tests.
* Add assertRaisesRegex for Python 2.7.
* Fix indentation.
3 years ago
Jaromaz 16def8050a
facts - Set correct OS family for EuroLinux (#76624)
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
3 years ago
Sloane Hertel ed6581e4db
check finder type before passing path (#76448)
* check finder type before passing path

ci_complete

* Reduce nesting

* Test find_module does not cause a traceback with Python 3 FileFinder

* Update lib/ansible/utils/collection_loader/_collection_finder.py
3 years ago
Jordan Borean 8482ee4e9a
galaxy build - ignore existing MANIFEST and FILES (#76479) 3 years ago
James Livulpi 7830e5308e
add tencentos fact distro (#76459)
Fixes #76459

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
3 years ago
Brian Coca 472028c869
catch the case that cowsay is broken (#76326)
* catch the case that cowsay is broken

fixes https://github.com/ansible/ansible/issues/72582

  add changelog
  raise Exception for broken cowsay
  add test for broken cowsay

Co-authored-by: Matthias Bernt <m.bernt@ufz.de>
3 years ago
Brian Coca b02168d644
better handling of sudo flag replacement (#76389)
* better handling of sudo flag replacement
3 years ago
Richie B2B 1b34933414
Fix ansible-doc -l ansible.builtin / ansible.legacy (#76235) 3 years ago
Martijn Pieters 08af0fbf95
Unbreak hostname.RedHatStrategy (#76032)
- On Python 3, decode bytes to str
- Tolerate whitespace around the line.
- Report a missing HOSTNAME line as an error.
- Don't clobber line separators when setting a new hostname.
- Add some tests for this strategy to verify correct operation.
3 years ago
Martin Krizek 5c225dc0f5
Introduce public methods to access PlayIterator._host_states (#74416) 3 years ago
Jan Fader 17ec2d4952
check /.dockerenv and /.dockerinit to guess a dockercontainer (#74349)
* use os.path.exists for docker-check

Co-authored-by: Jacob Floyd <cognifloyd@gmail.com>
3 years ago
Martin Krizek 47ee282227
Parser errors from within includes should not be rescueable (#73722)
* Parser errors from within includes should not be rescueable
* Also fixes unit tests
Fixes #73657
3 years ago
Martin Krizek 26707a3c6b
Heisen jinja2_native (#75587)
* Use NativeEnvironment for all templating

ci_complete

* Keep Templar.copy_with_new_env for backwards compat

* Mention that AnsibleUndefined.__repr__ changed in the porting guide

* Templar.copy_with_new_env backwards compat

* ci_complete
3 years ago
Martin Krizek 395e5e20fa
PlayIterator: use enums for states (#74511) 3 years ago
Martin Krizek 7621784b94
Require Jinja2 3.0.0 (#75881)
* Require Jinja2 3.0.0

ci_complete

* Fix sanity

* Remove Jinja min/max tests

* ansible-test changes

* ci_complete

* More cleanup

ci_complete

* Revert _count_newlines_from_end :( and other stuff

* Fix sanity

* It's using host_vars ...

* Unused import

* Remove overridden groupby filter

* environmentfilter -> pass_environment

* Explain preserve_trailing_newlines

* Add changelog

* ci_complete

* Deprecated ANSIBLE_JINJA2_NATIVE_WARNING

* native_helpers.py cleanup

* More cleanup in the find intgration test
3 years ago
Martin Krizek 23f95300bd
Intentional tests (#76051)
ci_complete
ci_coverage
3 years ago
Miroslav Brabenec bc0caad2ad
Fix parsing of device serial number for RHEL8 (#75876)
* Fix parsing of device serial number for RHEL8

* Add tests and changelog

Co-authored-by: Miroslav Brabenec <miroslav.brabenec@memsource.com>
3 years ago
Martin Krizek f774292439
cli - remove deprecated setting verbosity before sub command (#75840)
* cli - remove deprecated setting verbosity before sub command

Fixes #75823

* Fix tests
3 years ago
Matt Martz 79e9dae292
Don't show params when there is an issue with `set_option(s)` (#75805) 3 years ago
Matt Martz 96b221b344
Update vendored copy of distro to 1.6.0 (#75732)
* Update vendored copy of distro to 1.6.0

* copy pasta mistake

* ci_complete
3 years ago
Ross Bender 7a4b5d14fc
ansible-galaxy role install: download from API response location (#73114)
* download role from api response location

* include changelog fragment

* add unit test for role download url

Co-authored-by: Sam Doran <sdoran@redhat.com>
3 years ago
Thomas Sjögren 57359d0174
use passlib default if `password_hash` option isn't set (#75043)
* add changelog fragment
* password_hash|length == 120
* mention the new default bcrypt format in the porting guide
3 years ago
Sloane Hertel 7ecc227488
ansible-galaxy: Clone git collections using shallow clones (#75722)
* ansible-galaxy: Clone git collections using shallow clones

This ensures the collection obtained via git url is a result of a
shallow git clone (git clone --depth=1). The git history of the
collection is not used by ansible, and as such, cloning the entire
history of the repo is unnecessary.

Signed-off-by: Tomas Babej <tomas@tbabej.com>

* ansible-galaxy: Only perform shallow clones on non-versioned git urls

In general, the version can be anything we can checkout (branch, tag,
but also a commit hash). In particular for commit hashes we cannot
perform a shallow clone.

Err on the safe side and only perform shallow clones for non-versioned
git urls (cloning HEAD).

* galaxy-install: Make shallow cloning compatible with older Python versions

Signed-off-by: Tomas Babej <tomas@tbabej.com>

* Pass args as a tuple

Add tests for the git command created from different repo and version combinations

* changelog

Co-authored-by: Tomas Babej <tomas@tbabej.com>
3 years ago
Matt Clay 4ea8d9a782
ansible-test - split controller/target testing (#75605) 3 years ago
Daniel Goldman 989eeb243f
Add an `undef` global Jinja function (#75435)
* add tests for fail filter

also tests that fail does not block inspectability

* add fail filter

fallback message is a bit clunky,
since you can't invoke a filter without specifying an input.
That is, "{{ fail }}" doesn't work,
so you have to do "{{ None | fail }}"

* document 'fail' filter

* add changelog fragment

* fail filter uses default message on Undefined or emptystring

makes it slightly easier to use the default message:
```diff
- "{{ None | fail }}"
+ "{{ '' | fail }}"
```

and the user sees a slightly more relevant message
if the message itself is undefined:

```diff
- The error was: {{ failmsg | fail }}: 'failmsg' is undefined
+ The error was: {{ failmsg | fail }}: Mandatory variable has not been overridden
```

* rebuild as the builtin `Undefined`

* harmonise `hint` parameter for make_undefined with jinja

* use code block for documentation item

[ref](https://github.com/ansible/ansible/pull/75435#discussion_r707661035)

* rename to `undef` to expose less Python into the Jinja

[ref](https://github.com/ansible/ansible/pull/75435#pullrequestreview-757799031)

* explicitly instantiate undefined value now that it's possible

see I knew we would break something with reflection

* preserve test coverage of undefined variable

Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
3 years ago
Chris Hambridge 1353678f23
Enable ansible-galaxy to specify client id override with Keycloak Token (#75601)
* Enable ansible-galaxy to specify client id override with Keycloak Token

* Specify ability to provide override of client_id

* Test client_id can be configured for individual servers

* Add issue link to changelog

* Document client_id as a config option and add an example

Co-authored-by: s-hertel <19572925+s-hertel@users.noreply.github.com>
3 years ago
Sloane Hertel 72ba2bdc82
ansible-galaxy - add a per-server validate_certs option (#75710)
* Add a validate_certs option to galaxy server configuration

* Add a unit test for cert validation

* changelog
3 years ago
Abhijeet Kasurde 12734fa21c
yaml dumper: Add YAML respresenter for AnsibleUndefined (#75078)
Fixes: #75072

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
3 years ago
Matt Clay de01db08d0
pip - Use pip from the current Python interpreter. (#75634)
* pip - Use pip from the current Python interpreter.

If `executable` and `virtualenv` were not specified, and
the `pip` Python module is available for the current interpreter,
use that `pip` module instead of searching for a `pip` command.

* Add comment about needing `__main__` to run `pip`.

* Fix unit test.

* Add porting guide entry.

* Update changelog to match porting guide description.

ci_complete
3 years ago
Matt Martz 74f5367673
Ensure `heuristic_log_sanitize` returns correct data if no password found (#75570)
* Ensure heuristic_log_sanitize returns correct data if no password found. See #75542

* Need to allow code to flow through
3 years ago
Pilou 3d7f2a1366
Fix an exception when passlib library is used with a wrapped algo (#75527)
* Test a passlib wrapped algo with a password lookup

* Fix error when passlib is used with a wrapped algo

The exception was:

     An unhandled exception occurred while running the lookup plugin 'password'.
     Error was a <class 'TypeError'>, original message: issubclass() arg 1 must be a class

and can be reproduced using the following command:

    ansible localhost -i localhost, -mdebug -amsg="{{ lookup('password', '/dev/null encrypt=ldap_sha512_crypt') }}"

The concerned algo are: bsd_nthash, django_argon2, django_bcrypt, ldap_bcrypt,
ldap_bsdi_crypt, ldap_des_crypt, ldap_hex_md5, ldap_hex_sha1, ldap_md5_crypt,
ldap_pbkdf2_sha1, ldap_pbkdf2_sha256, ldap_pbkdf2_sha512, ldap_sha1_crypt,
ldap_sha256_crypt, ldap_sha512_crypt, roundup_plaintext
3 years ago
Brian Coca 3ca50a2200
Clarify get_bin_path error message (#75544) 3 years ago
Martin Krizek 51f2f1ac5e
yum: fix parsing of check-update with subsequent empty lines (#75452)
Rather than adding further complexity to the regex, preprocess the output to
remove any empty lines. Now the only purpose of the regex is to fix
wrapped lines.

Fixes #70949
3 years ago
Matt Clay 7450e87615
Fix up string splitting to prepare for pylint update. (#75479)
* Use rsplit with maxsplit in BaseCacheModule.
* Use maxsplit for accessing first item.
* ansible-test - More efficient splitting.
3 years ago
Matt Clay ce6d8a143c
Code cleanup to prepare for pylint update. (#75475)
* user - Remove unused code.
* Replace deprecated abstractproperty decorator.
* Fix __all__ to be a tuple.
* Use a generator in subelements lookup.
* Use from import in basic.py
* Add changelog fragment.
* Fix selinux unit test.
3 years ago
Matt Clay 04009a77e6
Clean up unit tests to prepare for pylint update. (#75473)
* Fix argument name in mocked function.
* Use from import in unit tests.
* Remove unused imports.
3 years ago
Sam Doran fa7482c63a
Change interpreter discovery defaults to silently prefer Python 3 (#75049)
Push /usr/bin/python to almost the bottom of the barrel. This makes the strategy to prefer
specific versions of the "mystery meat" version.

* Change INTERPRETER_PYTHON default to 'auto'
    Change description to match change in behavior.
    Change deprecation message to a warning.

* Update docs
* Add porting guide entry
* Update unit tests
* Update integration test
* Allow INTERPRETER_PYTHON_FALLBACK to be configure using a variable
* Prefer platform-python above other Python 2 interpreters
* Add Python 3.10 to the list of interpreters
3 years ago
Brian Coca 8d41b97329
Skip python interpreter discovery for 'forced local' module execution (#74824)
mostly for use with network_os
  use 'remote is local' property as indicator
  ensure task_vars are as expected in test
3 years ago
Martin Krizek 58e38044fe
Fix when evaluation on Native Jinja and Python 3.10 (#75202)
* Fix when evaluation on Native Jinja and Python 3.10

* Add unit test

* Add explaining comment

* Enable jinja2_native before tests

Co-Authored-By: Matt Martz <matt@sivel.net>

* Sanity

* Return native template module instead of modifying globals

Co-authored-by: Matt Martz <matt@sivel.net>
3 years ago
Matt Martz 4dca539a29
Expose `unredirected_headers` to `uri` and `get_url` modules (#75308) 3 years ago
Brian Coca 61900c7672
modules moved to use best_parsable_locale (#75250)
* modules moved to use best_parsable_locale

* fixed invocations

* better better

* also module_utils

* converted to function as per fb

* patch testt

* whitespace
3 years ago
Sloane Hertel 3b861abce1
add action_groups support to collections (#74039)
* Canonicalize module_defaults actions and action_groups pre-fork and cache them on the play

* Call get_action_args_with_defaults with the resolved FQCN plugin and don't pass the redirect list

* Add validation for action_group metadata and a toggle to disable the warnings

* Handle groups recursively referring to each other

* Remove special-casing for non-fqcn actions in module_defaults groups

* Error for actions and groups in module_defaults that can't be resolved

* Error for fully templated module_defaults

* Add integration tests for action_groups

* Changelog
3 years ago
Abhijeet Kasurde e7a3715a90
recursive_diff: handle error when parameters are not dict (#74801)
Co-authored-by: Sam Doran <sdoran@redhat.com>
3 years ago
Sam Doran a8de35e131
task_executor - use correct value for ssh connection retries (#75155)
Since the task and connection both have the same 'retries' keyword, the task default
would override the connection value.

Do not pass 'retries' from the task to the connection options.

* Set ssh_connection retries default value back to 0
  It was 0 before the move to config and was changed to 3 by accident.
3 years ago
Brian Coca 415e08c297
Try to get best usable locale (#75033)
specially for when you have parameters in unicode but need
  to scrape responses, C is still the fallback

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
3 years ago
Abhijeet Kasurde b0ae3f8a8d
test: Unit tests for validation methods (#75061)
* check_required_one_of()
* check_required_by()
* check_required_if()
* check_missing_parameters()

Fixes: #55994

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
3 years ago
Nasser Alansari 6dbfd73174
YAML representer for VarsWithSources (#68525) 3 years ago
Sam Doran cd473dfb2f
play - validate hosts entries (#74147)
* Change tests to pytest-style tests
* Add tests for invalid hosts
* Validate host inputs
  - check for empty values
  - check for None
  - check for values that are not a sequence and are not strings
  - add unit tests

* Move play name setting to get_name() and out of load()
* Add _validate_hosts() method
  By defining this method, it gets called automatically by FieldAttributeBase.validate().
4 years ago
Sam Doran 9a21e24778
get_distribution - Return distribution for all platforms (#71641)
Since moving to distro, it is possible to return this information for all platforms, not just Linux.
Also return version information for all platfrom not just Linux.
Update unit tests.
Remove some duplicate unit tests though I think there are more to remove.

* Fix docstring formatting

* Minor docstring changes

* Mock distro.id for Solaris service test

* Update comment
4 years ago
Jonathan Kirszling 50e998e303
apt_key: add --recv argument as last one (#74949)
* apt_key: add --recv argument as last one

* Add unit test

* Add the required boilerplate

Co-authored-by: Marius Gedminas <marius@gedmin.as>
4 years ago
Sam Doran 004c33d9c5
unarchive - do not fail in init when trying to find required binary (#74892)
Test for the required binaries in the can_handle_archive() method and fail there. This
prevents failures for missing binaries unrelated to the archive type.

* Update missing zip binary message to match tar message
* Update unit tests
* Add integration tests
* Define packages based on the system rather than ignoring failures
4 years ago
Brian Coca 5dd8dc8fd0
minor service_mgr facts fixes (#74894)
* minor service_mgr facts fixes

  handle case in which ps command fails or returns empty
  updated tests since it now does keep trying to detect after ps fails
4 years ago
s-hamann e2658801f6
Add seed parameter to password lookup (#69775) 4 years ago
Abhijeet Kasurde 8f82e6327f
ansible-cli: Remove unnessary trailing space (#74880)
Fixes: #74875

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Johannes Heimansberg b023f34f4a
service_mgr: Detect using symlink if proc/1 and ps fail
* runit and other alternative service managers tend to work via symlink so this covers most of em
* Fixes #74866.
4 years ago
Abhijeet Kasurde be9f8c69d1
unarchive: Fail when zipinfo is not available (#74632)
Fixes: #39029

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
David Lee Whiteside 805799ac8b
add pkcs11 support to Ansible ssh connection module (#32829)
* rebased with upstream

* removed extra usetty as it wasnt needed, style changes, added var option setable by inventory for pkcs11

* update pkcs11_provider version_added

* Update lib/ansible/plugins/connection/ssh.py

Co-authored-by: Jordan Borean <jborean93@gmail.com>

* Update lib/ansible/plugins/connection/ssh.py

Correct logic for a password being required for pkcs11_provider

Co-authored-by: Jordan Borean <jborean93@gmail.com>

* style nit fixes for checking pkcs11_provider is set

* fixed duplication when using password_prompt with pkcs11_provider

* added changelog fragment

* added changelog fragment

Co-authored-by: David Whiteside <david.whiteside@nrel.gov>
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
Co-authored-by: Jordan Borean <jborean93@gmail.com>
4 years ago
Abhijeet Kasurde 70f22c7f32
Remove commented code (#74860)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Sloane Hertel 5640093f1c
Use the module redirect_list when getting defaults for action plugins (#73864)
* Fix module-specific defaults in the gather_facts, package, and service action plugins.

* Handle ansible.legacy actions better in get_action_args_with_defaults

* Add tests for each action plugin

* Changelog

Fixes #72918
4 years ago
Alexander Sowitzki 502270c804 hostname: clean up strategies
Apply #74744 and #69929 to #70828
4 years ago
Rick Elrod 8a0abed1ba [hostname] don't write in get_*() methods
Change:
- Hostname strategies' get_*() methods should never write to the
  filesystem. They are used in check_mode by default to determine if
  there is any work to be done.

Test Plan:
- New unit tests to ensure that (at least when in check_mode) the get
  methods don't ever call write.

Tickets:
- Fixes #66432

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Matt Martz 98138584b7
Don't mutate os.environ in AnsibleModule.run_command, make a copy, and pass to Popen (#74791)
* Don't mutate os.environ in AnsibleModule.run_command, make a copy, and pass to Popen. Fixes #74783

* Simplify code a bit

* More simple

* Address some other potentially non threadsafe operations

* Add if around umask

* Address unit test assumptions

* Add clog frag

* yaml syntax issue
4 years ago
Matt Martz d27ce4cef3
Remove deprecated features from ansible.playbook.helpers (#74809)
* Remove deprecated features from ansible.playbook.helpers. Fixes #74135
4 years ago
Matt Martz 4a4ffbadc5
Remove deprecated PlayContext.make_become_cmd (#74790) 4 years ago
Abhijeet Kasurde 1bd7dcf339
encrypt: add new paramter 'ident' (#74595)
Add a new parameter `ident` for specifying version of BCrypt
algorithm. This parameter is only valid for `blowfish` hash type.
4 years ago
Sam Doran c0cb353ce1
Remove PyCrypto (#74699)
* Remove PyCrypto from setup.py and packaging script
* Remove mention of pycrpto from installation docs
* Remove PyCrypto from vault
* Remove pycryto constraint and unit test requirement
* Remove PyCrypto tests from unit tests
* Add docs and fix warning message
* Remove section about cryptography library in Ansible Vault docs
4 years ago
Matt Martz 8d1cf7f266
Vendor `distutils.version` (#74644)
* Vendor distutils.version

* Fix import order. ci_complete

* remove distutils warning filter

* Don't remove warnings filter from importer

* ci_complete

* Add pylint config for preventing distutils.version

* Add changelog fragment
4 years ago
Brian Coca ddaa539ab1
Better handling of rstisms in ansible-doc (#74596)
* Better handling of rstisms

  replace tags more intelligently to make things more readable
  unit tests + minor adjustments
4 years ago
Sloane Hertel ee725846f0
ansible-galaxy - increase page size and add retry decorator for throttling (#74240)
* Get available collection versions with page_size=100 for v2 and limit=100 for v3

* Update unit tests for larger page sizes

* Add a generic retry decorator in module_utils/api.py that accepts an Iterable of delays and a callable to determine if an exception inheriting from Exception should be retried

* Use the new decorator to handle Galaxy API rate limiting

* Add unit tests for new retry decorator

* Preserve the decorated function's metadata with functools.wraps

Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
4 years ago
Matt Clay bcb64054ed
Another unit test fix for Python 3.10. (#74628)
* Another unit test fix for Python 3.10.
* Add missing __init__.py file.
4 years ago
Matt Clay d4413dac08 Fix unit tests on Python 3.10. 4 years ago
Sam Doran 55b401a3e7
pause - ensure control characters are always set appropriately (#74568)
* pause - ensure control characters are always set appropriately

On some systems, curses.tigetstr() returns None, which does not work as a control character.

* Add unit tests

* Sort imports

* Skip on older Python

This is an action plugin and only runs on the controller, so no need to test of Python 2. Making
the import hackery work on Python 2 would required some more work which I am not sure is
worth it since we are moving away from Python 2 support on the controller.

* Make the tests work on Python 2 and 3
4 years ago
Matt Clay 5dfc7ee078 Remove Shippable CI provider from ansible-test. 4 years ago
Ruairidh MacLeod d101009688
facts - set correct OS family for Rocky Linux (#74530) 4 years ago
Harm Geerts 9bd70045c9
Fix BaseFileCacheModule#keys to respect prefix (#72789)
* Fix BaseFileCacheModule#keys to respect prefix

Change:
- Previously BaseFileCacheModule#keys would return keys with the cache
  prefix. These keys are impossible to retrieve from the cache without
  removing the prefix or using the cache without a prefix.
  Now it removes the prefix from the key and only returns keys that
  share the same prefix as the cache.

Test Plan:
- New unit tests

* Add explicit BaseFileCacheModule#keys test

Test that files that do not match the cache prefix are ignored.
Test that the prefix is removed from the cache key.
4 years ago
Matt Clay a30c55f68a Remove deprecated `common.removed` module_util.
Tests have been updated to reflect its removal as well.
4 years ago
Sam Doran 74b2add460
paramiko_ssh - mark connection as connected when successful (#74459)
* Remove unused import from test
4 years ago
Brian Coca 3cff54d69b
Fix missing delegate display (#74370)
* dont rely on vars, task already gives us info
* ensure we always display delegation in host label
* also added parens with ansible_host to show  target host vs resolved host
* delegating to self is not delegating
* delegated vars restoration for backwards compat
* tests need mock task with delegate_to
4 years ago
Anatoly Pugachev 04e57d28e3
[facts] add hpux fc info, refactor aix and solaris code (#57406)
* correctly parse device from string
* check for command presence before running them
* check for command presence and return code for solaris and aix as well
* add changelog
4 years ago
Logistic Bot 7099657dd7
Basic: don't call lstat when check_mode (#64279)
While mode is specified in check_mode, don't call lstat.
Since file may not present.

Fixes: #61185
4 years ago
Rick Elrod fcbf5c3185
[module_utils] make to_bits actually return (#74409)
Change:
- Instead of returning the `str` type, return the value that was
  calculated.

Test Plan:
- New unit tests.

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Fernando Correia 7fd989d008
Detect Homebrew on Mac M1 (Apple Silicon) (#74378)
Homebrew's default install location for macOS on ARM is /opt/homebrew.
Source: https://docs.brew.sh/FAQ

On a Mac M1 (Apple Silicon), homebrew will be installed at
/opt/homebrew/bin/brew.
4 years ago
Brian Coca 4494ef3a9d
defend against bad or missing crypt (#74304)
* defend against bad or missing crypt

  fixes #74279
4 years ago
Rick Elrod 9f1513d4c0 [become] Add Solaris chmod ACL fallback
Change:
- Newer Solaris drops setfacl. Add a fallback for its chmod ACL syntax.

Test Plan:
- New units

Tickets:
- Fixes #74282

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod 7d64aebdd3 [become] Fix solaris permissions regression
Change:
- Regression introduced in #70785
- When macOS chmod ACL syntax is used, Solaris-derived chmods return
  with a status of 5. This is also used for our sshpass handling,
  because sshpass will return 5 on auth failure. This means on Solaris,
  we incorrectly assume auth failure when we reach this branch of logic
  and try to run chmod with macOS syntax.
- We now wrap this specific use of chmod in an exception handler that
  looks for AnsibleAuthenticationFailure and skips over it. This adds
  another authentication attempt (something we normally avoid to prevent
  account lockout), but seems better than the regression of not allowing
  other fallbacks to be used.
- Without this patch, if setfacl fails on Solaris (and sshpass is used),
  we do not try common_remote_group or world-readable tmpdir fallbacks.

Test Plan:
- New unit

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Matt Clay 9ba6cf9a72 Relocate misplaced unit tests. 4 years ago