Commit graph

72 commits

Author SHA1 Message Date
Matt Martz
396a2f7471 [stable-2.7] Disallow use of remote home directories containing .. in their path (CVE-2019-3828) (#52133) (#52173)
* Disallow use of remote home directories containing .. in their path

* Add CVE to changelog
(cherry picked from commit b34d141)

Co-authored-by: Matt Martz <matt@sivel.net>
2019-02-13 09:23:06 -08:00
Jordan Borean
8bdd04c147 Fix remote_tmp when become with non admin user (#42396)
* Fix tmpdir on non root become

 - also avoid exception if tmpdir and remote_tmp are None
 - give 'None' on deescalation so tempfile will fallback to it's default behaviour
   and use system dirs
 - fix issue with bad tempdir (not existing/not createable/not writeable)
   i.e nobody and ~/.ansible/tmp
 - added tests for blockfile case

* Revert "Temporarily revert c119d54"

This reverts commit 5c614a59a6.

* changes based on PR feedback and changelog fragment

* changes based on the review

* Fix tmpdir when makedirs failed so we just use the system tmp

* Let missing remote_tmp fail

If remote_tmp is missing then there's something more basic wrong in the
communication from the controller to the module-side.  It's better to
be alerted in this case than to silently ignore it.

jborean and I have independently checked what happens if the user sets
ansible_remote_tmp to empty string and !!null and both cases work fine.
(null is turned into a default value controller-side.  empty string
triggers the warning because it is probably not a directory that the
become user is able to use).
2018-07-06 10:49:19 -07:00
Jordan Borean
11bd3fd318 win_updates fix when win_updates is run with async (#41756) 2018-06-20 14:52:24 -07:00
Matt Martz
ad7ba91f75 Use _remote_is_local=True for local connection in synchronize (#40833)
* All instances of local connection should use _remote_is_local=True. Fixes #40551

* Switch to instance attribute for synchronize

* Add test that shows that synchronize _remote_is_local addresses tmpdir building
2018-05-30 13:28:11 -07:00
Jordan Borean
457bccf540 win_updates: add scheduled tasks back in for older hosts (#38708)
* win_updates: add scheduled tasks back in for older hosts

* Fixed up typo in category name error message

* Fixed up some minor issues after merge

* added changelog fragment

* Default to become but add override to use scheduled tasks

* Added basic unit tests for win_updates

* fix minor typos
2018-05-23 13:21:01 -07:00
Jordan Borean
44ab948e5d
create module tmpdir based on remote_tmp (#39833)
* create module tmpdir based on remote_tmp

* Source remote_tmp from controller if possible

* Fixed sanity test and not use lambda

* Added expansion of env vars to the remote tmp

* Fixed sanity issues

* Added note around shell remote_tmp option

* Changed fallback tmp dir to ~/.ansible/tmp to make shell defaults
2018-05-15 09:31:21 +10:00
Toshio Kuratomi
06f73ad578
Normalize usage of temp and tmp on tmp (#36221)
* Normalize usage of temp and tmp on tmp
* Rename system_tmps system_tmpdirs
* Add ANSIBLE_REMOTE_TMP spelling of environment variables
2018-02-15 09:01:02 -08:00
Toshio Kuratomi
8c7bd8beb4 Set the tempdir on the shell mock object so that it is json serializable 2018-01-22 23:36:34 -08:00
Brian Coca
bbd6b8bb42 Temporary (#31677)
* allow shells to have per host options, remote_tmp

added language to shell
removed module lang setting from general as  plugins have it now
use get to avoid bad powershell plugin
more resilient tmp discovery, fall back to `pwd`
add shell to docs
fixed options for when frags are only options
added shell set ops in t_e and fixed option frags
normalize tmp dir usag4e

- pass tmpdir/tmp/temp options as env var to commands, making it default for tempfile
- adjusted ansiballz tmpdir
- default local tempfile usage to the configured local tmp
- set env temp in action

add options to powershell
shift temporary to internal envvar/params
ensure tempdir is set if we pass var
ensure basic and url use expected tempdir
ensure localhost uses local tmp
give /var/tmp priority, less perms issues
more consistent tempfile mgmt for ansiballz
made async_dir configurable
better action handling, allow for finally rm tmp
fixed tmp issue and no more tempdir in ballz
hostvarize world readable and admin users
always set shell tempdir
added comment to discourage use of exception/flow control

* Mostly revert expand_user as it's not quite working.

This was an additional feature anyhow.

Kept the use of pwd as a fallback but moved it to a second ssh
connection.  This is not optimal but getting that to work in a single
ssh connection was part of the problem holding this up.

(cherry picked from commit 395b714120522f15e4c90a346f5e8e8d79213aca)

* fixed script and other action plugins

ensure tmpdir deletion
allow for connections that don't support new options (legacy, 3rd party)
fixed tests
2018-01-15 21:15:04 -08:00
James Cammarata
d8ae4dfbf2 Adding aliases for field attributes and renaming async attribute (#33141)
* Adding aliases for field attributes and renaming async attribute

As of Python 3.7, the use of async raises an error, whereas before the use
of the reserved word was ignored. This adds an alias field for field attrs
so that both async and async_val (interally) work. This allows us to be
backwards-compatible with 3rd party plugins that may still reference Task.async,
but for the core engine to work on Py3.7+.

* Remove files fixed for 'async' usage from the python 3.7 skip list
2017-11-22 12:35:58 -08:00
Nathaniel Case
9c0275a879
Connection plugins network_cli and netconf (#32521)
* implements jsonrpc message passing for ansible-connection

* implements more generic mechanism for persistent connections
* starts persistent connection in task_executor if enabled and supported
* supports using network_cli as top level connection plugin
* enhances logging for persistent connection to stdout

* Update action plugins

* Fix Python3 RPC

* Fix Junos bytes<-->str issues

* supports using netconf as top level connection plugin

* Error message when running netconf on an unsupported platform
* Update tests

* Fix `authorize: yes` for `connection: local`

* Handle potentially JSON data in terminal

* Add clarifying detail if possible on ConnectionError
2017-11-09 15:04:40 -05:00
Brian Coca
db749de5b8 namespace facts
updated action plugins to use new guranteed facts
updated tests to new data clean
added cases for ansible_local and some docstrings
2017-11-09 09:48:14 -05:00
Matt Clay
dbf9634b1b Enable more pylint rules and fix reported issues. (#30543)
* Enable pylint invalid-encoded-data test.
* Enable pylint anomalous-unicode-escape-in-string test.
2017-09-19 00:45:35 -07:00
Nicolas Porcel
ba420c47cd synchronize: Use private_key and ssh_user with delegate_to (Fixes #16215) (#21686) 2017-08-24 21:09:15 -04:00
Matt Davis
36ad934156 re-enable non-pipelined mode for Powershell (#25012)
* fixes #23986
* fixes 3rd-party Windows connection plugins that don't support pipelining (eg awsrun)
2017-06-26 22:58:09 -07:00
Abhijeet Kasurde
b89cb95609 Fix spelling mistakes (comments only) (#25564)
Original Author : klemens <ka7@github.com>

Taking over previous PR as per
https://github.com/ansible/ansible/pull/23644#issuecomment-307334525

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2017-06-12 07:55:19 +01:00
Dag Wieers
4efec414e7 test/: PEP8 compliancy (#24803)
* test/: PEP8 compliancy

- Make PEP8 compliant

* Python3 chokes on casting int to bytes (#24952)

But if we tell the formatter that the var is a number, it works
2017-05-30 18:05:19 +01:00
Brian Coca
e29dc49a49 moved to exceptions for basic skip/fails
better handling of checkmode and async
fix test to follow new flow control
2017-04-25 14:48:56 -04:00
Toshio Kuratomi
b0d75a0ecb Fix synchronize tests for the updated quoting change between action and module 2017-03-28 14:15:18 -07:00
Toshio Kuratomi
2fff690caa Update module_utils.six to latest (#22855)
* Update module_utils.six to latest

We've been held back on the version of six we could use on the module
side to 1.4.x because of python-2.4 compatibility.  Now that our minimum
is Python-2.6, we can update to the latest version of six in
module_utils and get rid of the second copy in lib/ansible/compat.
2017-03-23 13:35:05 -07:00
Brian Coca
5e98be2e62 better handling of parsed
updated tests to match new result output
2017-03-22 12:03:43 -04:00
Matt Clay
a5e3d13adc Remove shebangs from unit tests. 2017-02-27 17:53:10 -08:00
Adrian Likins
718b786157 Fix test failures if 'future' package is installed (#15005)
The python 'future' module provides a 'builtins' package
to emulate the py3 'builtins' modules. If installed, the
unit tests that reference builtins.__import__ fail because
the future 'builtins' is imported and it is missing __import__.

Use ansible.compat.six.moves.builtins instead of importing
'builtins' or __builtin__

Fixes #14996
2017-02-16 11:36:26 -05:00
Adrian Likins
174961b945 Fix action test (#21102)
* update _parse_returned_data for no _ansible_parsed

_parse_returned_data no longer adds _ansible_parsed

* pep8 cleanups
2017-02-07 13:35:51 -05:00
Adrian Likins
5766689dd5 More unit tests for plugins/action/ (#20887) 2017-02-07 11:42:03 -05:00
Brian Coca
c86a17b7a0 refactoring async
- centralized skipping
- also fixed module name broken by previous refactor
- let action modules handle async processing
- moved async into base action class's module exec
- action plugins can now run final action as async
- actually skip copy if base skips
- fixed normal for new paths
- ensure internal stat is never async
- default poll to 10 as per docs
- added hint for callback fix on poll
- restructured late tmp, now a pipeline query
- moving action handler to connection as networking does
- fixed network assumption invocation is always passed
- centralized key cleanup, normalized internal var
- _supress_tmpdir_delete now in _ansible_xxx and gets removed from results
- delay internal key removal till after we use em
- nicer tmp removing, using existing methods
- moved cleanup tmp flag to mking tmp func
2017-02-06 19:32:00 -05:00
Matt Clay
d913f69ba1 PEP 8 W291 whitespace cleanup. 2017-01-27 17:08:02 -08:00
Marius Gedminas
d9b89ca577 Fix a test failure on Python 3.6 (#20030)
* Fix a test failure on Python 3.6

tox -e py36 failed with

    ======================================================================
    ERROR: test_action_base__execute_module (units.plugins.action.test_action.TestActionBase)
    ----------------------------------------------------------------------
    Traceback (most recent call last):
      File "/home/mg/src/ansible/test/units/plugins/action/test_action.py", line 507, in test_action_base__execute_module
        self.assertEqual(action_base._execute_module(), dict(_ansible_parsed=True, rc=0, stdout="ok", stdout_lines=['ok']))
      File "/home/mg/src/ansible/lib/ansible/plugins/action/__init__.py", line 596, in _execute_module
        remote_module_path = self._connection._shell.join_path(tmp, remote_module_filename)
      File "/home/mg/opt/python36/lib/python3.6/unittest/mock.py", line 939, in __call__
        return _mock_self._mock_call(*args, **kwargs)
      File "/home/mg/opt/python36/lib/python3.6/unittest/mock.py", line 1005, in _mock_call
        ret_val = effect(*args, **kwargs)
      File "/home/mg/src/ansible/.tox/py36/lib/python3.6/posixpath.py", line 92, in join
        genericpath._check_arg_types('join', a, *p)
      File "/home/mg/src/ansible/.tox/py36/lib/python3.6/genericpath.py", line 149, in _check_arg_types
        (funcname, s.__class__.__name__)) from None
    TypeError: join() argument must be str or bytes, not 'MagicMock'

because os.path.join() now checks argument types since Python 3.6 (due
to pathlib support, I expect).

* Use a more realistic module name in test
2017-01-09 12:42:30 -08:00
Andrea Tartaglia
59227d8c31 Removed dict.iteritems() in several other files.
This is for py3 compatibility #18506
2016-12-14 08:01:45 -08:00
Clark Boylan
a65e34ce77 Fix synchronize retries (#18535)
* Fix synchronize retries

The synchronize module munges its task args on every invocation of
run(). This was problematic because the munged data was not fit for use
by a second pass of the synchronize module. Correct this by using a copy
of the task args on every invocation of run() so that the original args
are not affected.

Local testing using this playbook seems to confirm that things work as
expected:

  - hosts: all
  tasks:
    - delay: 2
      register: task_result
      retries: 1
      until: task_result.rc == 0
      synchronize:
        dest: /tmp/out
        mode: pull
        src: /tmp/nonexistent/

fixes #18281

* Update synchroncization fixture assertions

When we started operating on a copy of the task args the test assertions
were no longer asserting things about the munged state but of the
pristine state. Convert the copy of task args to a class member so that
it can be compared against later in testing and update the assertions to
check this munged copy.
* Shuffle objects around for cleaner testing

Attach the temporary args dict to the task rather than the action as
this makes updating the existing tests cleaner.
2016-12-12 13:33:30 -08:00
Toshio Kuratomi
ed00741a01 Mcsalgado's change to use shlex.quote instead of pipes.quote (#18534)
* Replace pipes.quote for shlex_quote

* More migration of pipes.quote to shlex_quote

Note that we cannot yet move module code over.  Modules have six-1.4
bundled which does not have shlex_quote.  This shouldn't be a problem as
the function is still importable from pipes.quote.  It's just that this
has become an implementation detail that makes us want to import from
shlex instead.

Once we get rid of the python2.4 dependency we can update to a newer
version of bundled six module-side and then we're free to use
shlex_quote everywhere.
2016-11-17 13:18:29 -08:00
Matt Clay
8c270ac75f Add empty-init code-smell script. (#18406)
Also removed boilerplate from otherwise empty __init__.py files
which should not contain any code (checked by empty-init script).
2016-11-07 15:02:13 -08:00
Matt Clay
0d46805979 Clean up shebangs for various files.
- Remove shebangs from:
  - ini files
  - unit tests
  - module_utils
  - plugins
  - module_docs_fragments
  - non-executable Makefiles
- Change non-modules from '/usr/bin/python' to '/usr/bin/env python'.
- Change '/bin/env' to '/usr/bin/env'.

Also removed main functions from unit tests (since they no longer
have a shebang) and fixed a python 3 compatibility issue with
update_bundled.py so it does not need to specify a python 2 shebang.

A script was added to check for unexpected shebangs in files.
This script is run during CI on Shippable.
2016-11-02 17:00:27 -07:00
Matt Davis
aa0ad073b8 bugfixes to JSON junk filter, added unit/integration tests to exercise (#17834) 2016-10-02 08:03:42 -07:00
Toshio Kuratomi
4ed88512e4 Move uses of to_bytes, to_text, to_native to use the module_utils version (#17423)
We couldn't copy to_unicode, to_bytes, to_str into module_utils because
of licensing.  So once created it we had two sets of functions that did
the same things but had different implementations.  To remedy that, this
change removes the ansible.utils.unicode versions of those functions.
2016-09-06 22:54:17 -07:00
Matt Clay
94a0d2afb4 Add partially backwards compatible version of _fixup_perms. (#17427)
Also added a deprecation notice for _fixup_perms.

Resolves issue #17352 (assumes custom actions use recursive=False).
2016-09-06 16:49:59 -07:00
Adrian Likins
7d41f623dd Move py34 mock_open compat to compat/test/mock (#17157)
test/units/plugins/action/test_action.py had code
for handling a bug in python 3.4's mock_open that
causes errors when reading binary data.

Moved to compat/tests/mock.py so other tests can
use it by default.
2016-08-19 18:11:24 -04:00
Brian Coca
b1410fa278 fixed tests to accoutn for new parameter 2016-08-16 13:11:58 -04:00
Brian Coca
e2f17f8d9b set cwd to task's basedir (#16805)
* switch cwd to basedir of task

This restores previous behaviour in pre 2.0 and allows for 'local type' plugins
and actions to have a more predictable relative path.

fixes #14489

* removed FIXME since prev commit 'fixes' this

* fix tests, now they need a loader (thanks jimi!)
2016-07-25 08:11:45 -04:00
nitzmahone
de549ad675 update action unit test for powershell shebang behavior 2016-07-11 12:38:18 -07:00
jctanner
587d3c368b Fix synchronize+vagrant dest assertions that were incorrect. (#16291)
Addresses #16284
2016-06-14 19:56:50 -04:00
Brian Coca
a529a60478 raw should not use default executable (#16085)
also removed unused cruft in script
2016-06-10 11:37:58 -04:00
Toshio Kuratomi
5a3493be5f Port urls.py to python3 and other byte vs text fixes (#16124)
* Port urls.py to python3

Fixes (largely normalizing byte vs text strings) for python3

* Rework what we do with attributes that aren't set already.

* Comments
2016-06-04 16:19:57 -07:00
Saran Ahluwalia
fda927a14b added failing test for testing if executable is not empty string 2016-06-02 16:04:15 -07:00
jctanner
c52cea8db3 Add a framework, fixtures and test for common synchronize scenarios. (#15983)
* Add a framework, fixtures and test for common synchronize scenarios.

Addresses #15905
2016-05-31 22:35:59 -04:00
Toshio Kuratomi
b41b6b2ec5 Update test off make_become for ssh pty race mitigation (#15931) 2016-05-19 15:17:28 -07:00
Matt Martz
0faddfa168 Move binary module detection into executor/module_common.py 2016-05-12 12:25:09 -05:00
Matt Martz
3466e73c50 Resolve test failures 2016-05-12 12:25:09 -05:00
Toshio Kuratomi
8a184381af Strip junk after JSON return. (#15822)
Fixes #15601
2016-05-11 17:54:01 -07:00
Toshio Kuratomi
487e6562ca Fix ziploader for the cornercase of ansible invoking ansible.
* Make ziploader's ansible and ansible.module_utils libraries into
  namespace packages.
* Move __version__ and __author__ from ansible/__init__ to
  ansible/release.py.  This is because namespace packages only load one
  __init__.py.  If that is not the __init__.py with the author and
  version info then those won't be available.
* In ziplaoder, move the version ito ANSIBLE_CONSTANTS.
* Change PluginLoader to properly construct the path to the plugins even
  when namespace packages are present.
2016-04-29 08:47:49 -07:00