Since Ansible 2.9.8, if the fileglob plugin is passed a path containing
a subdirectory of a non-existent directory, it will fail. For example:
lookup('fileglob', '/'): ok
lookup('fileglob', '/foo'): (non-existent): ok
lookup('fileglob', '/foo/bar'): (non-existent): FAIL
The exact error depends on Python 2 or 3, but here is the error on
Python 2:
AttributeError: 'NoneType' object has no attribute 'endswith'
And on Python 3:
TypeError: expected str, bytes or os.PathLike object, not NoneType
This change fixes the issue by skipping paths that are falsey before
passing them to os.path.join().
Fixes: #69450
Change:
Adds Fedora 32 to shippable and alters tests slightly for new Fedora.
Test Plan:
CI
Tickets:
Fixes#69230
Co-authored-by: Matt Clay <matt@mystile.com>
* Metadata defaults were not being set if only a few fields were missing.
* ansible-doc with no documentation and no status in metadata should
return empty, just like if there was no documentation and no metadata
at all.
* Do not pass file mode during recursive copy on symlink files.
The 'file' module cannot deal with mode=preserve. Do not pass that
mode to the module when 'preserve' is used.
* Fix changelog fragment filename
Change:
We were only testing dnf on RHEL previously.
Test on CentOS 8 as well.
Test Plan:
Ran locally in docker.
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
Extend the logic for custom error handling in the dnf module, so that on
newer DNF (such as DNF that ships with modern Fedora 31 container
images, and ships with RHEL 8.2) we report errors consistently with
older DNF.
Test Plan:
Ran dnf integration tests against an old Fedora 31 container image and a
brand new Fedora 32 container image; tess passed on both.
Signed-off-by: Rick Elrod <rick@elrod.me>
* Make sure collection is a list if a str is given
* Call field validation early on collections
Because we are doing work on modifying the collections value before
it is actually validated, we can validate it ourselves early to make
sure the user supplies either a string or list. Dicts are not valid.
The new validation allows us to simplify the _ensure_default_collection()
function. And since the field is now static, we no longer need to specify
a default for it, which also allows us to simplify the function. Since
the default is now removed, we can also remove the sanity/ignore.txt entry
for collectionsearch.py.
New unit tests are added (and the existing one modified) that allow us to
make sure that we throw a parser error if a user specifies something other
than a string or list for the collections value everywhere it can be specified.
* Revert removing the collection default
The default is actually used, so restore it.
* Fix unit tests in test_helpers.py affected by early collection validation
This patch covers a few changes to get the yum test case working on ppc64le
CentOS. Specifically we needed to enable the EPEL repository on CentOS
as well as ensure some of the architecture-specific tasks use the right
set of binaries during their test.
Currently if virtualenv_command has arguments, then the
search for the binary in the path does not work so the
user has to specify the full path to it.
To allow arguments to be used without having to specify
the path to the binary, we split the module argument into
the command and anything after the first space.
This makes using this module argument more flexible and
user friendly.
Fixes: #52275
Change:
Rather than hardcoding .pyo and .pyc, filter on all BLACKLIST_EXTS in
the non-legacy logic of PluginLoader (_find_fq_plugin). The two harcoded
extensions are part of BLACKLIST_EXTS already and this simply adds the
rest of the blacklisted extensions to the check.
In addition, check .endswith() instead of an exact match of the suffix,
like everywhere else that uses BLACKLIST_EXTS. This allows for
blacklisting, for example, emacs's backup files which can appear after
any extension, leading to things like `foo.py~`.
Test Plan:
Ran `ansible-playbook` against a collection where a `foo.py~` module was
getting executed instead of `foo.py` which also appeared in the same
directory. `foo.py~` is no longer executed.
Tickets:
Fixes#22268
Refs #27235
Signed-off-by: Rick Elrod <rick@elrod.me>
* Allow a collection role to call a standalone role by default. Fixes#69101
* tweaked changelog text
* Guard against NoneType
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
* update ActionBase._low_level_execute_command to honor executable
* adding changelog fragment
* renaming changelog fragment to .yml
* noop change to bump shippable
* adding raw_executable integration test
* copying aliases from raw
* removing blank lines
* skipping aix and freebsd
* noop to bump shippable
* moving tests to raw/
* removing become_method: sudo ; it doesn't work on AIX
* removing trailing blank line
* forcing become_method: su to try to get AIX to work
Co-authored-by: Rob Wagner <rob.wagner@sas.com>
Change:
New `cryptography` statically links an openssl that is too new for macOS
10.11, so limit to an older cryptography for now.
Test Plan:
Ran the test with `--remote osx/10.11` and it passed.
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
Adds some missing coverage for the copy module when `check_mode: True`.
Test Plan:
Ran test with --coverage and looked at the resulting report.
Signed-off-by: Rick Elrod <rick@elrod.me>
* Enable service integration tests for FreeBSD
Change:
Adds necessary rc file for freebsd, and gets tests passing for it.
Test Plan:
Ran test with `--remote freebsd/12.1` and `--remote freebsd/11.1`. Both
passed.
Signed-off-by: Rick Elrod <rick@elrod.me>
* Update test/integration/targets/service/tasks/rc_setup.yml
Co-Authored-By: Matt Clay <matt@mystile.com>
* fix up comment
Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Matt Clay <matt@mystile.com>
With https://github.com/pallets/jinja/pull/1190 merged our short-circuit
is no longer valid (has it ever been?) as now data like ' True ' may go
through our ansible_native_concat function as opposed to going through
intermediate call to Jinja2's native_concat before. Now we need to always
send data through literal_eval to ensure native types are returned.
* Testing: Add CentOS Linux On Power platform
* Add arch designation to remotes.
This avoids overloading the provider with the arch.
Also add a changelog entry.
Co-authored-by: Matt Clay <matt@mystile.com>
* ansible-galaxy - fix listing specific role
If the role was not in the first search path, it was reported as not found
* Properly display role description
Default to description to top level description, falling back to the description from within galaxy_info
* Display proper message when a role does not exist
* Add integration tests
* Use context manager
* BSD and macOS ruining all the fun
* subversion module - provide password securely with svn command line option --password-from-stdin when possible, and provide a warning otherwise.
* Update lib/ansible/modules/source_control/subversion.py.
* Add a test.
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Update docker.txt to use the OpenSUSE 15.1 container image
Signed-off-by: Rick Elrod <rick@elrod.me>
* handle installing mysql on suse
Signed-off-by: Rick Elrod <rick@elrod.me>
* add changelog fragment
Signed-off-by: Rick Elrod <rick@elrod.me>
* Update changelogs/fragments/ansible-test-opensuse-15.1.yml
Co-Authored-By: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* Update tests to use RHEL 7.8.
Keeping support for RHEL 7.6 since collections are still using it.
* Fix tests for RHEL 7.7+ due to extras repo name change.
* fixed fetch traversal from slurp
* ignore slurp result for dest
* fixed naming when source is relative
* fixed bug in local connection plugin
* added tests with fake slurp
* moved existing role tests into runme.sh
* normalized on action excepts
* moved dest transform down to when needed
* added is_subpath check
* fixed bug in local connection
fixes#67793
CVE-2019-3828
* Allow tasks to notify a fqcn handler name
* Add tests. Fixes#68181
* Add changelog fragment
* Add test to ensure handlers are deduped properly with fqcn, role, and just handler names
* Add some docs about new special vars
* Allow custom inventory plugins and cache plugins
If _load_name is not set correctly the cache plugin can't load the documentation (which is also the arg spec)
Fix the existing inventory plugin in the collections tests
Add integration tests for using a cache plugin in a collection
* Set the attribute on the instance instead of the class
Deprecate importing custom CacheModules directly - they should use the cache_loader
* Add some more test coverage for unarchive
This moves over (and slightly extends) coverage which was found in
incidental_flatpak_remote.
Signed-off-by: Rick Elrod <rick@elrod.me>
* add a group for testing too, user creation does not mean group creation on all platforms
Signed-off-by: Rick Elrod <rick@elrod.me>
* update the test group assert
Signed-off-by: Rick Elrod <rick@elrod.me>
* Fix style
Signed-off-by: Rick Elrod <rick@elrod.me>
* block/always
Signed-off-by: Rick Elrod <rick@elrod.me>
* fix vault tmpe file handling
* use local temp dir instead of system temp
* ensure each worker clears dataloader temp files
* added test for dangling temp files
* added notes to data loader
CVE-2020-10685
* Remove some unreachable code in the file module
Remove some cases in file.py which are covered by conditionals a few
lines earlier. Remove the duplicate code which will never be hit.
Signed-off-by: Rick Elrod <rick@elrod.me>
* Restore incidental file coverage from timezone module
Signed-off-by: Rick Elrod <rick@elrod.me>
* Combine two conditionals, add a changelog entry
Signed-off-by: Rick Elrod <rick@elrod.me>
* Make new test syntax consistent, add two stat tests
Signed-off-by: Rick Elrod <rick@elrod.me>
* Support pre-releases via new SemanticVersion. Fixes#64905
* Don't treat buildmeta as prerelease
* Don't inherit from str and int
* Add helper method to try and construct a SemanticVersion from a LooseVersion
* Don't count major 0 as pre-release, it's different
* Guard against invalid or no version in LooseVersion
* return a bool
* Add integration tests for pre-release
* Fix up lingering issues with comparisons
* typo fix
* Always allow pre-releases in verify
* Move pre-release filtering into CollectionRequirement, add messaging when a collection only contains pre-releases
* Update changelog
* If explicit requirement allow pre releases
* Enable pre-releases for tar installs, and collections already installed when they are pre-releases
* Drop --pre-release alias, make arg name more clear
* Simplify code into a single line
* Remove build metadata precedence, add some comments, and is_stable helper
* Improve from_loose_version
* Increase test coverage
* linting fix
* Update changelog
* Rename `tests` test to match plugin type.
* Rename `test_infra` test to avoid confusion.
This test target is not a test for test plugins.
* Rename `vars_prompt` test to avoid confusion.
* Update sanity ignores.
* Address compat issue for collection loading on py26
* Move import_module shim to utils for compat across the codebase
* Enable collection tests on py2.6
* Update changelog fragment
* Simplify code using sys.moduls
* Move compat to module_utils/compat/importlib
* Add back errantly deleted newline
* Remove hack comment
Co-Authored-By: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* Create a dedicated windows-minimal test target.
The windows-minimal target is a copy of the win_ping test, taking the place of that test as the windows minimal test run on multiple python versions.
It includes a private copy of the win_ping module so it will work after migration.
This will keep tests passing during the migration prep process.
* Update sanity ignores.
* Split fallaxy tests into their own group.
This keeps expected pass/fail tests separate during migration prep.
* Move network tests down in matrix.
This will help keep pass/fail tests grouped together during migration prep.
* Group all incidental tests together.
This will keep pass/fail tests separate leading up to migration.
* win_timezone - Allow for _dstoff timezones
* Update win_timezone-Allow-dstoff.yml
* Added doc entry for new format
Co-authored-by: Jordan Borean <jborean93@gmail.com>
* Added nxos_lldp_interfaces module
* Linting
* Added RTT, resolved shippable errors
* Added new states
* New states edit
* Updated states
* Updated tests
* Show all interfaces in facts
* Test changes
* Added unit tests
* Linting
* Handled portchannel failing condition
* ansible-galaxy - optimise some paths and use fake galaxy int tests
* Added init, built, and publish tests
* Test against both mocked Galaxy and AH server
* Finish off writing the install tests
* Fix up broken tests
* Rename test target and add migrated tests
* Use cloud provider for Galaxy implementation
* Added blank static config
* Use correct alias group
* Set release version and fix copy typo
* Remove reset step as it is no longer needed
* Use sane env var names for test container name
* reworked sqs_queue
* Switch default purge_tags behaviour to false.
This matches the behaviour of ec2_tag and ecs_tag.
* Minor lint / review fixups
* Add missing AWS IAM policy for SQS tests
* Move integration tests to using module_defaults: group/aws:...
* add changelog
* Break out the 'compatability' map from our spec definition (gets flagged by the schema validation)
* Tweaks based on review
* add basic examples
* Lint fixups
* Switch out NonExistentQueue logic so it's easier to follow
* Reorder name argument options for consistency
Co-authored-by: Dennis Podkovyrin <dennis.podkovyrin@gmail.com>
Use PostgreSQL 9.5 on FreeBSD 12.0, and PostgreSQL 11 on FreeBSD 12.1 and 11.3 due to the Python packages having a dependency on that version of PostgreSQL and automatically uninstalling PostgreSQL 9.5.
* Use separate PostgreSQL versions for 12.0 and 12.1
* Allow passing through of (almost) all params available on boto methods in aws_api_gateway
* Linting and docs fixes
* Refactored method signature of create_deployment() to use keyword args instead of named args
* Updated version_added flags to 2.10
* Cleanup and improve aws_api__gateway integration test play. Also included new params into test.
* Fixed RETURN docs and some ttests
* Completed RETURN docs and made integration tests match
* Fixed variable names in test and YAML syntax in docs
* Comment out critical sections of integration test
* Fixed update test after figuring out what the error message means. Also updated error message to be more descriptive.
* Fixed test assertion
* Update docs and make tests reflect that endpoint type wont be changed on updates
* Syntax fix
* Add changelog fragment
* Improve aws_api_gateway docs, fix typos.
* Quote doc lines with colon
* AnsibleAWSModule related cleanup - s3_bucket
* Add extra information to s3_bucket timeout failures, it's possible the comparisons are doing something weird...
* Move Bucket Encryption boto support logic into the pre-flight checks
* Use the built in required_by logic
* Rework s3_bucket integration tests
* Add a retry around put_bucket_encryption
s3_client.put_bucket_encryption is occasionally dropped on the floor
by Amazon add some logic to retry s3_client.put_bucket_encryption call
* Catch OperationAborted and retry, it is caused by a conflicting change
still being in progress. (For example an Encryption setting applying)
* Make sure we don't explode if the botocore version's too old
* Review tweaks
* Cleanup tests
* Auto-Retry on ResourceNotFound and RequestInProgress exceptions
* Use AnsibleModule options for required_if logic
* changelog
* Remove (now) duplicate RequestInProgressException catching
* Allow a single retry when attempting to fetch the information about a cert directly after deleting it.
There is a small chance that it goes away while we pull the details.
* add key rotation option
* add changelog fragment
* provide version added as string
* change changelog to minor_changes
* Update changelogs/fragments/67651-aws-kms-key-rotation.yml
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* prevent key upgrade if key rotation was enabled manually. In that case, the key rotation would be disabled, if not mentioned in the playbook
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
Co-authored-by: Mark Chappell <mchappel@redhat.com>
* Initial copy of incidental network tests.
* Update incidental test aliases.
* Add incidental tests to CI.
* Rewrite module references in tests.
This should not be necessary once module redirection is supported.
* Rewrite target references for renamed targets.
* Add support collections for incidental tests.
* Add ignores for test support code.
* Remove echo used for debugging.
* fixed#47050
* added changelog fragment
* added quick and basic test
* Revert "added quick and basic test"
This reverts commit 75f4141656.
* added better tests
* now also creating files to copy on the remote
* removed tests for recursive copying which is not supported by remote_src
* sns_topic: (integration tests) Move the tests over to using module defaults
* sns_topic: (integration tests) Add test for behaviour of changed when using delivery_policy
* sns_topic: ensure "changed" behaves properly when managing delivery policies
- a delivery_policy isn't an IAM policy, so compare_policies didn't cope with it
- AWS automatically adds an additional option when you set an HTTP delivery
policy
* Parse the delivery policies so we can test the changes properly
* Update AWS policy to enable management of TargetGroups
* elb_target: (integration tests) migrate to using module_defaults
* elb_target: (integration tests) lookup the AMI by name rather than hard coding AMI IDs
* elb_target_info: (integration tests) finish rename of integration test role
* elb_target: (integration tests) rename various resources to consistently use {{ resource_prefix }}
* elb_target_info: (integration tests) Migrate to using module_defaults
* elb_target_info: (integration tests) Lookup AMI by name rather than hard coding AMI IDs
* Apply suggestions from code review
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
* elb_target: (integration tests) Remove the 'unsupported' alias
* Try bumping up the timeout
* Rules don't permit 'shippable' (resource_prefix uses this when run in shippable)
* Try bumping up more timeouts :/
* Avoid double evaluation of target_health assertion
* Simplify target_type usage a little (rather than constantly performing a lookup)
* mark elb_target tests 'unstable' for now, they're slow
Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
* cloudfront_distribution: (integration tests) Migrate to using module_defaults
* cloudfront_distribution: (integration tests) Use the ID rather than the alias
Using aliases requires providing a valid SSL certificate, as such we're not longer able to test using an arbitrary hostname
* cloudfront_distribution: (integration tests) Make sure we delete the test s3 bucket when tests fail
* cloudfront_distribution: field_level_encryption_id is now a mandatory field always add it
Setting the field to an empty string has the same effect as the original behaviour.
* Copy & Paste fixup
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
* Run Ed25519 and Ed448 tests for openssl_csr and openssl_certificate only if key generation succeeded.
* Make openssl_privatekey tests more robust: allow special key generation tests to fail with 'algorithm not supported' on FreeBSD.
These tests rely on the AWS S3 modules, but will not be migrated along with those modules into an AWS collection.
Since these tests will not reside in a collection alongside the modules under test they are being moved to the legacy tests directory.
The legacy tests directory will soon be migrated to a separate repository.
* Add x509_crl module.
* Add integration tests.
* Fix some errors.
* Fix inversion.
* Compare name instead of tpye.
* Fix fail_json() calls.
* Work around rename of serial_number attribute for cryptography 1.4.
* Don't die for non-cert loading errors.
* One more.
* Fix function call.
* Fixed/improved descriptions.
* Don't read issuer from certificate file.
* Allow to ignore timestamps.
* Default value for revocation_date.
* Update tests.
* Mention ignore_timestamps in update docs.
* Support privatekey_content, and require some options only if state is present.
* Allow to pass certificate in directly.
* Add tests.
* Fix required_if.
* Forgot to encode content.
* Forgot to adjust type.
* Allow to return CRL's content directly.
* return_crl_content -> return_content (as in #65400).
* Fix elements.
* Fix messages.
* Use required_one_of and mutually_exclusive instead of doing the checks by hand.
* Fix format.
* Skip tests on AIX.
* Fix typo.