Follow up to #70221
Related to #67794
CVE-2020-1736
When set_mode_if_different() is called with mode of 'None', ensure we issue
a warning about the change in default permissions.
Add integration tests to ensure the warning works properly.
* Fix tests
- actually use custom module 🤦♂️
- verify file permission on created files
- use remote_tmp_dir so we're ready for split controller
- improve test module so we can skip the call to set_fs_attributes_if_different()
- fix tests for CentOS 6
(cherry picked from commit dc79528cc6)
- Combine remote and local debugging instructions.
- Update the example code to match current AnsiballZ structure and behavior
- Change reference name and update references
- Clarify how PYTHON path is modified
- Also add note about other remote debugging tools.
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
(cherry picked from commit 7f0c84ea15)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Also validate top-level version_added.
* Fix error code.
* Produce same version_added validation error in schema than in code (and stop returning it twice).
* Return correct error codes for invalid version_added for options and return values.
* Add changelog.
* Fix forgotten closing braket.
* Accept 'historical' for some top-level version_added.
(cherry picked from commit 7e2cc7db12)
* Add boilerplate snippet into `examples/`
It is a partial backport of #70224
(partially cherry picked from commit 4816bb4f43)
* Refactor Python API examples and docs
PR #70446: it's a follow-up for #70445.
It includes a merge of `examples/scripts/uptime.py` and a similar
code snippet from `docs/docsite/rst/dev_guide/developing_api.rst`.
This patch also changes the docs RST file to include contents of
the example file instead of holding a copy of a similar code.
(cherry picked from commit 20bb915092)
* Pipe lookup plugin usage example documentation fix (#70679)
(cherry picked from commit 58d24584c0)
* Fix misleading documentation for naming blocks (#68458)
From what I have observed it is the block itself that doesn't support the name attribute rather than the tasks inside the block.
* Update docs/docsite/rst/user_guide/playbooks_blocks.rst
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
(cherry picked from commit 633c2d0522)
* Fix incorrect statement to set a variable for a playbook (#70712)
Fixes#70638
(cherry picked from commit 59513ae673)
* Make Sources, Plugins sections easier to read (#70652)
Re-wrote the Inventory Sources section and also the next section to have shorter, clearer sentences with a more active voice.
(cherry picked from commit fb3db170cc)
* fix rstcheck problem and gitignore collections dir (#70764)
(cherry picked from commit 24e5d3a51c)
* add note for write permission on rst files (#70766)
* add note for write permission on rst files
* Update docs/docsite/rst/community/documentation_contributions.rst
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
(cherry picked from commit 2a7df5e07b)
* Modification of 'Adding modules and plugins locally' topic (#70659)
* Remediated the topic to comply with IBM style guide and minimalism practices
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
(cherry picked from commit 1733253297)
* WIP: add collections as an intersphinx link (#70826)
* adds collections as a ref for intersphinx
* no need for intersphinx
Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
(cherry picked from commit b28d59124b)
* Proper example for splitext filter in docs (#70494)
* Update playbooks_filters.rst with a clear example of how to extract its 2 tokens.
Co-authored-by: Sloane Hertel <shertel@redhat.com>
(cherry picked from commit 7a42d27462)
* Few fixes for reference_appendices/faq.html (#70719)
* Format using `` instead of `, add line breaks for long lines, rephrase or remove useless text.
Move some text.
* Add clearer version of OpenSSh is affected by SCP bug
* Review some pages using ansible doc writing guide.
(cherry picked from commit 92e16c2838)
Co-authored-by: Roman Gorshunov <34521622+gorshunovr@users.noreply.github.com>
Co-authored-by: David Rieger <david@isan.engineer>
Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com>
Co-authored-by: Stef B <regendo@users.noreply.github.com>
Co-authored-by: Sayee <57951841+sayee-jadhav@users.noreply.github.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
Co-authored-by: Fixmetal <fixmetal@gmail.com>
Previous version initialized the `TaskQueueManager` after calling
`Play.load()` while advertising a way to inject a custom library
location path. This caused the tasks loader not to find any custom
modules because it was triggered before the path was actually added
to the module loader.
This patch changes the order of the operations to ensure that the
customized `context.CLIARGS` actually influences things.
Resolves https://github.com/ansible/ansible/issues/69758.
(cherry picked from commit 8d97c8c222)
* Change default file permissions so they are not world readable
CVE-2020-1736
Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.
A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.
- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions.
(cherry picked from commit 5260527c4a)
Co-authored-by: Sam Doran <sdoran@redhat.com>
As Molecule started to use https://github.com/ansible-community/molecule/discussions we need to update documentation before retiring
the molecule-users mailing list.
(cherry picked from commit b7ee07215d)
Co-authored-by: Sorin Sbarnea <ssbarnea@users.noreply.github.com>
* Build documentation for Ansible-2.10 (formerly known as ACD).
Builds plugin docs from collections whose source is on galaxy
The new command downloads collections from galaxy, then finds the
plugins inside of them to get the documentation for those plugins.
* Update the python syntax checks
* docs builds can now require python 3.6+.
* Move plugin formatter code out to an external tool, antsibull-docs.
Collection owners want to be able to extract docs for their own
websites as well.
* The jinja2 filters, tests, and other support code have moved to antsibull
* Remove document_plugins as that has now been integrated into antsibull-docs
* Cleanup and bugfix to other build script code:
* The Commands class needed to have its metaclass set for abstractmethod
to work correctly
* Fix lint issues in some command plugins
* Add the docs/docsite/rst/collections to .gitignore as
everything in that directory will be generated so we don't want any of
it saved in the git repository
* gitignore the build dir and remove edit docs link on module pages
* Add docs/rst/collections as a directory to remove on make clean
* Split the collections docs from the main docs
* remove version and edit on github
* remove version banner for just collections
* clarify examples need collection keyword defined
* Remove references to plugin documentation locations that no longer exist.
* Perhaps the pages in plugins/*.rst should be deprecated
altogether and their content moved?
* If not, perhaps we want to rephrase and link into the collection
documentation?
* Or perhaps we want to link to the plugins which are present in
collections/ansible/builtin?
* Remove PYTHONPATH from the build-ansible calls
One of the design goals of the build-ansible.py script was for it to
automatically set its library path to include the checkout of ansible
and the library of code to implement itself. Because it automatically
includes the checkout of ansible, we don't need to set PYTHONPATH in
the Makefile any longer.
* Create a command to only build ansible-base plugin docs
* When building docs for devel, only build the ansible-base docs for
now. This is because antsibull needs support for building a "devel
tree" of docs. This can be changed once that is implemented
* When building docs for the sanity tests, only build the ansible-base
plugin docs for now. Those are the docs which are in this repo so
that seems appropriate for now.
* Docs: User guide overhaul, part 5 (#70307)
(cherry picked from commit db354c0300)
* Need to return any error code from running antsibull-docs (#70763)
This way we fail early if there's a problem
(cherry picked from commit 1e3989c9f7)
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
* Suggest ansible ad-hoc command while developing module (#70308)
If a local module has no documentation, the doc command will fail without any hints of what is wrong. Add another way to confirm the presence of a local module.
* Update docs/docsite/rst/dev_guide/developing_locally.rst
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 82e5d03bdb)
* Update AWS Integration test docmentation (#70454)
(cherry picked from commit e1ba7dc52a)
* Update hacking/shippable docs.
The `--all` option downloads more than is needed for analyzing code coverage.
(cherry picked from commit fb7740ae3b)
* Document that subversion module requires subversion (#70537)
(cherry picked from commit 64c2cb273f)
* update documentation link to python 3 (#70509)
update the docs link for strftime on the filters page to point to the python3 docs
(cherry picked from commit f7db428375)
* Update windows_winrm.rst (#70306)
gcc also needed to be installed alongside python-devel, krb5-devel, krb5-libs, and krb5-workstation.
(cherry picked from commit f4ea43c4a0)
* updated requirements file for docs build (#70609)
(cherry picked from commit 38ccfb4a3e)
* Clarify that index_var is 0 indexed (#70548)
A little further down the page is another index, ansible_loop.index, which shares a similar description but is 1 indexed.
Its zero indexed twin has a 0 suffix.
``ansible_loop.index`` The current iteration of the loop. (1 indexed)
``ansible_loop.index0`` The current iteration of the loop. (0 indexed)
To remove ambiguity around the usage of index_var, explicitly mention that this variable is 0 indexed.
(cherry picked from commit c410311f55)
* docs: update module development docs (#70594)
Update module development docs for flattened modules directory.
Fixes: #70261 (at least partially)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 20209c508f)
* Doc: fix examples of changelog entries. (#70551)
(cherry picked from commit edcd1a1a70)
* Document tags are not supported with task meta. (#70590)
fixes#70338
(cherry picked from commit 40591d5fbb)
* docs: update date format in removed_at_date (#70597)
removed_at_date requires YYYY-MM-DD format.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 375c6b4ae4)
* partial update of community docs to reflect collections transition (#70488)
(cherry picked from commit f1f782fc37)
Co-authored-by: Michael Ritsema <michaelritsema@users.noreply.github.com>
Co-authored-by: Mark Chappell <mchappel@redhat.com>
Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Alan Rominger <arominge@redhat.com>
Co-authored-by: FloMiau <37121807+FloMiau@users.noreply.github.com>
Co-authored-by: mahadelmi <mahadelmi@cmail.carleton.ca>
Co-authored-by: Sayee <57951841+sayee-jadhav@users.noreply.github.com>
Co-authored-by: Karl Goetz <goetzk@users.noreply.github.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
* doc: avoid mix of single and double quotes (#70115)
Avoid mix of single and double quotes in the `ternary`, this way
we can copy/past the example without any surprise.
(cherry picked from commit b491f776b9)
* document FQCN for M() and :seealso: in DOCUMENTATION blocks (#70245)
* document FQCN for M() in DOCUMENTATION blocks
* add note about c
(cherry picked from commit 83f6e4850b)
* Fix bullet points in intro_getting_started.rst. (#70365)
The layout was jumbled due to issues with whitespace.
(cherry picked from commit dc6f4b6502)
* Add steps for how to create changelog.rst for a collection (#70262)
* Update docs/docsite/rst/dev_guide/developing_collections.rst
* add steps to create changelogs, add sentence about not using the tool
* add note for rerunning the command
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 5a28b2b86c)
* ansible-doc: avoid problems with YAML anchors when formatting man page (#70045)
* Avoid problems with YAML anchors when formatting man page.
* Add changelog.
(cherry picked from commit 5e4f708241)
* Minor grammatical fix (#70405)
'you' -> 'your'
(cherry picked from commit a1ac595d42)
* incorporate minimalism feedback on filters page (#70366)
Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
(cherry picked from commit c89f3cda9e)
* more correct info about role main.yml (#70326)
fixes#40496
(cherry picked from commit 5d3d097de3)
* Fix a small typo in cache plugin description @ `config/base.yml`
PR #70420
(cherry picked from commit 626df08d9d)
* with_sequence: example using vars (#69369)
Added an example for using vars in with_sequence.
Fixes: #68836
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 5709173c32)
* Update pull.py (#70393)
(cherry picked from commit 46ad3c1162)
* Update playbooks.rst (#70317)
(cherry picked from commit 7c90a2d2a6)
* Add documentation for ipaddr filters (#70343)
(cherry picked from commit 9eb904ea61)
* update platform table with links to collections (#70373)
(cherry picked from commit aa59c23aed)
* Add description of collections and become_exe keywords (#68055)
* Add description of collections keyword
* Update based on feedback.
- Add link to become plugins.
- Add note about how the collections keyword works with roles.
(cherry picked from commit 5833af9e2a)
Co-authored-by: Gonéri Le Bouder <goneri@lebouder.net>
Co-authored-by: Mark Sanders <ziplokk.mark.sanders@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Sir Mobus Gochfulshigan Dorphin Esquire XXIII <celestialtuba@gmail.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Michael Scherer <mscherer@users.noreply.github.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Ethan <smithe2413@gmail.com>
Co-authored-by: jafiala <56597272+jafiala@users.noreply.github.com>
Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
Lightbulb is deprecated in favor of https://ansible.github.io/workshops/. Update docs links accordingly.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit e4f48c920c)
* Fix broken link in AWS Guide (#70153)
Point to collection rather than ansible/ansible for example.
(cherry picked from commit 0ef75f65d9)
* remove gendered example (#70117)
Changed example to not assume things about names and genders
(cherry picked from commit 5885ed4455)
* docs: Add note about ansible-doc (#70162)
ansible-doc can only parse Python modules, added a note about
this is developer guide; Fixes: #69109
(cherry picked from commit da868d9d60)
* Update config.yml (#70154)
typos & branding
* Update .github/ISSUE_TEMPLATE/config.yml
Co-authored-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 4b358c6641)
* async_status: Update documentation (#70196)
Fixes: #38164
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 40a42de081)
* updates to ansible-maintained collections guidelines (#70178)
(cherry picked from commit 647c6cd289)
Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
Co-authored-by: Westley Argentum Hennigh-Palermo <WestleyArgentum@gmail.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: John R Barker <john@johnrbarker.com>
* Update guide_gce.rst
The given example is not working as a SSH connection is not possible because of #59573. Instead, in this tutorial the default network should be used which allows SSH connections in most cases.
Co-authored-by: Sandra McCann <samccann@redhat.com>
* Updated docs/docsite/rst/dev_guide/developing_modules_documenting.rst, added documentation for R()
* added link to how to add anchors, anchor, and clarification on when to use each option
Co-authored-by: John R Barker <john@johnrbarker.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
* Remove community.crypto parts from porting guide.
* Remove community.general parts from porting guide.
* Removed 'modules removed' section, since this is better suited for a general entry on the collection split.
* Validate ansible-base & collection's runtime.yml
Add new test `runtime-metadata`
* Schema validation of file
* Error if a a legacy meta/routing.yml exist in a collection
* removal_date OR removal_version
* Add tombstone validation.
* Allow both ISO 8601 date strings and datetime.date objects (from YAML dates).
* Address review comments.
* Add metadata to test collection.
* Add requirements file.
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Matt Clay <matt@mystile.com>
Replace the ansible-base changelog linting and generation tool with antsibull-changelog and make it available for linting collections. Previously changelog linting was limited to ansible-base.
* Allow to specify collection_name separately for deprecation.
* Use new functionality in Ansible.
* Use new functionality in tests.
* Update tagging/untagging functions.
* Update pylint deprecated sanity test.
* Update validate-modules. Missing are basic checks for version_added (validate semantic version format for collections).
* Improve version validation. Re-add version_added validation.
* Make sure collection names are added to return docs before schema validation.
* Extra checks to avoid crashes on bad data.
* Make C# module utils code work, and update/extend tests.
* Add changelog fragment.
* Stop extracting collection name from potentially tagged versions/dates.
* Simplify C# code.
* Update Windows modules docs.
* Forgot semicolons.
* Make AnsibleVaultEncryptedUnicode work more like a string. Fixes#24425
* Remove debugging
* Wrap some things
* Reduce diff
* data should always result in text
* add tests
* Don't just copy and paste, kids
* Add eq and ne back
* Go full UserString copy/paste
* Various version related fixes
* Remove trailing newline
* py2v3
* Add a test that can evaluate whether a variable is vault encrypted
* map was introduces in jinja2 2.7
* moar jinja
* type fix
Co-Authored-By: Sam Doran <sdoran@redhat.com>
* Remove duplicate __hash__
* Fix typo
* Add changelog fragment
* ci_complete
Co-authored-by: Sam Doran <sdoran@redhat.com>
* starting metadata sunset
- purged metadata from any requirements
- fix indent in generic handler for yaml content (whey metadata display was off)
- make more resilient against bad formed docs
- removed all metadata from docs template
- remove metadata from schemas
- removed mdata tests and from unrelated tests
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Rick Elrod <rick@elrod.me>
Change:
On OpenBSD when using pipelining, we do not set cwd which results in a
permissions fatal. Ensure that `''` - cwd - is not in `sys.path`.
Test Plan:
Tested against local OpenBSD VM
Tickets:
Fixes#69320
Signed-off-by: Rick Elrod <rick@elrod.me>
* Enable installing collections from git repositories
* Add tests for installing individual and multiple collections from git repositories
* Test to make sure recursive dependencies with different syntax are deduplicated
* Add documentation
* add a changelog
* Skip Python 2.6
* Only fail if no collections are located in a git repository
Add support for a 'type' key for collections in requirement.yml files.
Update the changelog and document the supported keys and allowed values for the type.
Add a note that the collection(s) in the repo must contain a galaxy.yml
* Add a warning about embedding credentials in SCM URLs
* Update with review suggestions
* suppress sanity compile failure for Python 2.6
* Track collection for version_added.
Validate *all* version numbers in validate-modules.
For tagged version numbers (i.e. version_added), consider source collection to chose validation.
* Make tagging/untagging functions more flexible.
* Tag all versions in doc fragments.
* Tag all deprecation versions issued by code.
* Make Display.deprecated() understand tagged versions.
* Extend validation to enforce tagged version numbers.
* Tag versions in tests.
* Lint and fix test.
* Mention collection name in collection loader's deprecation/removal messages.
* Fix error IDs.
* Handle tagged dates in Display.deprecated().
* Also require that removed_at_date and deprecated_aliases.date are tagged.
* Also automatically tag/untag removed_at_date; fix sanity module removal version check.
* Improve error message when invalid version number is used (like '2.14' in collections).
* Improve the changelog-how-to documentation:
* remove repetitions
* mention starting with lowercase
* update the link to examples, remove an irrelevant link
* change win_ example to apt_repository
* add info about collections