diff options
| author | Lee Garrett <lgarrett@rocketjump.eu> | 2021-11-04 16:41:17 +0100 |
|---|---|---|
| committer | Lee Garrett <lgarrett@rocketjump.eu> | 2021-11-04 16:41:17 +0100 |
| commit | 13e2c2e94d3559b85a7d813d98e9835b891b0a9f (patch) | |
| tree | ca70a2b7963bb6dc05327d9c1169e5cc97d7f8aa /lib | |
| parent | 64aab4bd2d3ded02da538beb94a4a7fbf7781699 (diff) | |
| download | debian-ansible-core-13e2c2e94d3559b85a7d813d98e9835b891b0a9f.zip | |
New upstream version 2.11.6
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/ansible/cli/scripts/ansible_connection_cli_stub.py | 12 | ||||
| -rw-r--r-- | lib/ansible/config/base.yml | 2 | ||||
| -rw-r--r-- | lib/ansible/galaxy/collection/galaxy_api_proxy.py | 66 | ||||
| -rw-r--r-- | lib/ansible/module_utils/connection.py | 5 | ||||
| -rw-r--r-- | lib/ansible/module_utils/powershell/Ansible.ModuleUtils.AddType.psm1 | 23 | ||||
| -rw-r--r-- | lib/ansible/playbook/role/__init__.py | 5 | ||||
| -rw-r--r-- | lib/ansible/plugins/netconf/__init__.py | 5 | ||||
| -rw-r--r-- | lib/ansible/release.py | 2 |
8 files changed, 110 insertions, 10 deletions
diff --git a/lib/ansible/cli/scripts/ansible_connection_cli_stub.py b/lib/ansible/cli/scripts/ansible_connection_cli_stub.py index 1b85c1c3..4cb09d57 100755 --- a/lib/ansible/cli/scripts/ansible_connection_cli_stub.py +++ b/lib/ansible/cli/scripts/ansible_connection_cli_stub.py @@ -100,7 +100,11 @@ class ConnectionProcess(object): self.play_context.private_key_file = os.path.join(self.original_path, self.play_context.private_key_file) self.connection = connection_loader.get(self.play_context.connection, self.play_context, '/dev/null', task_uuid=self._task_uuid, ansible_playbook_pid=self._ansible_playbook_pid) - self.connection.set_options(var_options=variables) + try: + self.connection.set_options(var_options=variables) + except ConnectionError as exc: + messages.append(('debug', to_text(exc))) + raise ConnectionError('Unable to decode JSON from response set_options. See the debug log for more information.') self.connection._socket_path = self.socket_path self.srv.register(self.connection) @@ -302,7 +306,11 @@ def main(): else: messages.append(('vvvv', 'found existing local domain socket, using it!')) conn = Connection(socket_path) - conn.set_options(var_options=variables) + try: + conn.set_options(var_options=variables) + except ConnectionError as exc: + messages.append(('debug', to_text(exc))) + raise ConnectionError('Unable to decode JSON from response set_options. See the debug log for more information.') pc_data = to_text(init_data) try: conn.update_play_context(pc_data) diff --git a/lib/ansible/config/base.yml b/lib/ansible/config/base.yml index 9cf3aeed..896e5179 100644 --- a/lib/ansible/config/base.yml +++ b/lib/ansible/config/base.yml @@ -588,7 +588,7 @@ CALLBACKS_ENABLED: deprecated: why: normalizing names to new standard version: "2.15" - alternatives: 'callback_enabled' + alternatives: 'callbacks_enabled' - key: callbacks_enabled section: defaults version_added: '2.11' diff --git a/lib/ansible/galaxy/collection/galaxy_api_proxy.py b/lib/ansible/galaxy/collection/galaxy_api_proxy.py index fb4cd5de..9359375b 100644 --- a/lib/ansible/galaxy/collection/galaxy_api_proxy.py +++ b/lib/ansible/galaxy/collection/galaxy_api_proxy.py @@ -24,6 +24,11 @@ if TYPE_CHECKING: ) from ansible.galaxy.api import GalaxyAPI, GalaxyError +from ansible.module_utils._text import to_text +from ansible.utils.display import Display + + +display = Display() class MultiGalaxyAPIProxy: @@ -35,6 +40,47 @@ class MultiGalaxyAPIProxy: self._apis = apis self._concrete_art_mgr = concrete_artifacts_manager + def _get_collection_versions(self, requirement): + # type: (Requirement, Iterator[GalaxyAPI]) -> Iterator[Tuple[GalaxyAPI, str]] + """Helper for get_collection_versions. + + Yield api, version pairs for all APIs, + and reraise the last error if no valid API was found. + """ + found_api = False + last_error = None + + api_lookup_order = ( + (requirement.src, ) + if isinstance(requirement.src, GalaxyAPI) + else self._apis + ) + + for api in api_lookup_order: + try: + versions = api.get_collection_versions(requirement.namespace, requirement.name) + except GalaxyError as api_err: + last_error = api_err + except Exception as unknown_err: + display.warning( + "Skipping Galaxy server {server!s}. " + "Got an unexpected error when getting " + "available versions of collection {fqcn!s}: {err!s}". + format( + server=api.api_server, + fqcn=requirement.fqcn, + err=to_text(unknown_err), + ) + ) + last_error = unknown_err + else: + found_api = True + for version in versions: + yield api, version + + if not found_api and last_error is not None: + raise last_error + def get_collection_versions(self, requirement): # type: (Requirement) -> Iterable[Tuple[str, GalaxyAPI]] """Get a set of unique versions for FQCN on Galaxy servers.""" @@ -54,9 +100,8 @@ class MultiGalaxyAPIProxy: ) return set( (version, api) - for api in api_lookup_order - for version in api.get_collection_versions( - requirement.namespace, requirement.name, + for api, version in self._get_collection_versions( + requirement, ) ) @@ -78,6 +123,21 @@ class MultiGalaxyAPIProxy: ) except GalaxyError as api_err: last_err = api_err + except Exception as unknown_err: + # `verify` doesn't use `get_collection_versions` since the version is already known. + # Do the same as `install` and `download` by trying all APIs before failing. + # Warn for debugging purposes, since the Galaxy server may be unexpectedly down. + last_err = unknown_err + display.warning( + "Skipping Galaxy server {server!s}. " + "Got an unexpected error when getting " + "available versions of collection {fqcn!s}: {err!s}". + format( + server=api.api_server, + fqcn=collection_candidate.fqcn, + err=to_text(unknown_err), + ) + ) else: self._concrete_art_mgr.save_collection_source( collection_candidate, diff --git a/lib/ansible/module_utils/connection.py b/lib/ansible/module_utils/connection.py index a76fdb6b..fd0b1340 100644 --- a/lib/ansible/module_utils/connection.py +++ b/lib/ansible/module_utils/connection.py @@ -163,6 +163,11 @@ class Connection(object): try: response = json.loads(out) except ValueError: + # set_option(s) has sensitive info, and the details are unlikely to matter anyway + if name.startswith("set_option"): + raise ConnectionError( + "Unable to decode JSON from response to {0}. Received '{1}'.".format(name, out) + ) params = [repr(arg) for arg in args] + ['{0}={1!r}'.format(k, v) for k, v in iteritems(kwargs)] params = ', '.join(params) raise ConnectionError( diff --git a/lib/ansible/module_utils/powershell/Ansible.ModuleUtils.AddType.psm1 b/lib/ansible/module_utils/powershell/Ansible.ModuleUtils.AddType.psm1 index ba38159d..a4801ba5 100644 --- a/lib/ansible/module_utils/powershell/Ansible.ModuleUtils.AddType.psm1 +++ b/lib/ansible/module_utils/powershell/Ansible.ModuleUtils.AddType.psm1 @@ -332,7 +332,28 @@ Function Add-CSharpType { # compile the code together and check for errors $provider = New-Object -TypeName Microsoft.CSharp.CSharpCodeProvider - $compile = $provider.CompileAssemblyFromDom($compile_parameters, $compile_units) + + # This calls csc.exe which can take compiler options from environment variables. Currently these env vars + # are known to have problems so they are unset: + # LIB - additional library paths will fail the compilation if they are invalid + $originalEnv = @{} + try { + 'LIB' | ForEach-Object -Process { + $value = Get-Item -LiteralPath "Env:\$_" -ErrorAction SilentlyContinue + if ($value) { + $originalEnv[$_] = $value + Remove-Item -LiteralPath "Env:\$_" + } + } + + $compile = $provider.CompileAssemblyFromDom($compile_parameters, $compile_units) + } + finally { + foreach ($kvp in $originalEnv.GetEnumerator()) { + [System.Environment]::SetEnvironmentVariable($kvp.Key, $kvp.Value, "Process") + } + } + if ($compile.Errors.HasErrors) { $msg = "Failed to compile C# code: " foreach ($e in $compile.Errors) { diff --git a/lib/ansible/playbook/role/__init__.py b/lib/ansible/playbook/role/__init__.py index 25c3b167..8ee812a6 100644 --- a/lib/ansible/playbook/role/__init__.py +++ b/lib/ansible/playbook/role/__init__.py @@ -294,7 +294,10 @@ class Role(Base, Conditional, Taggable, CollectionSearch): if self._loader.path_exists(full_path): # Note: _load_role_yaml() takes care of rebuilding the path. argument_specs = self._load_role_yaml('meta', main='argument_specs') - return argument_specs.get('argument_specs', {}) + try: + return argument_specs.get('argument_specs') or {} + except AttributeError: + return {} # We did not find the meta/argument_specs.[yml|yaml] file, so use the spec # dict from the role meta data, if it exists. Ansible 2.11 and later will diff --git a/lib/ansible/plugins/netconf/__init__.py b/lib/ansible/plugins/netconf/__init__.py index 95442e60..36d082b2 100644 --- a/lib/ansible/plugins/netconf/__init__.py +++ b/lib/ansible/plugins/netconf/__init__.py @@ -32,7 +32,10 @@ try: from ncclient.xml_ import to_xml, to_ele, NCElement HAS_NCCLIENT = True NCCLIENT_IMP_ERR = None -except (ImportError, AttributeError) as err: # paramiko and gssapi are incompatible and raise AttributeError not ImportError +# paramiko and gssapi are incompatible and raise AttributeError not ImportError +# When running in FIPS mode, cryptography raises InternalError +# https://bugzilla.redhat.com/show_bug.cgi?id=1778939 +except Exception as err: HAS_NCCLIENT = False NCCLIENT_IMP_ERR = err diff --git a/lib/ansible/release.py b/lib/ansible/release.py index 7f45e40b..83a61e38 100644 --- a/lib/ansible/release.py +++ b/lib/ansible/release.py @@ -19,6 +19,6 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type -__version__ = '2.11.5' +__version__ = '2.11.6' __author__ = 'Ansible, Inc.' __codename__ = 'Hey Hey, What Can I Do' |