diff options
| author | Lee Garrett <lgarrett@rocketjump.eu> | 2021-11-04 16:41:17 +0100 |
|---|---|---|
| committer | Lee Garrett <lgarrett@rocketjump.eu> | 2021-11-04 16:41:17 +0100 |
| commit | 13e2c2e94d3559b85a7d813d98e9835b891b0a9f (patch) | |
| tree | ca70a2b7963bb6dc05327d9c1169e5cc97d7f8aa | |
| parent | 64aab4bd2d3ded02da538beb94a4a7fbf7781699 (diff) | |
| download | debian-ansible-core-13e2c2e94d3559b85a7d813d98e9835b891b0a9f.zip | |
New upstream version 2.11.6
34 files changed, 458 insertions, 164 deletions
@@ -1,6 +1,6 @@ -Metadata-Version: 2.1 +Metadata-Version: 1.2 Name: ansible-core -Version: 2.11.5 +Version: 2.11.6 Summary: Radically simple IT automation Home-page: https://ansible.com/ Author: Ansible, Inc. @@ -12,6 +12,124 @@ Project-URL: Code of Conduct, https://docs.ansible.com/ansible/latest/community/ Project-URL: Documentation, https://docs.ansible.com/ansible/ Project-URL: Mailing lists, https://docs.ansible.com/ansible/latest/community/communication.html#mailing-list-information Project-URL: Source Code, https://github.com/ansible/ansible +Description: |PyPI version| |Docs badge| |Chat badge| |Build Status| |Code Of Conduct| |Mailing Lists| |License| |CII Best Practices| + + ******* + Ansible + ******* + + Ansible is a radically simple IT automation system. It handles + configuration management, application deployment, cloud provisioning, + ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex + changes like zero-downtime rolling updates with load balancers easy. More information on `the Ansible website <https://ansible.com/>`_. + + Design Principles + ================= + + * Have a dead-simple setup process with a minimal learning curve. + * Manage machines very quickly and in parallel. + * Avoid custom-agents and additional open ports, be agentless by + leveraging the existing SSH daemon. + * Describe infrastructure in a language that is both machine and human + friendly. + * Focus on security and easy auditability/review/rewriting of content. + * Manage new remote machines instantly, without bootstrapping any + software. + * Allow module development in any dynamic language, not just Python. + * Be usable as non-root. + * Be the easiest IT automation system to use, ever. + + Use Ansible + =========== + + You can install a released version of Ansible with ``pip`` or a package manager. See our + `installation guide <https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html>`_ for details on installing Ansible + on a variety of platforms. + + Red Hat offers supported builds of `Ansible Engine <https://www.ansible.com/ansible-engine>`_. + + Power users and developers can run the ``devel`` branch, which has the latest + features and fixes, directly. Although it is reasonably stable, you are more likely to encounter + breaking changes when running the ``devel`` branch. We recommend getting involved + in the Ansible community if you want to run the ``devel`` branch. + + Get Involved + ============ + + * Read `Community + Information <https://docs.ansible.com/ansible/latest/community>`_ for all + kinds of ways to contribute to and interact with the project, + including mailing list information and how to submit bug reports and + code to Ansible. + * Join a `Working Group + <https://github.com/ansible/community/wiki>`_, an organized community devoted to a specific technology domain or platform. + * Submit a proposed code update through a pull request to the ``devel`` branch. + * Talk to us before making larger changes + to avoid duplicate efforts. This not only helps everyone + know what is going on, but it also helps save time and effort if we decide + some changes are needed. + * For a list of email lists, IRC channels and Working Groups, see the + `Communication page <https://docs.ansible.com/ansible/latest/community/communication.html>`_ + + Coding Guidelines + ================= + + We document our Coding Guidelines in the `Developer Guide <https://docs.ansible.com/ansible/devel/dev_guide/>`_. We particularly suggest you review: + + * `Contributing your module to Ansible <https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_checklist.html>`_ + * `Conventions, tips, and pitfalls <https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_best_practices.html>`_ + + Branch Info + =========== + + * The ``devel`` branch corresponds to the release actively under development. + * The ``stable-2.X`` branches correspond to stable releases. + * Create a branch based on ``devel`` and set up a `dev environment <https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_general.html#common-environment-setup>`_ if you want to open a PR. + * See the `Ansible release and maintenance <https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html>`_ page for information about active branches. + + Roadmap + ======= + + Based on team and community feedback, an initial roadmap will be published for a major or minor version (ex: 2.7, 2.8). + The `Ansible Roadmap page <https://docs.ansible.com/ansible/devel/roadmap/>`_ details what is planned and how to influence the roadmap. + + Authors + ======= + + Ansible was created by `Michael DeHaan <https://github.com/mpdehaan>`_ + and has contributions from over 5000 users (and growing). Thanks everyone! + + `Ansible <https://www.ansible.com>`_ is sponsored by `Red Hat, Inc. + <https://www.redhat.com>`_ + + License + ======= + + GNU General Public License v3.0 or later + + See `COPYING <COPYING>`_ to see the full text. + + .. |PyPI version| image:: https://img.shields.io/pypi/v/ansible-core.svg + :target: https://pypi.org/project/ansible-core + .. |Docs badge| image:: https://img.shields.io/badge/docs-latest-brightgreen.svg + :target: https://docs.ansible.com/ansible/latest/ + .. |Build Status| image:: https://dev.azure.com/ansible/ansible/_apis/build/status/CI?branchName=devel + :target: https://dev.azure.com/ansible/ansible/_build/latest?definitionId=20&branchName=devel + .. |Chat badge| image:: https://img.shields.io/badge/chat-IRC-brightgreen.svg + :target: https://docs.ansible.com/ansible/latest/community/communication.html + .. |Code Of Conduct| image:: https://img.shields.io/badge/code%20of%20conduct-Ansible-silver.svg + :target: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html + :alt: Ansible Code of Conduct + .. |Mailing Lists| image:: https://img.shields.io/badge/mailing%20lists-Ansible-orange.svg + :target: https://docs.ansible.com/ansible/latest/community/communication.html#mailing-list-information + :alt: Ansible mailing lists + .. |License| image:: https://img.shields.io/badge/license-GPL%20v3.0-brightgreen.svg + :target: COPYING + :alt: Repository License + .. |CII Best Practices| image:: https://bestpractices.coreinfrastructure.org/projects/2372/badge + :target: https://bestpractices.coreinfrastructure.org/projects/2372 + :alt: Ansible CII Best Practices certification + Platform: UNKNOWN Classifier: Development Status :: 5 - Production/Stable Classifier: Environment :: Console @@ -33,124 +151,3 @@ Classifier: Topic :: System :: Installation/Setup Classifier: Topic :: System :: Systems Administration Classifier: Topic :: Utilities Requires-Python: >=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.* -License-File: COPYING - -|PyPI version| |Docs badge| |Chat badge| |Build Status| |Code Of Conduct| |Mailing Lists| |License| |CII Best Practices| - -******* -Ansible -******* - -Ansible is a radically simple IT automation system. It handles -configuration management, application deployment, cloud provisioning, -ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex -changes like zero-downtime rolling updates with load balancers easy. More information on `the Ansible website <https://ansible.com/>`_. - -Design Principles -================= - -* Have a dead-simple setup process with a minimal learning curve. -* Manage machines very quickly and in parallel. -* Avoid custom-agents and additional open ports, be agentless by - leveraging the existing SSH daemon. -* Describe infrastructure in a language that is both machine and human - friendly. -* Focus on security and easy auditability/review/rewriting of content. -* Manage new remote machines instantly, without bootstrapping any - software. -* Allow module development in any dynamic language, not just Python. -* Be usable as non-root. -* Be the easiest IT automation system to use, ever. - -Use Ansible -=========== - -You can install a released version of Ansible with ``pip`` or a package manager. See our -`installation guide <https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html>`_ for details on installing Ansible -on a variety of platforms. - -Red Hat offers supported builds of `Ansible Engine <https://www.ansible.com/ansible-engine>`_. - -Power users and developers can run the ``devel`` branch, which has the latest -features and fixes, directly. Although it is reasonably stable, you are more likely to encounter -breaking changes when running the ``devel`` branch. We recommend getting involved -in the Ansible community if you want to run the ``devel`` branch. - -Get Involved -============ - -* Read `Community - Information <https://docs.ansible.com/ansible/latest/community>`_ for all - kinds of ways to contribute to and interact with the project, - including mailing list information and how to submit bug reports and - code to Ansible. -* Join a `Working Group - <https://github.com/ansible/community/wiki>`_, an organized community devoted to a specific technology domain or platform. -* Submit a proposed code update through a pull request to the ``devel`` branch. -* Talk to us before making larger changes - to avoid duplicate efforts. This not only helps everyone - know what is going on, but it also helps save time and effort if we decide - some changes are needed. -* For a list of email lists, IRC channels and Working Groups, see the - `Communication page <https://docs.ansible.com/ansible/latest/community/communication.html>`_ - -Coding Guidelines -================= - -We document our Coding Guidelines in the `Developer Guide <https://docs.ansible.com/ansible/devel/dev_guide/>`_. We particularly suggest you review: - -* `Contributing your module to Ansible <https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_checklist.html>`_ -* `Conventions, tips, and pitfalls <https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_best_practices.html>`_ - -Branch Info -=========== - -* The ``devel`` branch corresponds to the release actively under development. -* The ``stable-2.X`` branches correspond to stable releases. -* Create a branch based on ``devel`` and set up a `dev environment <https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_general.html#common-environment-setup>`_ if you want to open a PR. -* See the `Ansible release and maintenance <https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html>`_ page for information about active branches. - -Roadmap -======= - -Based on team and community feedback, an initial roadmap will be published for a major or minor version (ex: 2.7, 2.8). -The `Ansible Roadmap page <https://docs.ansible.com/ansible/devel/roadmap/>`_ details what is planned and how to influence the roadmap. - -Authors -======= - -Ansible was created by `Michael DeHaan <https://github.com/mpdehaan>`_ -and has contributions from over 5000 users (and growing). Thanks everyone! - -`Ansible <https://www.ansible.com>`_ is sponsored by `Red Hat, Inc. -<https://www.redhat.com>`_ - -License -======= - -GNU General Public License v3.0 or later - -See `COPYING <COPYING>`_ to see the full text. - -.. |PyPI version| image:: https://img.shields.io/pypi/v/ansible-core.svg - :target: https://pypi.org/project/ansible-core -.. |Docs badge| image:: https://img.shields.io/badge/docs-latest-brightgreen.svg - :target: https://docs.ansible.com/ansible/latest/ -.. |Build Status| image:: https://dev.azure.com/ansible/ansible/_apis/build/status/CI?branchName=devel - :target: https://dev.azure.com/ansible/ansible/_build/latest?definitionId=20&branchName=devel -.. |Chat badge| image:: https://img.shields.io/badge/chat-IRC-brightgreen.svg - :target: https://docs.ansible.com/ansible/latest/community/communication.html -.. |Code Of Conduct| image:: https://img.shields.io/badge/code%20of%20conduct-Ansible-silver.svg - :target: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html - :alt: Ansible Code of Conduct -.. |Mailing Lists| image:: https://img.shields.io/badge/mailing%20lists-Ansible-orange.svg - :target: https://docs.ansible.com/ansible/latest/community/communication.html#mailing-list-information - :alt: Ansible mailing lists -.. |License| image:: https://img.shields.io/badge/license-GPL%20v3.0-brightgreen.svg - :target: COPYING - :alt: Repository License -.. |CII Best Practices| image:: https://bestpractices.coreinfrastructure.org/projects/2372/badge - :target: https://bestpractices.coreinfrastructure.org/projects/2372 - :alt: Ansible CII Best Practices certification - - diff --git a/changelogs/CHANGELOG-v2.11.rst b/changelogs/CHANGELOG-v2.11.rst index b1c225e3..bdf8b609 100644 --- a/changelogs/CHANGELOG-v2.11.rst +++ b/changelogs/CHANGELOG-v2.11.rst @@ -5,6 +5,36 @@ ansible-core 2.11 "Hey Hey, What Can I Do" Release Notes .. contents:: Topics +v2.11.6 +======= + +Release Summary +--------------- + +| Release Date: 2021-10-11 +| `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__ + + +Minor Changes +------------- + +- ansible-galaxy - Non-HTTP exceptions from Galaxy servers are now a warning and only fatal if the collection to download|install|verify is not available from any of the servers (https://github.com/ansible/ansible/issues/75443). + +Security Fixes +-------------- + +- Do not include params in exception when a call to ``set_options`` fails. Additionally, block the exception that is returned from being displayed to stdout. (CVE-2021-3620) + +Bugfixes +-------- + +- PowerShell - Ignore the ``LIB`` environment variable when compiling C# Ansible code +- ansible-galaxy - Fix handling HTTP exceptions from Galaxy servers. Continue to the next server in the list until the collection is found. +- ansible-test pslint - Fix error when encountering validation results that are highly nested - https://github.com/ansible/ansible/issues/74151 +- config - use ``callbacks_enabled`` instead ``callback_enabled`` in a deprecated message (https://github.com/ansible/ansible/issues/70028). +- netconf - catch and handle exception to prevent stack trace when running in FIPS mode +- roles - fix unexpected ``AttributeError`` when an empty ``argument_specs.yml`` is present (https://github.com/ansible/ansible/pull/75604). + v2.11.5 ======= diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 89a5331e..4d0bd4bf 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -1994,3 +1994,53 @@ releases: - v2.11.5rc1_summary.yaml - vas_fixes.yml release_date: '2021-09-08' + 2.11.6: + changes: + bugfixes: + - ansible-test pslint - Fix error when encountering validation results that + are highly nested - https://github.com/ansible/ansible/issues/74151 + release_summary: '| Release Date: 2021-10-11 + + | `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__ + + ' + codename: Hey Hey, What Can I Do + fragments: + - pslint-sanity-warning.yml + - v2.11.6_summary.yaml + release_date: '2021-10-11' + 2.11.6rc1: + changes: + bugfixes: + - PowerShell - Ignore the ``LIB`` environment variable when compiling C# Ansible + code + - ansible-galaxy - Fix handling HTTP exceptions from Galaxy servers. Continue + to the next server in the list until the collection is found. + - config - use ``callbacks_enabled`` instead ``callback_enabled`` in a deprecated + message (https://github.com/ansible/ansible/issues/70028). + - netconf - catch and handle exception to prevent stack trace when running in + FIPS mode + - roles - fix unexpected ``AttributeError`` when an empty ``argument_specs.yml`` + is present (https://github.com/ansible/ansible/pull/75604). + minor_changes: + - ansible-galaxy - Non-HTTP exceptions from Galaxy servers are now a warning + and only fatal if the collection to download|install|verify is not available + from any of the servers (https://github.com/ansible/ansible/issues/75443). + release_summary: '| Release Date: 2021-10-04 + + | `Porting Guide <https://docs.ansible.com/ansible/devel/porting_guides.html>`__ + + ' + security_fixes: + - Do not include params in exception when a call to ``set_options`` fails. Additionally, + block the exception that is returned from being displayed to stdout. (CVE-2021-3620) + codename: Hey Hey, What Can I Do + fragments: + - 70028-config-small-typo-fix.yml + - 75468_fix_galaxy_server_fallback.yaml + - 75604-empty-argument-specs.yml + - avoid-set_options-leak.yaml + - fips-ncclient-import-error.yaml + - powershell-addtype-env-vars.yml + - v2.11.6rc1_summary.yaml + release_date: '2021-10-04' diff --git a/docs/docsite/rst/plugins/callback.rst b/docs/docsite/rst/plugins/callback.rst index bc7263c3..fc26daf3 100644 --- a/docs/docsite/rst/plugins/callback.rst +++ b/docs/docsite/rst/plugins/callback.rst @@ -34,7 +34,7 @@ Most callbacks shipped with Ansible are disabled by default and need to be enabl .. code-block:: ini - #callback_enabled = timer, mail, profile_roles, collection_namespace.collection_name.custom_callback + #callbacks_enabled = timer, mail, profile_roles, collection_namespace.collection_name.custom_callback Setting a callback plugin for ``ansible-playbook`` -------------------------------------------------- diff --git a/docs/man/man1/ansible-config.1 b/docs/man/man1/ansible-config.1 index 34343617..1bc579a5 100644 --- a/docs/man/man1/ansible-config.1 +++ b/docs/man/man1/ansible-config.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH ANSIBLE-CONFIG 1 "" "Ansible 2.11.5" "System administration commands" +.TH ANSIBLE-CONFIG 1 "" "Ansible 2.11.6" "System administration commands" .SH NAME ansible-config \- View ansible configuration. . diff --git a/docs/man/man1/ansible-console.1 b/docs/man/man1/ansible-console.1 index abe32619..377f1e07 100644 --- a/docs/man/man1/ansible-console.1 +++ b/docs/man/man1/ansible-console.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH ANSIBLE-CONSOLE 1 "" "Ansible 2.11.5" "System administration commands" +.TH ANSIBLE-CONSOLE 1 "" "Ansible 2.11.6" "System administration commands" .SH NAME ansible-console \- REPL console for executing Ansible tasks. . diff --git a/docs/man/man1/ansible-doc.1 b/docs/man/man1/ansible-doc.1 index 7299698e..660148c6 100644 --- a/docs/man/man1/ansible-doc.1 +++ b/docs/man/man1/ansible-doc.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH ANSIBLE-DOC 1 "" "Ansible 2.11.5" "System administration commands" +.TH ANSIBLE-DOC 1 "" "Ansible 2.11.6" "System administration commands" .SH NAME ansible-doc \- plugin documentation tool . diff --git a/docs/man/man1/ansible-galaxy.1 b/docs/man/man1/ansible-galaxy.1 index 4bc117dc..6ba618b1 100644 --- a/docs/man/man1/ansible-galaxy.1 +++ b/docs/man/man1/ansible-galaxy.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH ANSIBLE-GALAXY 1 "" "Ansible 2.11.5" "System administration commands" +.TH ANSIBLE-GALAXY 1 "" "Ansible 2.11.6" "System administration commands" .SH NAME ansible-galaxy \- Perform various Role and Collection related operations. . diff --git a/docs/man/man1/ansible-inventory.1 b/docs/man/man1/ansible-inventory.1 index 58754e95..39d6f144 100644 --- a/docs/man/man1/ansible-inventory.1 +++ b/docs/man/man1/ansible-inventory.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH ANSIBLE-INVENTORY 1 "" "Ansible 2.11.5" "System administration commands" +.TH ANSIBLE-INVENTORY 1 "" "Ansible 2.11.6" "System administration commands" .SH NAME ansible-inventory \- None . diff --git a/docs/man/man1/ansible-playbook.1 b/docs/man/man1/ansible-playbook.1 index 0c5fc4fe..629b6a77 100644 --- a/docs/man/man1/ansible-playbook.1 +++ b/docs/man/man1/ansible-playbook.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH ANSIBLE-PLAYBOOK 1 "" "Ansible 2.11.5" "System administration commands" +.TH ANSIBLE-PLAYBOOK 1 "" "Ansible 2.11.6" "System administration commands" .SH NAME ansible-playbook \- Runs Ansible playbooks, executing the defined tasks on the targeted hosts. . diff --git a/docs/man/man1/ansible-pull.1 b/docs/man/man1/ansible-pull.1 index d3ce6399..b1cdc930 100644 --- a/docs/man/man1/ansible-pull.1 +++ b/docs/man/man1/ansible-pull.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH ANSIBLE-PULL 1 "" "Ansible 2.11.5" "System administration commands" +.TH ANSIBLE-PULL 1 "" "Ansible 2.11.6" "System administration commands" .SH NAME ansible-pull \- pulls playbooks from a VCS repo and executes them for the local host . diff --git a/docs/man/man1/ansible-vault.1 b/docs/man/man1/ansible-vault.1 index 08d31132..705cea1e 100644 --- a/docs/man/man1/ansible-vault.1 +++ b/docs/man/man1/ansible-vault.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH ANSIBLE-VAULT 1 "" "Ansible 2.11.5" "System administration commands" +.TH ANSIBLE-VAULT 1 "" "Ansible 2.11.6" "System administration commands" .SH NAME ansible-vault \- encryption/decryption utility for Ansible data files . diff --git a/docs/man/man1/ansible.1 b/docs/man/man1/ansible.1 index cde8e9b7..9a18f1bd 100644 --- a/docs/man/man1/ansible.1 +++ b/docs/man/man1/ansible.1 @@ -1,6 +1,6 @@ .\" Man page generated from reStructuredText. . -.TH ANSIBLE 1 "" "Ansible 2.11.5" "System administration commands" +.TH ANSIBLE 1 "" "Ansible 2.11.6" "System administration commands" .SH NAME ansible \- Define and run a single task 'playbook' against a set of hosts . diff --git a/examples/ansible.cfg b/examples/ansible.cfg index d682a9be..e195363a 100644 --- a/examples/ansible.cfg +++ b/examples/ansible.cfg @@ -84,7 +84,7 @@ # by default. # # Enable callback plugins, they can output to stdout but cannot be 'stdout' type. -#callback_enabled = timer, mail +#callbacks_enabled = timer, mail # Determine whether includes in tasks and handlers are "static" by # default. As of 2.0, includes are dynamic by default. Setting these diff --git a/lib/ansible/cli/scripts/ansible_connection_cli_stub.py b/lib/ansible/cli/scripts/ansible_connection_cli_stub.py index 1b85c1c3..4cb09d57 100755 --- a/lib/ansible/cli/scripts/ansible_connection_cli_stub.py +++ b/lib/ansible/cli/scripts/ansible_connection_cli_stub.py @@ -100,7 +100,11 @@ class ConnectionProcess(object): self.play_context.private_key_file = os.path.join(self.original_path, self.play_context.private_key_file) self.connection = connection_loader.get(self.play_context.connection, self.play_context, '/dev/null', task_uuid=self._task_uuid, ansible_playbook_pid=self._ansible_playbook_pid) - self.connection.set_options(var_options=variables) + try: + self.connection.set_options(var_options=variables) + except ConnectionError as exc: + messages.append(('debug', to_text(exc))) + raise ConnectionError('Unable to decode JSON from response set_options. See the debug log for more information.') self.connection._socket_path = self.socket_path self.srv.register(self.connection) @@ -302,7 +306,11 @@ def main(): else: messages.append(('vvvv', 'found existing local domain socket, using it!')) conn = Connection(socket_path) - conn.set_options(var_options=variables) + try: + conn.set_options(var_options=variables) + except ConnectionError as exc: + messages.append(('debug', to_text(exc))) + raise ConnectionError('Unable to decode JSON from response set_options. See the debug log for more information.') pc_data = to_text(init_data) try: conn.update_play_context(pc_data) diff --git a/lib/ansible/config/base.yml b/lib/ansible/config/base.yml index 9cf3aeed..896e5179 100644 --- a/lib/ansible/config/base.yml +++ b/lib/ansible/config/base.yml @@ -588,7 +588,7 @@ CALLBACKS_ENABLED: deprecated: why: normalizing names to new standard version: "2.15" - alternatives: 'callback_enabled' + alternatives: 'callbacks_enabled' - key: callbacks_enabled section: defaults version_added: '2.11' diff --git a/lib/ansible/galaxy/collection/galaxy_api_proxy.py b/lib/ansible/galaxy/collection/galaxy_api_proxy.py index fb4cd5de..9359375b 100644 --- a/lib/ansible/galaxy/collection/galaxy_api_proxy.py +++ b/lib/ansible/galaxy/collection/galaxy_api_proxy.py @@ -24,6 +24,11 @@ if TYPE_CHECKING: ) from ansible.galaxy.api import GalaxyAPI, GalaxyError +from ansible.module_utils._text import to_text +from ansible.utils.display import Display + + +display = Display() class MultiGalaxyAPIProxy: @@ -35,6 +40,47 @@ class MultiGalaxyAPIProxy: self._apis = apis self._concrete_art_mgr = concrete_artifacts_manager + def _get_collection_versions(self, requirement): + # type: (Requirement, Iterator[GalaxyAPI]) -> Iterator[Tuple[GalaxyAPI, str]] + """Helper for get_collection_versions. + + Yield api, version pairs for all APIs, + and reraise the last error if no valid API was found. + """ + found_api = False + last_error = None + + api_lookup_order = ( + (requirement.src, ) + if isinstance(requirement.src, GalaxyAPI) + else self._apis + ) + + for api in api_lookup_order: + try: + versions = api.get_collection_versions(requirement.namespace, requirement.name) + except GalaxyError as api_err: + last_error = api_err + except Exception as unknown_err: + display.warning( + "Skipping Galaxy server {server!s}. " + "Got an unexpected error when getting " + "available versions of collection {fqcn!s}: {err!s}". + format( + server=api.api_server, + fqcn=requirement.fqcn, + err=to_text(unknown_err), + ) + ) + last_error = unknown_err + else: + found_api = True + for version in versions: + yield api, version + + if not found_api and last_error is not None: + raise last_error + def get_collection_versions(self, requirement): # type: (Requirement) -> Iterable[Tuple[str, GalaxyAPI]] """Get a set of unique versions for FQCN on Galaxy servers.""" @@ -54,9 +100,8 @@ class MultiGalaxyAPIProxy: ) return set( (version, api) - for api in api_lookup_order - for version in api.get_collection_versions( - requirement.namespace, requirement.name, + for api, version in self._get_collection_versions( + requirement, ) ) @@ -78,6 +123,21 @@ class MultiGalaxyAPIProxy: ) except GalaxyError as api_err: last_err = api_err + except Exception as unknown_err: + # `verify` doesn't use `get_collection_versions` since the version is already known. + # Do the same as `install` and `download` by trying all APIs before failing. + # Warn for debugging purposes, since the Galaxy server may be unexpectedly down. + last_err = unknown_err + display.warning( + "Skipping Galaxy server {server!s}. " + "Got an unexpected error when getting " + "available versions of collection {fqcn!s}: {err!s}". + format( + server=api.api_server, + fqcn=collection_candidate.fqcn, + err=to_text(unknown_err), + ) + ) else: self._concrete_art_mgr.save_collection_source( collection_candidate, diff --git a/lib/ansible/module_utils/connection.py b/lib/ansible/module_utils/connection.py index a76fdb6b..fd0b1340 100644 --- a/lib/ansible/module_utils/connection.py +++ b/lib/ansible/module_utils/connection.py @@ -163,6 +163,11 @@ class Connection(object): try: response = json.loads(out) except ValueError: + # set_option(s) has sensitive info, and the details are unlikely to matter anyway + if name.startswith("set_option"): + raise ConnectionError( + "Unable to decode JSON from response to {0}. Received '{1}'.".format(name, out) + ) params = [repr(arg) for arg in args] + ['{0}={1!r}'.format(k, v) for k, v in iteritems(kwargs)] params = ', '.join(params) raise ConnectionError( diff --git a/lib/ansible/module_utils/powershell/Ansible.ModuleUtils.AddType.psm1 b/lib/ansible/module_utils/powershell/Ansible.ModuleUtils.AddType.psm1 index ba38159d..a4801ba5 100644 --- a/lib/ansible/module_utils/powershell/Ansible.ModuleUtils.AddType.psm1 +++ b/lib/ansible/module_utils/powershell/Ansible.ModuleUtils.AddType.psm1 @@ -332,7 +332,28 @@ Function Add-CSharpType { # compile the code together and check for errors $provider = New-Object -TypeName Microsoft.CSharp.CSharpCodeProvider - $compile = $provider.CompileAssemblyFromDom($compile_parameters, $compile_units) + + # This calls csc.exe which can take compiler options from environment variables. Currently these env vars + # are known to have problems so they are unset: + # LIB - additional library paths will fail the compilation if they are invalid + $originalEnv = @{} + try { + 'LIB' | ForEach-Object -Process { + $value = Get-Item -LiteralPath "Env:\$_" -ErrorAction SilentlyContinue + if ($value) { + $originalEnv[$_] = $value + Remove-Item -LiteralPath "Env:\$_" + } + } + + $compile = $provider.CompileAssemblyFromDom($compile_parameters, $compile_units) + } + finally { + foreach ($kvp in $originalEnv.GetEnumerator()) { + [System.Environment]::SetEnvironmentVariable($kvp.Key, $kvp.Value, "Process") + } + } + if ($compile.Errors.HasErrors) { $msg = "Failed to compile C# code: " foreach ($e in $compile.Errors) { diff --git a/lib/ansible/playbook/role/__init__.py b/lib/ansible/playbook/role/__init__.py index 25c3b167..8ee812a6 100644 --- a/lib/ansible/playbook/role/__init__.py +++ b/lib/ansible/playbook/role/__init__.py @@ -294,7 +294,10 @@ class Role(Base, Conditional, Taggable, CollectionSearch): if self._loader.path_exists(full_path): # Note: _load_role_yaml() takes care of rebuilding the path. argument_specs = self._load_role_yaml('meta', main='argument_specs') - return argument_specs.get('argument_specs', {}) + try: + return argument_specs.get('argument_specs') or {} + except AttributeError: + return {} # We did not find the meta/argument_specs.[yml|yaml] file, so use the spec # dict from the role meta data, if it exists. Ansible 2.11 and later will diff --git a/lib/ansible/plugins/netconf/__init__.py b/lib/ansible/plugins/netconf/__init__.py index 95442e60..36d082b2 100644 --- a/lib/ansible/plugins/netconf/__init__.py +++ b/lib/ansible/plugins/netconf/__init__.py @@ -32,7 +32,10 @@ try: from ncclient.xml_ import to_xml, to_ele, NCElement HAS_NCCLIENT = True NCCLIENT_IMP_ERR = None -except (ImportError, AttributeError) as err: # paramiko and gssapi are incompatible and raise AttributeError not ImportError +# paramiko and gssapi are incompatible and raise AttributeError not ImportError +# When running in FIPS mode, cryptography raises InternalError +# https://bugzilla.redhat.com/show_bug.cgi?id=1778939 +except Exception as err: HAS_NCCLIENT = False NCCLIENT_IMP_ERR = err diff --git a/lib/ansible/release.py b/lib/ansible/release.py index 7f45e40b..83a61e38 100644 --- a/lib/ansible/release.py +++ b/lib/ansible/release.py @@ -19,6 +19,6 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -__version__ = '2.11.5' +__version__ = '2.11.6' __author__ = 'Ansible, Inc.' __codename__ = 'Hey Hey, What Can I Do' diff --git a/test/integration/targets/ansible-galaxy-collection/tasks/install.yml b/test/integration/targets/ansible-galaxy-collection/tasks/install.yml index 66d79e59..7d66be2f 100644 --- a/test/integration/targets/ansible-galaxy-collection/tasks/install.yml +++ b/test/integration/targets/ansible-galaxy-collection/tasks/install.yml @@ -4,6 +4,38 @@ path: '{{ galaxy_dir }}/ansible_collections' state: directory +- name: install simple collection from first accessible server + command: ansible-galaxy collection install namespace1.name1 {{ galaxy_verbosity }} + environment: + ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}/ansible_collections' + register: from_first_good_server + +- name: get installed files of install simple collection from first good server + find: + path: '{{ galaxy_dir }}/ansible_collections/namespace1/name1' + file_type: file + register: install_normal_files + +- name: get the manifest of install simple collection from first good server + slurp: + path: '{{ galaxy_dir }}/ansible_collections/namespace1/name1/MANIFEST.json' + register: install_normal_manifest + +- name: assert install simple collection from first good server + assert: + that: + - '"Installing ''namespace1.name1:1.0.9'' to" in from_first_good_server.stdout' + - install_normal_files.files | length == 3 + - install_normal_files.files[0].path | basename in ['MANIFEST.json', 'FILES.json', 'README.md'] + - install_normal_files.files[1].path | basename in ['MANIFEST.json', 'FILES.json', 'README.md'] + - install_normal_files.files[2].path | basename in ['MANIFEST.json', 'FILES.json', 'README.md'] + - (install_normal_manifest.content | b64decode | from_json).collection_info.version == '1.0.9' + +- name: Remove the collection + file: + path: '{{ galaxy_dir }}/ansible_collections/namespace1' + state: absent + - name: install simple collection with implicit path - {{ test_name }} command: ansible-galaxy collection install namespace1.name1 -s '{{ test_name }}' {{ galaxy_verbosity }} environment: diff --git a/test/integration/targets/ansible-galaxy-collection/tasks/main.yml b/test/integration/targets/ansible-galaxy-collection/tasks/main.yml index a536a720..0f6af191 100644 --- a/test/integration/targets/ansible-galaxy-collection/tasks/main.yml +++ b/test/integration/targets/ansible-galaxy-collection/tasks/main.yml @@ -176,9 +176,10 @@ environment: ANSIBLE_CONFIG: '{{ galaxy_dir }}/ansible.cfg' vars: + test_api_fallback: 'pulp_v2' + test_api_fallback_versions: 'v1, v2' test_name: 'galaxy_ng' test_server: '{{ galaxy_ng_server }}' - vX: "v3/" - name: run ansible-galaxy collection list tests include_tasks: list.yml diff --git a/test/integration/targets/ansible-galaxy-collection/tasks/verify.yml b/test/integration/targets/ansible-galaxy-collection/tasks/verify.yml index eacb8d6b..8bf39577 100644 --- a/test/integration/targets/ansible-galaxy-collection/tasks/verify.yml +++ b/test/integration/targets/ansible-galaxy-collection/tasks/verify.yml @@ -25,12 +25,24 @@ "ERROR! 'file' type is not supported. The format namespace.name is expected." in verify.stderr - name: install the collection from the server - command: ansible-galaxy collection install ansible_test.verify:1.0.0 + command: ansible-galaxy collection install ansible_test.verify:1.0.0 -s {{ test_api_fallback }} {{ galaxy_verbosity }} environment: ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}' +- name: verify the collection against the first valid server + command: ansible-galaxy collection verify ansible_test.verify:1.0.0 -vvv {{ galaxy_verbosity }} + environment: + ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}' + register: verify + +- assert: + that: + - verify is success + - >- + "Found API version '{{ test_api_fallback_versions }}' with Galaxy server {{ test_api_fallback }}" in verify.stdout + - name: verify the installed collection against the server - command: ansible-galaxy collection verify ansible_test.verify:1.0.0 + command: ansible-galaxy collection verify ansible_test.verify:1.0.0 -s {{ test_name }} {{ galaxy_verbosity }} environment: ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}' register: verify @@ -41,12 +53,12 @@ - "'Collection ansible_test.verify contains modified content' not in verify.stdout" - name: verify the installed collection against the server, with unspecified version in CLI - command: ansible-galaxy collection verify ansible_test.verify + command: ansible-galaxy collection verify ansible_test.verify -s {{ test_name }} {{ galaxy_verbosity }} environment: ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}' - name: verify a collection that doesn't appear to be installed - command: ansible-galaxy collection verify ansible_test.verify:1.0.0 + command: ansible-galaxy collection verify ansible_test.verify:1.0.0 -s {{ test_name }} {{ galaxy_verbosity }} register: verify failed_when: verify.rc == 0 @@ -82,7 +94,7 @@ chdir: '{{ galaxy_dir }}' - name: verify a version of a collection that isn't installed - command: ansible-galaxy collection verify ansible_test.verify:2.0.0 + command: ansible-galaxy collection verify ansible_test.verify:2.0.0 -s {{ test_name }} {{ galaxy_verbosity }} environment: ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}' register: verify @@ -94,12 +106,12 @@ - '"ansible_test.verify has the version ''1.0.0'' but is being compared to ''2.0.0''" in verify.stdout' - name: install the new version from the server - command: ansible-galaxy collection install ansible_test.verify:2.0.0 --force + command: ansible-galaxy collection install ansible_test.verify:2.0.0 --force -s {{ test_name }} {{ galaxy_verbosity }} environment: ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}' - name: verify the installed collection against the server - command: ansible-galaxy collection verify ansible_test.verify:2.0.0 + command: ansible-galaxy collection verify ansible_test.verify:2.0.0 -s {{ test_name }} {{ galaxy_verbosity }} environment: ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}' register: verify @@ -145,7 +157,7 @@ - "updated_file.stat.checksum != file.stat.checksum" - name: test verifying checksumes of the modified collection - command: ansible-galaxy collection verify ansible_test.verify:2.0.0 + command: ansible-galaxy collection verify ansible_test.verify:2.0.0 -s {{ test_name }} {{ galaxy_verbosity }} register: verify environment: ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}' @@ -165,7 +177,7 @@ diff: true - name: ensure a modified FILES.json is validated - command: ansible-galaxy collection verify ansible_test.verify:2.0.0 + command: ansible-galaxy collection verify ansible_test.verify:2.0.0 -s {{ test_name }} {{ galaxy_verbosity }} register: verify environment: ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}' @@ -189,7 +201,7 @@ line: ' "chksum_sha256": "{{ manifest_info.stat.checksum }}",' - name: ensure the MANIFEST.json is validated against the uncorrupted file from the server - command: ansible-galaxy collection verify ansible_test.verify:2.0.0 + command: ansible-galaxy collection verify ansible_test.verify:2.0.0 -s {{ test_name }} {{ galaxy_verbosity }} register: verify environment: ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}' @@ -219,7 +231,7 @@ dest: '{{ galaxy_dir }}/ansible_collections/ansible_test/verify/galaxy.yml' - name: test we only verify collections containing a MANIFEST.json with the version on the server - command: ansible-galaxy collection verify ansible_test.verify:2.0.0 + command: ansible-galaxy collection verify ansible_test.verify:2.0.0 -s {{ test_name }} {{ galaxy_verbosity }} register: verify environment: ANSIBLE_COLLECTIONS_PATH: '{{ galaxy_dir }}' diff --git a/test/integration/targets/ansible-galaxy-collection/templates/ansible.cfg.j2 b/test/integration/targets/ansible-galaxy-collection/templates/ansible.cfg.j2 index 62f3dcf9..00c1fe4d 100644 --- a/test/integration/targets/ansible-galaxy-collection/templates/ansible.cfg.j2 +++ b/test/integration/targets/ansible-galaxy-collection/templates/ansible.cfg.j2 @@ -1,7 +1,10 @@ [galaxy] # Ensures subsequent unstable reruns don't use the cached information causing another failure cache_dir={{ remote_tmp_dir }}/galaxy_cache -server_list=pulp_v2,pulp_v3,galaxy_ng,secondary +server_list=offline,pulp_v2,pulp_v3,galaxy_ng,secondary + +[galaxy_server.offline] +url=https://test-hub.demolab.local/api/galaxy/content/api/ [galaxy_server.pulp_v2] url={{ pulp_server }}published/api/ diff --git a/test/integration/targets/module_utils_Ansible.ModuleUtils.AddType/library/add_type_test.ps1 b/test/integration/targets/module_utils_Ansible.ModuleUtils.AddType/library/add_type_test.ps1 index d89f99b7..d6b05691 100644 --- a/test/integration/targets/module_utils_Ansible.ModuleUtils.AddType/library/add_type_test.ps1 +++ b/test/integration/targets/module_utils_Ansible.ModuleUtils.AddType/library/add_type_test.ps1 @@ -295,5 +295,28 @@ namespace Namespace11 Add-CSharpType -Reference $arch_class Assert-Equals -actual ([Namespace11.Class11]::GetIntPtrSize()) -expected ([System.IntPtr]::Size) +$lib_set = @' +using System; + +namespace Namespace12 +{ + public class Class12 + { + public static string GetString() + { + return "b"; + } + } +} +'@ +$env:LIB = "C:\fake\folder\path" +try { + Add-CSharpType -Reference $lib_set +} +finally { + Remove-Item -LiteralPath env:\LIB +} +Assert-Equals -actual ([Namespace12.Class12]::GetString()) -expected "b" + $result.res = "success" Exit-Json -obj $result diff --git a/test/integration/targets/roles_arg_spec/roles/empty_argspec/meta/argument_specs.yml b/test/integration/targets/roles_arg_spec/roles/empty_argspec/meta/argument_specs.yml new file mode 100644 index 00000000..b592aa05 --- /dev/null +++ b/test/integration/targets/roles_arg_spec/roles/empty_argspec/meta/argument_specs.yml @@ -0,0 +1,2 @@ +--- +argument_specs: diff --git a/test/integration/targets/roles_arg_spec/roles/empty_argspec/tasks/main.yml b/test/integration/targets/roles_arg_spec/roles/empty_argspec/tasks/main.yml new file mode 100644 index 00000000..90aab0e0 --- /dev/null +++ b/test/integration/targets/roles_arg_spec/roles/empty_argspec/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- debug: + msg: "Role with empty argument_specs key" diff --git a/test/integration/targets/roles_arg_spec/roles/empty_file/meta/argument_specs.yml b/test/integration/targets/roles_arg_spec/roles/empty_file/meta/argument_specs.yml new file mode 100644 index 00000000..ed97d539 --- /dev/null +++ b/test/integration/targets/roles_arg_spec/roles/empty_file/meta/argument_specs.yml @@ -0,0 +1 @@ +--- diff --git a/test/integration/targets/roles_arg_spec/roles/empty_file/tasks/main.yml b/test/integration/targets/roles_arg_spec/roles/empty_file/tasks/main.yml new file mode 100644 index 00000000..b77b8357 --- /dev/null +++ b/test/integration/targets/roles_arg_spec/roles/empty_file/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- debug: + msg: "Role with empty argument_specs.yml" diff --git a/test/integration/targets/roles_arg_spec/test.yml b/test/integration/targets/roles_arg_spec/test.yml index 06268c6a..5eca7c73 100644 --- a/test/integration/targets/roles_arg_spec/test.yml +++ b/test/integration/targets/roles_arg_spec/test.yml @@ -338,3 +338,19 @@ - debug: var=ansible_failed_result - fail: msg: "Should not get here" + +- name: "New play to reset vars: Test empty argument_specs.yml" + hosts: localhost + gather_facts: false + tasks: + - name: Import role with an empty argument_specs.yml + import_role: + name: empty_file + +- name: "New play to reset vars: Test empty argument_specs key" + hosts: localhost + gather_facts: false + tasks: + - name: Import role with an empty argument_specs key + import_role: + name: empty_argspec diff --git a/test/lib/ansible_test/_data/sanity/pslint/pslint.ps1 b/test/lib/ansible_test/_data/sanity/pslint/pslint.ps1 index 1ef2743a..21007db6 100755 --- a/test/lib/ansible_test/_data/sanity/pslint/pslint.ps1 +++ b/test/lib/ansible_test/_data/sanity/pslint/pslint.ps1 @@ -2,7 +2,6 @@ #Requires -Version 6 #Requires -Modules PSScriptAnalyzer, PSSA-PSCustomUseLiteralPath -Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" $WarningPreference = "Stop" @@ -21,14 +20,12 @@ $PSSAParams = @{ Setting = (Join-Path -Path $PSScriptRoot -ChildPath "settings.psd1") } -$Results = @() - -ForEach ($Path in $Args) { +$Results = @(ForEach ($Path in $Args) { $Retries = 3 Do { Try { - $Results += Invoke-ScriptAnalyzer -Path $Path @PSSAParams 3> $null + Invoke-ScriptAnalyzer -Path $Path @PSSAParams 3> $null $Retries = 0 } Catch { @@ -38,6 +35,8 @@ ForEach ($Path in $Args) { } } Until ($Retries -le 0) -} +}) -ConvertTo-Json -InputObject $Results +# Since pwsh 7.1 results that exceed depth will produce a warning which fails the process. +# Ignore warnings only for this step. +ConvertTo-Json -InputObject $Results -Depth 1 -WarningAction SilentlyContinue diff --git a/test/units/module_utils/test_connection.py b/test/units/module_utils/test_connection.py new file mode 100644 index 00000000..bd0285b3 --- /dev/null +++ b/test/units/module_utils/test_connection.py @@ -0,0 +1,22 @@ +# -*- coding: utf-8 -*- +# Copyright: (c) 2021, Matt Martz <matt@sivel.net> +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +from ansible.module_utils import connection + +import pytest + + +def test_set_options_credential_exposure(): + def send(data): + return '{' + + c = connection.Connection(connection.__file__) + c.send = send + with pytest.raises(connection.ConnectionError) as excinfo: + c._exec_jsonrpc('set_options', become_pass='password') + + assert 'password' not in str(excinfo.value) |