* Change default file permissions so they are not world readable
CVE-2020-1736
Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.
A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.
- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions.
(cherry picked from commit 5260527c4a)
Co-authored-by: Sam Doran <sdoran@redhat.com>
As Molecule started to use https://github.com/ansible-community/molecule/discussions we need to update documentation before retiring
the molecule-users mailing list.
(cherry picked from commit b7ee07215d)
Co-authored-by: Sorin Sbarnea <ssbarnea@users.noreply.github.com>
* Build documentation for Ansible-2.10 (formerly known as ACD).
Builds plugin docs from collections whose source is on galaxy
The new command downloads collections from galaxy, then finds the
plugins inside of them to get the documentation for those plugins.
* Update the python syntax checks
* docs builds can now require python 3.6+.
* Move plugin formatter code out to an external tool, antsibull-docs.
Collection owners want to be able to extract docs for their own
websites as well.
* The jinja2 filters, tests, and other support code have moved to antsibull
* Remove document_plugins as that has now been integrated into antsibull-docs
* Cleanup and bugfix to other build script code:
* The Commands class needed to have its metaclass set for abstractmethod
to work correctly
* Fix lint issues in some command plugins
* Add the docs/docsite/rst/collections to .gitignore as
everything in that directory will be generated so we don't want any of
it saved in the git repository
* gitignore the build dir and remove edit docs link on module pages
* Add docs/rst/collections as a directory to remove on make clean
* Split the collections docs from the main docs
* remove version and edit on github
* remove version banner for just collections
* clarify examples need collection keyword defined
* Remove references to plugin documentation locations that no longer exist.
* Perhaps the pages in plugins/*.rst should be deprecated
altogether and their content moved?
* If not, perhaps we want to rephrase and link into the collection
documentation?
* Or perhaps we want to link to the plugins which are present in
collections/ansible/builtin?
* Remove PYTHONPATH from the build-ansible calls
One of the design goals of the build-ansible.py script was for it to
automatically set its library path to include the checkout of ansible
and the library of code to implement itself. Because it automatically
includes the checkout of ansible, we don't need to set PYTHONPATH in
the Makefile any longer.
* Create a command to only build ansible-base plugin docs
* When building docs for devel, only build the ansible-base docs for
now. This is because antsibull needs support for building a "devel
tree" of docs. This can be changed once that is implemented
* When building docs for the sanity tests, only build the ansible-base
plugin docs for now. Those are the docs which are in this repo so
that seems appropriate for now.
* Docs: User guide overhaul, part 5 (#70307)
(cherry picked from commit db354c0300)
* Need to return any error code from running antsibull-docs (#70763)
This way we fail early if there's a problem
(cherry picked from commit 1e3989c9f7)
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
* Suggest ansible ad-hoc command while developing module (#70308)
If a local module has no documentation, the doc command will fail without any hints of what is wrong. Add another way to confirm the presence of a local module.
* Update docs/docsite/rst/dev_guide/developing_locally.rst
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 82e5d03bdb)
* Update AWS Integration test docmentation (#70454)
(cherry picked from commit e1ba7dc52a)
* Update hacking/shippable docs.
The `--all` option downloads more than is needed for analyzing code coverage.
(cherry picked from commit fb7740ae3b)
* Document that subversion module requires subversion (#70537)
(cherry picked from commit 64c2cb273f)
* update documentation link to python 3 (#70509)
update the docs link for strftime on the filters page to point to the python3 docs
(cherry picked from commit f7db428375)
* Update windows_winrm.rst (#70306)
gcc also needed to be installed alongside python-devel, krb5-devel, krb5-libs, and krb5-workstation.
(cherry picked from commit f4ea43c4a0)
* updated requirements file for docs build (#70609)
(cherry picked from commit 38ccfb4a3e)
* Clarify that index_var is 0 indexed (#70548)
A little further down the page is another index, ansible_loop.index, which shares a similar description but is 1 indexed.
Its zero indexed twin has a 0 suffix.
``ansible_loop.index`` The current iteration of the loop. (1 indexed)
``ansible_loop.index0`` The current iteration of the loop. (0 indexed)
To remove ambiguity around the usage of index_var, explicitly mention that this variable is 0 indexed.
(cherry picked from commit c410311f55)
* docs: update module development docs (#70594)
Update module development docs for flattened modules directory.
Fixes: #70261 (at least partially)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 20209c508f)
* Doc: fix examples of changelog entries. (#70551)
(cherry picked from commit edcd1a1a70)
* Document tags are not supported with task meta. (#70590)
fixes#70338
(cherry picked from commit 40591d5fbb)
* docs: update date format in removed_at_date (#70597)
removed_at_date requires YYYY-MM-DD format.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 375c6b4ae4)
* partial update of community docs to reflect collections transition (#70488)
(cherry picked from commit f1f782fc37)
Co-authored-by: Michael Ritsema <michaelritsema@users.noreply.github.com>
Co-authored-by: Mark Chappell <mchappel@redhat.com>
Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Alan Rominger <arominge@redhat.com>
Co-authored-by: FloMiau <37121807+FloMiau@users.noreply.github.com>
Co-authored-by: mahadelmi <mahadelmi@cmail.carleton.ca>
Co-authored-by: Sayee <57951841+sayee-jadhav@users.noreply.github.com>
Co-authored-by: Karl Goetz <goetzk@users.noreply.github.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
* doc: avoid mix of single and double quotes (#70115)
Avoid mix of single and double quotes in the `ternary`, this way
we can copy/past the example without any surprise.
(cherry picked from commit b491f776b9)
* document FQCN for M() and :seealso: in DOCUMENTATION blocks (#70245)
* document FQCN for M() in DOCUMENTATION blocks
* add note about c
(cherry picked from commit 83f6e4850b)
* Fix bullet points in intro_getting_started.rst. (#70365)
The layout was jumbled due to issues with whitespace.
(cherry picked from commit dc6f4b6502)
* Add steps for how to create changelog.rst for a collection (#70262)
* Update docs/docsite/rst/dev_guide/developing_collections.rst
* add steps to create changelogs, add sentence about not using the tool
* add note for rerunning the command
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 5a28b2b86c)
* ansible-doc: avoid problems with YAML anchors when formatting man page (#70045)
* Avoid problems with YAML anchors when formatting man page.
* Add changelog.
(cherry picked from commit 5e4f708241)
* Minor grammatical fix (#70405)
'you' -> 'your'
(cherry picked from commit a1ac595d42)
* incorporate minimalism feedback on filters page (#70366)
Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
(cherry picked from commit c89f3cda9e)
* more correct info about role main.yml (#70326)
fixes#40496
(cherry picked from commit 5d3d097de3)
* Fix a small typo in cache plugin description @ `config/base.yml`
PR #70420
(cherry picked from commit 626df08d9d)
* with_sequence: example using vars (#69369)
Added an example for using vars in with_sequence.
Fixes: #68836
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 5709173c32)
* Update pull.py (#70393)
(cherry picked from commit 46ad3c1162)
* Update playbooks.rst (#70317)
(cherry picked from commit 7c90a2d2a6)
* Add documentation for ipaddr filters (#70343)
(cherry picked from commit 9eb904ea61)
* update platform table with links to collections (#70373)
(cherry picked from commit aa59c23aed)
* Add description of collections and become_exe keywords (#68055)
* Add description of collections keyword
* Update based on feedback.
- Add link to become plugins.
- Add note about how the collections keyword works with roles.
(cherry picked from commit 5833af9e2a)
Co-authored-by: Gonéri Le Bouder <goneri@lebouder.net>
Co-authored-by: Mark Sanders <ziplokk.mark.sanders@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Sir Mobus Gochfulshigan Dorphin Esquire XXIII <celestialtuba@gmail.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Michael Scherer <mscherer@users.noreply.github.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Ethan <smithe2413@gmail.com>
Co-authored-by: jafiala <56597272+jafiala@users.noreply.github.com>
Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
Lightbulb is deprecated in favor of https://ansible.github.io/workshops/. Update docs links accordingly.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit e4f48c920c)
* Fix broken link in AWS Guide (#70153)
Point to collection rather than ansible/ansible for example.
(cherry picked from commit 0ef75f65d9)
* remove gendered example (#70117)
Changed example to not assume things about names and genders
(cherry picked from commit 5885ed4455)
* docs: Add note about ansible-doc (#70162)
ansible-doc can only parse Python modules, added a note about
this is developer guide; Fixes: #69109
(cherry picked from commit da868d9d60)
* Update config.yml (#70154)
typos & branding
* Update .github/ISSUE_TEMPLATE/config.yml
Co-authored-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 4b358c6641)
* async_status: Update documentation (#70196)
Fixes: #38164
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 40a42de081)
* updates to ansible-maintained collections guidelines (#70178)
(cherry picked from commit 647c6cd289)
Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
Co-authored-by: Westley Argentum Hennigh-Palermo <WestleyArgentum@gmail.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: John R Barker <john@johnrbarker.com>
* Update guide_gce.rst
The given example is not working as a SSH connection is not possible because of #59573. Instead, in this tutorial the default network should be used which allows SSH connections in most cases.
Co-authored-by: Sandra McCann <samccann@redhat.com>
* Updated docs/docsite/rst/dev_guide/developing_modules_documenting.rst, added documentation for R()
* added link to how to add anchors, anchor, and clarification on when to use each option
Co-authored-by: John R Barker <john@johnrbarker.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
* Remove community.crypto parts from porting guide.
* Remove community.general parts from porting guide.
* Removed 'modules removed' section, since this is better suited for a general entry on the collection split.
* Validate ansible-base & collection's runtime.yml
Add new test `runtime-metadata`
* Schema validation of file
* Error if a a legacy meta/routing.yml exist in a collection
* removal_date OR removal_version
* Add tombstone validation.
* Allow both ISO 8601 date strings and datetime.date objects (from YAML dates).
* Address review comments.
* Add metadata to test collection.
* Add requirements file.
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Matt Clay <matt@mystile.com>
Replace the ansible-base changelog linting and generation tool with antsibull-changelog and make it available for linting collections. Previously changelog linting was limited to ansible-base.
* Allow to specify collection_name separately for deprecation.
* Use new functionality in Ansible.
* Use new functionality in tests.
* Update tagging/untagging functions.
* Update pylint deprecated sanity test.
* Update validate-modules. Missing are basic checks for version_added (validate semantic version format for collections).
* Improve version validation. Re-add version_added validation.
* Make sure collection names are added to return docs before schema validation.
* Extra checks to avoid crashes on bad data.
* Make C# module utils code work, and update/extend tests.
* Add changelog fragment.
* Stop extracting collection name from potentially tagged versions/dates.
* Simplify C# code.
* Update Windows modules docs.
* Forgot semicolons.
* Make AnsibleVaultEncryptedUnicode work more like a string. Fixes#24425
* Remove debugging
* Wrap some things
* Reduce diff
* data should always result in text
* add tests
* Don't just copy and paste, kids
* Add eq and ne back
* Go full UserString copy/paste
* Various version related fixes
* Remove trailing newline
* py2v3
* Add a test that can evaluate whether a variable is vault encrypted
* map was introduces in jinja2 2.7
* moar jinja
* type fix
Co-Authored-By: Sam Doran <sdoran@redhat.com>
* Remove duplicate __hash__
* Fix typo
* Add changelog fragment
* ci_complete
Co-authored-by: Sam Doran <sdoran@redhat.com>
* starting metadata sunset
- purged metadata from any requirements
- fix indent in generic handler for yaml content (whey metadata display was off)
- make more resilient against bad formed docs
- removed all metadata from docs template
- remove metadata from schemas
- removed mdata tests and from unrelated tests
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Rick Elrod <rick@elrod.me>
Change:
On OpenBSD when using pipelining, we do not set cwd which results in a
permissions fatal. Ensure that `''` - cwd - is not in `sys.path`.
Test Plan:
Tested against local OpenBSD VM
Tickets:
Fixes#69320
Signed-off-by: Rick Elrod <rick@elrod.me>
* Enable installing collections from git repositories
* Add tests for installing individual and multiple collections from git repositories
* Test to make sure recursive dependencies with different syntax are deduplicated
* Add documentation
* add a changelog
* Skip Python 2.6
* Only fail if no collections are located in a git repository
Add support for a 'type' key for collections in requirement.yml files.
Update the changelog and document the supported keys and allowed values for the type.
Add a note that the collection(s) in the repo must contain a galaxy.yml
* Add a warning about embedding credentials in SCM URLs
* Update with review suggestions
* suppress sanity compile failure for Python 2.6
* Track collection for version_added.
Validate *all* version numbers in validate-modules.
For tagged version numbers (i.e. version_added), consider source collection to chose validation.
* Make tagging/untagging functions more flexible.
* Tag all versions in doc fragments.
* Tag all deprecation versions issued by code.
* Make Display.deprecated() understand tagged versions.
* Extend validation to enforce tagged version numbers.
* Tag versions in tests.
* Lint and fix test.
* Mention collection name in collection loader's deprecation/removal messages.
* Fix error IDs.
* Handle tagged dates in Display.deprecated().
* Also require that removed_at_date and deprecated_aliases.date are tagged.
* Also automatically tag/untag removed_at_date; fix sanity module removal version check.
* Improve error message when invalid version number is used (like '2.14' in collections).
* Improve the changelog-how-to documentation:
* remove repetitions
* mention starting with lowercase
* update the link to examples, remove an irrelevant link
* change win_ example to apt_repository
* add info about collections
* note that environment is not good for secrets
* Update docs/docsite/rst/user_guide/playbooks_environment.rst
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Allow to deprecate options and aliases by date instead of only by version.
* Update display.deprecate().
* Adjust behavior to conform to tested behavior, extend tests, and improve C# style.
* Parse date and fail on invalid date.
This is mainly to make sure that people start using invalid dates, and we eventually have a mess to clean up.
* C# code: improve validation and update/extend tests.
* Make sure that deprecate() is not called with both date and version.
* Forgot to remove no longer necessary formatting.
* Adjust order of warnings in C# code.
* Adjust unrelated test.
* Fix grammar (and make that test pass).
* Don't parse date, and adjust message to be same as in #67684.
* Sanity tests: disable date in past test.
* Validate-modules: validate ISO 8601 date format.
* Validate-modules: switch schema declaration for deprecated_aliases to improve error messages for invalid dates.
* Use DateTime instead of string for date deprecation.
* Validate that date in deprecated_aliases is actually a DateTime.
* Fix tests.
* Fix rebasing error.
* Adjust error codes for pylint, and add removed_at_date and deprecated_aliases.date checks to validate-modules.
* Make deprecation date in the past error codes optional.
* Make sure not both version and date are specified for AnsibleModule.deprecate() calls.
* Stop using Python 3.7+ API.
* Make sure errors are actually reported. Re-add 'ansible-' prefix.
* Avoid crashing when 'name' isn't there.
* Linting.
* Update lib/ansible/module_utils/csharp/Ansible.Basic.cs
Co-authored-by: Jordan Borean <jborean93@gmail.com>
* Adjust test to latest change.
* Prefer date over version if both end up in Display.deprecated().
Co-authored-by: Jordan Borean <jborean93@gmail.com>
* Unify ansible-galaxy install -r
* Minor nit fixes for docs
* Re-align warnings
* Fix up integration test
* Fix up test where no roles/collections were in file