rethink wording (#70028)

* rethink wording
* removed unrequired requirement
* fix tests
* fixed versions
Co-authored-by: Sloane Hertel <shertel@redhat.com>
This commit is contained in:
Brian Coca 2020-10-30 17:13:12 -04:00 committed by GitHub
parent 4fb336cef1
commit 4b673484f0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
24 changed files with 142 additions and 146 deletions

View file

@ -77,14 +77,14 @@
#stdout_callback = debug
# Ansible ships with some plugins that require whitelisting,
# Ansible ships with some plugins that require enabling
# this is done to avoid running all of a type by default.
# These setting lists those that you want enabled for your system.
# Custom plugins should not need this unless plugin author disables them
# by default.
#
# Enable callback plugins, they can output to stdout but cannot be 'stdout' type.
#callback_whitelist = timer, mail
#callback_enabled = timer, mail
# Determine whether includes in tasks and handlers are "static" by
# default. As of 2.0, includes are dynamic by default. Setting these
@ -227,7 +227,7 @@
# Set which cowsay stencil you'd like to use by default. When set to 'random',
# a random stencil will be selected for each task. The selection will be filtered
# against the `cow_whitelist` option below.
# against the `cow_enabled` option below.
#
#cow_selection = default
#cow_selection = random
@ -237,7 +237,7 @@
# NOTE: line continuations here are for formatting purposes only, as the INI parser
# in python does not support them.
#
#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
#cowsay_enabled_stencils=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www

View file

@ -144,7 +144,7 @@ class AdHocCLI(CLI):
run_tree = False
if context.CLIARGS['tree']:
C.DEFAULT_CALLBACK_WHITELIST.append('tree')
C.CALLBACKS_ENABLED.append('tree')
C.TREE_DIR = context.CLIARGS['tree']
run_tree = True

View file

@ -150,7 +150,7 @@ class ConsoleCLI(CLI, cmd.Cmd):
self._find_modules_in_path(module)
elif module.startswith('__'):
continue
elif any(module.endswith(x) for x in C.BLACKLIST_EXTS):
elif any(module.endswith(x) for x in C.REJECT_EXTS):
continue
elif module in C.IGNORE_FILES:
continue

View file

@ -32,7 +32,7 @@ from ansible.utils.collection_loader import AnsibleCollectionConfig
from ansible.utils.collection_loader._collection_finder import _get_collection_name_from_path
from ansible.utils.display import Display
from ansible.utils.plugin_docs import (
BLACKLIST,
REJECTLIST,
remove_current_collection_from_versions_and_dates,
get_docstring,
get_versioned_doclink,
@ -417,7 +417,7 @@ class DocCLI(CLI):
continue
elif os.path.isdir(full_path):
continue
elif any(plugin.endswith(x) for x in C.BLACKLIST_EXTS):
elif any(plugin.endswith(x) for x in C.REJECT_EXTS):
continue
elif plugin.startswith('__'):
continue
@ -430,7 +430,7 @@ class DocCLI(CLI):
plugin = os.path.splitext(plugin)[0] # removes the extension
plugin = plugin.lstrip('_') # remove underscore from deprecated plugins
if plugin not in BLACKLIST.get(bkey, ()):
if plugin not in REJECTLIST.get(bkey, ()):
if collection:
plugin = '%s.%s' % (collection, plugin)

View file

@ -36,15 +36,29 @@ ANSIBLE_COW_SELECTION:
env: [{name: ANSIBLE_COW_SELECTION}]
ini:
- {key: cow_selection, section: defaults}
ANSIBLE_COW_WHITELIST:
name: Cowsay filter whitelist
ANSIBLE_COW_ACCEPTLIST:
name: Cowsay filter acceptance list
default: ['bud-frogs', 'bunny', 'cheese', 'daemon', 'default', 'dragon', 'elephant-in-snake', 'elephant', 'eyes', 'hellokitty', 'kitty', 'luke-koala', 'meow', 'milk', 'moofasa', 'moose', 'ren', 'sheep', 'small', 'stegosaurus', 'stimpy', 'supermilker', 'three-eyes', 'turkey', 'turtle', 'tux', 'udder', 'vader-koala', 'vader', 'www']
description: White list of cowsay templates that are 'safe' to use, set to empty list if you want to enable all installed templates.
env: [{name: ANSIBLE_COW_WHITELIST}]
env:
- name: ANSIBLE_COW_WHITELIST
deprecated:
why: Normalizing names to new standard.
version: "2.15"
alternatives: 'ANSIBLE_COW_ACCEPTLIST'
- name: ANSIBLE_COW_ACCEPTLIST
version_added: '2.11'
ini:
- {key: cow_whitelist, section: defaults}
- key: cow_whitelist
section: defaults
deprecated:
why: Normalizing names to new standard.
version: "2.15"
alternatives: 'cowsay_enabled_stencils'
- key: cowsay_enabled_stencils
section: defaults
version_added: '2.11'
type: list
yaml: {key: display.cowsay_whitelist}
ANSIBLE_FORCE_COLOR:
name: Force color output
default: False
@ -382,7 +396,7 @@ COVERAGE_REMOTE_OUTPUT:
- {name: _ansible_coverage_remote_output}
type: str
version_added: '2.9'
COVERAGE_REMOTE_PATH_FILTER:
COVERAGE_REMOTE_PATHS:
name: Sets the list of paths to run coverage for.
description:
- A list of paths for files on the Ansible controller to run coverage for when executing on the remote host.
@ -392,8 +406,14 @@ COVERAGE_REMOTE_PATH_FILTER:
- This is for internal use only.
default: '*'
env:
- {name: _ANSIBLE_COVERAGE_REMOTE_PATH_FILTER}
type: str
- name: _ANSIBLE_COVERAGE_REMOTE_WHITELIST
deprecated:
why: Normalizing names to new standard.
version: "2.15"
alternatives: '_ANSIBLE_COVERAGE_REMOTE_PATHS'
- name: '_ANSIBLE_COVERAGE_REMOTE_PATHS'
version_added: '2.11'
type: pathlist
version_added: '2.9'
ACTION_WARNINGS:
name: Toggle action warnings
@ -548,13 +568,28 @@ DEFAULT_CACHE_PLUGIN_PATH:
ini:
- {key: cache_plugins, section: defaults}
type: pathspec
DEFAULT_CALLABLE_WHITELIST:
name: Template 'callable' whitelist
CALLABLE_ACCEPT_LIST:
name: Template 'callable' accept list
default: []
description: Whitelist of callable methods to be made available to template evaluation
env: [{name: ANSIBLE_CALLABLE_WHITELIST}]
env:
- name: ANSIBLE_CALLABLE_WHITELIST
deprecated:
why: Normalizing names to new standard.
version: "2.15"
alternatives: 'ANSIBLE_CALLABLE_ENABLED'
- name: ANSIBLE_CALLABLE_ENABLED
version_added: '2.11'
ini:
- {key: callable_whitelist, section: defaults}
- key: callable_whitelist
section: defaults
deprecated:
why: Normalizing names to new standard.
version: "2.15"
alternatives: 'callable_enabled'
- key: callable_enabled
section: defaults
version_added: '2.11'
type: list
DEFAULT_CALLBACK_PLUGIN_PATH:
name: Callback Plugins Path
@ -565,17 +600,31 @@ DEFAULT_CALLBACK_PLUGIN_PATH:
- {key: callback_plugins, section: defaults}
type: pathspec
yaml: {key: plugins.callback.path}
DEFAULT_CALLBACK_WHITELIST:
name: Callback Whitelist
CALLBACKS_ENABLED:
name: Enable callback plugins that require it.
default: []
description:
- "List of whitelisted callbacks, not all callbacks need whitelisting,
- "List of enabled callbacks, not all callbacks need enabling,
but many of those shipped with Ansible do as we don't want them activated by default."
env: [{name: ANSIBLE_CALLBACK_WHITELIST}]
env:
- name: ANSIBLE_CALLBACK_WHITELIST
deprecated:
why: Normalizing names to new standard.
version: "2.15"
alternatives: 'ANSIBLE_CALLBACKS_ENABLED'
- name: ANSIBLE_CALLBACKS_ENABLED
version_added: '2.11'
ini:
- {key: callback_whitelist, section: defaults}
- key: callback_whitelist
section: defaults
deprecated:
why: Normalizing names to new standard.
version: "2.15"
alternatives: 'callback_enabled'
- key: callbacks_enabled
section: defaults
version_added: '2.11'
type: list
yaml: {key: plugins.callback.whitelist}
DEFAULT_CLICONF_PLUGIN_PATH:
name: Cliconf Plugins Path
default: ~/.ansible/plugins/cliconf:/usr/share/ansible/plugins/cliconf
@ -1610,7 +1659,7 @@ INVENTORY_EXPORT:
type: bool
INVENTORY_IGNORE_EXTS:
name: Inventory ignore extensions
default: "{{(BLACKLIST_EXTS + ('.orig', '.ini', '.cfg', '.retry'))}}"
default: "{{(REJECT_EXTS + ('.orig', '.ini', '.cfg', '.retry'))}}"
description: List of extensions to ignore when using a directory as an inventory source
env: [{name: ANSIBLE_INVENTORY_IGNORE}]
ini:
@ -1672,10 +1721,10 @@ INJECT_FACTS_AS_VARS:
version_added: "2.5"
MODULE_IGNORE_EXTS:
name: Module ignore extensions
default: "{{(BLACKLIST_EXTS + ('.yaml', '.yml', '.ini'))}}"
default: "{{(REJECT_EXTS + ('.yaml', '.yml', '.ini'))}}"
description:
- List of extensions to ignore when looking for modules to load
- This is for blacklisting script and binary module fallback extensions
- This is for rejecting script and binary module fallback extensions
env: [{name: ANSIBLE_MODULE_IGNORE_EXTS}]
ini:
- {key: module_ignore_exts, section: defaults}
@ -1905,7 +1954,7 @@ USE_PERSISTENT_CONNECTIONS:
- {key: use_persistent_connections, section: defaults}
type: boolean
VARIABLE_PLUGINS_ENABLED:
name: Vars plugin whitelist
name: Vars plugin enabled list
default: ['host_group_vars']
description: Whitelist for variable plugins that require it.
env: [{name: ANSIBLE_VARS_ENABLED}]

View file

@ -60,7 +60,7 @@ class _DeprecatedSequenceConstant(Sequence):
# CONSTANTS ### yes, actual ones
BLACKLIST_EXTS = ('.pyc', '.pyo', '.swp', '.bak', '~', '.rpm', '.md', '.txt', '.rst')
REJECT_EXTS = ('.pyc', '.pyo', '.swp', '.bak', '~', '.rpm', '.md', '.txt', '.rst')
BOOL_TRUE = BOOLEANS_TRUE
COLLECTION_PTYPE_COMPAT = {'module': 'modules'}
DEFAULT_BECOME_PASS = None

View file

@ -340,8 +340,8 @@ def _create_powershell_wrapper(b_module_data, module_path, module_args,
finder.scan_exec_script('coverage_wrapper')
coverage_manifest['output'] = coverage_output
coverage_path_filter = C.config.get_config_value('COVERAGE_REMOTE_PATH_FILTER', variables=task_vars)
coverage_manifest['path_filter'] = coverage_path_filter
coverage_enabled = C.config.get_config_value('COVERAGE_REMOTE_PATHS', variables=task_vars)
coverage_manifest['path_filter'] = coverage_enabled
# make sure Ansible.ModuleUtils.AddType is added if any C# utils are used
if len(finder.cs_utils_wrapper) > 0 or len(finder.cs_utils_module) > 0:

View file

@ -174,8 +174,8 @@ class TaskQueueManager:
# get all configured loadable callbacks (adjacent, builtin)
callback_list = list(callback_loader.all(class_only=True))
# add whitelisted callbacks that refer to collections, which might not appear in normal listing
for c in C.DEFAULT_CALLBACK_WHITELIST:
# add enabled callbacks that refer to collections, which might not appear in normal listing
for c in C.CALLBACKS_ENABLED:
# load all, as collection ones might be using short/redirected names and not a fqcn
plugin = callback_loader.get(c, class_only=True)
@ -191,7 +191,7 @@ class TaskQueueManager:
for callback_plugin in callback_list:
callback_type = getattr(callback_plugin, 'CALLBACK_TYPE', '')
callback_needs_whitelist = getattr(callback_plugin, 'CALLBACK_NEEDS_WHITELIST', False)
callback_needs_enabled = getattr(callback_plugin, 'CALLBACK_NEEDS_ENABLED', getattr(callback_plugin, 'CALLBACK_NEEDS_WHITELIST', False))
# try to get colleciotn world name first
cnames = getattr(callback_plugin, '_redirected_names', [])
@ -212,10 +212,10 @@ class TaskQueueManager:
elif callback_name == 'tree' and self._run_tree:
# TODO: remove special case for tree, which is an adhoc cli option --tree
pass
elif not self._run_additional_callbacks or (callback_needs_whitelist and (
elif not self._run_additional_callbacks or (callback_needs_enabled and (
# only run if not adhoc, or adhoc was specifically configured to run + check enabled list
C.DEFAULT_CALLBACK_WHITELIST is None or callback_name not in C.DEFAULT_CALLBACK_WHITELIST)):
# 2.x plugins shipped with ansible should require whitelisting, older or non shipped should load automatically
C.CALLBACKS_ENABLED is None or callback_name not in C.CALLBACKS_ENABLED)):
# 2.x plugins shipped with ansible should require enabling, older or non shipped should load automatically
continue
try:

View file

@ -86,8 +86,8 @@ options:
remote_src:
description:
- Influence whether C(src) needs to be transferred or already is present remotely.
- If C(no), it will search for C(src) at originating/master machine.
- If C(yes) it will go to the remote/target machine for the C(src).
- If C(no), it will search for C(src) on the controller node.
- If C(yes) it will search for C(src) on the managed (remote) node.
- C(remote_src) supports recursive copying as of version 2.8.
- C(remote_src) only works with C(mode=preserve) as of version 2.6.
type: bool

View file

@ -39,7 +39,7 @@ options:
required: true
copy:
description:
- If true, the file is copied from local 'master' to the target machine, otherwise, the plugin will look for src archive at the target machine.
- If true, the file is copied from local controller to the managed (remote) node, otherwise, the plugin will look for src archive on the managed machine.
- This option has been deprecated in favor of C(remote_src).
- This option is mutually exclusive with C(remote_src).
type: bool

View file

@ -149,8 +149,8 @@ options:
version_added: '2.7'
remote_src:
description:
- If C(no), the module will search for src on originating/master machine.
- If C(yes) the module will use the C(src) path on the remote/target machine.
- If C(no), the module will search for the C(src) on the controller node.
- If C(yes), the module will search for the C(src) on the managed (remote) node.
type: bool
default: no
version_added: '2.7'

View file

@ -150,7 +150,7 @@ class CallbackModule(CallbackBase):
CALLBACK_VERSION = 2.0
CALLBACK_TYPE = 'aggregate'
CALLBACK_NAME = 'junit'
CALLBACK_NEEDS_WHITELIST = True
CALLBACK_NEEDS_ENABLED = True
def __init__(self):
super(CallbackModule, self).__init__()

View file

@ -44,7 +44,7 @@ class CallbackModule(CallbackBase):
CALLBACK_VERSION = 2.0
CALLBACK_TYPE = 'aggregate'
CALLBACK_NAME = 'tree'
CALLBACK_NEEDS_WHITELIST = True
CALLBACK_NEEDS_ENABLED = True
def set_options(self, task_keys=None, var_options=None, direct=None):
''' override to set self.tree '''

View file

@ -112,7 +112,7 @@ def safe_eval(expr, locals=None, include_exceptions=False):
for test in test_loader.all():
test_list.extend(test.tests().keys())
CALL_WHITELIST = C.DEFAULT_CALLABLE_WHITELIST + filter_list + test_list
CALL_ENABLED = C.CALLABLE_ACCEPT_LIST + filter_list + test_list
class CleansingNodeVisitor(ast.NodeVisitor):
def generic_visit(self, node, inside_call=False):
@ -124,7 +124,7 @@ def safe_eval(expr, locals=None, include_exceptions=False):
# Disallow calls to builtin functions that we have not vetted
# as safe. Other functions are excluded by setting locals in
# the call to eval() later on
if hasattr(builtins, node.id) and node.id not in CALL_WHITELIST:
if hasattr(builtins, node.id) and node.id not in CALL_ENABLED:
raise Exception("invalid function: %s" % node.id)
# iterate over all child nodes
for child_node in ast.iter_child_nodes(node):

View file

@ -226,8 +226,8 @@ class Display(with_metaclass(Singleton, object)):
cmd = subprocess.Popen([self.b_cowsay, "-l"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(out, err) = cmd.communicate()
self.cows_available = set([to_text(c) for c in out.split()])
if C.ANSIBLE_COW_WHITELIST and any(C.ANSIBLE_COW_WHITELIST):
self.cows_available = set(C.ANSIBLE_COW_WHITELIST).intersection(self.cows_available)
if C.ANSIBLE_COW_ACCEPTLIST and any(C.ANSIBLE_COW_ACCEPTLIST):
self.cows_available = set(C.ANSIBLE_COW_ACCEPTLIST).intersection(self.cows_available)
except Exception:
# could not execute cowsay for some reason
self.b_cowsay = False

View file

@ -18,7 +18,7 @@ display = Display()
# modules that are ok that they do not have documentation strings
BLACKLIST = {
REJECTLIST = {
'MODULE': frozenset(('async_wrapper',)),
'CACHE': frozenset(('base',)),
}

View file

@ -16,7 +16,6 @@ class CallbackModule(CallbackBase):
CALLBACK_VERSION = 2.0
CALLBACK_TYPE = 'aggregate'
CALLBACK_NAME = 'usercallback'
CALLBACK_NEEDS_WHITELIST = True
def __init__(self):

View file

@ -1,46 +0,0 @@
# Copyright 2019 RedHat, inc
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#############################################
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
DOCUMENTATION = '''
vars: vars_req_whitelist
version_added: "2.10"
short_description: load host and group vars
description: test loading host and group vars from a collection
options:
stage:
choices: ['all', 'inventory', 'task']
type: str
ini:
- key: stage
section: vars_req_whitelist
env:
- name: ANSIBLE_VARS_PLUGIN_STAGE
'''
from ansible.plugins.vars import BaseVarsPlugin
class VarsModule(BaseVarsPlugin):
REQUIRES_WHITELIST = True
def get_vars(self, loader, path, entities, cache=True):
super(VarsModule, self).get_vars(loader, path, entities)
return {'whitelisted': True, 'collection': False}

View file

@ -14,22 +14,23 @@ export INVENTORY_PATH="$ipath"
echo "--- validating callbacks"
# validate FQ callbacks in ansible-playbook
ANSIBLE_CALLBACK_WHITELIST=testns.testcoll.usercallback ansible-playbook noop.yml | grep "usercallback says ok"
ANSIBLE_CALLBACKS_ENABLED=testns.testcoll.usercallback ansible-playbook noop.yml | grep "usercallback says ok"
# use adhoc for the rest of these tests, must force it to load other callbacks
export ANSIBLE_LOAD_CALLBACK_PLUGINS=1
# validate redirected callback
ANSIBLE_CALLBACK_WHITELIST=formerly_core_callback ansible localhost -m debug 2>&1 | grep -- "usercallback says ok"
ANSIBLE_CALLBACKS_ENABLED=formerly_core_callback ansible localhost -m debug 2>&1 | grep -- "usercallback says ok"
## validate missing redirected callback
ANSIBLE_CALLBACK_WHITELIST=formerly_core_missing_callback ansible localhost -m debug 2>&1 | grep -- "Skipping callback plugin 'formerly_core_missing_callback'"
ANSIBLE_CALLBACKS_ENABLED=formerly_core_missing_callback ansible localhost -m debug 2>&1 | grep -- "Skipping callback plugin 'formerly_core_missing_callback'"
## validate redirected + removed callback (fatal)
ANSIBLE_CALLBACK_WHITELIST=formerly_core_removed_callback ansible localhost -m debug 2>&1 | grep -- "testns.testcoll.removedcallback has been removed"
ANSIBLE_CALLBACKS_ENABLED=formerly_core_removed_callback ansible localhost -m debug 2>&1 | grep -- "testns.testcoll.removedcallback has been removed"
# validate avoiding duplicate loading of callback, even if using diff names
[ "$(ANSIBLE_CALLBACK_WHITELIST=testns.testcoll.usercallback,formerly_core_callback ansible localhost -m debug 2>&1 | grep -c 'usercallback says ok')" = "1" ]
[ "$(ANSIBLE_CALLBACKS_ENABLED=testns.testcoll.usercallback,formerly_core_callback ansible localhost -m debug 2>&1 | grep -c 'usercallback says ok')" = "1" ]
# ensure non existing callback does not crash ansible
ANSIBLE_CALLBACK_WHITELIST=charlie.gomez.notme ansible localhost -m debug 2>&1 | grep -- "Skipping callback plugin 'charlie.gomez.notme'"
ANSIBLE_CALLBACKS_ENABLED=charlie.gomez.notme ansible localhost -m debug 2>&1 | grep -- "Skipping callback plugin 'charlie.gomez.notme'"
unset ANSIBLE_LOAD_CALLBACK_PLUGINS
# adhoc normally shouldn't load non-default plugins- let's be sure
output=$(ANSIBLE_CALLBACK_WHITELIST=testns.testcoll.usercallback ansible localhost -m debug)
output=$(ANSIBLE_CALLBACK_ENABLED=testns.testcoll.usercallback ansible localhost -m debug)
if [[ "${output}" =~ "usercallback says ok" ]]; then echo fail; exit 1; fi
echo "--- validating docs"

View file

@ -2,7 +2,7 @@
set -eux
# Collections vars plugins must be whitelisted with FQCN because PluginLoader.all() does not search collections
# Collections vars plugins must be enabled using the FQCN in the 'enabled' list, because PluginLoader.all() does not search collections
# Let vars plugins run for inventory by using the global setting
export ANSIBLE_RUN_VARS_PLUGINS=start
@ -33,7 +33,7 @@ grep '"collection": "collection_root_user"' out.txt
grep '"adj_var": "value"' out.txt
grep -v '"collection": "adjacent"' out.txt
# Test that 3rd party plugins in plugin_path do not need to require whitelisting by default
# Test that 3rd party plugins in plugin_path do not need to require enabling by default
# Plugins shipped with Ansible and in the custom plugin dir should be used first
export ANSIBLE_VARS_PLUGINS=./custom_vars_plugins
@ -42,15 +42,11 @@ ansible-inventory -i a.statichost.yml --list --playbook-dir=./ | tee out.txt
grep '"name": "v2_vars_plugin"' out.txt
grep '"collection": "collection_root_user"' out.txt
grep '"adj_var": "value"' out.txt
grep -v '"whitelisted": true' out.txt
# Test plugins in plugin paths that opt-in to require whitelisting
# Test plugins in plugin paths that opt-in to require enabling
unset ANSIBLE_VARS_ENABLED
unset ANSIBLE_COLLECTIONS_PATH
ANSIBLE_VARS_ENABLED=vars_req_whitelist ansible-inventory -i a.statichost.yml --list --playbook-dir=./ | tee out.txt
grep '"whitelisted": true' out.txt
# Test vars plugins that support the stage setting don't run for inventory when stage is set to 'task'
# and that the vars plugins that don't support the stage setting don't run for inventory when the global setting is 'demand'
@ -58,7 +54,6 @@ ANSIBLE_VARS_PLUGIN_STAGE=task ansible-inventory -i a.statichost.yml --list --pl
grep -v '"v1_vars_plugin": true' out.txt
grep -v '"v2_vars_plugin": true' out.txt
grep -v '"vars_req_whitelist": true' out.txt
grep -v '"collection": "adjacent"' out.txt
grep -v '"collection": "collection_root_user"' out.txt
grep -v '"adj_var": "value"' out.txt
@ -66,7 +61,6 @@ grep -v '"adj_var": "value"' out.txt
# Test that the global setting allows v1 and v2 plugins to run after importing inventory
ANSIBLE_RUN_VARS_PLUGINS=start ansible-inventory -i a.statichost.yml --list --playbook-dir=./ | tee out.txt
grep -v '"vars_req_whitelist": true' out.txt
grep '"v1_vars_plugin": true' out.txt
grep '"v2_vars_plugin": true' out.txt
grep '"name": "v2_vars_plugin"' out.txt

View file

@ -42,7 +42,7 @@
- name: Verify lookup_config
assert:
that:
- '"meow" in lookup("config", "ANSIBLE_COW_WHITELIST")'
- '"meow" in lookup("config", "ANSIBLE_COW_ACCEPTLIST")'
- lookup_config_1 is failed
- '"Unable to find setting" in lookup_config_1.msg'
- lookup_config_2 is failed

View file

@ -41,10 +41,9 @@ import yaml
from ansible import __version__ as ansible_version
from ansible.executor.module_common import REPLACER_WINDOWS
from ansible.module_utils.common._collections_compat import Mapping
from ansible.module_utils._text import to_native
from ansible.plugins.loader import fragment_loader
from ansible.utils.collection_loader._collection_finder import _AnsibleCollectionFinder
from ansible.utils.plugin_docs import BLACKLIST, add_collection_to_versions_and_dates, add_fragments, get_docstring
from ansible.utils.plugin_docs import REJECTLIST, add_collection_to_versions_and_dates, add_fragments, get_docstring
from ansible.utils.version import SemanticVersion
from .module_args import AnsibleModuleImportError, AnsibleModuleNotInitialized, get_argument_spec
@ -65,11 +64,11 @@ if PY3:
else:
TRY_EXCEPT = ast.TryExcept
BLACKLIST_DIRS = frozenset(('.git', 'test', '.github', '.idea'))
REJECTLIST_DIRS = frozenset(('.git', 'test', '.github', '.idea'))
INDENT_REGEX = re.compile(r'([\t]*)')
TYPE_REGEX = re.compile(r'.*(if|or)(\s+[^"\']*|\s+)(?<!_)(?<!str\()type\([^)].*')
SYS_EXIT_REGEX = re.compile(r'[^#]*sys.exit\s*\(.*')
BLACKLIST_IMPORTS = {
REJECTLIST_IMPORTS = {
'requests': {
'new_only': True,
'error': {
@ -236,23 +235,23 @@ class Validator(with_metaclass(abc.ABCMeta, object)):
class ModuleValidator(Validator):
BLACKLIST_PATTERNS = ('.git*', '*.pyc', '*.pyo', '.*', '*.md', '*.rst', '*.txt')
BLACKLIST_FILES = frozenset(('.git', '.gitignore', '.travis.yml',
'shippable.yml',
'.gitattributes', '.gitmodules', 'COPYING',
'__init__.py', 'VERSION', 'test-docs.sh'))
BLACKLIST = BLACKLIST_FILES.union(BLACKLIST['MODULE'])
REJECTLIST_PATTERNS = ('.git*', '*.pyc', '*.pyo', '.*', '*.md', '*.rst', '*.txt')
REJECTLIST_FILES = frozenset(('.git', '.gitignore', '.travis.yml',
'shippable.yml',
'.gitattributes', '.gitmodules', 'COPYING',
'__init__.py', 'VERSION', 'test-docs.sh'))
REJECTLIST = REJECTLIST_FILES.union(REJECTLIST['MODULE'])
PS_DOC_BLACKLIST = frozenset((
PS_DOC_REJECTLIST = frozenset((
'async_status.ps1',
'slurp.ps1',
'setup.ps1'
))
PS_ARG_VALIDATE_BLACKLIST = frozenset((
'win_dsc.ps1', # win_dsc is a dynamic arg spec, the docs won't ever match
))
WHITELIST_FUTURE_IMPORTS = frozenset(('absolute_import', 'division', 'print_function'))
# win_dsc is a dynamic arg spec, the docs won't ever match
PS_ARG_VALIDATE_REJECTLIST = frozenset(('win_dsc.ps1', ))
ACCEPTLIST_FUTURE_IMPORTS = frozenset(('absolute_import', 'division', 'print_function'))
def __init__(self, path, analyze_arg_spec=False, collection=None, collection_version=None,
base_branch=None, git_cache=None, reporter=None, routing=None):
@ -360,7 +359,7 @@ class ModuleValidator(Validator):
# allowed from __future__ imports
if isinstance(child, ast.ImportFrom) and child.module == '__future__':
for future_import in child.names:
if future_import.name not in self.WHITELIST_FUTURE_IMPORTS:
if future_import.name not in self.ACCEPTLIST_FUTURE_IMPORTS:
break
else:
continue
@ -509,7 +508,7 @@ class ModuleValidator(Validator):
names.extend(grandchild.names)
for name in names:
# TODO: Add line/col
for blacklist_import, options in BLACKLIST_IMPORTS.items():
for blacklist_import, options in REJECTLIST_IMPORTS.items():
if re.search(blacklist_import, name.name):
new_only = options['new_only']
if self._is_new_module() and new_only:
@ -696,12 +695,12 @@ class ModuleValidator(Validator):
if isinstance(child, ast.ImportFrom) and child.module == '__future__':
# allowed from __future__ imports
for future_import in child.names:
if future_import.name not in self.WHITELIST_FUTURE_IMPORTS:
if future_import.name not in self.ACCEPTLIST_FUTURE_IMPORTS:
self.reporter.error(
path=self.object_path,
code='illegal-future-imports',
msg=('Only the following from __future__ imports are allowed: %s'
% ', '.join(self.WHITELIST_FUTURE_IMPORTS)),
% ', '.join(self.ACCEPTLIST_FUTURE_IMPORTS)),
line=child.lineno
)
break
@ -818,7 +817,7 @@ class ModuleValidator(Validator):
)
def _find_ps_docs_py_file(self):
if self.object_name in self.PS_DOC_BLACKLIST:
if self.object_name in self.PS_DOC_REJECTLIST:
return
py_path = self.path.replace('.ps1', '.py')
if not os.path.isfile(py_path):
@ -2104,10 +2103,10 @@ class ModuleValidator(Validator):
if file_name.startswith('_') and os.path.islink(path):
return True
if not frozenset((base_name, file_name)).isdisjoint(ModuleValidator.BLACKLIST):
if not frozenset((base_name, file_name)).isdisjoint(ModuleValidator.REJECTLIST):
return True
for pat in ModuleValidator.BLACKLIST_PATTERNS:
for pat in ModuleValidator.REJECTLIST_PATTERNS:
if fnmatch(base_name, pat):
return True
@ -2200,7 +2199,7 @@ class ModuleValidator(Validator):
self._check_for_os_call()
if self._powershell_module():
if self.basename in self.PS_DOC_BLACKLIST:
if self.basename in self.PS_DOC_REJECTLIST:
return
self._validate_ps_replacers()
@ -2208,7 +2207,7 @@ class ModuleValidator(Validator):
# We can only validate PowerShell arg spec if it is using the new Ansible.Basic.AnsibleModule util
pattern = r'(?im)^#\s*ansiblerequires\s+\-csharputil\s*Ansible\.Basic'
if re.search(pattern, self.text) and self.object_name not in self.PS_ARG_VALIDATE_BLACKLIST:
if re.search(pattern, self.text) and self.object_name not in self.PS_ARG_VALIDATE_REJECTLIST:
with ModuleValidator(docs_path, base_branch=self.base_branch, git_cache=self.git_cache) as docs_mv:
docs = docs_mv._validate_docs()[1]
self._validate_ansible_module_call(docs)
@ -2228,7 +2227,7 @@ class ModuleValidator(Validator):
class PythonPackageValidator(Validator):
BLACKLIST_FILES = frozenset(('__pycache__',))
REJECTLIST_FILES = frozenset(('__pycache__',))
def __init__(self, path, reporter=None):
super(PythonPackageValidator, self).__init__(reporter=reporter or Reporter())
@ -2247,7 +2246,7 @@ class PythonPackageValidator(Validator):
def validate(self):
super(PythonPackageValidator, self).validate()
if self.basename in self.BLACKLIST_FILES:
if self.basename in self.REJECTLIST_FILES:
return
init_file = os.path.join(self.path, '__init__.py')
@ -2343,10 +2342,10 @@ def run():
for root, dirs, files in os.walk(module):
basedir = root[len(module) + 1:].split('/', 1)[0]
if basedir in BLACKLIST_DIRS:
if basedir in REJECTLIST_DIRS:
continue
for dirname in dirs:
if root == module and dirname in BLACKLIST_DIRS:
if root == module and dirname in REJECTLIST_DIRS:
continue
path = os.path.join(root, dirname)
if args.exclude and args.exclude.search(path):

View file

@ -1434,7 +1434,7 @@ def integration_environment(args, target, test_dir, inventory_path, ansible_conf
integration = dict(
JUNIT_OUTPUT_DIR=ResultType.JUNIT.path,
ANSIBLE_CALLBACK_WHITELIST=','.join(sorted(set(callback_plugins))),
ANSIBLE_CALLBACK_ENABLED=','.join(sorted(set(callback_plugins))),
ANSIBLE_TEST_CI=args.metadata.ci_provider or get_ci_provider().code,
ANSIBLE_TEST_COVERAGE='check' if args.coverage_check else ('yes' if args.coverage else ''),
OUTPUT_DIR=test_dir,

View file

@ -394,7 +394,7 @@ def get_coverage_environment(args, target_name, version, temp_path, module_cover
# is responsible for adding '={language version}=coverage.{hostname}.{pid}.{id}'
env['_ANSIBLE_COVERAGE_REMOTE_OUTPUT'] = os.path.join(remote_temp_path, '%s=%s=%s' % (
args.command, target_name, args.coverage_label or 'remote'))
env['_ANSIBLE_COVERAGE_REMOTE_PATH_FILTER'] = os.path.join(data_context().content.root, '*')
env['_ANSIBLE_COVERAGE_REMOTE_PATHS'] = os.path.join(data_context().content.root, '*')
return env