Commit graph

2376 commits

Author SHA1 Message Date
Rick Elrod
314834c6d3 New release v2.10.1rc1 2020-08-31 19:42:18 -05:00
Rick Elrod
dc97027453
[dnf] ensure packages are gpg-verified (#71539)
Change:
- By default the dnf API does not gpg-verify packages. This is a feature
  that is executed in its CLI code. It never made it into Ansible's
  usage of the API, so packages were previously not verified.
- This fixes CVE-2020-14365.

Test Plan:
- New integration tests

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-08-31 10:05:30 -05:00
Sandra McCann
d3e0cb4320
[docs][2.10] Backportapalooza 9 (#71493)
* Explain duplicate checks includes tags and when (#68183)

##### SUMMARY
Per #67913, when comparing dependencies, Ansible takes into account parameters, tags and the when clause in determining whether a role is a duplicate or not.

##### ISSUE TYPE
- Docs Pull Request

+label: docsite_pr

(cherry picked from commit 3e4377300b)

* Docs: ansible_host can contain FQDN (#71186)

(cherry picked from commit 13ab73cd89)

* clarify inventory plugin user documentation (#71387)

(cherry picked from commit fb035da3b2)

* Keep caution tape for older versions (#71400)

(cherry picked from commit 156b1c5245)

* document securing editor for vault (#71404)

(cherry picked from commit 6c48c62f93)

* galaxy: Add examples for galaxy section in ansible.cfg (#70931)

Add example section for galaxy section in ansible.cfg

Fixes: #68402

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 3f3bcbf05e)

* docs: Remove examples using the `ec2.py` script (#69107)

This script is mostly unmaintained and relies on the deprecated and
unmaintained `boto` library. Featuring it prominently in the docs
leads to many new users using it instead of the supported `aws_ec2`
inventory plugin.

(cherry picked from commit 66e38bf499)

* Update uri.py (#67688)

Adds an example of creating workspaces in Log analytics Azure
Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>

(cherry picked from commit 4317c2c80c)

* docs: Update Kubernetes Guide (#71372)

Fixes: #61681

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 59b80b9146)

* fix broken links due to master -> main branch rename (#71426)

(cherry picked from commit 2b7461eb52)

* Modify wording to specify two ctl-d to end stdin input in ansible-vault (#69436)

* 51860 - Modify wording to specify two ctl-d to end stdin input in ansible-vault
* removes space to make line 160 chars

(cherry picked from commit a6537b59ab)

* user_guide: Add an example for loop (#71441)

Explain how to use complex data in loop while converting
from with_together

Fixes: #47906

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 5c1594916a)

* Add link to Matt's blog (#71436)

nitzmahone's blog nicely explained why Windows is not supported
as Ansible controller. Link that in documentation so users can
read about it.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 3c8744f0c1)

* user_guide: Fix reuse role examples (#71440)

Fixes: #53919

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 0b16c0a8c7)

* service: Add a note about ignored parameters (#71455)

Some parameters for systemd are ignored, add a note about such parameters in documentation.
Fixes: #23144

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 1257b0a184)

* updates network plugin docs pages for 2.10 (#71467)

Co-authored-by: Alicia Cozine <acozine@users.noreply.github.com>
(cherry picked from commit f82a1e06d7)

* Remove "mode: preserve" option from documentation (#71486)

Remove "mode: preserve" option from documentation in doc fragments "FILE_COMMON_ARGUMENTS", as it was incorrectly included in the documentation for the `lineinfile`, `unarchive` and other file-related modules.
The `copy` and `templates` modules documentation remains untouched and still contain "mode: preserve", as intended.

(cherry picked from commit 7127d37466)

* quick update to changelog instructins (#71492)

(cherry picked from commit addee0699e)

* update Network Advanced Topics for FQCN (#71325)

* update Network Advanced Topics for FQCN

(cherry picked from commit b6f10b9b52)

* fix shippable error

Co-authored-by: David M. Lee <leedm777@yahoo.com>
Co-authored-by: Eric G <e+github1690@linuxw.info>
Co-authored-by: Sloane Hertel <shertel@redhat.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: flowerysong <paul.arthur@flowerysong.com>
Co-authored-by: Jose l. Azagra <azagramac@gmail.com>
Co-authored-by: Patrick Reader <pxeger@protonmail.com>
Co-authored-by: John Westcott IV <32551173+john-westcott-iv@users.noreply.github.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
Co-authored-by: Timothy Visser <team@sacrome.com>
2020-08-31 09:59:52 -05:00
David Shrewsbury
393412dc64
Fix play stats when rescue block is a child block (#70922) (#71334)
* check run state of current block only

* Add changelog and test

* Add test for issue 29047

(cherry picked from commit f2f6c34632)
2020-08-28 12:23:30 -05:00
Jordan Borean
7131c75d93
powershell - fix quoting values (#71411) (#71449)
* powershell - fix quoting values

* Add ignore for smart quote skip

(cherry picked from commit 72a7cb4a2c)
2020-08-28 12:22:22 -05:00
Jordan Borean
5688fef486
psrp - use native copy mechanism - 2.10 (#71434)
* psrp - use native copy mechanism (#71409)

* psrp - use native copy mechanism

* Fix sanity issues

* Split the bugfix and deprecation into separate changelog fragments

(cherry picked from commit 985ba187b2)

* Removed deprecation warnings for backport
2020-08-28 12:21:53 -05:00
Jordan Borean
b936539ae1
powershell - fix nested CLIXML parser (#71412) (#71451)
(cherry picked from commit 8897d7e2ff)
2020-08-28 09:54:14 -07:00
Martin Krizek
ce7b95499f
native types: properly handle Undefined in nested data (#68432) (#71105)
(cherry picked from commit 5ca3aec3c4)
2020-08-28 07:57:17 -05:00
Felix Fontein
d38a7ff577
Fix changelog fragment type. (#70902) (#71114)
(cherry picked from commit fc83055425)
2020-08-27 14:07:22 -05:00
Sam Doran
c39753d7ad
[stable-2.10] linux facts - return proper broadcast address (#64528) (#71064)
Check that the value being returned is actually a broadcast address

(cherry picked from commit e6bf202738)
2020-08-27 13:48:50 -05:00
Martin Krizek
0c32a4f793
Emit proper error for x in y when y is undefined (#70990) (#71011)
Fixes #70984

(cherry picked from commit bf7276a4e8)
2020-08-27 13:46:52 -05:00
Sam Doran
0c6edb34f9
[stable-2.10] unarchive - Check 'fut_gid' against 'run_gid' in addition to supplemental groups (#65666) (#71001)
* [stable-2.10] unarchive - Check 'fut_gid' against 'run_gid' in addition to supplemental groups (#65666)

Add integration tests for unarchiving as unprivileged user
Break tasks into separate files for easier reading and maintenance

Create a user by specifying a default group of 'staff' for macOS.

The user module does not actually remove the user directory on macOS,
so explicitly remove it.

Put the removal tasks in an always block to ensure they always run

Co-authored-by: Philip Douglass <philip.douglass@amadeus.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
(cherry picked from commit ac5f3f8bef)

Co-authored-by: Philip Douglass <philip@philipdouglass.com>

* [stable-2.10] Fix unstable unarchive test (#71004)

* Add mode to copy tasks
* Fix unreliable test by ignoring errors

(cherry picked from commit f99f96ceb6)

Co-authored-by: Philip Douglass <philip@philipdouglass.com>
2020-08-27 13:45:19 -05:00
Abhijeet Kasurde
a253c93fd1
[2.10] iptables: Add a note about ipv6-icmp (#71010)
ipv6-icmp and icmpv6 are valid protocols and adding note about
it in protocol parameter.

Fixes: #70905

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit e139739ab3)
2020-08-27 13:43:11 -05:00
Sloane Hertel
714cd2ad2e
copy - redact 'content' from invocation in check mode (#71033) (#71067)
* sanitize copy module invocation secrets in check mode

(cherry picked from commit 991714b9d1)
2020-08-27 13:41:14 -05:00
Jordan Borean
f41ff33ca6
ansible-galaxy - fix download for subdirs in SCM (#71005) (#71093)
(cherry picked from commit f6b3b4b430)
2020-08-27 13:39:54 -05:00
Brian Coca
00caeff928
dont clobber facts in loop (#71032) (#71095)
(cherry picked from commit f9af27c631)
2020-08-27 13:39:19 -05:00
Toshio Kuratomi
6b639f147d
[stable-2.10] Update ansible doc formats (#71070) (#71111)
* Fix tty_ify bugs and refactor

* Move tty_ify() and supporting attributes to the DocCLI class as that's
  the only thing using it.
* Add unittest for the code.
* Fix a bug where the substitution macros can be detected when they are
  a part of another word.
* Add support for L(), R(), and HORIZONTALLINE which were added to the
  website docs many years ago.

* Update test/units/cli/test_doc.py

Co-authored-by: Matt Clay <matt@mystile.com>

Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit fb144c4)

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
2020-08-27 13:33:24 -05:00
Jordan Borean
4b1df6cc05
Remove ANSIBLE_COLLECTIONS_PATHS dep warning (#71094) (#71099)
(cherry picked from commit aab9beccf7)
2020-08-27 13:26:17 -05:00
Felix Fontein
e33fff922a
ansible-test: bump acme test container version to 2.0.0 (#71097) (#71165)
(cherry picked from commit 050841324c)
2020-08-27 12:58:06 -05:00
Jordan Borean
092ec680e6
Ensure -k is set to delegated hosts without a pass (#71136) (#71168)
* Ensure -k is set to delegated hosts without a pass

* Fix up some broken tests

* Update task_executor.py

one possible fix, the other is updating winrm to normalize on 'password' like the other connection plugins

* Add alias for winrm and fix incorrect assumption

* Make sure aliases are used for keyword options

* Conditionally run test if sshpass is present, fix sanity

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
(cherry picked from commit 3f22f79e73)
2020-08-27 12:57:24 -05:00
GomathiselviS
e95b45c5ec
Update network integration auth timeout (#71057) (#71238)
*  Incase of network integration test for connection local
   test the paramiko_ssh auth_timeout is the value of timeout
   under defaults section which is 10 seconds.
*  For slower connection 10sec timout value result in authentication
   timeout error hence increase the timeout value to 90 seconds

(cherry picked from commit 6160e82bf2)

Co-authored-by: Ganesh Nalawade <ganesh634@gmail.com>
2020-08-27 12:55:04 -05:00
Rick Elrod
7b3d2a00a0
Fix cron file regression (#71207) (#71243)
Co-authored-by: Florent PIGOUT <toopy@users.noreply.github.com>
2020-08-27 12:54:15 -05:00
Ganesh Nalawade
67b2b8caf1
Fix netconf validate capability check (#71195) (#71252)
*  Use ``:validate`` string to check if the netconf
   server supports validate capability as per netconf RFC

(cherry picked from commit 7635d23cee)
2020-08-27 12:52:49 -05:00
Ganesh Nalawade
ca118613aa
Fixes https://github.com/ansible-collections/cisco.iosxr/issues/74 (#71292)
*  ncclient API expects commit timeout value in either unicode
   or bytes format, hence convert the timeout value explicitly
   to string type.
2020-08-27 12:47:40 -05:00
Martin Krizek
02f4fc1a14
Skip literal_eval for string filters results in native jinja. (#70988) (#71313)
Fixes #70831

(cherry picked from commit b66d66027e)
2020-08-27 12:47:02 -05:00
Matt Martz
90a8d07f31
[stable-2.10] Don't do conflict check on sdist and egg_info (#71310) (#71316) 2020-08-27 12:44:30 -05:00
Matt Martz
c04a751f0e
Reject unknown types from results queue. Fixes #70023 (#71336) 2020-08-27 12:43:20 -05:00
Matt Martz
3f41c76564
[stable-2.10] Allow the TOML inventory to dump unsafe. Fixes #71307 (#71309) (#71317)
(cherry picked from commit 9da8801)

Co-authored-by: Matt Martz <matt@sivel.net>
2020-08-27 12:35:36 -05:00
Matt Martz
6d1cc0dede
[stable-2.10] epoch can be a float with strftime filter. Fixes #71257 (#71314) (#71319)
(cherry picked from commit 6289570)

Co-authored-by: Matt Martz <matt@sivel.net>
2020-08-27 12:35:21 -05:00
Lorenzo Castelli
ac248cf34a
systemd - supports new systemctl output message for chroot (#71197) (#71330)
The message generated by systemctl has been updated in 9321e23c40, which requires a corresponding change in the systemd module.

In addition, this fixes the module when the SYSTEMD_OFFLINE environment variable is set.

(cherry picked from commit a1a50bb3cd)
2020-08-27 12:34:59 -05:00
Sloane Hertel
4cfe2cf8dc
Fix meta tasks used with --flush-cache (#71311) (#71358)
* Remove incorrect code

(cherry picked from commit 88bfc7977d)
2020-08-27 12:23:58 -05:00
Martin Krizek
724b3648ea
_check_failed_state: always use the current/nested state (#71347) (#71457)
Fixes #71306

(cherry picked from commit 9792d631b1)
2020-08-27 12:22:45 -05:00
Felix Fontein
1252323e34
Make changelog tool be more strict about suffixes (#70909) (#71135)
* Bump antsibull-changelog version.

* Flag all dotfiles, except .keep and .gitkeep.

* Enable ignoring other fragment extensions.

(cherry picked from commit fbfc0f99eb)
2020-08-21 09:33:08 -07:00
Sandra McCann
26bb114ccb
[backport][docs][2.10]Docsbackportapalooza 8 (#71379)
* Move 2.10.0rc1 release date a few days forward. (#71270)

At yesterday's meeting it was decided to have ansible-2.10.0 depend on
ansible-base-2.10.1 so that we can get several fixes for ansible-base's
routing (including adding the gluster.gluster collection).
ansible-base-2.10.1 will release on September 8th.  So we will plan on
releasing ansible-2.10.0rc1 on the 10th.

https://meetbot.fedoraproject.org/ansible-community/2020-08-12/ansible_community_meeting.2020-08-12-18.00.html
(cherry picked from commit e507c127e5)

* a few writing style updates (#71212)

(cherry picked from commit 4f0bd5de38)

* Fix code markups and add link to CVE (#71082)

(cherry picked from commit 92d59a58c0)

* Fix 404 links (#71256)

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit ecea018506)

* Writing style updates to Developing dynamic inventory topic (#71245)

* modified the writing style

* incorporated peer feedback

(cherry picked from commit ecd3b52ad7)

* Fix roadmap formatting. (#71275)

(cherry picked from commit ee48e0b0ad)

* Update password.py (#71295)

List md5_crypt, bcrypt, sha256_crypt, sha512_crypt as hash schemes in the password plugin.

(cherry picked from commit 1d1de2c6fd)

* Update ansible european IRC channel (#71326)

Signed-off-by: Rémi VERCHERE <remi@verchere.fr>
(cherry picked from commit 824cd4cbeb)

* Add warning about copyright year change (#71251)

To simplify project administration and avoid any legal issues,
add a warning in the docs. This reflects - https://github.com/ansible/ansible/issues/45989#issuecomment-423635622 and fixes: #45989

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 606604bb97)

* subelements: Clarify parameter docs (#71177)

skip_missing parameter in subelements lookup plugin is accepted from
inside the dictionary.

Fixes: #38182

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 6d17736ef4)

* Writing style updates to Using Variables topic (#71194)

* updated topic title, underline length for headings, and incorporated peer feedback

(cherry picked from commit 4d68efbe24)

* cron module defaults to current user, not root (#71337)

(cherry picked from commit 4792d83e13)

* Update Network Getting Started for FQCN/collection world (#71188)

* pull out network roles, cleanup, update first playbook examples, update gather facts section, some inventory conversion to .yml, update inventory and roles, simplify the navigation titles, fix tocs, feedback comments

(cherry picked from commit f79a7c5585)

* Add documentation about info/facts module development (#71250)

Fixes: #40151

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 4f993922c8)

* network: Correct documentation (#71246)

ini-style inventory does not support Ansible Vault password.
This fixes network_best_practices_2.5 doc.
Fixes: #69039

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit a1257d75aa)

* tidies up vars page (#71339)

(cherry picked from commit 02ea80f6d7)

* base.yml: Fix typos (#71346)

(cherry picked from commit 41d7d53573)

* quick fix to change main back to devel (#71342)

* quick fix to change main back to devel
* Update docs/docsite/rst/dev_guide/developing_collections.rst

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 74f88c56a5)

* Add note about integration tests for new modules to the dev guide (#71345)

(cherry picked from commit b82889eef5)

* update fest link (#71376)

(cherry picked from commit 80b8fde946)

* incorporate minimalism feedback on debugging page (#71272)

Co-authored-by: bobjohnsrh <50667510+bobjohnsrh@users.noreply.github.com>

(cherry picked from commit 5073cfc8bc)

* fix header problem

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
Co-authored-by: Sayee <57951841+sayee-jadhav@users.noreply.github.com>
Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com>
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: rovshango <rovshan.go@gmail.com>
Co-authored-by: Remi Verchere <rverchere@users.noreply.github.com>
Co-authored-by: Jake Howard <RealOrangeOne@users.noreply.github.com>
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
Co-authored-by: Per Lundberg <perlun@gmail.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2020-08-20 17:44:50 -05:00
Felix Fontein
aa51c6000a
Fix fortimanager httpapi redirect (#71073) (#71081)
* The fortimanager httpapi plugin is in fortinet.fortimanager, not in fortinet.fortios.

* Add changelog fragment.

(cherry picked from commit 4bd7580dd7)
2020-08-19 13:29:55 -05:00
Felix Fontein
a06730cdb0
Redirect gluster modules to gluster.gluster. (#71240) (#71264)
(cherry picked from commit 9f72ff80e3)
2020-08-19 13:28:01 -05:00
Matt Davis
3b9ee86381 [stable-2.10] fix collection package root location under pytest >=6.0.0 (#70963)
(cherry picked from commit 86b6c4bbb6)

Co-authored-by: nitzmahone <nitzmahone@users.noreply.github.com>
2020-08-17 11:16:08 -07:00
Rick Elrod
a6ed955132 New release v2.10.0 2020-08-13 12:30:50 -05:00
Rick Elrod
6e3271aa61
[stable-2.10] Revert default mode changes (#71260)
* Revert "[stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)" (#71236)"

This reverts commit c968020d52.

* Revert "Remove porting guide entry related to reverted change (#71242)"

This reverts commit 006a21eae2.
2020-08-13 12:17:47 -05:00
Sam Doran
c968020d52
[stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)" (#71236)
* [stable-2.10] Revert "Fix warning for new default permissions when mode is not specified (#70976) (#70985)"

This reverts commit 5cb96087e6.

* [stable-2.10] Revert "Change default file permissions so they are not world readable (#70221) (#70824)"

This reverts commit 7e4cffc5d2.
2020-08-12 14:30:47 -05:00
Rick Elrod
4b03d898f3
Update integration tests to support rpmfluff-0.6 (#71155) (#71159)
Co-authored-by: Matt Martz <matt@sivel.net>
2020-08-07 14:52:17 -05:00
Rick Elrod
a187613da8
Add CVE reference to changelog for PR 70762 (#71151) (#71156)
Co-authored-by: David Shrewsbury <Shrews@users.noreply.github.com>
2020-08-07 11:50:34 -05:00
Rick Elrod
3900f82d00 New release v2.10.0rc4 2020-07-30 16:17:16 -05:00
Sloane Hertel
9f4748cb2d
fix downloading collections in git repos and tar.gz artifacts (#70524) (#71000)
* Fix downloading tar files

* Fix downloading SCM collections

* changelog

(cherry picked from commit 54e2ae79e7)
2020-07-30 13:37:59 -07:00
Sam Doran
719c40bfdf
[stable-2.10] facts - fix incorrect time for some date_time_facts (#70665) (#70996)
* [stable-2.10] facts - fix incorrect time for some date_time_facts (#70665)

The iso8601_micro and iso8601 facts incorrectly called now.utcnow(), resulting
in a new timestamp at the time it was called, not a conversion of the previously
stored timestamp.

Correct this by capturing the UTC timestamp once then calculating the local
time using the UTC offset of the current system.

* Use time.time() for getting the current time
* Convert from that stored epoch timestamp to local and UTC times
* Used existing timestamp for epoch time
* Add unit tests that validate the formate of the return value rather than an exact value since mocking time and timezone is non-trivial
(cherry picked from commit c4f442ed5a)

Co-authored-by: Sam Doran <sdoran@redhat.com>

* Remove tests for tz_dst since that only exists in newer versions
2020-07-30 13:37:19 -07:00
Matt Clay
b764d381f0
[stable-2.10] Fix ansible-test relative import analysis. (#70993)
(cherry picked from commit 2e0097ada3)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-07-30 13:36:49 -07:00
Akira Yokochi
abfedb06c3
default_callback: Move 'check_mode_markers' in doc_fragments (#70228) (#70989)
Callback plugin dense, yaml, and debug implement 'check_mode_markers'
so moving documentation to default callback doc_fragments.

Fixes: https://github.com/ansible-collections/community.general/issues/565

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 4885ebad27)

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
2020-07-30 13:36:24 -07:00
Sam Doran
5cb96087e6
Fix warning for new default permissions when mode is not specified (#70976) (#70985)
Follow up to #70221
Related to #67794
CVE-2020-1736

When set_mode_if_different() is called with mode of 'None', ensure we issue
a warning about the change in default permissions.

Add integration tests to ensure the warning works properly.

* Fix tests
- actually use custom module 🤦‍♂️
- verify file permission on created files
- use remote_tmp_dir so we're ready for split controller
- improve test module so we can skip the call to set_fs_attributes_if_different()
- fix tests for CentOS 6

(cherry picked from commit dc79528cc6)
2020-07-30 10:10:23 -07:00
Jordan Borean
a8217f1bd4
ansible-galaxy - fix fallback for AH searches (#70957) - 2.10 (#70980)
* ansible-galaxy - fix fallback for AH searches (#70957)

(cherry picked from commit b1cb2553af)

* Fix tests after backport
2020-07-30 10:08:25 -07:00
Brian Coca
a75b3601d9
Allow changed/failed mgmt on strategy actions (#70919) (#70968)
* Allow changed/failed mgmt on strategy actions

(cherry picked from commit f9c3c6cba6)
2020-07-29 14:32:33 -07:00
Felix Fontein
c39e536d84
validate-modules: fix version_added validation for top-level, fix error codes (#70869) (#70947)
* Also validate top-level version_added.

* Fix error code.

* Produce same version_added validation error in schema than in code (and stop returning it twice).

* Return correct error codes for invalid version_added for options and return values.

* Add changelog.

* Fix forgotten closing braket.

* Accept 'historical' for some top-level version_added.

(cherry picked from commit 7e2cc7db12)
2020-07-29 13:54:45 -07:00
Sam Doran
6f70d40d51
[stable-2.10] lineinfile - fix broken exception handling (#70846) (#70944)
* prevent (ExceptionType) is not subscriptable errors
* tweak error message and use text conversion
* add to_text import
(cherry picked from commit 45c2eb6c0a)

Co-authored-by: nitzmahone <nitzmahone@users.noreply.github.com>

Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
2020-07-29 13:53:54 -07:00
Sam Doran
293d6c59bb
[stable-2.10] reboot - fix Void Linux (#70704) (#70916)
Add entry for appropriate commands for Void Linux
(cherry picked from commit 4cc4cebc97)

Co-authored-by: fosslinux <fosslinux@aussies.space>

Co-authored-by: fosslinux <fosslinux@aussies.space>
2020-07-29 13:52:45 -07:00
Felix Fontein
155041d8ee
Fix ansible-test error in community.aws (#70507) (#70873)
* Fix ansible-test error in community.aws

* Add changelog entry for fix

* Change check from None to string_types

* Update changelogs/fragments/70507-validate-null-author.yaml

clarify wording "or a list of strings"

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update test/lib/ansible_test/_data/sanity/validate-modules/validate_modules/schema.py

clarify wording - single string or not specified valid

Co-authored-by: Felix Fontein <felix@fontein.de>

* Do not fail but return None when given outside list

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit b0d9deeae3)

Co-authored-by: Alan Rominger <arominge@redhat.com>
2020-07-29 13:51:47 -07:00
Matt Clay
4280efccc4 [stable-2.10] Cap pytest version to avoid relative import issue.
(cherry picked from commit 3a8ac62596)

Co-authored-by: Matt Clay <matt@mystile.com>
2020-07-28 17:14:30 -07:00
Rick Elrod
f28fa88448 New release v2.10.0rc3 2020-07-24 15:59:04 -05:00
Brian Coca
9b992c0b78
reset logging to INFO (#70878) (#70881)
- due to CVE-2019-14846
 - also added comments and test to avoid 'oportunistic' reversion

(cherry picked from commit 1223ce656a)
2020-07-24 15:47:57 -05:00
Rick Elrod
c528e648a6 New release v2.10.0rc2 2020-07-23 21:38:44 -05:00
Jordan Borean
e9c9c02e0a
Do not add connection vars to the output results (#70853) (#70855)
* Do not add connection vars to the output results

* Also revert the delgated scenario JIC

* Added regression test

(cherry picked from commit 5e1a968983)
2020-07-23 19:48:45 -05:00
Rick Elrod
3ee5b46ba7 New release v2.10.0rc1 2020-07-23 14:44:50 -05:00
Matt Davis
cc8d180801
fix internal cases of actions calling unqualified module names (#70818) (#70840)
* fix internal cases of actions calling unqualified module names

* add porting_guide entry
* misc other fixes around action/module resolution broken by redirection

ci_complete

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* address review feedback

* pep8

* unit test fixes

* win fixes

* gather_facts fix module args ignores

* docs sanity

* pep8

* fix timeout test

* fix win name rewrites

Co-authored-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit 4c0af6c808)
2020-07-23 10:29:09 -07:00
Sloane Hertel
180eea8089
Update default from True to False for CONDITIONAL_BARE_VARS (#70709) (#70838)
ci_complete

(cherry picked from commit 2811d9486f)
2020-07-23 10:09:58 -07:00
Sam Doran
7e4cffc5d2
[stable-2.10] Change default file permissions so they are not world readable (#70221) (#70824)
* Change default file permissions so they are not world readable

CVE-2020-1736

Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.

A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.

- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions.
(cherry picked from commit 5260527c4a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2020-07-23 09:07:18 -07:00
Brian Coca
8c2754e6d3
Allow hostvars delegation (#70331) (#70810)
* ensure hostvars are available on delegation
* also inventory_hostname must point to current host and not delegated one
* fix get_connection since it was still mixing original host vars and delegated ones
* also return connection vars for delegation and non delegation alike
* add test to ensure we have expected usage when directly assigning for non delegated host

(cherry picked from commit 84adaba6f5)
2020-07-22 18:29:07 -07:00
David Shrewsbury
7cdba7c923
Sanitize URI module keys with no_log values (#70762) (#70820)
* Add sanitize_keys() to module_utils.

* More robust tests

* Revert 69653 change

* Allow list or dict

* fix pep8

* Sanitize lists within dict values

* words

* First pass at uri module

* Fix insane sanity tests

* fix integration tests

* Add changelog

* Remove unit test introduced in 69653

* Add ignore_keys param

* Sanitize all-the-things

* Ignore '_ansible*' keys

* cleanup

* Use module.no_log_values

* Avoid deep recursion issues by using deferred removal structure.

* Nit cleanups

* Add doc blurb

* spelling

* ci_complete

(cherry picked from commit bf98f031f3)
2020-07-22 18:28:24 -07:00
Nathaniel Case
4cbfb08da5
[stable-2.10] Document existing ansi_re sequences and add ESC[m (#70683) (#70807)
* Document existing ansi_re sequences and add `ESC[m`

* Add changelog
(cherry picked from commit 06a4fc2)

Co-authored-by: Nathaniel Case <ncase@redhat.com>
2020-07-22 18:27:21 -07:00
Abhijeet Kasurde
18dd73c147
[2.10] basic: use PollSelector implementation (#70800)
Some platform such as ESXi does not implement EpollSelector,
which is selected by DefaultSelector. Use PollSelector.
This works perfectly with a platform like VMware ESXi.

Fixes: #70238

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 8cccede0d4)
2020-07-22 18:26:47 -07:00
psi / Ryo Hirafuji
61f8f8ce7f
cron - Allow non-ascii (UTF-8) chars in cron file paths and jobs (#70426) (#70794)
* Encode/Decode files in UTF-8
* Use helper function in ansible
* Add an integration test
* Use emoji in test data.
* add changelog
* Also support non-ascii chars in filepath and add tests about this.
* Also use non-ascii chars in replaced text and ensure not to break cron syntax.
* rename self.existing to self.n_existing
* rename crontab.existing to crontab.n_existing
2020-07-22 18:26:10 -07:00
Matt Martz
7eb5f53294
[stable-2.10] Ensure single vaulted values aren't counted as sequences. Fixes #70784 (#70786) (#70791)
(cherry picked from commit 96b74d3)

Co-authored-by: Matt Martz <matt@sivel.net>
2020-07-22 18:25:38 -07:00
Baptiste Mille-Mathias
1eb2afac63
Create home and parent directories only when requested (#70790)
The home user and the parents directories should only be created when
create_home == True

(cherry picked from commit f3dd8d3052)
2020-07-22 18:23:47 -07:00
Martin Krizek
4170786cd9
2.10: Detect failure in always block after rescue (#70094) (#70204)
* Detect failure in always block after rescue (#70094)

* Detect failure in always block after rescue

Fixes #70000

ci_complete

* Add more tests

(cherry picked from commit 0ed5b77377)

* add changelog

Co-authored-by: Matt Davis <mrd@redhat.com>
2020-07-22 14:00:27 -07:00
Matt Martz
448f17e9a5
[stable-2.10] Guard against allowing ansible to ansible-base upgrades (#70529) (#70760)
* Fix building Ansible dist w/ setuptools>=48,<49.1 (#70525)

* Fix building Ansible dist w/ setuptools>=48,<49.1

This change addresses the deprecation of the use of stdlib
`distutils`. It's a short-term hotfix for the problem and we'll
need to consider dropping the use of `distutils` from our `setup.py`.

Refs:
* https://github.com/ansible/ansible/issues/70456
* https://github.com/pypa/setuptools/issues/2230
* https://github.com/pypa/setuptools/commit/bd110264

Co-Authored-By: Jason R. Coombs <jaraco@jaraco.com>

* Add a change note for PR #70525

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
(cherry picked from commit 918388b85f)

* Guard against allowing ansible to ansible-base upgrades (#70529)

* Guard against allowing ansible to ansible-base upgrades

* newline

* use alias

* Add an explicit line detailing this is a 1 time thing

* period

* Read __version__ and __author__ rather than import, update working, and add ability to skip conflict checks

* Remove commented code

* Re introduce removed changes from rebase

* Just use open

* Nuke unused import

(cherry picked from commit 54b002e1ac)

Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
2020-07-21 11:23:55 -07:00
Baptiste Mille-Mathias
ffd3757fc3
Fix missing quoting for remote_tmp in second mkdir of shell module. Issue #69577 (#69578) (#70757)
* Fix missing quoting for remote_tmp in second mkdir of shell module. Issue #69577

* adding changelog

* fixing typo in changelog entry

* adding test case

Adding test case written by bmillemayhias.

* using $HOME instead of ~

* fixing commit measage

* Update 69578-shell-remote_tmp-quoting.yaml

Co-authored-by: Brian Kohles <me@briankohles.com>
(cherry picked from commit 77d0effcc5)

Co-authored-by: Brian Kohles <briankohles@users.noreply.github.com>
2020-07-21 11:23:25 -07:00
Abhijeet Kasurde
0d230b4f56
[2.10] debconf: add a note about no_log usage (#70752)
debconf module exposes sensitive information to logs, console.
Add a note to user about using no_log=True to hide such
information from console.

Fixes: #32386

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 84b4387702)
2020-07-21 11:21:45 -07:00
Sam Doran
9b8a649f2e
[stable-2.10] Handle Slackware OS version strings containing a plus (“+”) (#68142) (#70717)
A couple of years ago Slackware -current began using a plus (“+”) at the end of the distribution version string to indicate a future version work-in-progress.

Rearrange distribution_files unit tests to easily support more tests
  - add conftest with common fixtures
  - use parametrize for testing multiple scenarios

* Add changelog
* Add unit tests for Slackware distribution parsing
* Use correct fixtures for Slackware
Data comes from /etc/slackware-version

Co-authored-by: Sam Doran <sdoran@redhat.com>
Co-authored-by: <Eduard Rozenberg <eduardr@pobox.com>>
(cherry picked from commit 566c5e6ce1)

Co-authored-by: Eduard Rozenberg <2648417+edrozenberg@users.noreply.github.com>

Co-authored-by: Eduard Rozenberg <2648417+edrozenberg@users.noreply.github.com>
2020-07-21 11:21:07 -07:00
Jordan Borean
a7f4c6a37f
win async - use full path for powershell (#70703) (#70714)
(cherry picked from commit 154efd97f2)
2020-07-21 11:20:35 -07:00
Sloane Hertel
d329985d4c
[2.10] template connection variables accessed directly before using (#70657) (#70688)
* template connection variables accessed directly before using (#70657)

* template variables accessed directly when using them instead of FieldAttributes

(cherry picked from commit 8c213c9334)

* changelog
2020-07-21 11:19:52 -07:00
Abhijeet Kasurde
ed07821a59
[2.10] api: time.clock compatible code (#70677)
time.clock is removed in Python 3.8. Add time.clock
compatible code.

Fixes: #70649

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 055871cbb8)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2020-07-21 11:19:27 -07:00
Matt Martz
255dfca7f6
[stable-2.10] Allow single vault encrypted values to be used directly as module parameters. Fixes #68275 (#70607) (#70641)
(cherry picked from commit a77dbf0)

Co-authored-by: Matt Martz <matt@sivel.net>
2020-07-17 12:54:32 -07:00
Abhijeet Kasurde
963bdd9983
[2.10] pipe: update docs for Popen with shell=True usage (#70602)
pipe lookup plugin uses Popen with shell=True intentionally.
This is considered a security issue if user input is not validated.
Updated docs to reflect this information for the user. Also, added
Bandit B602 documentation link for further reading.

Fixes: #70159

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit e5649ca3e8)
2020-07-17 12:51:35 -07:00
Brian Coca
6cd015d7e2
Make filter type errors 'loop friendly' (#70417) (#70574)
- ensure we preserve the typeerror part of the exception so loop defereed error handling
 can postpone those caused by undefined variables until the when check is done.
 - fix tests to comply with the 'new normal'

 - human_to_bytes and others can issue TypeError not only on 'non string'
 but also bad string that is not convertable.

Co-authored-by: Sloane Hertel <shertel@redhat.com>

Co-authored-by: Sloane Hertel <shertel@redhat.com>
(cherry picked from commit cf89ca8a03)
2020-07-17 12:51:18 -07:00
Felix Fontein
15355ed059
[2.10] ansible-doc: include collection name in text output / plugin loader: return collection name; ansible-doc: handle ansible.builtin correctly (#70572)
* ansible-doc: include collection name in text output (#70401)

* ansible-doc: include collection name in text output

* Be more careful to not accidentally pass ansible.builtin for user-supplied modules.

(cherry picked from commit f4c89eab23)

* plugin loader: return collection name; ansible-doc: handle ansible.builtin correctly (#70026)

* Determine collection in plugin loader.

* Fix test.

* Use PluginPathContext objects in PluginLoader._plugin_path_cache instead of tuples.

(cherry picked from commit 24dcaf8974)
2020-07-17 12:50:23 -07:00
Brian Coca
827c47d9bc
try to capture better winrm/put_file error (#70508) (#70570)
* try to capture better winrm/put_file error

fixes #70361

* Update lib/ansible/plugins/connection/winrm.py

Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
(cherry picked from commit 8789d7968d)
2020-07-17 12:49:11 -07:00
Mykola Grygoriev
5ea6de4e7d
Fix decrypt argument in assemble module (#70465) (#70560)
* Do not pass decrypt parameter to assemble module

* Add integration tests where decrypt=True

* Add changelog #70465

(cherry picked from commit 71c378e139)
2020-07-17 12:48:38 -07:00
David Shrewsbury
94a81f7b44
Make sure ansible_become treated as a boolean (#70484) (#70526)
* Make sure ansible_become treated as a boolean

(cherry picked from commit 8aca464b8b)
2020-07-17 12:46:33 -07:00
Felix Fontein
a5c0b11913
ansible-doc man formatter: fail with better error message when description isn't there (#70046) (#70485)
* ansible-doc man formatter: do not crash when description isn't there.
* Change to report a better error message when description is not there.
* Add test.

(cherry picked from commit 9164b96774)
2020-07-17 12:44:03 -07:00
Sam Doran
422e976649
[stable-2.10] apt - make errors more transparent (#70099) (#70478)
Include error from apt Python library in module error output

Co-authored-by: Andreas Schleifer <aschleifer@bigpoint.net>
(cherry picked from commit 7d7f15fc9b)

Co-authored-by: Andreas Schleifer <a.schleifer@bigpoint.net>

Co-authored-by: Andreas Schleifer <a.schleifer@bigpoint.net>
2020-07-17 12:43:19 -07:00
Sam Doran
df3246b7d1
[stable-2.10] ssh connection - use get_option() rather than _play_context (#70438) (#70443)
The ssh_args were sometimes not correctly applied to the connection
when using _play_context. Use get_option() instead to ensure the
correct ssh_args are always applied.
(cherry picked from commit b4184aa50e)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2020-07-17 12:42:51 -07:00
Matt Davis
865ba1953b
misc collection metadata fixes (#70403) (#70428)
* misc collection metadata fixes

* parse collection meta with libyaml if available
* require only Mapping for validation
* add explanatory text for _meta_yml_to_dict

* ignore custom pylint rule

* this code shouldn't import a bunch of stuff from ansible, since it's run under the import sanity test

(cherry picked from commit b9e38e8b55)
2020-07-17 12:42:20 -07:00
Sloane Hertel
212d2024f4
[2.10] Handle post_validate templating errors and fix tests (#70240) (#70389)
* Handle post_validate templating errors and fix tests (#70240)

* Handle unexpected templating errors

* Fixes #70050

Fix up tests that weren't running and add tests for graceful templating error handling

(cherry picked from commit 30e70f4b63)

* changelog

ci_complete
2020-07-17 12:41:43 -07:00
Sam Doran
d0e37aeec1
[stable-2.10] Improve error message when ssh client is not found on the host (#70122) (#70386)
* Add changlelog
(cherry picked from commit 70bb2b33ca)

Co-authored-by: Mykola Grygoriev <nickgryg@gmail.com>

Co-authored-by: Mykola Grygoriev <nickgryg@gmail.com>
2020-07-17 12:40:38 -07:00
Martin Krizek
7dfda4026e
Fix delegate_facts with interpreter not being set (#70293) (#70384)
Fixes #70168

ci_complete

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
(cherry picked from commit b05e00e99a)
2020-07-17 12:40:00 -07:00
Abhijeet Kasurde
e1c0688e43
[2.10] Improve ansible-galaxy STDOUT messages for collections (#70379)
- Fix issue #70010
- Add installation successful message
- This feature targets "collection" sub-command and does not affect "role" sub-command

Signed-off-by: Hideki Saito <saito@fgrep.org>
(cherry picked from commit 2d59e548f6)

Co-authored-by: Hideki Saito <saito@fgrep.org>
2020-07-17 12:39:16 -07:00
Felix Fontein
f9a737b9b2
Top-level deprecation of plugin did not get collection_name added when deprecating by version (#70344) (#70370)
* Top-level deprecation of plugin did not get collection_name added when deprecating by version.

* Add changelog fragment.

(cherry picked from commit 689cfd1983)
2020-07-17 10:58:54 -07:00
Matt Davis
1e03b54d23
refactor Python module_utils locator (#70610) (#70711)
* refactor Python module_utils locator

* no longer recursive
* embed special-case module code internally
* share common code between collections/not cases
* fixes #70134
* properly support subpackage redirection
* adds support for FQCN redirect targets used by migration (expands to FQ Python name)
* add tests

* add changelog

(cherry picked from commit c616e54a6e)
2020-07-17 10:57:44 -07:00
Sam Doran
367c9b7eda
[stable-2.10] pause - fix curses.setupterm() error (#47851) (#70363)
* [Bugfix] curses.setupterm() error

When run playbook in celery task, curses.setupterm()  will be failed

```
  File "<frozen importlib._bootstrap>", line 675, in _load
  File "<frozen importlib._bootstrap>", line 655, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 678, in exec_module
  File "<frozen importlib._bootstrap>", line 205, in _call_with_frames_removed
  File "/Users/guang/.virtualenvs/ansible/lib/python3.6/site-packages/ansible/plugins/action/pause.py", line 45, in <module>
    curses.setupterm()
TypeError: argument must be an int, or have a fileno() method.

```

* Add changelog

Co-authored-by: Sam Doran <sdoran@redhat.com>
(cherry picked from commit c3fc2d27d9)

Co-authored-by: 老广 <ibuler@qq.com>

Co-authored-by: 老广 <ibuler@qq.com>
2020-07-17 10:57:20 -07:00
Abhijeet Kasurde
3afa0424b3
[2.10] display: use stdout for column width (#70290)
stdout may differ from stdin so it should be used to determine the column
width, especially since it is the target file descriptor.

(cherry picked from commit 45e0f74702)

Co-authored-by: Pavel Březina <pbrezina@redhat.com>
2020-07-17 10:56:40 -07:00
Felix Fontein
273159da4c
Include changelogs/changelog.yaml in distribution. (#70260) (#70266)
(cherry picked from commit ebd20ddca6)
2020-07-17 10:55:25 -07:00
Sam Doran
95ec1618ef
[stable-2.10] Only pass kwargs to our string checker not callable checkers (#70151) (#70170)
Since only check_type_str() accepts extra param, only pass to our checker and
do not pass kwargs to custom checkers.

* Add unit tests
(cherry picked from commit bc05415109)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2020-07-17 10:53:56 -07:00
Sam Doran
b6f6067dfd
[stable-2.10] ansible_runner test - Add constraints (#70667) (#70669)
A recent updated to psutil, which is a dependency of ansible-runner, fails
to install on older versions of pip.

Commit with the breaking change:

  135628639b
(cherry picked from commit 9d27d7c8b1)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2020-07-15 17:32:09 -05:00