Commit Graph

2507 Commits (ff19924a7d90d4e8987f9ca8cbe026d9b5f2415d)

Author SHA1 Message Date
Sam Doran b22d97b2c1
[stable-2.10] Fix string/bytestring comparsion in m_u.basic (#70439) (#73129)
Change:
- module_utils.basic.is_special_selinux_path() used a string ==
  bytestring comparison which returned False and made Ansible think that
  certain filesystems aren't, in fact, special-cased, when they should
  be. Ensure both sides of the == are bytestrings.

Test Plan:
- Added `copy` integration tests for this case.

Tickets:
- Fixes #70244

Signed-off-by: Rick Elrod <rick@elrod.me>.
(cherry picked from commit 688cd8657b)
4 years ago
Sam Doran 1cd09b1ebc
[stable-2.10] systemd - do not overwrite unit name when searching (#72985) (#73013)
PR #72702 introduced a bug that changed the unit name when splitting it up for the purpose
of searching for the unit. This only happens on unit file templates on systems that have a 5.8
or newer kernel and a version of systemd that does not contain a bugfix that causes systmed
to fail to parse dbus.

* Use facts rather than a manual probe to determine if systmed is present
* Remove unnecessary block
* Use vars files instead of set_fact
* Add tests for using a templated unit file
* Update changelog fragment
* Use template to get correct path to sleep binary
(cherry picked from commit 48803604cd)

Co-authored-by: Sam Doooran <sdoran@redhat.com>
4 years ago
Matt Clay cf21e699d4
Update ansible-test pylint Python support. (#72997)
* Rename pylint plugin and add tests. (#70225)
* Update ansible-test pylint Python support. (#72972)
* Add integration tests for sanity test failures.
(cherry picked from commit fa48678a08)

* Python 3.8 is now officially supported.
* Python 3.9 is now skipped with a warning.
(cherry picked from commit 37d09f2488)

* Allow key None to prevent errors with import test.
(cherry picked from commit dbc2c996ab)

Backport of https://github.com/ansible/ansible/pull/73003

Co-authored-by: Felix Fontein <felix@fontein.de>
4 years ago
Jordan Borean c5248f756c
Collection list site packages (#70173) (#72940)
* ansible-galaxy collection list and verify now utilize collections in site-packages.

This is a short term fix for #70147.  The long term fix needs to handle
install (but that discussion is also bound up in how upgrade is going to
work and where things can get installed so it's deferred for 2.11.)

* Add test for ansible-galaxy collection list with site-packages

Co-authored-by: David Moreau Simard <moi@dmsimard.com>
Co-authored-by: Jordan Borean <jborean93@gmail.com>
(cherry picked from commit e7dee73774)

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
4 years ago
Matt Martz 511ffdeff7
[stable-2.10] Fix reset_connection paramiko, winrm, psrp (#72688) (#72925)
* Ensure we only reset the connection when one has been previously established. Fixes #65812

* Ensure psrp doesn't trace

* winrm too

* Indentation fix
(cherry picked from commit a3b6485)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Sloane Hertel 82b75282fc
Fix task get_name to always prepend the role name (#72511) (#72919)
* Fix 'role_name : tast_name' notation if task contains role name

* Add tests for notifying handler names which contain the role name

Co-authored-by: Thomas Wouters <thomaswouters@gmail.com>
(cherry picked from commit 0ed7bfc694)
4 years ago
Martin Krizek a5df30e2bf
Use _wrap_native_text only for builtin STRING_TYPE_FILTERS (#71801) (#72915)
(cherry picked from commit 252685092c)
4 years ago
Jon "The Nice Guy" Spriggs 2f3e9a38b6
Backport/2.10/73079 (#73165)
* Update apt.py, add an example that references the suggested workaround in #25414
(cherry picked from commit 1e1b8e7aca)
(cherry picked from commit 180bbfed6a)

* Added changelog fragment
4 years ago
Matt Clay 4452d98662
Support venv in ansible-test virtualenv scripts (#73163)
* ansible-test - prefer venv over virtualenv on Python 3 (#73000)

Also pin virtualenv to 16.7.10 for older Mac OS X systems. This was the version being installed
anway with the previous constraint (<20).

On systems with Python 3, now prefer venv over virtualenv. Test to see if venv is functional since
some systems have a non-functional venv installation (such as Debian).

(cherry picked from commit 850a77f639)

* Make the new ansible-test venv behavior opt-in

Co-authored-by: Sam Doooran <sdoran@redhat.com>
4 years ago
Rick Elrod 436d8a13b4 New release v2.10.4 4 years ago
Matt Clay 12b33c79ee
[stable-2.10] Fix cryptography constraints in ansible-test. (#72914) (#72922)
(cherry picked from commit 36ab3d1189)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Rick Elrod dc7faeaf6e New release v2.10.4rc1 4 years ago
Brian Coca 1f55a3d15a
avoid fatal exception on invalid collection name (#72296) (#72570)
* avoid fatal exception on invalid collection name used in ansible-doc filter

(cherry picked from commit 4f0e2fff95)
4 years ago
Egor Margineanu 847a2c87e5
Fix AIX networks facts when nestat is either missing or has incorrect permissions (#72516) (#72713)
* Added check for none on netstat_path variable

* Added changelog

(cherry picked from commit e879f12fb9)
4 years ago
Brian Coca d852fa4135
remove redundant remote_user for local setting (#72507)
* remove redundant remote_user for local setting

  local action plugin already does and this also should fix
  fork/thread issue by removing use of pwd library

  fixes #59642

(cherry picked from commit 488b9d6c35)

* ensure local exposes correct user (#72543)

* ensure local exposes correct user

  avoid corner case in which delegation relied on
  playcontext fallback which was removed

  fixes #72541

(cherry picked from commit aa4d53ccdf)
4 years ago
Sam Doran ab417f373a
[stable-2.10] pause - do not hang if run in the background (#72065) (#72605)
* Consolidate logic for determining whether or not session is interactive
  into a single function, is_interactive()
* Increase test coverage

I wasn't able to find a good way of simulating running a backgrounded test with CI since the
whole test is essentially run not in a TTY, which is similar enough to cause the new is_interactive()
function to always return false.
(cherry picked from commit 4b8cb6582b)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Jordan Borean c67d7225e9
ansible-galaxy - source deps from all servers and not just parent - 2.10 (#72684)
* Added integration tests for this scenario

(cherry picked from commit fb092a82a1)

* Slight tweak to galaxy source selection (#72685)

(cherry picked from commit 18e5628b19)
4 years ago
Alexei Znamensky 71ef981191
Backport/2.10/72390 (#72690)
* Return error if cwd directory does not exist (#72390)

* Return warning or error if cwd directory does not exist, in AnsibleModule.run_command()

(cherry picked from commit 5654de6fce)

* added flag in run_command signature to control behaviour when cwd does not exist
4 years ago
Sam Doran 7f1ee07634
[stable-2.10] iptables: Reorder comment postition (#71496) (#72548)
(cherry picked from commit c1da427a5e)

Co-authored-by: Amin Vakil <info@aminvakil.com>
4 years ago
Sam Doran 2a6b411a80
[stable-2.10] ansible-test - skip installing PowerShell sanity test reqs if they are already installed (#72423) (#72424)
(cherry picked from commit 809d5fc398)

Co-authored-by: Jordan Borean <jborean93@gmail.com>
4 years ago
Sam Doran 4e34aa0c19
[stable-2.10] wait_for - ignore psutil related errors (#72401) (#72406)
When enumerating connections with psutil, catch and ignore errors to avoid returning a stack trace.

Co-authored-by:  Matt Martz <matt@sivel.net>
(cherry picked from commit fb09fd2a23)
4 years ago
Sam Doran c422bc64dc
[stable-2.10] blockinfile - properly insert block when no trailing new line exists (#72350) (#72360)
(cherry picked from commit c51438312a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Sam Doran 19bffccd36
[stable-2.10] systemd - fix issue with capbpf and newer kernel (#72337) (#72347)
* [stable-2.10] systemd - fix issue with capbpf and newer kernel (#72337)

A bug existed in systemd 245 that did not properly handle unknown kernel
capabilities gracefully. This resulted in incomplete output when querying
for the service status. It is possible to get service status by other means.
This PR works around this issue by getting service status using other commands
in the event of a failure due to this bug.
(cherry picked from commit db84e2c989)

Co-authored-by: Sam Doran <sdoran@redhat.com>

* [stable-2.10] systemd - use list-unit-files rather than list-units (#72363)

list-unit-files will return all files on the system. list-units omits those
that are disabled.

Co-authored-by: Ken Dreyer <ktdreyer@ktdreyer.com>
(cherry picked from commit d6115887fa)

* systemd - account for templated unit files when searching for service (#72702)

Related to issue #71528 and PR #72337

Co-authored-by: Martin Polden <mpolden@mpolden.no>
(cherry picked from commit a788ea0132)
4 years ago
Felix Fontein 2ff5bf0f21
Fix processing of add_file_common_args=True when argument_spec is not specified as kwarg. (#72334) (#72361)
(cherry picked from commit 233e7beb5b)
4 years ago
Felix Fontein 42da480721
ansible-doc: export has_action when --json is used (#72359) (#72414)
* ansible-doc: export has_action when --json is used.
* Remove docuri and now_data, which were not used resp. ignored in format_plugin_doc and the functions it calls anyway.
* Add function _combine_plugin_doc.

(cherry picked from commit 4fb336cef1)
4 years ago
Felix Fontein 27f547b4d3
[2.10] Fix missing ansible.builtin FQCNs in hardcoded action names (#72457)
* Fix missing ansible.builtin FQCNs in hardcoded action names (#71824)

* Make sure hard-coded action names also check for FQCN.
* Use _add_internal_fqcn() to avoid hardcoded lists and typoes.

(cherry picked from commit da60525610)

* Replace some more FQCNs.

(cherry picked from commit 72302dd611)
4 years ago
Felix Fontein 07cdb709ae
Adjust action groups to moved modules (#72428) (#72496)
* Support docker and k8s action groups for moved modules in community.docker and community.kubevirt.

* Also support k8s action group for community.okd.

* Also add kubernetes.core.

* Fix changelog fragment.

* Remove community.okd.

* Revert "Remove community.okd."

This reverts commit 812b5aa6e2.

(cherry picked from commit c7a4b39633)
4 years ago
Sam Doran ba25a1cdf1
[stable-2.10] AnsibleModule.set_mode_if_different: handle symlink is in a sticky directory (#45198) (#72863)
* file: add symlink is in a sticky directory tests
* file: handle symlink in a sticky directory

Co-Authored-By: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>

* Add changelog and fix unit test
The builtins import was removed since it was unused, but it is now needed.
(cherry picked from commit b464d18fd1)

Co-authored-by: Pilou <pierre-louis.bonicoli@libregerbil.fr>
4 years ago
Felix Fontein 6dc2e9c2f4
[2.10] The implicit default for type=bool options is not 'false', but 'none' (#72864)
* The implicit default for type=bool options is not 'false', but 'none' (#72699)

* Fix modules, resp. add ignore.txt entries.

(cherry picked from commit 5226ac5778)

* Add ignore.txt entries and fix deprecated option that was already removed in 2.11.
4 years ago
Felix Fontein a15550c0c8
ansible-test sanity: fix UnicodeDecodeError for `--python 2.7 --docker` (#72623) (#72865)
* Store target paths as unicode.

* Add changelog fragment.

(cherry picked from commit f94ba68d8f)
4 years ago
Felix Fontein 138a5bd2d6
[2.10] Improve deprecations (#72871)
* Improve deprecations (#72697)

* Remove space before comma in '... bla , use ...'

* 'why' is inserted in the middle of a sentence, between two commas.

* Make deprecations from base.yml show source ansible-core.

* Add changelog fragment.

* Improve some more 'why's.

* Add PR URL to fragment.

(cherry picked from commit f569d80fde)

* 2.10 is ansible-base, not ansible-core
4 years ago
Felix Fontein 7e2faa25d7 Improve ansible-test classifications for collections (#72353)
(cherry picked from commit 64a809d2b6)
4 years ago
Matt Clay 7813b1248b [stable-2.10] Fix Azure Pipelines change detection. (#72824)
(cherry picked from commit 08842cd6bb)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Rick Elrod 0d7ab375eb
[centos6] update container for EOL (#72795)
Change:
- Reference:
  https://lists.centos.org/pipermail/centos-devel/2020-December/056208.html
- Bump centos6 container to 1.25.0

Test Plan:
- ci_complete

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Jordan Borean 7802ca2b06
Add RHEL 7.9 (#72558) - 2.10 (#72568)
* Add RHEL 7.9 - ci_complete (#72558)

(cherry picked from commit d451433e5d)

* Added changelog for RHEL 7.9 (#72572)

(cherry picked from commit bdd0c48837)
4 years ago
Sam Doran 6322630360 [stable-2.10] ansible-test - add cryptography constraint for cffi (#72761)
The recently released version of cffi fails to install on systems with an older version of gcc. In
our case, this in the CentOS 6 test image. There is a fix but it has not yet been released.

https://foss.heptapod.net/pypy/cffi/-/issues/480
(cherry picked from commit 1db9588279)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Sloane Hertel 8bdda8792d
Remove incorrect changelog (#72682)
* also remove offending code
4 years ago
Sam Doran 581337a6d5
[stable-2.10] Fix super annoying Python 2.6 multiprocessing.Queue stack trace in CI (#72604) (#72608)
* Fix super annoying Python 2.6 multiprocessing.Queue stack trace in CI

A bug exists in Python 2.6 that sometimes raises an exception during interpreter shutdown. We
encounter this frequently in our CI since we run tests on CentOS 6 as the control node, which
has Python 2.6.6 with this bug.

This PR adds a very minor sleep only on Python 2.6 which gets around this issue. I did lot of testing
using a standalon script I found that easily duplicated the issue to find the minimum sleep value
needed to avoid this issue.

CPython issue: https://bugs.python.org/issue4106
Fix in CPython: https://hg.python.org/cpython/rev/d316315a8781

* Use correct attribute
(cherry picked from commit bbef250c2b)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Matt Clay cfa8075537 [stable-2.10] Add coverage exporting to ansible-test
A new `--export` option for `ansible-test coverage combine` allows multi-step aggregation of code coverage for CI pipelines.
(cherry picked from commit fa2be89cd4)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay 8f767f7180 [stable-2.10] Fix container discovery for the acme test plugin.
(cherry picked from commit f022dedd0a)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Rick Elrod 5bd0df7621
[ansible-test] use newer container images (#72126) (#72550)
Change:
- Bump default, ansible-base, distro containers
- We do NOT add fedora33 yet, because it doesn't work right on Shippable
  due to an old kernel. This will be added post-AZP.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit e7bf0696ef)
4 years ago
Sam Doran 8c5910efe7
[stable-2.10] [dnf] Some fixes around filtering (#72483) (#72500)
* [stable-2.10] [dnf] Some fixes around filtering (#72483)

Change:
- Docs: Add note that security/bugfix apply to dependencies too, like
  the dnf command.

- dnf: security/bugfix only makes sense for updates, so limit the
  package query sack to available updates.

- tests: Limit tests to our known-good test packages, so that RHEL
  packages marked security/bugfix without similarly marked dependencies
  don't fail our tests.

Test Plan:
- Tested with `dnf upgrade-minimal --bugfix` and reproduced the same
  error currently seen in CI, showing that we are consistent with what
  dnf does.

Tickets:
- Likely fixes #72316

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit d8c637da37)

Co-authored-by: Rick Elrod <rick@elrod.me>

* Add changelog (#72502)

(cherry picked from commit b33d7e2e29)

Co-authored-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod 3e9afdae2e New release v2.10.3 4 years ago
Rick Elrod 10922d58f0 New release v2.10.3rc1 4 years ago
Matt Davis 69d5ce9b41
Remove ansible-galaxy login (#72288) (#72320)
* GitHub is removing the underlying API used to implement the `login` command. Since the general consensus seems to be that relatively nobody currently uses this command (in favor of explicit token passing), support was simply removed for interactive login. If a future need arises, this command should be reimplemented via OAuth Device Auth Grants.
* login or role login commands now produce a fatal error with a descriptive message
* updated 2.10 porting guide entry

* remove dead code/config, update messages and porting guides

(cherry picked from commit 83909bfa22)
4 years ago
Rick Elrod 4159c73db2
[ansible-test] Limit cryptography to <3.2 (#72342) (#72345)
Change:
- Cryptography 3.2 drops support for OpenSSL 1.0.2. Some of our CI
  infrastructure still uses this version (FreeBSD, namely). For now,
  just add a constraint to use old cryptography.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Felix Fontein 69744aa0a7
[2.10] Fix various sanity errors in plugins (#72168)
* Fix various sanity errors in plugins (#71736)

* Fix various sanity errors in plugins.

* Revert callback_type -> type transform.

* Undo paramiko_ssh 'connection' change, since this discrepancy is hardcoded in the plugin loader.

* Standardize on name and type (for callbacks).

* Fix existing author entries.

* Add 'Unknown (!UNKNOWN)' as author when author is missing.

* These are actually parsed as integers in the code.

* Revert "Add 'Unknown (!UNKNOWN)' as author when author is missing."

This reverts commit 29d1438aca.

(cherry picked from commit aff78f4cbc)

* Undo potentially disrupting normalizations.

* Add changelog fragment for #71736. (#72323)

(cherry picked from commit 0b2b82c0b6)
4 years ago
Sam Doran 8471814f86
[stable-2.10] Fix the reversed order of return values (#72088) (#72300)
AnsibleModule.run_command returns a tuple of return code, stdout and stderr.
The module main function of the user module expects user.create_user to
return a tuple of return code, stdout and stderr.
Fix the locations where stdout and stderr got reversed.

Co-authored-by: Ruediger Pluem <53253255+rpluem-vf@users.noreply.github.com>
4 years ago
Brian Coca 4293718b2a
make collection callbacks follow normal flow (#59932) (#72227)
* fixes missing set_options call and adhoc and stdout processing rules
* avoid dupes
* fixed to handle redirects
* also updated tests with new and more accurate skip message
* fix callback tests for envs with cowsay installed
* lots MOAR comments on why the code is as it is, some todos to refactor in future
4 years ago
Matt Martz 132346cb6a
[stable-2.10] Ensure we call action_loader.get with collection_list (#72206) (#72252)
(cherry picked from commit be5fc4e)
4 years ago
Jordan Borean ae1ee31b99
Fix race condition when creating async dir (#72069) (#72259)
* Fix race condition when creating async dir

* Simplify exception wrapper

* Remove var used for testing

(cherry picked from commit c9fa1d0e7e)
4 years ago
Rick Elrod 83c34eb7de
[dnf] accumulate update filters (#71726) (#72181)
Change:
- Previously when `security: true` and `bugfix: true` were both given,
  only security updates would get applied. Filters now accumulate so
  that both get applied in this case.

Test Plan:
- New integration tests for both check_mode and not. These tests make
  use of a contrived yum repository which is stored in S3.

Tickets:
- Fixes #70854

Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Matt Martz <matt@sivel.net>

Co-authored-by: Matt Martz <matt@sivel.net>
(cherry picked from commit fdf80690e4)
4 years ago
Matt Clay 3bd6daa4a4 [stable-2.10] Fix ansible-test handling of user-defined docker networks. (#72256)
* Fix ansible-test docker container detection.

* Attach test containers to the correct network.

* Do not assume `localhost` for accesing Docker.

* Look for containers on current network.

* Always map /var/run/docker.sock into containers.

This fixes issues when using a remote Docker host.

* Support container IP lookup from networks list.

* Fix container network attachment.

* Remove redundant container detection messages.

* Limit DOCKER_HOST parsing to TCP.

* Restore docker socket existence check.

The check is skipped if the docker hostname is not localhost.

* Correct changelog entry..
(cherry picked from commit 3c2e8b99be)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Abhijeet Kasurde 98cc9cb834
[2.10] AnsibleVaultEncryptedUnicode should be considered a string (#72216)
* AnsibleVaultEncryptedUnicode should be considered a string
* linting fix
* clog frag

(cherry picked from commit 48f12c14e9)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Ruediger Pluem 7499848cb1
user - allow local users with an expiry date to be created (#72022) (#72085)
The luseradd / lusermod commands do not support the -e option. Set
the expiry time in this case via lchage after the user was
created / modified.

Fixes: #71942

In Python3 math.floor returns an integer whereas Python2 returns a float.
Hence always convert the result of math.floor to an int to ensure that
lexpires is an integer.

Move local expires tests in a separate file and import the tasks to the
main.yml to keep main.yml smaller.

(cherry picked from commit a7170da851)
4 years ago
Matt Clay 6c8d6a3182 [stable-2.10] Fix ansible-test Azure Pipelines container auth.
(cherry picked from commit 2ef4b7e07e)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Felix Fontein 961ead55c6
Add deprecation collection name to plugin options (#71735) (#72081)
* Add changelog fragment.

* Use correct field that's expected by lib/ansible/cli/__init__.py..

* Add basic unit tests.

(cherry picked from commit 1107aace1b)
4 years ago
Christian Loos 505df0d564
fix distribution fact for SLES4SAP (#71559) (#72026)
b6b238a fixed the SLES4SAP detection, which was at this time ok.
Sadly Suse changed with SLES 15 the /etc/os-release file, so the above
change will no longer work.

This commit updates the SLES4SAP detection regarding
https://www.suse.com/support/kb/doc/?id=000019341.

The symlink realpath is matched with endswith, because in SLES 12+ the
link target is SLES_SAP.prod, but in SLES 11 the link target is
SUSE_SLES_SAP.prod.

(cherry picked from commit ea119d3089)
4 years ago
Martin Krizek d53d247c84
Only apply the unroll wrapper once (#72003) (#72017)
Co-authored-by: Matt Martz <matt@sivel.net>

Fixes #71920

(cherry picked from commit 4197666179)
4 years ago
Jordan Borean cd89aadec1
powershell - remove env var (#72010) (#72012)
(cherry picked from commit 3c33618cf6)
4 years ago
Rick Elrod e6a4585807
[dnf] show installations/removals in check_mode (#70892) (#72180)
Change:
- Previously, we only showed that something would have changed, not what
  would have changed. This allows us to show what will chang as well.

Test Plan:
- Local RHEL8 VM
- New integration tests

Tickets:
- Fixes #66132

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 7d32129efb)
4 years ago
Matt Clay 49504da1ed
[stable-2.10] Support collection constraints in ansible-test. (#72157)
This allows collections to specify requirements and constraints for packages that ansible-test has requirements or constraints for.
(cherry picked from commit 5f76bd2af7)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Rick Elrod 656c228abe New release v2.10.2 4 years ago
Rick Elrod 68f0fcfbd5 New release v2.10.2rc1 4 years ago
Felix Fontein 8e00447aef
ansible-doc: show correct plugin name (#71966) (#71984)
(cherry picked from commit 0c3a9c7ae6)
4 years ago
Martin Krizek 4df129c6ae
Provide more information in AnsibleUndefinedVariable (#71666) (#71876)
* Provide more information in AnsibleUndefinedVariable

Fixes #55152

(cherry picked from commit 00b22ab55e)
4 years ago
Matt Clay c4e3552c8d
[stable-2.10] CI provider fixes for ansible-test. (#71929) (#71932)
* Make Azure Pipelines resource_prefix lowercase.

* Make classification of CI files consistent.

* Update package-data sanity test for AZP.
(cherry picked from commit 92b66e3e31)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Sloane Hertel 198cffcb52
Fix passing the connection timeout to connection plugins (#71722) (#71785)
(cherry picked from commit 7048542199)
4 years ago
Jordan Borean 2327ef9da8
runas - create new SYSTEM token on become (#71714) (#71751)
(cherry picked from commit fc08c1f3c5)
4 years ago
Matt Davis 07a9de1247
fix coverage output from synthetic packages (#71727) (#71748)
* fix coverage output from synthetic packages

* synthetic packages (eg, implicit collection packages without `__init__.py`) were always created at runtime with empty string source, which was compiled to a code object and exec'd during the package load. When run with code coverage, it created a bogus coverage entry (since the `__synthetic__`-suffixed `__file__` entry didn't exist on disk).
* modified collection loader `get_code` to preserve the distinction between `None` (eg synthetic package) and empty string (eg empty `__init__.py`) values from `get_source`, and to return `None` when the source is `None`. This allows the package loader to skip `exec`ing things that truly have no source file on disk, thus not creating bogus coverage entries, while preserving behavior and coverage reporting for empty package inits that actually exist.

* add unit test

(cherry picked from commit e813b0151c)
4 years ago
Jordan Borean 68278f36fd
psrp - fix hang when copying an empty file (#71649) (#71651)
(cherry picked from commit b615789fcc)
4 years ago
Alicia Cozine 12874bbdea
[2.10] updates intersphinx references for docs links (#71921) (#71945)
* updates intersphinx references for docs links (#71921)

* DOCS: updates intersphinx references for docs links
* TESTS: Raise the number of bytes scanned to determine if a file is binary. The newest ansible-2.10.inv file has its first null byte at position 2261. 4096 is still a cheap chunksize to read so it still makes sense to raise this.

Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
(cherry picked from commit 27826827e9)

* adds changelog for already-merged PR (#71947)
* adds changelogs/fragments/71921-raise-bytes-for-binary-test.yml

Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit 91b0dfb659)
4 years ago
Rick Elrod 72a8b55920 New release v2.10.1 4 years ago
Rick Elrod 387a7199fc New release v2.10.1rc3 4 years ago
Matt Clay ec8878ced4 [stable-2.10] Use new endpoint for Parallels based instances.
(cherry picked from commit 98febab975)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Rick Elrod 333f7bc088
[tests] Bump container versions (#71518) (#71598)
Change:
- This pulls in python 3.9.0rc1

Test Plan:
- CI, hopefully

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit db519bc17c)
4 years ago
Matt Clay 4273443686 [stable-2.10] Support macOS 10.15 for ansible-test --remote.
Use of this new version is experimental, so it is not enabled in CI yet.
(cherry picked from commit 2bbcbe99fd)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Matt Clay 356ea0b8d0
[stable-2.10] Fix ansible-test coverage traceback. (#71446) (#71578)
* [stable-2.10] Fix ansible-test coverage traceback. (#71446)

* Add integration test for ansible-test coverage.

* Fix ansible-test coverage traceback.

* Fix coverage reporting on Python 2.6.
(cherry picked from commit f5b6df14ab)

Co-authored-by: Matt Clay <mclay@redhat.com>

* Add empty ignore.txt file for tests.
4 years ago
Matt Clay d699d38dd5 [stable-2.10] Update ansible-test remote endpoint handling. (#71413)
* Request ansible-core-ci resources by provider.
* Remove obsolete us-east-2 CI endpoint.
* Add new --remote-endpoint option.
* Add warning for --remote-aws-region option.
* Update service endpoints.
* Allow non-standard remote stages.
* Add changelog fragment.
(cherry picked from commit d099591964)

Co-authored-by: Matt Clay <mclay@redhat.com>
4 years ago
Rick Elrod 0e68601002 New release v2.10.1rc2 4 years ago
Rick Elrod 9a48ffd61b
Attempt at reverting CVE-2020-1736 changes [2.10] (#71514)
* Revert atomic_move changes
* add note about mode reverts in porting guide

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Rick Elrod 314834c6d3 New release v2.10.1rc1 4 years ago
Rick Elrod dc97027453
[dnf] ensure packages are gpg-verified (#71539)
Change:
- By default the dnf API does not gpg-verify packages. This is a feature
  that is executed in its CLI code. It never made it into Ansible's
  usage of the API, so packages were previously not verified.
- This fixes CVE-2020-14365.

Test Plan:
- New integration tests

Signed-off-by: Rick Elrod <rick@elrod.me>
4 years ago
Sandra McCann d3e0cb4320
[docs][2.10] Backportapalooza 9 (#71493)
* Explain duplicate checks includes tags and when (#68183)

##### SUMMARY
Per #67913, when comparing dependencies, Ansible takes into account parameters, tags and the when clause in determining whether a role is a duplicate or not.

##### ISSUE TYPE
- Docs Pull Request

+label: docsite_pr

(cherry picked from commit 3e4377300b)

* Docs: ansible_host can contain FQDN (#71186)

(cherry picked from commit 13ab73cd89)

* clarify inventory plugin user documentation (#71387)

(cherry picked from commit fb035da3b2)

* Keep caution tape for older versions (#71400)

(cherry picked from commit 156b1c5245)

* document securing editor for vault (#71404)

(cherry picked from commit 6c48c62f93)

* galaxy: Add examples for galaxy section in ansible.cfg (#70931)

Add example section for galaxy section in ansible.cfg

Fixes: #68402

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 3f3bcbf05e)

* docs: Remove examples using the `ec2.py` script (#69107)

This script is mostly unmaintained and relies on the deprecated and
unmaintained `boto` library. Featuring it prominently in the docs
leads to many new users using it instead of the supported `aws_ec2`
inventory plugin.

(cherry picked from commit 66e38bf499)

* Update uri.py (#67688)

Adds an example of creating workspaces in Log analytics Azure
Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>

(cherry picked from commit 4317c2c80c)

* docs: Update Kubernetes Guide (#71372)

Fixes: #61681

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 59b80b9146)

* fix broken links due to master -> main branch rename (#71426)

(cherry picked from commit 2b7461eb52)

* Modify wording to specify two ctl-d to end stdin input in ansible-vault (#69436)

* 51860 - Modify wording to specify two ctl-d to end stdin input in ansible-vault
* removes space to make line 160 chars

(cherry picked from commit a6537b59ab)

* user_guide: Add an example for loop (#71441)

Explain how to use complex data in loop while converting
from with_together

Fixes: #47906

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 5c1594916a)

* Add link to Matt's blog (#71436)

nitzmahone's blog nicely explained why Windows is not supported
as Ansible controller. Link that in documentation so users can
read about it.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 3c8744f0c1)

* user_guide: Fix reuse role examples (#71440)

Fixes: #53919

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 0b16c0a8c7)

* service: Add a note about ignored parameters (#71455)

Some parameters for systemd are ignored, add a note about such parameters in documentation.
Fixes: #23144

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 1257b0a184)

* updates network plugin docs pages for 2.10 (#71467)

Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
(cherry picked from commit f82a1e06d7)

* Remove "mode: preserve" option from documentation (#71486)

Remove "mode: preserve" option from documentation in doc fragments "FILE_COMMON_ARGUMENTS", as it was incorrectly included in the documentation for the `lineinfile`, `unarchive` and other file-related modules.
The `copy` and `templates` modules documentation remains untouched and still contain "mode: preserve", as intended.

(cherry picked from commit 7127d37466)

* quick update to changelog instructins (#71492)

(cherry picked from commit addee0699e)

* update Network Advanced Topics for FQCN (#71325)

* update Network Advanced Topics for FQCN

(cherry picked from commit b6f10b9b52)

* fix shippable error

Co-authored-by: David M. Lee <leedm777@yahoo.com>
Co-authored-by: Eric G <e+github1690@linuxw.info>
Co-authored-by: Sloane Hertel <shertel@redhat.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: flowerysong <paul.arthur@flowerysong.com>
Co-authored-by: Jose l. Azagra <azagramac@gmail.com>
Co-authored-by: Patrick Reader <pxeger@protonmail.com>
Co-authored-by: John Westcott IV <32551173+john-westcott-iv@users.noreply.github.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
Co-authored-by: Timothy Visser <team@sacrome.com>
4 years ago
David Shrewsbury 393412dc64
Fix play stats when rescue block is a child block (#70922) (#71334)
* check run state of current block only

* Add changelog and test

* Add test for issue 29047

(cherry picked from commit f2f6c34632)
4 years ago
Jordan Borean 7131c75d93
powershell - fix quoting values (#71411) (#71449)
* powershell - fix quoting values

* Add ignore for smart quote skip

(cherry picked from commit 72a7cb4a2c)
4 years ago
Jordan Borean 5688fef486
psrp - use native copy mechanism - 2.10 (#71434)
* psrp - use native copy mechanism (#71409)

* psrp - use native copy mechanism

* Fix sanity issues

* Split the bugfix and deprecation into separate changelog fragments

(cherry picked from commit 985ba187b2)

* Removed deprecation warnings for backport
4 years ago
Jordan Borean b936539ae1
powershell - fix nested CLIXML parser (#71412) (#71451)
(cherry picked from commit 8897d7e2ff)
4 years ago
Martin Krizek ce7b95499f
native types: properly handle Undefined in nested data (#68432) (#71105)
(cherry picked from commit 5ca3aec3c4)
4 years ago
Felix Fontein d38a7ff577
Fix changelog fragment type. (#70902) (#71114)
(cherry picked from commit fc83055425)
4 years ago
Sam Doran c39753d7ad
[stable-2.10] linux facts - return proper broadcast address (#64528) (#71064)
Check that the value being returned is actually a broadcast address

(cherry picked from commit e6bf202738)
4 years ago
Martin Krizek 0c32a4f793
Emit proper error for `x in y` when y is undefined (#70990) (#71011)
Fixes #70984

(cherry picked from commit bf7276a4e8)
4 years ago
Sam Doran 0c6edb34f9
[stable-2.10] unarchive - Check 'fut_gid' against 'run_gid' in addition to supplemental groups (#65666) (#71001)
* [stable-2.10] unarchive - Check 'fut_gid' against 'run_gid' in addition to supplemental groups (#65666)

Add integration tests for unarchiving as unprivileged user
Break tasks into separate files for easier reading and maintenance

Create a user by specifying a default group of 'staff' for macOS.

The user module does not actually remove the user directory on macOS,
so explicitly remove it.

Put the removal tasks in an always block to ensure they always run

Co-authored-by: Philip Douglass <philip.douglass@amadeus.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
(cherry picked from commit ac5f3f8bef)

Co-authored-by: Philip Douglass <philip@philipdouglass.com>

* [stable-2.10] Fix unstable unarchive test (#71004)

* Add mode to copy tasks
* Fix unreliable test by ignoring errors

(cherry picked from commit f99f96ceb6)

Co-authored-by: Philip Douglass <philip@philipdouglass.com>
4 years ago
Abhijeet Kasurde a253c93fd1
[2.10] iptables: Add a note about ipv6-icmp (#71010)
ipv6-icmp and icmpv6 are valid protocols and adding note about
it in protocol parameter.

Fixes: #70905

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit e139739ab3)
4 years ago
Sloane Hertel 714cd2ad2e
copy - redact 'content' from invocation in check mode (#71033) (#71067)
* sanitize copy module invocation secrets in check mode

(cherry picked from commit 991714b9d1)
4 years ago
Jordan Borean f41ff33ca6
ansible-galaxy - fix download for subdirs in SCM (#71005) (#71093)
(cherry picked from commit f6b3b4b430)
4 years ago
Brian Coca 00caeff928
dont clobber facts in loop (#71032) (#71095)
(cherry picked from commit f9af27c631)
4 years ago
Toshio Kuratomi 6b639f147d
[stable-2.10] Update ansible doc formats (#71070) (#71111)
* Fix tty_ify bugs and refactor

* Move tty_ify() and supporting attributes to the DocCLI class as that's
  the only thing using it.
* Add unittest for the code.
* Fix a bug where the substitution macros can be detected when they are
  a part of another word.
* Add support for L(), R(), and HORIZONTALLINE which were added to the
  website docs many years ago.

* Update test/units/cli/test_doc.py

Co-authored-by: Matt Clay <matt@mystile.com>

Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit fb144c4)

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
4 years ago
Jordan Borean 4b1df6cc05
Remove ANSIBLE_COLLECTIONS_PATHS dep warning (#71094) (#71099)
(cherry picked from commit aab9beccf7)
4 years ago
Felix Fontein e33fff922a
ansible-test: bump acme test container version to 2.0.0 (#71097) (#71165)
(cherry picked from commit 050841324c)
4 years ago
Jordan Borean 092ec680e6
Ensure -k is set to delegated hosts without a pass (#71136) (#71168)
* Ensure -k is set to delegated hosts without a pass

* Fix up some broken tests

* Update task_executor.py

one possible fix, the other is updating winrm to normalize on 'password' like the other connection plugins

* Add alias for winrm and fix incorrect assumption

* Make sure aliases are used for keyword options

* Conditionally run test if sshpass is present, fix sanity

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
(cherry picked from commit 3f22f79e73)
4 years ago
GomathiselviS e95b45c5ec
Update network integration auth timeout (#71057) (#71238)
*  Incase of network integration test for connection local
   test the paramiko_ssh auth_timeout is the value of timeout
   under defaults section which is 10 seconds.
*  For slower connection 10sec timout value result in authentication
   timeout error hence increase the timeout value to 90 seconds

(cherry picked from commit 6160e82bf2)

Co-authored-by: Ganesh Nalawade <ganesh634@gmail.com>
4 years ago
Rick Elrod 7b3d2a00a0
Fix cron file regression (#71207) (#71243)
Co-authored-by: Florent PIGOUT <toopy@users.noreply.github.com>
4 years ago
Ganesh Nalawade 67b2b8caf1
Fix netconf validate capability check (#71195) (#71252)
*  Use ``:validate`` string to check if the netconf
   server supports validate capability as per netconf RFC

(cherry picked from commit 7635d23cee)
4 years ago
Ganesh Nalawade ca118613aa
Fixes https://github.com/ansible-collections/cisco.iosxr/issues/74 (#71292)
*  ncclient API expects commit timeout value in either unicode
   or bytes format, hence convert the timeout value explicitly
   to string type.
4 years ago
Martin Krizek 02f4fc1a14
Skip literal_eval for string filters results in native jinja. (#70988) (#71313)
Fixes #70831

(cherry picked from commit b66d66027e)
4 years ago
Matt Martz 90a8d07f31
[stable-2.10] Don't do conflict check on sdist and egg_info (#71310) (#71316) 4 years ago
Matt Martz c04a751f0e
Reject unknown types from results queue. Fixes #70023 (#71336) 4 years ago
Matt Martz 3f41c76564
[stable-2.10] Allow the TOML inventory to dump unsafe. Fixes #71307 (#71309) (#71317)
(cherry picked from commit 9da8801)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Matt Martz 6d1cc0dede
[stable-2.10] epoch can be a float with strftime filter. Fixes #71257 (#71314) (#71319)
(cherry picked from commit 6289570)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Lorenzo Castelli ac248cf34a
systemd - supports new systemctl output message for chroot (#71197) (#71330)
The message generated by systemctl has been updated in 9321e23c40, which requires a corresponding change in the systemd module.

In addition, this fixes the module when the SYSTEMD_OFFLINE environment variable is set.

(cherry picked from commit a1a50bb3cd)
4 years ago
Sloane Hertel 4cfe2cf8dc
Fix meta tasks used with --flush-cache (#71311) (#71358)
* Remove incorrect code

(cherry picked from commit 88bfc7977d)
4 years ago
Martin Krizek 724b3648ea
_check_failed_state: always use the current/nested state (#71347) (#71457)
Fixes #71306

(cherry picked from commit 9792d631b1)
4 years ago
Felix Fontein 1252323e34
Make changelog tool be more strict about suffixes (#70909) (#71135)
* Bump antsibull-changelog version.

* Flag all dotfiles, except .keep and .gitkeep.

* Enable ignoring other fragment extensions.

(cherry picked from commit fbfc0f99eb)
4 years ago
Sandra McCann 26bb114ccb
[backport][docs][2.10]Docsbackportapalooza 8 (#71379)
* Move 2.10.0rc1 release date a few days forward. (#71270)

At yesterday's meeting it was decided to have ansible-2.10.0 depend on
ansible-base-2.10.1 so that we can get several fixes for ansible-base's
routing (including adding the gluster.gluster collection).
ansible-base-2.10.1 will release on September 8th.  So we will plan on
releasing ansible-2.10.0rc1 on the 10th.

https://meetbot.fedoraproject.org/ansible-community/2020-08-12/ansible_community_meeting.2020-08-12-18.00.html
(cherry picked from commit e507c127e5)

* a few writing style updates (#71212)

(cherry picked from commit 4f0bd5de38)

* Fix code markups and add link to CVE (#71082)

(cherry picked from commit 92d59a58c0)

* Fix 404 links (#71256)

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit ecea018506)

* Writing style updates to Developing dynamic inventory topic (#71245)

* modified the writing style

* incorporated peer feedback

(cherry picked from commit ecd3b52ad7)

* Fix roadmap formatting. (#71275)

(cherry picked from commit ee48e0b0ad)

* Update password.py (#71295)

List md5_crypt, bcrypt, sha256_crypt, sha512_crypt as hash schemes in the password plugin.

(cherry picked from commit 1d1de2c6fd)

* Update ansible european IRC channel (#71326)

Signed-off-by: Rémi VERCHERE <remi@verchere.fr>
(cherry picked from commit 824cd4cbeb)

* Add warning about copyright year change (#71251)

To simplify project administration and avoid any legal issues,
add a warning in the docs. This reflects - https://github.com/ansible/ansible/issues/45989#issuecomment-423635622 and fixes: #45989

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 606604bb97)

* subelements: Clarify parameter docs (#71177)

skip_missing parameter in subelements lookup plugin is accepted from
inside the dictionary.

Fixes: #38182

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 6d17736ef4)

* Writing style updates to Using Variables topic (#71194)

* updated topic title, underline length for headings, and incorporated peer feedback

(cherry picked from commit 4d68efbe24)

* cron module defaults to current user, not root (#71337)

(cherry picked from commit 4792d83e13)

* Update Network Getting Started for FQCN/collection world (#71188)

* pull out network roles, cleanup, update first playbook examples, update gather facts section, some inventory conversion to .yml, update inventory and roles, simplify the navigation titles, fix tocs, feedback comments

(cherry picked from commit f79a7c5585)

* Add documentation about info/facts module development (#71250)

Fixes: #40151

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 4f993922c8)

* network: Correct documentation (#71246)

ini-style inventory does not support Ansible Vault password.
This fixes network_best_practices_2.5 doc.
Fixes: #69039

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit a1257d75aa)

* tidies up vars page (#71339)

(cherry picked from commit 02ea80f6d7)

* base.yml: Fix typos (#71346)

(cherry picked from commit 41d7d53573)

* quick fix to change main back to devel (#71342)

* quick fix to change main back to devel
* Update docs/docsite/rst/dev_guide/developing_collections.rst

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 74f88c56a5)

* Add note about integration tests for new modules to the dev guide (#71345)

(cherry picked from commit b82889eef5)

* update fest link (#71376)

(cherry picked from commit 80b8fde946)

* incorporate minimalism feedback on debugging page (#71272)

Co-authored-by: bobjohnsrh <50667510+bobjohnsrh@users.noreply.github.com>

(cherry picked from commit 5073cfc8bc)

* fix header problem

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
Co-authored-by: Sayee <57951841+sayee-jadhav@users.noreply.github.com>
Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: rovshango <rovshan.go@gmail.com>
Co-authored-by: Remi Verchere <rverchere@users.noreply.github.com>
Co-authored-by: Jake Howard <RealOrangeOne@users.noreply.github.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
Co-authored-by: Per Lundberg <perlun@gmail.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
4 years ago
Felix Fontein aa51c6000a
Fix fortimanager httpapi redirect (#71073) (#71081)
* The fortimanager httpapi plugin is in fortinet.fortimanager, not in fortinet.fortios.

* Add changelog fragment.

(cherry picked from commit 4bd7580dd7)
4 years ago
Felix Fontein a06730cdb0
Redirect gluster modules to gluster.gluster. (#71240) (#71264)
(cherry picked from commit 9f72ff80e3)
4 years ago
Matt Davis 3b9ee86381 [stable-2.10] fix collection package root location under pytest >=6.0.0 (#70963)
(cherry picked from commit 86b6c4bbb6)

Co-authored-by: nitzmahone <nitzmahone@users.noreply.github.com>
4 years ago
Rick Elrod a6ed955132 New release v2.10.0 4 years ago
Rick Elrod 6e3271aa61
[stable-2.10] Revert default mode changes (#71260)
* Revert "[stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)" (#71236)"

This reverts commit c968020d52.

* Revert "Remove porting guide entry related to reverted change (#71242)"

This reverts commit 006a21eae2.
4 years ago
Sam Doran c968020d52
[stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)" (#71236)
* [stable-2.10] Revert "Fix warning for new default permissions when mode is not specified (#70976) (#70985)"

This reverts commit 5cb96087e6.

* [stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)"

This reverts commit 7e4cffc5d2.
4 years ago
Rick Elrod 4b03d898f3
Update integration tests to support rpmfluff-0.6 (#71155) (#71159)
Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago
Rick Elrod a187613da8
Add CVE reference to changelog for PR 70762 (#71151) (#71156)
Co-authored-by: David Shrewsbury <Shrews@users.noreply.github.com>
4 years ago
Rick Elrod 3900f82d00 New release v2.10.0rc4 4 years ago
Sloane Hertel 9f4748cb2d
fix downloading collections in git repos and tar.gz artifacts (#70524) (#71000)
* Fix downloading tar files

* Fix downloading SCM collections

* changelog

(cherry picked from commit 54e2ae79e7)
4 years ago
Sam Doran 719c40bfdf
[stable-2.10] facts - fix incorrect time for some date_time_facts (#70665) (#70996)
* [stable-2.10] facts - fix incorrect time for some date_time_facts (#70665)

The iso8601_micro and iso8601 facts incorrectly called now.utcnow(), resulting
in a new timestamp at the time it was called, not a conversion of the previously
stored timestamp.

Correct this by capturing the UTC timestamp once then calculating the local
time using the UTC offset of the current system.

* Use time.time() for getting the current time
* Convert from that stored epoch timestamp to local and UTC times
* Used existing timestamp for epoch time
* Add unit tests that validate the formate of the return value rather than an exact value since mocking time and timezone is non-trivial
(cherry picked from commit c4f442ed5a)

Co-authored-by: Sam Doran <sdoran@redhat.com>

* Remove tests for tz_dst since that only exists in newer versions
4 years ago
Matt Clay b764d381f0
[stable-2.10] Fix ansible-test relative import analysis. (#70993)
(cherry picked from commit 2e0097ada3)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Akira Yokochi abfedb06c3
default_callback: Move 'check_mode_markers' in doc_fragments (#70228) (#70989)
Callback plugin dense, yaml, and debug implement 'check_mode_markers'
so moving documentation to default callback doc_fragments.

Fixes: https://github.com/ansible-collections/community.general/issues/565

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 4885ebad27)

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Sam Doran 5cb96087e6
Fix warning for new default permissions when mode is not specified (#70976) (#70985)
Follow up to #70221
Related to #67794
CVE-2020-1736

When set_mode_if_different() is called with mode of 'None', ensure we issue
a warning about the change in default permissions.

Add integration tests to ensure the warning works properly.

* Fix tests
- actually use custom module 🤦‍♂️
- verify file permission on created files
- use remote_tmp_dir so we're ready for split controller
- improve test module so we can skip the call to set_fs_attributes_if_different()
- fix tests for CentOS 6

(cherry picked from commit dc79528cc6)
4 years ago
Jordan Borean a8217f1bd4
ansible-galaxy - fix fallback for AH searches (#70957) - 2.10 (#70980)
* ansible-galaxy - fix fallback for AH searches (#70957)

(cherry picked from commit b1cb2553af)

* Fix tests after backport
4 years ago
Brian Coca a75b3601d9
Allow changed/failed mgmt on strategy actions (#70919) (#70968)
* Allow changed/failed mgmt on strategy actions

(cherry picked from commit f9c3c6cba6)
4 years ago
Felix Fontein c39e536d84
validate-modules: fix version_added validation for top-level, fix error codes (#70869) (#70947)
* Also validate top-level version_added.

* Fix error code.

* Produce same version_added validation error in schema than in code (and stop returning it twice).

* Return correct error codes for invalid version_added for options and return values.

* Add changelog.

* Fix forgotten closing braket.

* Accept 'historical' for some top-level version_added.

(cherry picked from commit 7e2cc7db12)
4 years ago
Sam Doran 6f70d40d51
[stable-2.10] lineinfile - fix broken exception handling (#70846) (#70944)
* prevent (ExceptionType) is not subscriptable errors
* tweak error message and use text conversion
* add to_text import
(cherry picked from commit 45c2eb6c0a)

Co-authored-by: nitzmahone <nitzmahone@users.noreply.github.com>

Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
4 years ago
Sam Doran 293d6c59bb
[stable-2.10] reboot - fix Void Linux (#70704) (#70916)
Add entry for appropriate commands for Void Linux
(cherry picked from commit 4cc4cebc97)

Co-authored-by: fosslinux <fosslinux@aussies.space>

Co-authored-by: fosslinux <fosslinux@aussies.space>
4 years ago
Felix Fontein 155041d8ee
Fix ansible-test error in community.aws (#70507) (#70873)
* Fix ansible-test error in community.aws

* Add changelog entry for fix

* Change check from None to string_types

* Update changelogs/fragments/70507-validate-null-author.yaml

clarify wording "or a list of strings"

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update test/lib/ansible_test/_data/sanity/validate-modules/validate_modules/schema.py

clarify wording - single string or not specified valid

Co-authored-by: Felix Fontein <felix@fontein.de>

* Do not fail but return None when given outside list

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit b0d9deeae3)

Co-authored-by: Alan Rominger <arominge@redhat.com>
4 years ago
Matt Clay 4280efccc4 [stable-2.10] Cap pytest version to avoid relative import issue.
(cherry picked from commit 3a8ac62596)

Co-authored-by: Matt Clay <matt@mystile.com>
4 years ago
Rick Elrod f28fa88448 New release v2.10.0rc3 4 years ago
Brian Coca 9b992c0b78
reset logging to INFO (#70878) (#70881)
- due to CVE-2019-14846
 - also added comments and test to avoid 'oportunistic' reversion

(cherry picked from commit 1223ce656a)
4 years ago
Rick Elrod c528e648a6 New release v2.10.0rc2 4 years ago
Jordan Borean e9c9c02e0a
Do not add connection vars to the output results (#70853) (#70855)
* Do not add connection vars to the output results

* Also revert the delgated scenario JIC

* Added regression test

(cherry picked from commit 5e1a968983)
4 years ago
Rick Elrod 3ee5b46ba7 New release v2.10.0rc1 4 years ago
Matt Davis cc8d180801
fix internal cases of actions calling unqualified module names (#70818) (#70840)
* fix internal cases of actions calling unqualified module names

* add porting_guide entry
* misc other fixes around action/module resolution broken by redirection

ci_complete

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* address review feedback

* pep8

* unit test fixes

* win fixes

* gather_facts fix module args ignores

* docs sanity

* pep8

* fix timeout test

* fix win name rewrites

Co-authored-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 4c0af6c808)
4 years ago
Sloane Hertel 180eea8089
Update default from True to False for CONDITIONAL_BARE_VARS (#70709) (#70838)
ci_complete

(cherry picked from commit 2811d9486f)
4 years ago
Sam Doran 7e4cffc5d2
[stable-2.10] Change default file permissions so they are not world readable (#70221) (#70824)
* Change default file permissions so they are not world readable

CVE-2020-1736

Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.

A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.

- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions.
(cherry picked from commit 5260527c4a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
4 years ago
Brian Coca 8c2754e6d3
Allow hostvars delegation (#70331) (#70810)
* ensure hostvars are available on delegation
* also inventory_hostname must point to current host and not delegated one
* fix get_connection since it was still mixing original host vars and delegated ones
* also return connection vars for delegation and non delegation alike
* add test to ensure we have expected usage when directly assigning for non delegated host

(cherry picked from commit 84adaba6f5)
4 years ago
David Shrewsbury 7cdba7c923
Sanitize URI module keys with no_log values (#70762) (#70820)
* Add sanitize_keys() to module_utils.

* More robust tests

* Revert 69653 change

* Allow list or dict

* fix pep8

* Sanitize lists within dict values

* words

* First pass at uri module

* Fix insane sanity tests

* fix integration tests

* Add changelog

* Remove unit test introduced in 69653

* Add ignore_keys param

* Sanitize all-the-things

* Ignore '_ansible*' keys

* cleanup

* Use module.no_log_values

* Avoid deep recursion issues by using deferred removal structure.

* Nit cleanups

* Add doc blurb

* spelling

* ci_complete

(cherry picked from commit bf98f031f3)
4 years ago
Nathaniel Case 4cbfb08da5
[stable-2.10] Document existing ansi_re sequences and add `ESC[m` (#70683) (#70807)
* Document existing ansi_re sequences and add `ESC[m`

* Add changelog
(cherry picked from commit 06a4fc2)

Co-authored-by: Nathaniel Case <ncase@redhat.com>
4 years ago
Abhijeet Kasurde 18dd73c147
[2.10] basic: use PollSelector implementation (#70800)
Some platform such as ESXi does not implement EpollSelector,
which is selected by DefaultSelector. Use PollSelector.
This works perfectly with a platform like VMware ESXi.

Fixes: #70238

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 8cccede0d4)
4 years ago
psi / Ryo Hirafuji 61f8f8ce7f
cron - Allow non-ascii (UTF-8) chars in cron file paths and jobs (#70426) (#70794)
* Encode/Decode files in UTF-8
* Use helper function in ansible
* Add an integration test
* Use emoji in test data.
* add changelog
* Also support non-ascii chars in filepath and add tests about this.
* Also use non-ascii chars in replaced text and ensure not to break cron syntax.
* rename self.existing to self.n_existing
* rename crontab.existing to crontab.n_existing
4 years ago
Matt Martz 7eb5f53294
[stable-2.10] Ensure single vaulted values aren't counted as sequences. Fixes #70784 (#70786) (#70791)
(cherry picked from commit 96b74d3)

Co-authored-by: Matt Martz <matt@sivel.net>
4 years ago