Commit graph

10448 commits

Author SHA1 Message Date
Matt Davis
cc8d180801
fix internal cases of actions calling unqualified module names (#70818) (#70840)
* fix internal cases of actions calling unqualified module names

* add porting_guide entry
* misc other fixes around action/module resolution broken by redirection

ci_complete

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* address review feedback

* pep8

* unit test fixes

* win fixes

* gather_facts fix module args ignores

* docs sanity

* pep8

* fix timeout test

* fix win name rewrites

Co-authored-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 4c0af6c808)
2020-07-23 10:29:09 -07:00
Sam Doran
7e4cffc5d2
[stable-2.10] Change default file permissions so they are not world readable (#70221) (#70824)
* Change default file permissions so they are not world readable

CVE-2020-1736

Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.

A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.

- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions.
(cherry picked from commit 5260527c4a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2020-07-23 09:07:18 -07:00
Brian Coca
8c2754e6d3
Allow hostvars delegation (#70331) (#70810)
* ensure hostvars are available on delegation
* also inventory_hostname must point to current host and not delegated one
* fix get_connection since it was still mixing original host vars and delegated ones
* also return connection vars for delegation and non delegation alike
* add test to ensure we have expected usage when directly assigning for non delegated host

(cherry picked from commit 84adaba6f5)
2020-07-22 18:29:07 -07:00
David Shrewsbury
7cdba7c923
Sanitize URI module keys with no_log values (#70762) (#70820)
* Add sanitize_keys() to module_utils.

* More robust tests

* Revert 69653 change

* Allow list or dict

* fix pep8

* Sanitize lists within dict values

* words

* First pass at uri module

* Fix insane sanity tests

* fix integration tests

* Add changelog

* Remove unit test introduced in 69653

* Add ignore_keys param

* Sanitize all-the-things

* Ignore '_ansible*' keys

* cleanup

* Use module.no_log_values

* Avoid deep recursion issues by using deferred removal structure.

* Nit cleanups

* Add doc blurb

* spelling

* ci_complete

(cherry picked from commit bf98f031f3)
2020-07-22 18:28:24 -07:00
psi / Ryo Hirafuji
61f8f8ce7f
cron - Allow non-ascii (UTF-8) chars in cron file paths and jobs (#70426) (#70794)
* Encode/Decode files in UTF-8
* Use helper function in ansible
* Add an integration test
* Use emoji in test data.
* add changelog
* Also support non-ascii chars in filepath and add tests about this.
* Also use non-ascii chars in replaced text and ensure not to break cron syntax.
* rename self.existing to self.n_existing
* rename crontab.existing to crontab.n_existing
2020-07-22 18:26:10 -07:00
Matt Martz
7eb5f53294
[stable-2.10] Ensure single vaulted values aren't counted as sequences. Fixes #70784 (#70786) (#70791)
(cherry picked from commit 96b74d3)

Co-authored-by: Matt Martz <matt@sivel.net>
2020-07-22 18:25:38 -07:00
Baptiste Mille-Mathias
1eb2afac63
Create home and parent directories only when requested (#70790)
The home user and the parents directories should only be created when
create_home == True

(cherry picked from commit f3dd8d3052)
2020-07-22 18:23:47 -07:00
Martin Krizek
4170786cd9
2.10: Detect failure in always block after rescue (#70094) (#70204)
* Detect failure in always block after rescue (#70094)

* Detect failure in always block after rescue

Fixes #70000

ci_complete

* Add more tests

(cherry picked from commit 0ed5b77377)

* add changelog

Co-authored-by: Matt Davis <mrd@redhat.com>
2020-07-22 14:00:27 -07:00
Baptiste Mille-Mathias
ffd3757fc3
Fix missing quoting for remote_tmp in second mkdir of shell module. Issue #69577 (#69578) (#70757)
* Fix missing quoting for remote_tmp in second mkdir of shell module. Issue #69577

* adding changelog

* fixing typo in changelog entry

* adding test case

Adding test case written by bmillemayhias.

* using $HOME instead of ~

* fixing commit measage

* Update 69578-shell-remote_tmp-quoting.yaml

Co-authored-by: Brian Kohles <me@briankohles.com>
(cherry picked from commit 77d0effcc5)

Co-authored-by: Brian Kohles <briankohles@users.noreply.github.com>
2020-07-21 11:23:25 -07:00
Sam Doran
9b8a649f2e
[stable-2.10] Handle Slackware OS version strings containing a plus (“+”) (#68142) (#70717)
A couple of years ago Slackware -current began using a plus (“+”) at the end of the distribution version string to indicate a future version work-in-progress.

Rearrange distribution_files unit tests to easily support more tests
  - add conftest with common fixtures
  - use parametrize for testing multiple scenarios

* Add changelog
* Add unit tests for Slackware distribution parsing
* Use correct fixtures for Slackware
Data comes from /etc/slackware-version

Co-authored-by: Sam Doran <sdoran@redhat.com>
Co-authored-by: <Eduard Rozenberg <eduardr@pobox.com>>
(cherry picked from commit 566c5e6ce1)

Co-authored-by: Eduard Rozenberg <2648417+edrozenberg@users.noreply.github.com>

Co-authored-by: Eduard Rozenberg <2648417+edrozenberg@users.noreply.github.com>
2020-07-21 11:21:07 -07:00
Sloane Hertel
d329985d4c
[2.10] template connection variables accessed directly before using (#70657) (#70688)
* template connection variables accessed directly before using (#70657)

* template variables accessed directly when using them instead of FieldAttributes

(cherry picked from commit 8c213c9334)

* changelog
2020-07-21 11:19:52 -07:00
Abhijeet Kasurde
ed07821a59
[2.10] api: time.clock compatible code (#70677)
time.clock is removed in Python 3.8. Add time.clock
compatible code.

Fixes: #70649

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 055871cbb8)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2020-07-21 11:19:27 -07:00
Toshio Kuratomi
46b1a999c6
Collections docs generation backport (#70515)
* Build documentation for Ansible-2.10 (formerly known as ACD).

Builds plugin docs from collections whose source is on galaxy

The new command downloads collections from galaxy, then finds the
plugins inside of them to get the documentation for those plugins.

* Update the python syntax checks
  * docs builds can now require python 3.6+.

* Move plugin formatter code out to an external tool, antsibull-docs.
  Collection owners want to be able to extract docs for their own
  websites as well.
* The jinja2 filters, tests, and other support code have moved to antsibull
* Remove document_plugins as that has now been integrated into antsibull-docs

* Cleanup and bugfix to other build script code:
  * The Commands class needed to have its metaclass set for abstractmethod
    to work correctly
  * Fix lint issues in some command plugins

* Add the docs/docsite/rst/collections to .gitignore as
  everything in that directory will be generated so we don't want any of
  it saved in the git repository
* gitignore the build dir and remove edit docs link on module pages

* Add docs/rst/collections as a directory to remove on make clean
* Split the collections docs from the main docs

* remove version and edit on github
* remove version banner for just collections
* clarify examples need collection keyword defined

* Remove references to plugin documentation locations that no longer exist.
  * Perhaps the pages in plugins/*.rst should be deprecated
    altogether and their content moved?
  * If not, perhaps we want to rephrase and link into the collection
    documentation?
  * Or perhaps we want to link to the plugins which are present in
    collections/ansible/builtin?

* Remove PYTHONPATH from the build-ansible calls
  One of the design goals of the build-ansible.py script was for it to
  automatically set its library path to include the checkout of ansible
  and the library of code to implement itself.  Because it automatically
  includes the checkout of ansible, we don't need to set PYTHONPATH in
  the Makefile any longer.

* Create a command to only build ansible-base plugin docs
  * When building docs for devel, only build the ansible-base docs for
    now.  This is because antsibull needs support for building a "devel
    tree" of docs.  This can be changed once that is implemented
  * When building docs for the sanity tests, only build the ansible-base
    plugin docs for now.  Those are the docs which are in this repo so
    that seems appropriate for now.

* Docs: User guide overhaul, part 5 (#70307)

(cherry picked from commit db354c0300)

* Need to return any error code from running antsibull-docs (#70763)

This way we fail early if there's a problem

(cherry picked from commit 1e3989c9f7)

Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
2020-07-20 14:28:35 -07:00
Matt Martz
255dfca7f6
[stable-2.10] Allow single vault encrypted values to be used directly as module parameters. Fixes #68275 (#70607) (#70641)
(cherry picked from commit a77dbf0)

Co-authored-by: Matt Martz <matt@sivel.net>
2020-07-17 12:54:32 -07:00
Rick Elrod
86b24498b7
Add intentional coverage for an async_wrapper case (#70593) (#70630)
* Add intentional coverage for an async_wrapper case (#70593)

Change:
- Test async_wrapper when the module it runs has stderr output

Test Plan:
- CI
- Looked at coverage report and saw green for a few lines that weren't
  previously green.

Signed-off-by: Rick Elrod <rick@elrod.me>

* sigh

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-07-17 12:52:45 -07:00
Rick Elrod
33e5f1d661
Get m_u.facts.utils coverage up to 100% (#70614) (#70629)
* Get m_u.facts.utils coverage up to 100%

Change:
- Add tests to 'gathering_facts' integration target to get
  module_utils.facts.utils coverage up to 100%.
- This also clears incidental coverage from incidental_selinux.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-07-17 12:52:00 -07:00
Brian Coca
6cd015d7e2
Make filter type errors 'loop friendly' (#70417) (#70574)
- ensure we preserve the typeerror part of the exception so loop defereed error handling
 can postpone those caused by undefined variables until the when check is done.
 - fix tests to comply with the 'new normal'

 - human_to_bytes and others can issue TypeError not only on 'non string'
 but also bad string that is not convertable.

Co-authored-by: Sloane Hertel <shertel@redhat.com>

Co-authored-by: Sloane Hertel <shertel@redhat.com>
(cherry picked from commit cf89ca8a03)
2020-07-17 12:51:18 -07:00
Felix Fontein
15355ed059
[2.10] ansible-doc: include collection name in text output / plugin loader: return collection name; ansible-doc: handle ansible.builtin correctly (#70572)
* ansible-doc: include collection name in text output (#70401)

* ansible-doc: include collection name in text output

* Be more careful to not accidentally pass ansible.builtin for user-supplied modules.

(cherry picked from commit f4c89eab23)

* plugin loader: return collection name; ansible-doc: handle ansible.builtin correctly (#70026)

* Determine collection in plugin loader.

* Fix test.

* Use PluginPathContext objects in PluginLoader._plugin_path_cache instead of tuples.

(cherry picked from commit 24dcaf8974)
2020-07-17 12:50:23 -07:00
Mykola Grygoriev
5ea6de4e7d
Fix decrypt argument in assemble module (#70465) (#70560)
* Do not pass decrypt parameter to assemble module

* Add integration tests where decrypt=True

* Add changelog #70465

(cherry picked from commit 71c378e139)
2020-07-17 12:48:38 -07:00
David Shrewsbury
94a81f7b44
Make sure ansible_become treated as a boolean (#70484) (#70526)
* Make sure ansible_become treated as a boolean

(cherry picked from commit 8aca464b8b)
2020-07-17 12:46:33 -07:00
Felix Fontein
a5c0b11913
ansible-doc man formatter: fail with better error message when description isn't there (#70046) (#70485)
* ansible-doc man formatter: do not crash when description isn't there.
* Change to report a better error message when description is not there.
* Add test.

(cherry picked from commit 9164b96774)
2020-07-17 12:44:03 -07:00
Sloane Hertel
212d2024f4
[2.10] Handle post_validate templating errors and fix tests (#70240) (#70389)
* Handle post_validate templating errors and fix tests (#70240)

* Handle unexpected templating errors

* Fixes #70050

Fix up tests that weren't running and add tests for graceful templating error handling

(cherry picked from commit 30e70f4b63)

* changelog

ci_complete
2020-07-17 12:41:43 -07:00
Martin Krizek
7dfda4026e
Fix delegate_facts with interpreter not being set (#70293) (#70384)
Fixes #70168

ci_complete

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit b05e00e99a)
2020-07-17 12:40:00 -07:00
Abhijeet Kasurde
e1c0688e43
[2.10] Improve ansible-galaxy STDOUT messages for collections (#70379)
- Fix issue #70010
- Add installation successful message
- This feature targets "collection" sub-command and does not affect "role" sub-command

Signed-off-by: Hideki Saito <saito@fgrep.org>
(cherry picked from commit 2d59e548f6)

Co-authored-by: Hideki Saito <saito@fgrep.org>
2020-07-17 12:39:16 -07:00
Matt Davis
1e03b54d23
refactor Python module_utils locator (#70610) (#70711)
* refactor Python module_utils locator

* no longer recursive
* embed special-case module code internally
* share common code between collections/not cases
* fixes #70134
* properly support subpackage redirection
* adds support for FQCN redirect targets used by migration (expands to FQ Python name)
* add tests

* add changelog

(cherry picked from commit c616e54a6e)
2020-07-17 10:57:44 -07:00
Felix Fontein
273159da4c
Include changelogs/changelog.yaml in distribution. (#70260) (#70266)
(cherry picked from commit ebd20ddca6)
2020-07-17 10:55:25 -07:00
Sam Doran
95ec1618ef
[stable-2.10] Only pass kwargs to our string checker not callable checkers (#70151) (#70170)
Since only check_type_str() accepts extra param, only pass to our checker and
do not pass kwargs to custom checkers.

* Add unit tests
(cherry picked from commit bc05415109)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2020-07-17 10:53:56 -07:00
Sam Doran
b6f6067dfd
[stable-2.10] ansible_runner test - Add constraints (#70667) (#70669)
A recent updated to psutil, which is a dependency of ansible-runner, fails
to install on older versions of pip.

Commit with the breaking change:

  135628639b
(cherry picked from commit 9d27d7c8b1)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2020-07-15 17:32:09 -05:00
Matt Clay
c2b69fd30e [stable-2.10] Fix ansible-test virtualenv management.
(cherry picked from commit 1e02a201a6)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-07-14 02:08:17 -07:00
Matt Clay
ddc78622a4 [stable-2.10] Update ansible-test change detection for plugins.
(cherry picked from commit 09f02980a4)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-07-13 23:55:15 -07:00
Matt Clay
957f0c27fc [stable-2.10] Fix boilerplate in setup.py and lib/ansible/ dir..
(cherry picked from commit 234994fc07)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-07-13 18:57:17 -07:00
Matt Clay
a707466c0b [stable-2.10] Fix yamllint sanity test line numbers.
Parse errors from libyaml now compensate for the offset of the documentation within a module.
(cherry picked from commit 1a0d8a51cd)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-07-13 18:28:30 -07:00
Matt Clay
8cd66ce95a [stable-2.10] Clean up unit test boilerplate.
(cherry picked from commit 98a0995fd0)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-07-13 18:28:02 -07:00
Matt Clay
3204d260dd [stable-2.10] Add integration tests for basic.py _set_cwd.
These tests verify that AnsibleModule can be instantiated when cwd does not exist or is unreadable.
(cherry picked from commit d6fb42d1c5)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-07-13 18:16:00 -07:00
Matt Clay
f28fabe6ef [stable-2.10] Add integration tests for test plugins. (#70576)
(cherry picked from commit df45dcdae0)

Co-authored-by: Matt Clay <mclay@redhat.com>
2020-07-13 18:15:21 -07:00
Matt Clay
ba645400bf [stable-2.10] Correct name of fileglob lookup integration test.
(cherry picked from commit bbd8f15a58)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-07-13 18:15:00 -07:00
Matt Clay
73d9054b32 [stable-2.10] Test netconf plugins in ansible-doc sanity test.
(cherry picked from commit 8d92df4537)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-07-13 18:14:42 -07:00
Abhijeet Kasurde
0abb5e597e
[2.10] known_hosts: update documentation (#70406)
* Update documentation as per sanity tests
* Added example about custom SSH port in example section

Fixes: #29236

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 74bedab8a9)
2020-07-02 10:31:23 -05:00
Jordan Borean
70da336de9 ansible-test - do not validate blacklisted ps modules (#70376)
* ansible-test - do not validate blacklisted ps modules

* Update changelogs/fragments/validate-modules-ps-doc-blacklist.yaml

Co-authored-by: Matt Clay <matt@mystile.com>

Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit 40ce448657)
2020-06-30 15:15:13 -07:00
Matt Clay
73ee85145b [stable-2.10] Pin ansible-test requirements for RHEL.
The `packaging` and `pyparsing` packages are now installed by `ansible-test` during provisioning of RHEL instances to match the downstream vendored versions.
(cherry picked from commit 70c59423fc)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-06-26 11:32:16 -07:00
Rick Elrod
bcd7c860e2 pip tests, use py2 compat sampleproject fork
Change:
- sampleproject has gone py3 only. Use a py2 compatible fork.

Test Plan:
- CI

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-06-26 09:17:28 -07:00
Sam Doran
0b7e3694c7 [stable-2.10] Rebalance CI groups to avoid macOS timeouts (#70126)
(cherry picked from commit b2d6db7916)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2020-06-22 10:19:54 -07:00
Matt Clay
8152d8bc1a Disabled inconsistent pylint checks. 2020-06-17 10:10:17 -07:00
Monty Taylor
0133757d44 Add an author exception for OpenStack Ansible SIG
The current author line wants to match a github author id. But
some people, including the OpenStack project, do not use github,
and additionally do not claim individual ownership but instead
group ownership.

Since there are already a couple of hard-coded examples in the
regex, just add one more. Alternately we could come up with some
mechanism to indicate that the author is purposely not listing
a github id, but that seems a bit heavywight.
2020-06-17 08:21:14 -07:00
Matt Davis
29c6aae2fc
try to load unqualified plugins from whitelist (#70086)
* try to load unqualified plugins from whitelist

* necessary for backcompat loading of unqualified collectionized callback plugins redirected from <= 2.9 core
* also added de-duping from actual loaded name

* add tests

* add warning test

* group test script entries by topic

* shorten warning text grep because wrapping is dumb

* fix adhoc callback loading behavior

* collections pass over whitelist wasn't respecting `_run_additional_callbacks`
* adds regression tests for same

* avoid `grep -L` in tests since it breaks the world
2020-06-16 17:17:38 -07:00
Matt Clay
598786e16d Update ansible-test default test containers.
The main change is the upgrade to Python 3.9.0b3.
2020-06-16 16:50:04 -07:00
Matt Davis
3dd324b837
disable slow/unstable hetzner incidental tests (#70103)
* disable slow/unstable hetzner incidental tests

* zap disabled tests

* verified no incidental coverage loss
2020-06-16 16:30:56 -07:00
Matt Clay
d295b81920 Improve stability of postgresql tests. 2020-06-16 16:29:25 -07:00
Matt Clay
0faec62354 Remove temporary migration hack from CI scripts. 2020-06-16 11:25:39 -07:00
Matt Clay
f69b1846f9 Add pyparsing constraint to ansible-test.
The upcoming pyparsing 3 release will require Python 3.5 or later, see:

https://github.com/pypa/packaging/issues/313

Unfortunately pip 8.x and earlier versions do not support python version requirements, which is why this constraint is needed.
2020-06-16 10:38:16 -07:00