Commit graph

2429 commits

Author SHA1 Message Date
Brian Coca
3ef061bdc4
Use a pty for local connections (#73023) (#73281)
Fixes #38696

Co-authored-by: James Cammarata <jimi@sngx.net>
(cherry picked from commit 30d93995dd)
2021-02-07 17:53:10 -06:00
Felix Fontein
63ead90ab9
Always mention the name of the deprecated plugin in routing deprecation messages (#73059) (#73237)
(cherry picked from commit df9cf368c0)
2021-02-07 17:52:29 -06:00
Sam Doran
70fb5ae36a
[stable-2.10] facts - properly report virtualization facts for Linux guests on bhyve (#73204). (#73233)
(cherry picked from commit df451636e7)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2021-02-07 17:50:49 -06:00
Brian Coca
9478b59da5
fix inventory source parse error handling (#73160) (#73276)
fixes #51025

added test cases

(cherry picked from commit 1e27d4052a)
2021-02-07 17:29:07 -06:00
Martin Krizek
2c8c02c816
Local vars should have highest precedence in AnsibleJ2Vars (#72830) (#73370)
Ability to add local variables into AnsibleJ2Vars was added in
18a9eff11f to fix #6653. Local variables
are added using ``AnsibleJ2Vars.add_locals()`` method when creating a
new context - typically when including/importing a template with
context. For that use case local template variables created using
``set`` should override variables from higher contexts - either from the
play or any parent template, or both; Jinja behaves the same way.

Also removes AnsibleJ2Vars.extras instance variable which is not used.

Also adds missing test for #6653.

Fixes #72262
Fixes #72615

ci_complete

(cherry picked from commit a2af8432f3)
2021-02-07 01:30:47 -06:00
Jordan Borean
e41d1f0a3f
no_log mask suboption fallback values and defaults CVE-2021-20228 (#73487) (#73494)
(cherry picked from commit 0cdc410dce)
2021-02-07 01:11:27 -06:00
Rick Elrod
015ec3eda8
git: verify, only use --raw when we need it (#70900) (#73473)
Change:
- Allow older git to verify tags again
- Enable verification tests everywhere, even if most of them only work
  on newer git. Some of them work on older git and they test the --raw
  parameter.

Test Plan:
- Re-enabled subset of git tests

Tickets:
- Fixes #64469

Signed-off-by: Rick Elrod <rick@elrod.me>
2021-02-07 01:08:04 -06:00
Sloane Hertel
6df8a9ec53
Fix warning for nonexistent inventory cache (#72840) (#73443)
* Fix inventory cache warning by checking if the key exists before loading it

(cherry picked from commit 840bdc1e10)
2021-02-07 01:05:20 -06:00
Brian Coca
148240099a
ensure unsafe writes fallback (#70722) (#73144)
* Ensure we actually fallback to unsafe_writes when set to true

 add integration test
 add fix for get_url not passing the parameter from args

(cherry picked from commit 932ba36160)

* Added clog missing for issue 70722 (#73175)

(cherry picked from commit d6670da1d7)
2021-02-07 01:03:43 -06:00
Sam Doran
e9c6b382ea
[stable-2.10] import_playbook - change additional params to deprecation (#72987) (#73015)
I incorrectly recommended this be set as a warning when it should have been a deprecation.

* Fix deprecation sanity test to not required a collection name when not inside a collection
(cherry picked from commit 8e022ef00a)

Co-authored-by: Sam Doooran <sdoran@redhat.com>
2021-02-07 00:52:15 -06:00
Gonéri Le Bouder
985a395cd9 validate_modules: fails with .id attribute not found (#73322)
* validate_modules: fails with .id attribute not found

This patch addresses a problem in the `found_try_except_import` test.

This module tries to identify lines like:

`HAS_FOO = True`

In this case, the target (`HAS_FOO`) is of type `ast.Name` and has a
`id` attribute which provide the name.

In my case, I've a line that set a module attribute`. In this case, the
target (`module.var`) has the type `ast.Attribute` and no `id`
attribute. The code trigger an `AttributeError` exception.

This patch ensures we compare a `ast.Name`.

* Update test/lib/ansible_test/_data/sanity/validate-modules/validate_modules/main.py

(cherry picked from commit 7cf80f50d1)
2021-02-03 09:07:14 -08:00
Rick Elrod
a3175e9979
Revert "[ansible-test] Bump CentOS 6 image (yum repos) (#73446) (#73447)" (#73450)
This reverts commit e4f8d528b9.
2021-02-01 22:02:55 -06:00
Rick Elrod
e4f8d528b9
[ansible-test] Bump CentOS 6 image (yum repos) (#73446) (#73447)
Change:
- Bump centos6 image version to one which includes multiple fallbacks
  for vault.centos.org content.

Signed-off-by: Rick Elrod <rick@elrod.me>
2021-02-01 18:37:24 -06:00
Rick Elrod
356aae0e23
[2.10] Add Ubuntu 20.04 to CI and ansible-test (#69161) (#73365)
Change:
- Add Ubuntu 20.04 to CI now that venv is default instead of virtualenv in ansible-test.

Test Plan:
- CI

Tickets:
- Fixes #69203

Signed-off-by: Rick Elrod <rick@elrod.me>
2021-01-26 13:01:31 -06:00
Matt Clay
c47ec375fa
[stable-2.10] Use a versioned pip bootstrapper in ansible-test. (#73359)
(cherry picked from commit fc590aeb21)

Co-authored-by: Matt Clay <matt@mystile.com>
2021-01-25 15:37:30 -06:00
Matt Clay
1f90c11782 [stable-2.10] Handle get-pip.py breaking change on Python 2.7.
(cherry picked from commit 484e4af4d0)

Co-authored-by: Matt Clay <matt@mystile.com>
2021-01-23 12:36:28 -08:00
Rick Elrod
890601dcef New release v2.10.5 2021-01-18 14:34:40 -06:00
Rick Elrod
422b9c09ee New release v2.10.5rc1 2021-01-11 17:33:09 -06:00
Sloane Hertel
08ba838a8e
[2.10] Pass the top level dictionaries to combine_vars (#72979) (#73146)
combine_vars uses dict.update() to replace keys

(cherry picked from commit 5e03e322de)

* Add tests for merging and replacing vars from inventory sources (#73181)

(cherry picked from commit 9de2da8a7e)
2021-01-11 17:20:48 -06:00
Sam Doran
abc6658ac2
[stable-2.10] Add macOS 11 to CI (#72622) (#73180)
* [stable-2.10] Add macOS 11 to CI (#72622)

* Fix connection_paramiko_ssh test for macOS 11
* Update Azure Pipelines config
* Add changelog
(cherry picked from commit a7e834071c)

Co-authored-by: Sam Doran <sdoran@redhat.com>

* Prefer venv for tests

* Update pip integration test to use venv on py3.

(cherry picked from commit 456e9b7a33)

Co-authored-by: Matt Clay <matt@mystile.com>
2021-01-11 16:45:58 -06:00
Sam Doran
b4b1bf9932
[stable-2.10] user - properly handle password and password lock when used together (#73016) (#73177)
Do the right thing on Linux when password lock and a password hash are provided by writing
out the password hash prepended by the appropriate lock string rather than using -U and -L.
This is the correct way to set and lock the account in one command.

On BSD, run separate commands as appropriate since locking and setting the password cannot
be done in a single action.

FreeBSD requires running several commands to get the account in the desired state. As a result,
the rc, output, and error from all commands need to be combined and evaluated so an accurate
and complete summary can be given at the end of module execution.

* Improve integration tests to cover this scenario.
* Break up user integration tests into smaller files
* Properly lock account when creating a new account and password is supplied

* Simplify rc collection in FreeBSD class
  Since the _handle_lock() method was added, the rc would be set to None, which could make
  task change reporting incorrect. My first attempt to solve this used a set and was a bit too
  complicated. Simplify it my comparing the rc from _handle_lock() and the current value of rc.

* Improve the Linux password hash and locking behavior
  If password lock and hash are provided, set the hash and lock the account by using a password
  hash since -L cannot be used with -p.

* Ensure -U and -L are not combined with -p since they are mutually exclusive to usermod.

* Clarify password_lock behavior..
(cherry picked from commit 264e08f21a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2021-01-11 13:11:26 -06:00
Matt Martz
6ba066fc9e
[stable-2.10] Fix async interpreter parsing (#72636) (#72923)
Fixes #70690
(cherry picked from commit 83764ad)
2021-01-11 01:02:33 -06:00
Sam Doran
b22d97b2c1
[stable-2.10] Fix string/bytestring comparsion in m_u.basic (#70439) (#73129)
Change:
- module_utils.basic.is_special_selinux_path() used a string ==
  bytestring comparison which returned False and made Ansible think that
  certain filesystems aren't, in fact, special-cased, when they should
  be. Ensure both sides of the == are bytestrings.

Test Plan:
- Added `copy` integration tests for this case.

Tickets:
- Fixes #70244

Signed-off-by: Rick Elrod <rick@elrod.me>.
(cherry picked from commit 688cd8657b)
2021-01-11 00:55:15 -06:00
Sam Doran
1cd09b1ebc
[stable-2.10] systemd - do not overwrite unit name when searching (#72985) (#73013)
PR #72702 introduced a bug that changed the unit name when splitting it up for the purpose
of searching for the unit. This only happens on unit file templates on systems that have a 5.8
or newer kernel and a version of systemd that does not contain a bugfix that causes systmed
to fail to parse dbus.

* Use facts rather than a manual probe to determine if systmed is present
* Remove unnecessary block
* Use vars files instead of set_fact
* Add tests for using a templated unit file
* Update changelog fragment
* Use template to get correct path to sleep binary
(cherry picked from commit 48803604cd)

Co-authored-by: Sam Doooran <sdoran@redhat.com>
2021-01-11 00:47:00 -06:00
Matt Clay
cf21e699d4
Update ansible-test pylint Python support. (#72997)
* Rename pylint plugin and add tests. (#70225)
* Update ansible-test pylint Python support. (#72972)
* Add integration tests for sanity test failures.
(cherry picked from commit fa48678a08)

* Python 3.8 is now officially supported.
* Python 3.9 is now skipped with a warning.
(cherry picked from commit 37d09f2488)

* Allow key None to prevent errors with import test.
(cherry picked from commit dbc2c996ab)

Backport of https://github.com/ansible/ansible/pull/73003

Co-authored-by: Felix Fontein <felix@fontein.de>
2021-01-11 00:46:21 -06:00
Jordan Borean
c5248f756c
Collection list site packages (#70173) (#72940)
* ansible-galaxy collection list and verify now utilize collections in site-packages.

This is a short term fix for #70147.  The long term fix needs to handle
install (but that discussion is also bound up in how upgrade is going to
work and where things can get installed so it's deferred for 2.11.)

* Add test for ansible-galaxy collection list with site-packages

Co-authored-by: David Moreau Simard <moi@dmsimard.com>
Co-authored-by: Jordan Borean <jborean93@gmail.com>
(cherry picked from commit e7dee73774)

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
2021-01-11 00:41:56 -06:00
Matt Martz
511ffdeff7
[stable-2.10] Fix reset_connection paramiko, winrm, psrp (#72688) (#72925)
* Ensure we only reset the connection when one has been previously established. Fixes #65812

* Ensure psrp doesn't trace

* winrm too

* Indentation fix
(cherry picked from commit a3b6485)

Co-authored-by: Matt Martz <matt@sivel.net>
2021-01-11 00:36:05 -06:00
Sloane Hertel
82b75282fc
Fix task get_name to always prepend the role name (#72511) (#72919)
* Fix 'role_name : tast_name' notation if task contains role name

* Add tests for notifying handler names which contain the role name

Co-authored-by: Thomas Wouters <thomaswouters@gmail.com>
(cherry picked from commit 0ed7bfc694)
2021-01-11 00:28:57 -06:00
Martin Krizek
a5df30e2bf
Use _wrap_native_text only for builtin STRING_TYPE_FILTERS (#71801) (#72915)
(cherry picked from commit 252685092c)
2021-01-11 00:22:01 -06:00
Jon "The Nice Guy" Spriggs
2f3e9a38b6
Backport/2.10/73079 (#73165)
* Update apt.py, add an example that references the suggested workaround in #25414
(cherry picked from commit 1e1b8e7aca)
(cherry picked from commit 180bbfed6a)

* Added changelog fragment
2021-01-08 16:38:44 -06:00
Matt Clay
4452d98662
Support venv in ansible-test virtualenv scripts (#73163)
* ansible-test - prefer venv over virtualenv on Python 3 (#73000)

Also pin virtualenv to 16.7.10 for older Mac OS X systems. This was the version being installed
anway with the previous constraint (<20).

On systems with Python 3, now prefer venv over virtualenv. Test to see if venv is functional since
some systems have a non-functional venv installation (such as Debian).

(cherry picked from commit 850a77f639)

* Make the new ansible-test venv behavior opt-in

Co-authored-by: Sam Doooran <sdoran@redhat.com>
2021-01-08 16:31:17 -06:00
Rick Elrod
436d8a13b4 New release v2.10.4 2020-12-14 14:44:44 -06:00
Matt Clay
12b33c79ee
[stable-2.10] Fix cryptography constraints in ansible-test. (#72914) (#72922)
(cherry picked from commit 36ab3d1189)

Co-authored-by: Matt Clay <mclay@redhat.com>
2020-12-09 14:41:15 -06:00
Rick Elrod
dc7faeaf6e New release v2.10.4rc1 2020-12-07 19:05:36 -06:00
Brian Coca
1f55a3d15a
avoid fatal exception on invalid collection name (#72296) (#72570)
* avoid fatal exception on invalid collection name used in ansible-doc filter

(cherry picked from commit 4f0e2fff95)
2020-12-07 18:37:01 -06:00
Egor Margineanu
847a2c87e5
Fix AIX networks facts when nestat is either missing or has incorrect permissions (#72516) (#72713)
* Added check for none on netstat_path variable

* Added changelog

(cherry picked from commit e879f12fb9)
2020-12-07 18:31:29 -06:00
Brian Coca
d852fa4135
remove redundant remote_user for local setting (#72507)
* remove redundant remote_user for local setting

  local action plugin already does and this also should fix
  fork/thread issue by removing use of pwd library

  fixes #59642

(cherry picked from commit 488b9d6c35)

* ensure local exposes correct user (#72543)

* ensure local exposes correct user

  avoid corner case in which delegation relied on
  playcontext fallback which was removed

  fixes #72541

(cherry picked from commit aa4d53ccdf)
2020-12-07 18:30:58 -06:00
Sam Doran
ab417f373a
[stable-2.10] pause - do not hang if run in the background (#72065) (#72605)
* Consolidate logic for determining whether or not session is interactive
  into a single function, is_interactive()
* Increase test coverage

I wasn't able to find a good way of simulating running a backgrounded test with CI since the
whole test is essentially run not in a TTY, which is similar enough to cause the new is_interactive()
function to always return false.
(cherry picked from commit 4b8cb6582b)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2020-12-07 18:08:56 -06:00
Jordan Borean
c67d7225e9
ansible-galaxy - source deps from all servers and not just parent - 2.10 (#72684)
* Added integration tests for this scenario

(cherry picked from commit fb092a82a1)

* Slight tweak to galaxy source selection (#72685)

(cherry picked from commit 18e5628b19)
2020-12-07 18:08:23 -06:00
Alexei Znamensky
71ef981191
Backport/2.10/72390 (#72690)
* Return error if cwd directory does not exist (#72390)

* Return warning or error if cwd directory does not exist, in AnsibleModule.run_command()

(cherry picked from commit 5654de6fce)

* added flag in run_command signature to control behaviour when cwd does not exist
2020-12-07 18:07:29 -06:00
Sam Doran
7f1ee07634
[stable-2.10] iptables: Reorder comment postition (#71496) (#72548)
(cherry picked from commit c1da427a5e)

Co-authored-by: Amin Vakil <info@aminvakil.com>
2020-12-07 17:34:32 -06:00
Sam Doran
2a6b411a80
[stable-2.10] ansible-test - skip installing PowerShell sanity test reqs if they are already installed (#72423) (#72424)
(cherry picked from commit 809d5fc398)

Co-authored-by: Jordan Borean <jborean93@gmail.com>
2020-12-07 17:33:52 -06:00
Sam Doran
4e34aa0c19
[stable-2.10] wait_for - ignore psutil related errors (#72401) (#72406)
When enumerating connections with psutil, catch and ignore errors to avoid returning a stack trace.

Co-authored-by:  Matt Martz <matt@sivel.net>
(cherry picked from commit fb09fd2a23)
2020-12-07 17:33:34 -06:00
Sam Doran
c422bc64dc
[stable-2.10] blockinfile - properly insert block when no trailing new line exists (#72350) (#72360)
(cherry picked from commit c51438312a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2020-12-07 17:32:56 -06:00
Sam Doran
19bffccd36
[stable-2.10] systemd - fix issue with capbpf and newer kernel (#72337) (#72347)
* [stable-2.10] systemd - fix issue with capbpf and newer kernel (#72337)

A bug existed in systemd 245 that did not properly handle unknown kernel
capabilities gracefully. This resulted in incomplete output when querying
for the service status. It is possible to get service status by other means.
This PR works around this issue by getting service status using other commands
in the event of a failure due to this bug.
(cherry picked from commit db84e2c989)

Co-authored-by: Sam Doran <sdoran@redhat.com>

* [stable-2.10] systemd - use list-unit-files rather than list-units (#72363)

list-unit-files will return all files on the system. list-units omits those
that are disabled.

Co-authored-by: Ken Dreyer <ktdreyer@ktdreyer.com>
(cherry picked from commit d6115887fa)

* systemd - account for templated unit files when searching for service (#72702)

Related to issue #71528 and PR #72337

Co-authored-by: Martin Polden <mpolden@mpolden.no>
(cherry picked from commit a788ea0132)
2020-12-07 17:03:12 -06:00
Felix Fontein
2ff5bf0f21
Fix processing of add_file_common_args=True when argument_spec is not specified as kwarg. (#72334) (#72361)
(cherry picked from commit 233e7beb5b)
2020-12-07 17:01:33 -06:00
Felix Fontein
42da480721
ansible-doc: export has_action when --json is used (#72359) (#72414)
* ansible-doc: export has_action when --json is used.
* Remove docuri and now_data, which were not used resp. ignored in format_plugin_doc and the functions it calls anyway.
* Add function _combine_plugin_doc.

(cherry picked from commit 4fb336cef1)
2020-12-07 16:59:33 -06:00
Felix Fontein
27f547b4d3
[2.10] Fix missing ansible.builtin FQCNs in hardcoded action names (#72457)
* Fix missing ansible.builtin FQCNs in hardcoded action names (#71824)

* Make sure hard-coded action names also check for FQCN.
* Use _add_internal_fqcn() to avoid hardcoded lists and typoes.

(cherry picked from commit da60525610)

* Replace some more FQCNs.

(cherry picked from commit 72302dd611)
2020-12-07 16:59:12 -06:00
Felix Fontein
07cdb709ae
Adjust action groups to moved modules (#72428) (#72496)
* Support docker and k8s action groups for moved modules in community.docker and community.kubevirt.

* Also support k8s action group for community.okd.

* Also add kubernetes.core.

* Fix changelog fragment.

* Remove community.okd.

* Revert "Remove community.okd."

This reverts commit 812b5aa6e2.

(cherry picked from commit c7a4b39633)
2020-12-07 16:58:42 -06:00
Sam Doran
ba25a1cdf1
[stable-2.10] AnsibleModule.set_mode_if_different: handle symlink is in a sticky directory (#45198) (#72863)
* file: add symlink is in a sticky directory tests
* file: handle symlink in a sticky directory

Co-Authored-By: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>

* Add changelog and fix unit test
The builtins import was removed since it was unused, but it is now needed.
(cherry picked from commit b464d18fd1)

Co-authored-by: Pilou <pierre-louis.bonicoli@libregerbil.fr>
2020-12-07 16:52:40 -06:00