When using sshpass the file descriptors leaks would happen in the reset
method that used _build_command that creates the pipe but the command
would not go through _bare_run which closes the pipe.
Another scenario would be _bare_run failing and not all code path would
properly close the pipe.
This patch fixes the issues by:
* move creating the pipe from _build_command closer to where it is used
in _bare_run
* wrap _bare_run with closing the pipe in case of a failure
* no need to re-create pipe in the retry code
* unrelated but simplify the reset method
* copy: honor directory_mode when specified with remote_src=True
* Honor directory_mode specified by user when copying directories
and remote_src=True
Fixes: #81292
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
Refer to versions that are changed less frequently in AGENTS.md to reduce the frequency of updates needed to keep it up-to-date.
Also fix a few spacing issues.
* Support configuring callback plugins with --extra-vars
Callback plugins define variable names in the documentation for ConfigManager
Variable values can be omitted
* Added default callback variable configuration for display_skipped_hosts
Fixes#84469
Co-authored-by: Matt Clay <matt@mystile.com>
* GNU digest line may contain multiple spaces between
checksum and filename. Fix regex to handle this situation.
Fixes: #86132
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
This patch fixes integration test jobs running under RHEL 10.0 that
don't have this extension pre-installed.
Co-Authored-By: sivel / Matt Martz <matt@sivel.net>
ci_complete
ci_coverage
* Prevent unnecessary match extension duplicates
I moved this to use a set instead of the
`if not in rule` just in case there's a comment
like 'owner' or another stray string that matches
the extension.
* Report bad-return-value-key for return values that cannot be accessed with Jinja's dot notation.
* Move constants into separate module.
* Add test to check FORBIDDEN_DICTIONARY_KEYS against current Python's key list.
* Remove unused constant.
* Apply suggestions from code review.
Co-authored-by: Matt Clay <matt@mystile.com>
* Add type annotations.
* Simplify typing.
Co-authored-by: Matt Clay <matt@mystile.com>
---------
Co-authored-by: Matt Clay <matt@mystile.com>
* Remove decrypt arg-docs mismatch
Removes the use of the arg in the action plugin
and removes the associated doc fragment. Changes
no behavior because the lack of decrypt in the
argspec prevents a value being passed in and
the args.get('decrypt', True) means that it is
always true.
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add an override of the `/review` slash command in claude code
* Add support for `CLAUDE.local.md` and `~/.claude/ansible.md`
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
* Handle ValueError raised when user set invalid priority values
* Update tests to work with Pytest
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
Co-authored-by: Mannu Silva <wise.tent4987@fastmail.com>
* Use json for test inventory - ci_complete
Uses the JSON/YAML format for the inventory files generated by
`ansible-test`. This solves minor issues with using complex values when
building the test inventory files like backslashes or more complex data
structures.
* Apply suggestions from code review
Co-authored-by: Matt Clay <matt@mystile.com>
* Add changelog and use more limited ext config var - ci_complete
---------
Co-authored-by: Matt Clay <matt@mystile.com>
Sometimes, AZP would mark steps in jobs as cancelled when they've
actually exited successfully but on the boundary of the default
60-minute timeout. Such logs might be difficult to reason about.
Additionally, `entry-point.sh` sets a 60-minute timeout for the main
test invocation but it would never trigger earlier that AZP would kill
such a job as the job-global timeout was 60 minutes already and it'd
always be hit earlier than the test runner one.
The patch sets maximum observable job timeouts with extra buffer to
account for flakiness.
PR #86073
Co-authored-by: Matt Clay <matt@mystile.com>
* File based cache plugins filenames fix
File based cache plugins will now correctly handle inventory_hostnames
with 'path symbols' in their names. This should allow those using
chroot and jail connection plugins to use file based caches now.
* Remove safe_eval from codebase
Resolves deprecations in 85996 and 85999
* Remove deprecations from sanity ignores
* Add changelog fragment
* Add newline to file
* Remove unused imports
* interpreter_discovery: removed auto_silent* option
* Removed deprecated auto_silent* option from interpreter_discovery_python
Fixes: #85995
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
* Make CI green
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
* Make CI green I
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
---------
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
* Add support for crypt/libxcrypt via ctypes, as an alternative to passlib
* move verbosity message to BaseHash
* Don't require DYLD_LIBRARY_PATH mods for standard homebrew installs on macos
* improve crypt_gensalt error handling
* Do not require wheel for building
- current version of setuptools (70.1+) does not need wheel at all
- older versions of setuptools would fetch wheel when building wheels (but not sdists)
* Pin setuptools to a version not requiring wheel
Now when we don't list wheel,
we are unable to pin it to a particular version.
Instead, use setuptools version that no longer uses it.
* include_role now behaves more like task on error
changes _from errors from syntax to task failures, by default
which makes it more consistent with other existing errors
* also force 'missing role' to behave as syntax error when false
* also error when subdir does not exist, previouslly we ignored missing
file
* add 'rescuable' toggle to allow user to chose error type
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
show_origin and variable sources were broken for base config when 'forked' from plugins
---------
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
Removes the warning emitted when using Add-Type and the cleanup of temp
files fails due to a file still being in use. The cleanup should be
handled by AnsibleModule on exit giving it more time to wait for any
open file handles to close. The exception is still present if calling
`Add-CSharpType` without an `AnsibleModule` object.
Apparently `codecovcli send-notifications` does not have a `--dry-run`
CLI option. This patch stops adding it to the command and implements
an external `dry-run` mode in the wrapper script or this case instead.
This is a follow-up for #85968.
Co-authored-by: Matt Clay <matt@mystile.com>
There were couple of occurrences where the hard 30 seconds limit on
running ssh-agent was not enough for the test to run and the ssh-agent
was killed resulting in the test failing with "Connection refused". This
change just lets the agent run in the background and kills it
manually after the tests finish.
* psrp - ReadTimeout exceptions now mark host as unreachable
* add try to _exec_psrp_script
* fix indent E111
* update raise format
switch to raise Exception from e
Co-authored-by: Jordan Borean <jborean93@gmail.com>
---------
Co-authored-by: Jordan Borean <jborean93@gmail.com>
The logs were displaying a series of numbers in parens like `(66.1.0)`
at the end of each error line. its unintuitive what that means. I had
to look into the source code to confirm my suspicion of it being the
version of `setuptools`. This patch spells it out.
This patch drops unnecessary default for
`CollectionDependencyProvider`'s `concrete_artifacts_manager` argument
as it is always passed, in every place across the code base where the
provider is constructed.
It was also causing MyPy violations on calls to
`_ComputedReqKindsMixin.from_requirement_dict()` in the "strict
optional" mode which is now enforced for $sbj, while remaining
disabled globally.
It is a #85545 follow-up.
This patch is a combination of `pyrefly autotype` and manual
post-processing. Parts of it migrate pre-existing comment-based
annotations, fixing incorrect ones where applicable.
The change also configures MyPy to run checks against actual
`resolvelib` annotations and includes a small tweak of
`ansible.galaxy.collection._resolve_depenency_map` to make it
compatible with those.
Co-Authored-By: Jordan Borean <jborean93@gmail.com>
Co-Authored-By: Matt Clay <matt@mystile.com>
Co-Authored-By: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
* Remove support for resolvelib < 0.8.0
Remove code handling differences between resolvelib 0.5.3 and 0.8.0
Drop some versions from the test to reduce the time it takes to run
Co-authored-by: Sviatoslav Sydorenko <wk@sydorenko.org.ua>
* Remove type annotation
---------
Co-authored-by: Sviatoslav Sydorenko <wk@sydorenko.org.ua>
* When ssh-keygen fails, return rc and stderr in fail_json
in order to help debugging.
Fixes: #85850
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
PR #85888
`codecov-cli == 11.0.3` allows `click == 8.3.0` in its deps but the latter causes commit auto-discovery breakage in the former. With https://github.com/getsentry/prevent-cli/pull/95, `codecov-cli == 11.2.3` excludes this version so this patch updates the requirement to that.
To prevent this from happening again, the change also makes use of a pip constraint file that pins the entire dependency tree to concrete versions. The constraint file is managed by `pip-tools`.
Refs:
* https://github.com/getsentry/prevent-cli/pull/95
* https://github.com/pallets/click/issues/3066
ci_coverage
ci_complete
* Prevent run_command output truncation or hang
In cases when the selector used to monitor stdout/stderr activates without
data ready to read (a rare but normal condition), a read from a non-blocking
FD can return `None`, which was being conflated with an empty read (EOF)
condition. This caused the selector to be unregistered prematurely,
sometimes resulting in truncated output or hangs. `None` read results
are now excluded from EOF conditions.
* add changelog
---------
Co-authored-by: Matt Davis <nitzmahone@redhat.com>
* Add new play keyword validate_argspec
Set to True to use the play name as the argument spec identifier. A play name is required (i.e. a host pattern is not supported as an argument spec name).
Alternatively, set to a specific argument spec name.
A valid argument spec for the play is required. Example:
# playbook.meta.yml
argument_specs:
name of the play:
options: {}
* Play argument spec validation runs after fact gathering
Play keywords like tags are inherited and work similarly to fact gathering
* Add test for sidecar documentation for filter plugin in a subdirectory
Fix ansible-doc --list/--list_files/--metadata-dump for relative imports in nested filter/test plugin files
* ansible-galaxy - remove deprecated v2 API
Update unit tests exercising the v2 Galaxy API
Remove v2 API integration tests
* Remove internal test configuration for servers which support API v2 and v3
* Update and simplify verify tests by using the configured server list
On WSL, `os.rename` can't correctly move a file while a handle to that file is still open. It remains half-moved where neither the source or destination seem to exist (according to `os.path.exists`). However the move seems to complete correctly when the open handle is closed.
In `BaseFileCacheModule`, when writing a cache file, a temporary file is created with `mkstemp` that returns an open file descriptor and a filename. Once the cache is written to that file, it is renamed to the correct file name with `os.rename` and then its permissions set with `os.chmod`. On WSL the `os.chmod` fails because it doesn't think the file exists yet because the file descriptor returned by `mkstemp` is still open. This PR fixes this by closing that file descriptor before renaming.
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Add handling for when a PowerShell module emits more than just the
module result JSON. The behaviour reflects the Python async wrapper
where trailing data after the module result will emit a warning.
* Added ca_path and cookies parameter arguments to fetch_file method
to specify CA path and Cookies to fetch file from URL. These parameters
are already supported by fetch_url.
Fixes: #85172
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
Attempts to simplify the PowerShell code and special edge cases that
removes quotes from a value like a src or destination path on Windows
hosts. This should not be needed as paths should not be quoted when it
comes to this section of the code.
ci_complete
Deprecates the function `wrap_for_exec` on shell plugins. This is to
simplify the API and remove unecessary components that should live
elsewhere or have a better and more flexible API.
* Remove deprecated vars plugin fallback
Removes the vars plugin `get_host_vars` and `get_group_vars` fallback
which was deprecated.
* Remove integration tests for removed feature
Add an 'lvs' key to each value in ansible_facts['vgs'] to support extracting all logical volume facts.
Add note to consider deprecating ansible_facts['lvs'] in a future release since it is misleading if any volume groups have identical logical volume names.
Fixes#85632
* dnf: Check if installroot is directory or not
* dnf library creates installroot if it is missing.
check if installroot is directory or not.
Fixes: #85680
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
* templating coerces None to empty string on multi-node result
* avoid simple cases of embedded `None` in multi-node string concatenated template results ala <=2.18
* single-node template results preserve NoneType
* add None->empty str equivalency to argspec validation
* fix integration tests
* remove conversion error message check from apt_repository test
* remove error message check on `None` value for required str argspec in roles_arg_spec test (now logically-equivalent to empty string)
* explanatory comment for None->empty str coalesce
* Resolve static actions when the FQCN is already known or demanded by a callback plugin
shorthand syntax (e.g. "- ping:") is resolved by ModuleArgsParser
action/local_action syntax (e.g. "- action: ping") is resolved on demand
* Emit a warning if a callback plugin accesses the property when it's None. This is expected if action/local_action is a template and a callback plugin uses this value too early (like in v2_playbook_on_task_start) or late (like in v2_runner_on_ok for a task with a loop).
* service_facts: Handle KeyError while processing service name
As a part of follow up review,
* Handle KeyError with exception handling
* Warn user about the missing service name in the given service details
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
* remove internal collections earlier to ignore consistently for different sub-commands
* remove internal collection handling from the dependency resolver
* add a test to ensure ansible._protomatter is not in the output of ansible-galaxy collection list
* fix existing test to ensure an error is given if no valid collection path is configured
* changelog
* Add correct empty venv creation handling
Makes the module exit with changed=True
when an empty venv is created with correct
module output
* Add tests for creating an empty venv
* Use display.error_as_warning instead of self.warning
* Use display.error_as_warning instead of display.warning_as_error.
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
* Prevents callback handle_exception from displaying the captured exception when the task is not failed.
* Added tests.
Co-authored-by: Matt Clay <matt@mystile.com>
* Add AnsiballZ debugging support with debugpy
Adds support for debugging AnsiballZ modules with debugpy which is used
by VSCode as its Python debugger DAP. Debugging can either be done
through a manual Debugpy listening server through a launch.json
configuration or through the new ansible-test --dev-debug-on-deman
argument.
* Fix up integration test
* Simplify config option and move mypy ignore
* Use new API if available and fix typo
* Guard the import of debugpy
* Fix sanity import issue
* Minor cosmetic adjustments
* Simplify debugger setup
* ansible-test - Refactor debugging interface
* Add ansible-test debug integration tests
* Fix ansible-test shell when in unsupported dir
---------
Co-authored-by: Matt Clay <matt@mystile.com>
* meta: clear_host_errors, clarify what this applies to
It clears host for selection, but does not change state in the current iterator.
* also update example
Fix ssh plugin host variables. Variable names should conform to Python variable naming rules.
, and not contain characters like "[" or "]".
Update unit test
* Test expect module for missing pexpect
* Test expect module for incorrect timeout type
* Test expect module for out of date pexpect failures
* Test pexpect.ExceptionPexpect
Also fixed task naming to be inline with the rest of the file.
* Change pexpect management to venv
* Normalize b_out to b'' when falsy for consistent handling
* Move test venv from /tmp/ to output_dir
* Update tests according to corrections
* Remove break_system_packages when installing pexpect 3.3
* Remove unnecessary if statement
pexpect.run(...) shouldn't ever return None, so it's safe
to remove the check entirely. Maintains 100% coverage
* Mark dependent packages as auto which are installed as part of
deb file installation
Fixes: #78123
Co-authored-by: Matt Clay <matt@mystile.com>
Signed-off-by: Abhijeet Kasurde <Akasurde@redhat.com>
* ansible-doc: print where the description is missing
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
* Short-circuit legacy network module prefix->action mapping
* Modified a non-short-circuit compound conditional in a legacy networking path that attempted to resolve an action for any module name containing `_`. The bug was always present, but the typical presentation (an ImportError) was ignored prior to 2.19.
* The legacy networking path should be deprecated and removed in 2.20- a module could still be run under the wrong action if one with a matching prefix is found.
* unit test fix
* Limit askpass prompts to single attempt
OpenSSH client option NumberOfPasswordPrompts defaults to 3 so in case
an incorrect connection password is provided it is excessively tried 3
times. Not only that but running the `_ssh_askpass` entry point multiple
times (via ssh) results in `json.decoder.JSONDecodeError` as after the
first run the shared memory is zero'd and the subsequent runs end up
calling `json.loads` on empty data.
`json.decoder.JSONDecodeError` does not happen prior to Python 3.13 as
the share memory is unlinked automatically on `.close()` and the
`_ssh_askpass` entry point exits with return code 1 before attempting to
load zero'd memory.
Fixes#85359
* changelog and tests
* Update changelogs/fragments/85359-askpass-incorrect-password-retries.yml
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* Update lib/ansible/cli/_ssh_askpass.py
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
* Avoid race condition in second unlink
---------
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* The redundant FA declaration was not static, which broke a number of automatic validation behaviors.
* Added tests to assert deferred validation and lack of templating on `import_playbook.vars`.
Co-authored-by: Matt Clay <matt@mystile.com>
* Errors raised in most Jinja operations and plugin invocations are now propagated as Markers, allowing template pipeline to continue execution when a Marker-aware consumer is present.
* Added ability to inspect ExceptionMarkers to Protomatter `dump_object` filter.
* Added tests.
Co-authored-by: Matt Clay <matt@mystile.com>
* added basic key visitor support to variable visitor (off by default)
* transform_to_native_types enables new key visit/conversion
* add test
Co-authored-by: Matt Clay <matt@mystile.com>
* deprecate invalid variable names in inventory
* was previously a hard error for `Host`
* added missing check to `Group`
* swapped blanket Python keyword prohibition with Jinja singleton and `not` check
Co-authored-by: Matt Clay <matt@mystile.com>
* fix invalid variable name test
---------
Co-authored-by: Matt Clay <matt@mystile.com>
* use declarative FA validation
* deleted redundant/broken imperative validation
* added test case to ensure templating
Co-authored-by: Matt Clay <matt@mystile.com>
* added ansible-test integration env/set directive for aliases
* applied to module-serialization-profiles test to enable feature flag
Co-authored-by: Matt Clay <matt@mystile.com>
* Fix handling FileExistsError, instead of only handling OSError when the human-readable error message is "File exists".
Co-authored-by: Matt Clay <matt@mystile.com>
* fix script failed_when bypass
* misuse of AnsibleActionFail for a retryable/alterable error case
* add tests
Co-authored-by: Matt Clay <matt@mystile.com>
* type annotation fixes
---------
Co-authored-by: Matt Clay <matt@mystile.com>
When using static string to search system log, avoid matching self execution
logged by Ansible by default.
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add test for a handler including tasks from a variable filename
* Add FieldAttributeBase attribute to indicate if the object should be post validated
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* always allow Marker args to pass through
* always disable pre-emptive trip-on-retrieval for Macro JinjaCallContext
* add macro-callable template expression result test cases
Co-authored-by: Matt Clay <matt@mystile.com>
* replace usage of `IOError` as it is an alias to `OSError`
* replace usage of `socket.error` as it is an alias to `OSError`
* use subclasses of `OSError` rather than inspecting `errno`s
* utilize `exist_ok` parameter of `os.makedirs` rather than ignoring
`FileExistsError`
Make the following changes to the exception handling this patch already
updates to be consistent with the new code:
* use `ex` as a name for exception being handled
* use `from ex` when re-raising exception for additional context
* use f-strings and `!r` for quoting
* pass exceptions to the `exception` parameter of `fail_json`
* use `display.error_as_warning` rather than passing stringified
exception into `display.warning`
Co-authored-by: Matt Clay <matt@mystile.com>
* deprecate DEFAULT_MANAGED_STR and prevent masking of ansible_managed var
* adjust public API behavior
* restore backward-compatible behavior on existing public API
- from_yaml/from_yaml_all filters now preserve trust
- YAML dumping can once again handle undecryptable vaulted values
- increased test coverage
Co-authored-by: Matt Davis <nitzmahone@redhat.com>
* Use a Specific Package Manager
* Update the name of package manager from yum to dnf
* Update lib/ansible/modules/package.py
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
* Update lib/ansible/modules/package.py
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
---------
Co-authored-by: Aditya Putta <puttaa@skiff.com>
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* doc - Dynamically document jinja builtins
This change has `ansible-doc` dynamically generate the documentation for
any Jinja builtin filter and test plugins. These dynamic stubs will
point to the official Jinja documentation pages for more information.
* Fix sanity issues
* Add tests
* Update Jinja builtin doc gen
Co-authored-by: Matt Clay <matt@mystile.com>
---------
Co-authored-by: Matt Davis <nitzmahone@redhat.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* Clean up TE error handling, wrap sigalrm handler
* Preserve error detail on AnsibleAction and Connection exceptions.
* Remove multiple layers of unreachable or redundant error handling.
* Wrap manual alarm signal/timeout handling into a context manager, add tests.
Co-authored-by: Matt Clay <matt@mystile.com>
* update error message check in test
* update test timeout message assertions
---------
Co-authored-by: Matt Clay <matt@mystile.com>
async_status and async_wrrapper now use booleans instead of 0/1 for 'thruthyness'
gather_facts also updated
Co-authored-by: 🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Matt Clay <matt@mystile.com>
Fixes the logic when running a module through App Control when the
module is not trusted to run in Full Language Mode. This ensures
coverage will still run as expected and that the trust verification only
happens in the wrappers that actually run/prepare the code.
Also expands on a comment to clarify why only that branch is set to set
the internal file encoding to UTF-8.
* Add support for Windows App Control/WDAC
Adds preview support for Windows App Control, formerly known as WDAC.
This is a tech preview feature and is designed to test out improvements
needed in future versions of Ansible.
* Use psd1 and parse it through the Ast to avoid any unexpected execution results
* Add tests for various manifest permutations
* Ignore test shebang failure
* Apply suggestions from code review
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* Use more flexible test expectations
* Add type annotations for shell functions
---------
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* ansible-test - Improve deprecated checking type inference
Also disabled the ``bad-super-call`` pylint rule due to false positives.
* Add type comment support
* Try without using register_transform
For calling setup_test_user, which adds a user to the system (and thus requiring
root):
- become
- become_su
- become_sudo
- slurp
And also:
- apt, which installs/removes system packages
- deb822_repository, which adds/removes apt repos
- hardware_facts calls losetup, which requires root
- package_facts, which installs/removes system packages
Co-authored-by: Lee Garrett <lgarrett@rocketjump.eu>
Fix the logic for a constructable inventory `keyed_groups` entry to use
the `default_value` if the ``key` expression result is `None` or `omit`
and not just an empty string. This bug was introduced with the changes
in data tagging and goes back to the original behaviour.
Co-authored-by: Sloane Hertel <19572925+s-hertel@users.noreply.github.com>
* template module - render `None` as empty string
* Update changelogs/fragments/template-none.yml
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
---------
Co-authored-by: Matt Davis <6775756+nitzmahone@users.noreply.github.com>
* remove dead config comment noise
* update `list` typed config defaults to be lists
* fix tag preservation/propagation in config
* numerous other ensure_type bugfixes
* 100% unit test coverage of ensure_type
* emit warnings on template_default failures
* fix unhandled exception in convert_bool on unhashable inputs
Co-authored-by: Matt Clay <matt@mystile.com>
---------
Co-authored-by: Matt Clay <matt@mystile.com>
* See changelog fragment for most changes.
* Defer early config warnings until display is functioning, eliminating related fallback display logic.
* Added more type annotations and docstrings.
* ansible-test - pylint sanity for deprecations improved.
* Refactored inline legacy resolutions in PluginLoader.
Co-authored-by: Matt Clay <matt@mystile.com>
* Implement TaskResult backward compatibility for callbacks
* general API cleanup
* misc deprecations
Co-authored-by: Matt Clay <matt@mystile.com>
* fix v2_on_any deprecation exclusion for base
---------
Co-authored-by: Matt Clay <matt@mystile.com>
* Fix test_range_templating on 32-bit architectures
32-bit archtectures like i386, armel, armhf will fail with the error
ansible._internal._templating._errors.AnsibleTemplatePluginRuntimeError: The
filter plugin 'ansible.builtin.random' failed: Python int too large to convert
to C ssize_t
So just pick sys.maxsize (2**31 - 1) so it works on 32 bit machines.
---------
Co-authored-by: Lee Garrett <lgarrett@rocketjump.eu>
Co-authored-by: Matt Clay <matt@mystile.com>
* Use `_UNSET` instead of allowing `ellipsis`
* Fix deprecation warning pre-check
* Deprecation warnings from modules can now be disabled.
* Deprecation warnings from modules get the "can be disabled" notice.
* Include help text in pre-display fatal errors
* Simplify lookup warning/debug messaging
* Fix return type of `timedout` test plugin
* Use `object` for `_UNSET`
* Remove obsolete `convert_data` tests
* Remove unnecessary template from test
* Improve legacy YAML objects backward compat
* Fix templar backward compat for None overrides
Paste verbatim output from `ansible-config dump --only-changed -t all` below, under the prompt line.
Paste verbatim output from `ansible-config dump --only-changed -t all` below, under the prompt line.
(if using a version older than ansible-core 2.12 you should omit the '-t all')
Remember to redact secret values. You can easily filter Galaxy server secrets using grep,
for example `ansible-config dump --only-changed -t all | grep -Ev 'token|password|client_secret'`.
Please don't wrap it with triple backticks — your
Please don't wrap it with triple backticks — your
whole input will be turned into a code snippet automatically.
whole input will be turned into a code snippet automatically.
render:console
render:console
@ -136,7 +137,7 @@ body:
attributes:
attributes:
label:Steps to Reproduce
label:Steps to Reproduce
description:|
description:|
Describe exactly how to reproduce the problem, using a minimal test-case. It would *really* help us understand your problem if you could also pased any playbooks, configs and commands you used.
Describe exactly how to reproduce the problem, using a minimal test-case. It would *really* help us understand your problem if you could also provide any playbooks, configs and commands you used.
**HINT:**You can paste https://gist.github.com links for larger files.
**HINT:**You can paste https://gist.github.com links for larger files.
This file provides guidance to Claude Code (claude.ai/code) and other compatible agentic tools when working with code in this repository.
**Note:** This file is for AI assistant use only. For human developers, see the [Ansible Developer Guide](https://docs.ansible.com/ansible-core/devel/dev_guide/index.html).
## ⚠️ IMPORTANT: Always Start Here
**BEFORE starting any PR review or development task:**
1. **Read this file first** - Don't work from memory or assumptions
2. **Use TodoWrite** to create a task list and track progress systematically
3. **Follow the numbered steps** in the relevant process sections
4. **Reference Quick Reference** for correct commands and patterns
## ⚠️ CRITICAL: Licensing Requirements
**NEVER suggest, recommend, or approve code that violates these requirements:**
- **ansible-core**: All code must be **GPLv3 compatible**
- **lib/ansible/module_utils/**: Defaults to **BSD-2-Clause** (more permissive)
- **External dependencies**: Only recommend libraries compatible with these licenses
- **PR reviews**: Always verify any new dependencies or suggested libraries are license-compatible
- **When in doubt**: Ask about licensing compatibility rather than assuming
**This is non-negotiable** - licensing violations can create serious legal issues for the project.
## Quick Reference
Most commonly used commands and patterns:
```bash
# Testing
ansible-test sanity -v --docker default # Run all sanity tests
ansible-test sanity -v --docker default --test <test> # Run specific sanity test
ansible-test units -v --docker default # Run unit tests
ansible-test integration -v --docker ubuntu2404 # Run integration tests
# PR Review and CI
gh pr view <number> # Get PR details
gh pr view <number> --comments # Check for ansibot CI failures
gh pr checks <number> # Get Azure Pipelines URLs
gh pr checkout <number> # Switch to PR branch
gh pr diff <number> # See all changes
```
**Container Selection:**
- Sanity/Unit tests: `--docker default`
- Integration tests: `--docker ubuntu2204`, `--docker ubuntu2404`, etc. (NOT default/base)
**Critical Reminders:**
- **Licensing**: See [Licensing Requirements](#️-critical-licensing-requirements) - GPLv3/BSD-2-Clause only
## Development Environment Setup
Ansible development typically uses an editable install after forking and cloning:
```bash
# After forking and cloning the repository
pip install -e .
```
**Note:** ansible-core and all CLIs (including ansible-test) require a POSIX OS. On Windows, use WSL (Windows Subsystem for Linux).
## Testing and CI
### Basic Testing Commands
```bash
# Run sanity tests - these are linting/static analysis (pylint, mypy, pep8, etc.)
- get_url - fix honoring ``filename`` from the ``content-disposition`` header even when the type is ``inline`` (https://github.com/ansible/ansible/issues/83690)
- ssh connection plugin - Support ``SSH_ASKPASS`` mechanism to provide passwords, making it the default, but still offering an explicit choice to use ``sshpass``
- Fix returning 'unreachable' for the overall task result. This prevents false positives when a looped task has unignored unreachable items (https://github.com/ansible/ansible/issues/84019).
- "dnf5 - fix installing a package using ``state=latest`` when a binary of the same name as the package is already installed (https://github.com/ansible/ansible/issues/84259)"
- "validate-modules sanity test - make sure that ``module`` and ``plugin`` ``seealso`` entries use FQCNs (https://github.com/ansible/ansible/pull/84325)."
- host_group_vars - fixed defining the 'key' variable if the get_vars method is called with cache=False (https://github.com/ansible/ansible/issues/84384)
- "dnf5 - fix ``is_installed`` check for packages that are not installed but listed as provided by an installed package (https://github.com/ansible/ansible/issues/84578)"
- linear strategy - fix executing ``end_role`` meta tasks for each host, instead of handling these as implicit run_once tasks (https://github.com/ansible/ansible/issues/84660).
- Stategy Plugins - Use of strategy plugins not provided in ``ansible.builtin`` are deprecated and do not carry any backwards compatibility guarantees going forward. A future release will remove the ability to use external strategy plugins. No alternative for third party strategy plugins is currently planned.
- ansible-test - The runtime-metadata sanity test now ignores pre-release and build identifiers in collection versions. This prevents errors if a tombstone version is ``X.0.0``, while the collection's version is ``X.0.0-prerelease`` (https://github.com/ansible/ansible/issues/85193)."
- "Fix ``AnsibleModule.human_to_bytes()``, which was never adjusted after the standalone ``human_to_bytes()`` got a new parameter ``default_unit`` (https://github.com/ansible/ansible/pull/85259)."
``ansible.builtin.pip`` - Running the built-in pip module with ``check_mode`` and packages coming from VCS URLs, archives, or local filepaths now correctly outputs the ``changed`` status of the task.
Previously, it was always reported as changed due to improper package name resolution.
- ansible_virtualization_role and ansible_virtualization_type facts - fix the detection of vms running inside FreeBSD Bhyve hypervisor and detection of jails (https://github.com/ansible/ansible/pull/85767)
- Removed deprecated ``handle_stats_and_callbacks`` parameter of the ``StrategyBase._load_included_file`` method. (https://github.com/ansible/ansible/issues/86003)
- "ansible-test validate-modules sanity test - now reports bad return value keys that cannot be used with the dot notation in Jinja expressions (https://github.com/ansible/ansible/issues/86079)."
- The ``get_platfrom()`` function from ``ansible.module_utils.basic`` is deprecated and will be removed in ansible-core 2.24. Use ``platform.system()`` from the Python standard library instead.
- The ``load_platform_subclass()`` function from ``ansible.module_utils.basic`` is deprecated and will be removed in ansible-core 2.24. Use ``get_platform_subclass()`` from ``ansible.module_utils.common.sys_info`` instead.
- The ``get_all_subclasses()`` function from ``ansible.module_utils.basic`` is deprecated and will be removed in ansible-core 2.24. Use ``get_all_subclasses()`` from ``ansible.module_utils.common._utils`` instead.
- basic - fail in controlled manner when ``run_command()`` attempts to parse a command with broken syntax passed in as a string (https://github.com/ansible/ansible/issues/85719).
Martin Krizek