Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ansible-core-2.16 for
openSUSE:Factory checked in at 2024-11-15 15:42:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ansible-core-2.16 (Old)
and /work/SRC/openSUSE:Factory/.ansible-core-2.16.new.2017 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ansible-core-2.16"
Fri Nov 15 15:42:58 2024 rev:5 rq:1224266 version:2.16.13
Changes:
--------
--- /work/SRC/openSUSE:Factory/ansible-core-2.16/ansible-core-2.16.changes
2024-10-11 17:03:29.649652399 +0200
+++
/work/SRC/openSUSE:Factory/.ansible-core-2.16.new.2017/ansible-core-2.16.changes
2024-11-15 15:43:03.577963074 +0100
@@ -1,0 +2,26 @@
+Thu Nov 14 16:31:19 UTC 2024 - Johannes Kastl
<[email protected]>
+
+- update to 2.16.13:
+
https://github.com/ansible/ansible/blob/v2.16.13/changelogs/CHANGELOG-v2.16.rst
+ * Minor Changes
+ - ansible-test - Improve container runtime probe error
+ handling. When unexpected probe output is encountered, an
+ error with more useful debugging information is provided.
+ * Security Fixes
+ - include_vars action - Ensure that result masking is correctly
+ requested when vault-encrypted files are read.
+ (CVE-2024-8775)
+ - task result processing - Ensure that action-sourced result
+ masking (_ansible_no_log=True) is preserved. (CVE-2024-8775)
+ - user action won't allow ssh-keygen, chown and chmod to run on
+ existing ssh public key file, avoiding traversal on existing
+ symlinks (CVE-2024-9902).
+ * Bugfixes
+ - Improve performance on large inventories by reducing the
+ number of implicit meta tasks.
+ - ansible-test - Enable the sys.unraisablehook work-around for
+ the pylint sanity test on Python 3.11. Previously the
+ work-around was only enabled for Python 3.12 and later.
+ However, the same issue has been discovered on Python 3.11.
+
+-------------------------------------------------------------------
Old:
----
ansible_core-2.16.12.tar.gz
ansible_core-2.16.12.tar.gz.sha256
New:
----
ansible_core-2.16.13.tar.gz
ansible_core-2.16.13.tar.gz.sha256
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ansible-core-2.16.spec ++++++
--- /var/tmp/diff_new_pack.TQHSn5/_old 2024-11-15 15:43:04.201989198 +0100
+++ /var/tmp/diff_new_pack.TQHSn5/_new 2024-11-15 15:43:04.205989365 +0100
@@ -38,7 +38,7 @@
%endif
Name: ansible-core-2.16
-Version: 2.16.12
+Version: 2.16.13
Release: 0
Summary: Radically simple IT automation
License: GPL-3.0-or-later
++++++ ansible_core-2.16.12.tar.gz -> ansible_core-2.16.13.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ansible_core-2.16.12/PKG-INFO
new/ansible_core-2.16.13/PKG-INFO
--- old/ansible_core-2.16.12/PKG-INFO 2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/PKG-INFO 2024-11-04 19:35:35.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: ansible-core
-Version: 2.16.12
+Version: 2.16.13
Summary: Radically simple IT automation
Home-page: https://ansible.com/
Author: Ansible, Inc.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ansible_core-2.16.12/changelogs/CHANGELOG-v2.16.rst
new/ansible_core-2.16.13/changelogs/CHANGELOG-v2.16.rst
--- old/ansible_core-2.16.12/changelogs/CHANGELOG-v2.16.rst 2024-10-07
21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/changelogs/CHANGELOG-v2.16.rst 2024-11-04
19:35:35.000000000 +0100
@@ -5,6 +5,35 @@
.. contents:: Topics
+v2.16.13
+========
+
+Release Summary
+---------------
+
+| Release Date: 2024-11-04
+| `Porting Guide
<https://docs.ansible.com/ansible-core/2.16/porting_guides/porting_guide_core_2.16.html>`__
+
+
+Minor Changes
+-------------
+
+- ansible-test - Improve container runtime probe error handling. When
unexpected probe output is encountered, an error with more useful debugging
information is provided.
+
+Security Fixes
+--------------
+
+- include_vars action - Ensure that result masking is correctly requested when
vault-encrypted files are read. (CVE-2024-8775)
+- task result processing - Ensure that action-sourced result masking
(``_ansible_no_log=True``) is preserved. (CVE-2024-8775)
+- user action won't allow ssh-keygen, chown and chmod to run on existing ssh
public key file, avoiding traversal on existing symlinks (CVE-2024-9902).
+
+Bugfixes
+--------
+
+- Improve performance on large inventories by reducing the number of implicit
meta tasks.
+- ansible-test - Enable the ``sys.unraisablehook`` work-around for the
``pylint`` sanity test on Python 3.11. Previously the work-around was only
enabled for Python 3.12 and later. However, the same issue has been discovered
on Python 3.11.
+- user action will now require O(force) to overwrite the public part of an ssh
key when generating ssh keys, as was already the case for the private part.
+
v2.16.12
========
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ansible_core-2.16.12/changelogs/changelog.yaml
new/ansible_core-2.16.13/changelogs/changelog.yaml
--- old/ansible_core-2.16.12/changelogs/changelog.yaml 2024-10-07
21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/changelogs/changelog.yaml 2024-11-04
19:35:35.000000000 +0100
@@ -906,6 +906,53 @@
- 83960-dnf5-state-installed-fix.yml
- ansible-galaxy-install-help.yml
release_date: '2024-09-30'
+ 2.16.13:
+ changes:
+ release_summary: '| Release Date: 2024-11-04
+
+ | `Porting Guide
<https://docs.ansible.com/ansible-core/2.16/porting_guides/porting_guide_core_2.16.html>`__
+
+ '
+ codename: All My Love
+ fragments:
+ - 2.16.13_summary.yaml
+ release_date: '2024-11-04'
+ 2.16.13rc1:
+ changes:
+ bugfixes:
+ - Improve performance on large inventories by reducing the number of
implicit
+ meta tasks.
+ - ansible-test - Enable the ``sys.unraisablehook`` work-around for the
``pylint``
+ sanity test on Python 3.11. Previously the work-around was only
enabled for
+ Python 3.12 and later. However, the same issue has been discovered on
Python
+ 3.11.
+ - user action will now require O(force) to overwrite the public part of
an ssh
+ key when generating ssh keys, as was already the case for the private
part.
+ minor_changes:
+ - ansible-test - Improve container runtime probe error handling. When
unexpected
+ probe output is encountered, an error with more useful debugging
information
+ is provided.
+ release_summary: '| Release Date: 2024-10-29
+
+ | `Porting Guide
<https://docs.ansible.com/ansible-core/2.16/porting_guides/porting_guide_core_2.16.html>`__
+
+ '
+ security_fixes:
+ - include_vars action - Ensure that result masking is correctly
requested when
+ vault-encrypted files are read. (CVE-2024-8775)
+ - task result processing - Ensure that action-sourced result masking
(``_ansible_no_log=True``)
+ is preserved. (CVE-2024-8775)
+ - user action won't allow ssh-keygen, chown and chmod to run on existing
ssh
+ public key file, avoiding traversal on existing symlinks
(CVE-2024-9902).
+ codename: All My Love
+ fragments:
+ - 2.16.13rc1_summary.yaml
+ - ansible-test-probe-error-handling.yml
+ - ansible-test-pylint-fix.yml
+ - cve-2024-8775.yml
+ - skip-implicit-flush_handlers-no-notify.yml
+ - user_ssh_fix.yml
+ release_date: '2024-10-29'
2.16.1rc1:
changes:
breaking_changes:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/lib/ansible/executor/play_iterator.py
new/ansible_core-2.16.13/lib/ansible/executor/play_iterator.py
--- old/ansible_core-2.16.12/lib/ansible/executor/play_iterator.py
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/lib/ansible/executor/play_iterator.py
2024-11-04 19:35:35.000000000 +0100
@@ -449,6 +449,24 @@
# if something above set the task, break out of the loop now
if task:
+ # skip implicit flush_handlers if there are no handlers
notified
+ if (
+ task.implicit
+ and task.action in C._ACTION_META
+ and task.args.get('_raw_params', None) == 'flush_handlers'
+ and (
+ # the state store in the `state` variable could be a
nested state,
+ # notifications are always stored in the top level
state, get it here
+ not
self.get_state_for_host(host.name).handler_notifications
+ # in case handlers notifying other handlers, the
notifications are not
+ # saved in `handler_notifications` and handlers are
notified directly
+ # to prevent duplicate handler runs, so check whether
any handler
+ # is notified
+ and all(not h.notified_hosts for h in self.handlers)
+ )
+ ):
+ continue
+
break
return (state, task)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/lib/ansible/executor/task_executor.py
new/ansible_core-2.16.13/lib/ansible/executor/task_executor.py
--- old/ansible_core-2.16.12/lib/ansible/executor/task_executor.py
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/lib/ansible/executor/task_executor.py
2024-11-04 19:35:35.000000000 +0100
@@ -656,8 +656,8 @@
self._handler.cleanup()
display.debug("handler run complete")
- # preserve no log
- result["_ansible_no_log"] = no_log
+ # propagate no log to result- the action can set this, so only
overwrite it with the task's value if missing or falsey
+ result["_ansible_no_log"] = bool(no_log or
result.get('_ansible_no_log', False))
if self._task.action not in C._ACTION_WITH_CLEAN_FACTS:
result = wrap_var(result)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/lib/ansible/module_utils/ansible_release.py
new/ansible_core-2.16.13/lib/ansible/module_utils/ansible_release.py
--- old/ansible_core-2.16.12/lib/ansible/module_utils/ansible_release.py
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/lib/ansible/module_utils/ansible_release.py
2024-11-04 19:35:35.000000000 +0100
@@ -19,6 +19,6 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
-__version__ = '2.16.12'
+__version__ = '2.16.13'
__author__ = 'Ansible, Inc.'
__codename__ = "All My Love"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ansible_core-2.16.12/lib/ansible/modules/user.py
new/ansible_core-2.16.13/lib/ansible/modules/user.py
--- old/ansible_core-2.16.12/lib/ansible/modules/user.py 2024-10-07
21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/lib/ansible/modules/user.py 2024-11-04
19:35:35.000000000 +0100
@@ -1160,9 +1160,11 @@
overwrite = None
try:
ssh_key_file = self.get_ssh_key_path()
+ pub_file = '%s.pub' % ssh_key_file
except Exception as e:
return (1, '', to_native(e))
ssh_dir = os.path.dirname(ssh_key_file)
+
if not os.path.exists(ssh_dir):
if self.module.check_mode:
return (0, '', '')
@@ -1171,12 +1173,23 @@
os.chown(ssh_dir, info[2], info[3])
except OSError as e:
return (1, '', 'Failed to create %s: %s' % (ssh_dir,
to_native(e)))
+
if os.path.exists(ssh_key_file):
if self.force:
- # ssh-keygen doesn't support overwriting the key
interactively, so send 'y' to confirm
+ self.module.warn('Overwriting existing ssh key private file
"%s"' % ssh_key_file)
overwrite = 'y'
else:
+ self.module.warn('Found existing ssh key private file "%s", no
force, so skipping ssh-keygen generation' % ssh_key_file)
return (None, 'Key already exists, use "force: yes" to
overwrite', '')
+
+ if os.path.exists(pub_file):
+ if self.force:
+ self.module.warn('Overwriting existing ssh key public file
"%s"' % pub_file)
+ os.unlink(pub_file)
+ else:
+ self.module.warn('Found existing ssh key public file "%s", no
force, so skipping ssh-keygen generation' % pub_file)
+ return (None, 'Public key already exists, use "force: yes" to
overwrite', '')
+
cmd = [self.module.get_bin_path('ssh-keygen', True)]
cmd.append('-t')
cmd.append(self.ssh_type)
@@ -1243,7 +1256,7 @@
# If the keys were successfully created, we should be able
# to tweak ownership.
os.chown(ssh_key_file, info[2], info[3])
- os.chown('%s.pub' % ssh_key_file, info[2], info[3])
+ os.chown(pub_file, info[2], info[3])
return (rc, out, err)
def ssh_key_fingerprint(self):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/lib/ansible/plugins/action/include_vars.py
new/ansible_core-2.16.13/lib/ansible/plugins/action/include_vars.py
--- old/ansible_core-2.16.12/lib/ansible/plugins/action/include_vars.py
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/lib/ansible/plugins/action/include_vars.py
2024-11-04 19:35:35.000000000 +0100
@@ -238,7 +238,8 @@
b_data, show_content = self._loader._get_file_contents(filename)
data = to_text(b_data, errors='surrogate_or_strict')
- self.show_content = show_content
+ self.show_content &= show_content # mask all results if any file
was encrypted
+
data = self._loader.load(data, file_name=filename,
show_content=show_content)
if not data:
data = dict()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/lib/ansible/plugins/strategy/__init__.py
new/ansible_core-2.16.13/lib/ansible/plugins/strategy/__init__.py
--- old/ansible_core-2.16.12/lib/ansible/plugins/strategy/__init__.py
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/lib/ansible/plugins/strategy/__init__.py
2024-11-04 19:35:35.000000000 +0100
@@ -928,6 +928,8 @@
meta_action = task.args.get('_raw_params')
def _evaluate_conditional(h):
+ if not task.when:
+ return True
all_vars = self._variable_manager.get_vars(play=iterator._play,
host=h, task=task,
_hosts=self._hosts_cache, _hosts_all=self._hosts_cache_all)
templar = Templar(loader=self._loader, variables=all_vars)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/lib/ansible/plugins/strategy/linear.py
new/ansible_core-2.16.13/lib/ansible/plugins/strategy/linear.py
--- old/ansible_core-2.16.12/lib/ansible/plugins/strategy/linear.py
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/lib/ansible/plugins/strategy/linear.py
2024-11-04 19:35:35.000000000 +0100
@@ -37,7 +37,6 @@
from ansible.module_utils.common.text.converters import to_text
from ansible.playbook.handler import Handler
from ansible.playbook.included_file import IncludedFile
-from ansible.playbook.task import Task
from ansible.plugins.loader import action_loader
from ansible.plugins.strategy import StrategyBase
from ansible.template import Templar
@@ -54,12 +53,6 @@
be a noop task to keep the iterator in lock step across
all hosts.
'''
- noop_task = Task()
- noop_task.action = 'meta'
- noop_task.args['_raw_params'] = 'noop'
- noop_task.implicit = True
- noop_task.set_loader(iterator._play._loader)
-
state_task_per_host = {}
for host in hosts:
state, task = iterator.get_next_task_for_host(host, peek=True)
@@ -67,7 +60,7 @@
state_task_per_host[host] = state, task
if not state_task_per_host:
- return [(h, None) for h in hosts]
+ return []
task_uuids = {t._uuid for s, t in state_task_per_host.values()}
_loop_cnt = 0
@@ -93,8 +86,6 @@
if cur_task._uuid == task._uuid:
iterator.set_state_for_host(host.name, state)
host_tasks.append((host, task))
- else:
- host_tasks.append((host, noop_task))
if cur_task.action in C._ACTION_META and
cur_task.args.get('_raw_params') == 'flush_handlers':
iterator.all_tasks[iterator.cur_task:iterator.cur_task] = [h for b
in iterator._play.handlers for h in b.block]
@@ -136,9 +127,6 @@
results = []
for (host, task) in host_tasks:
- if not task:
- continue
-
if self._tqm._terminated:
break
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ansible_core-2.16.12/lib/ansible/release.py
new/ansible_core-2.16.13/lib/ansible/release.py
--- old/ansible_core-2.16.12/lib/ansible/release.py 2024-10-07
21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/lib/ansible/release.py 2024-11-04
19:35:35.000000000 +0100
@@ -19,6 +19,6 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
-__version__ = '2.16.12'
+__version__ = '2.16.13'
__author__ = 'Ansible, Inc.'
__codename__ = "All My Love"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/lib/ansible_core.egg-info/PKG-INFO
new/ansible_core-2.16.13/lib/ansible_core.egg-info/PKG-INFO
--- old/ansible_core-2.16.12/lib/ansible_core.egg-info/PKG-INFO 2024-10-07
21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/lib/ansible_core.egg-info/PKG-INFO 2024-11-04
19:35:35.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: ansible-core
-Version: 2.16.12
+Version: 2.16.13
Summary: Radically simple IT automation
Home-page: https://ansible.com/
Author: Ansible, Inc.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/lib/ansible_core.egg-info/SOURCES.txt
new/ansible_core-2.16.13/lib/ansible_core.egg-info/SOURCES.txt
--- old/ansible_core-2.16.12/lib/ansible_core.egg-info/SOURCES.txt
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/lib/ansible_core.egg-info/SOURCES.txt
2024-11-04 19:35:35.000000000 +0100
@@ -2041,6 +2041,7 @@
test/integration/targets/handlers/82241.yml
test/integration/targets/handlers/aliases
test/integration/targets/handlers/from_handlers.yml
+test/integration/targets/handlers/handler_notify_earlier_handler.yml
test/integration/targets/handlers/handlers.yml
test/integration/targets/handlers/handlers_lockstep_82307.yml
test/integration/targets/handlers/handlers_lockstep_83019-include-nested.yml
@@ -2374,6 +2375,8 @@
test/integration/targets/include_vars/aliases
test/integration/targets/include_vars-ad-hoc/aliases
test/integration/targets/include_vars-ad-hoc/runme.sh
+test/integration/targets/include_vars-ad-hoc/vaultpass
+test/integration/targets/include_vars-ad-hoc/dir/encrypted.yml
test/integration/targets/include_vars-ad-hoc/dir/inc.yml
test/integration/targets/include_vars/defaults/main.yml
test/integration/targets/include_vars/files/test_depth/sub1/sub11.yml
@@ -2945,12 +2948,15 @@
test/integration/targets/module_utils_urls/meta/main.yml
test/integration/targets/module_utils_urls/tasks/main.yml
test/integration/targets/no_log/aliases
+test/integration/targets/no_log/ansible_no_log_in_result.yml
test/integration/targets/no_log/dynamic.yml
test/integration/targets/no_log/no_log_config.yml
test/integration/targets/no_log/no_log_local.yml
test/integration/targets/no_log/no_log_suboptions.yml
test/integration/targets/no_log/no_log_suboptions_invalid.yml
test/integration/targets/no_log/runme.sh
+test/integration/targets/no_log/secretvars.yml
+test/integration/targets/no_log/action_plugins/action_sets_no_log.py
test/integration/targets/no_log/library/module.py
test/integration/targets/noexec/aliases
test/integration/targets/noexec/inventory
@@ -3744,6 +3750,7 @@
test/integration/targets/user/files/userlist.sh
test/integration/targets/user/meta/main.yml
test/integration/targets/user/tasks/main.yml
+test/integration/targets/user/tasks/ssh_keygen.yml
test/integration/targets/user/tasks/test_create_system_user.yml
test/integration/targets/user/tasks/test_create_user.yml
test/integration/targets/user/tasks/test_create_user_home.yml
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ansible_core-2.16.12/pyproject.toml
new/ansible_core-2.16.13/pyproject.toml
--- old/ansible_core-2.16.12/pyproject.toml 2024-10-07 21:36:35.000000000
+0200
+++ new/ansible_core-2.16.13/pyproject.toml 2024-11-04 19:35:35.000000000
+0100
@@ -1,3 +1,3 @@
[build-system]
-requires = ["setuptools >= 66.1.0, <= 75.1.0"] # lower bound to support
controller Python versions, upper bound for latest version tested at release
+requires = ["setuptools >= 66.1.0, <= 75.3.0"] # lower bound to support
controller Python versions, upper bound for latest version tested at release
build-backend = "setuptools.build_meta"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/ansible-playbook-callbacks/callbacks_list.expected
new/ansible_core-2.16.13/test/integration/targets/ansible-playbook-callbacks/callbacks_list.expected
---
old/ansible_core-2.16.12/test/integration/targets/ansible-playbook-callbacks/callbacks_list.expected
2024-10-07 21:36:35.000000000 +0200
+++
new/ansible_core-2.16.13/test/integration/targets/ansible-playbook-callbacks/callbacks_list.expected
2024-11-04 19:35:35.000000000 +0100
@@ -1,9 +1,10 @@
1 __init__
-92 v2_on_any
+94 v2_on_any
1 v2_on_file_diff
4 v2_playbook_on_handler_task_start
2 v2_playbook_on_include
1 v2_playbook_on_no_hosts_matched
+ 2 v2_playbook_on_no_hosts_remaining
3 v2_playbook_on_notify
3 v2_playbook_on_play_start
1 v2_playbook_on_start
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/handlers/handler_notify_earlier_handler.yml
new/ansible_core-2.16.13/test/integration/targets/handlers/handler_notify_earlier_handler.yml
---
old/ansible_core-2.16.12/test/integration/targets/handlers/handler_notify_earlier_handler.yml
1970-01-01 01:00:00.000000000 +0100
+++
new/ansible_core-2.16.13/test/integration/targets/handlers/handler_notify_earlier_handler.yml
2024-11-04 19:35:35.000000000 +0100
@@ -0,0 +1,33 @@
+- hosts: localhost
+ gather_facts: false
+ tasks:
+ - name: test implicit flush_handlers tasks pick up notifications done by
handlers themselves
+ command: echo
+ notify: h2
+ handlers:
+ - name: h1
+ debug:
+ msg: h1_ran
+
+ - name: h2
+ debug:
+ msg: h2_ran
+ changed_when: true
+ notify: h1
+
+- hosts: localhost
+ gather_facts: false
+ tasks:
+ - name: test implicit flush_handlers tasks pick up notifications done by
handlers themselves
+ command: echo
+ notify: h3
+ handlers:
+ - name: h3
+ debug:
+ msg: h3_ran
+ changed_when: true
+ notify: h4
+
+ - name: h4
+ debug:
+ msg: h4_ran
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/handlers/runme.sh
new/ansible_core-2.16.13/test/integration/targets/handlers/runme.sh
--- old/ansible_core-2.16.12/test/integration/targets/handlers/runme.sh
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/test/integration/targets/handlers/runme.sh
2024-11-04 19:35:35.000000000 +0100
@@ -214,3 +214,9 @@
ansible-playbook handlers_lockstep_83019.yml -i inventory.handlers "$@" 2>&1 |
tee out.txt
[ "$(grep out.txt -ce 'TASK \[handler1\]')" = "0" ]
+
+ansible-playbook handler_notify_earlier_handler.yml "$@" 2>&1 | tee out.txt
+[ "$(grep out.txt -ce 'h1_ran')" = "1" ]
+[ "$(grep out.txt -ce 'h2_ran')" = "1" ]
+[ "$(grep out.txt -ce 'h3_ran')" = "1" ]
+[ "$(grep out.txt -ce 'h4_ran')" = "1" ]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/include_vars-ad-hoc/dir/encrypted.yml
new/ansible_core-2.16.13/test/integration/targets/include_vars-ad-hoc/dir/encrypted.yml
---
old/ansible_core-2.16.12/test/integration/targets/include_vars-ad-hoc/dir/encrypted.yml
1970-01-01 01:00:00.000000000 +0100
+++
new/ansible_core-2.16.13/test/integration/targets/include_vars-ad-hoc/dir/encrypted.yml
2024-11-04 19:35:35.000000000 +0100
@@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+31613539636636336264396235633933633839646337323533316638633336653461393036336664
+3939386435313638366366626566346135623932653238360a366261303663343034633865626132
+31646231623630333636383636383833656331643164656366623332396439306132663264663131
+6439633766376261320a616265306430366530363866356433366430633265353739373732646536
+37623661333064306162373463616231636365373231313939373230643936313362
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/include_vars-ad-hoc/runme.sh
new/ansible_core-2.16.13/test/integration/targets/include_vars-ad-hoc/runme.sh
---
old/ansible_core-2.16.12/test/integration/targets/include_vars-ad-hoc/runme.sh
2024-10-07 21:36:35.000000000 +0200
+++
new/ansible_core-2.16.13/test/integration/targets/include_vars-ad-hoc/runme.sh
2024-11-04 19:35:35.000000000 +0100
@@ -1,6 +1,22 @@
#!/usr/bin/env bash
-set -eux
+set -eux -o pipefail
-ansible testhost -i ../../inventory -m include_vars -a 'dir/inc.yml' "$@"
-ansible testhost -i ../../inventory -m include_vars -a 'dir=dir' "$@"
+echo "single file include"
+ansible testhost -i ../../inventory -m include_vars -a 'dir/inc.yml' -vvv 2>&1
| grep -q 'porter.*cable'
+
+echo "single file encrypted include"
+ansible testhost -i ../../inventory -m include_vars -a 'dir/encrypted.yml'
-vvv --vault-password-file vaultpass > output.txt 2>&1
+
+echo "directory include with encrypted"
+ansible testhost -i ../../inventory -m include_vars -a 'dir=dir' -vvv
--vault-password-file vaultpass >> output.txt 2>&1
+
+grep -q 'output has been hidden' output.txt
+
+# all content should be masked if any file is encrypted
+if grep -e 'i am a secret' -e 'porter.*cable' output.txt; then
+ echo "FAIL: vault masking failed"
+ exit 1
+fi
+
+echo PASS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/include_vars-ad-hoc/vaultpass
new/ansible_core-2.16.13/test/integration/targets/include_vars-ad-hoc/vaultpass
---
old/ansible_core-2.16.12/test/integration/targets/include_vars-ad-hoc/vaultpass
1970-01-01 01:00:00.000000000 +0100
+++
new/ansible_core-2.16.13/test/integration/targets/include_vars-ad-hoc/vaultpass
2024-11-04 19:35:35.000000000 +0100
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo supersecurepassword
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/module_utils_facts.system.selinux/tasks/main.yml
new/ansible_core-2.16.13/test/integration/targets/module_utils_facts.system.selinux/tasks/main.yml
---
old/ansible_core-2.16.12/test/integration/targets/module_utils_facts.system.selinux/tasks/main.yml
2024-10-07 21:36:35.000000000 +0200
+++
new/ansible_core-2.16.13/test/integration/targets/module_utils_facts.system.selinux/tasks/main.yml
2024-11-04 19:35:35.000000000 +0100
@@ -22,7 +22,7 @@
register: r
- set_fact:
- selinux_policytype: "{{ r.stdout_lines[0] }}"
+ selinux_policytype: "{{ r.stdout_lines[0] | trim }}"
when: r is success and r.stdout_lines
- assert:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/no_log/action_plugins/action_sets_no_log.py
new/ansible_core-2.16.13/test/integration/targets/no_log/action_plugins/action_sets_no_log.py
---
old/ansible_core-2.16.12/test/integration/targets/no_log/action_plugins/action_sets_no_log.py
1970-01-01 01:00:00.000000000 +0100
+++
new/ansible_core-2.16.13/test/integration/targets/no_log/action_plugins/action_sets_no_log.py
2024-11-04 19:35:35.000000000 +0100
@@ -0,0 +1,8 @@
+from __future__ import annotations
+
+from ansible.plugins.action import ActionBase
+
+
+class ActionModule(ActionBase):
+ def run(self, tmp=None, task_vars=None):
+ return dict(changed=False, failed=False, msg="action result should be
masked", _ansible_no_log="yeppers") # ensure that a truthy non-bool works here
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/no_log/ansible_no_log_in_result.yml
new/ansible_core-2.16.13/test/integration/targets/no_log/ansible_no_log_in_result.yml
---
old/ansible_core-2.16.12/test/integration/targets/no_log/ansible_no_log_in_result.yml
1970-01-01 01:00:00.000000000 +0100
+++
new/ansible_core-2.16.13/test/integration/targets/no_log/ansible_no_log_in_result.yml
2024-11-04 19:35:35.000000000 +0100
@@ -0,0 +1,13 @@
+- hosts: localhost
+ gather_facts: no
+ tasks:
+ - action_sets_no_log:
+ register: res_action
+
+ - assert:
+ that:
+ - res_action.msg == "action result should be masked"
+
+ - action_sets_no_log:
+ loop: [1, 2, 3]
+ register: res_action
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/no_log/dynamic.yml
new/ansible_core-2.16.13/test/integration/targets/no_log/dynamic.yml
--- old/ansible_core-2.16.12/test/integration/targets/no_log/dynamic.yml
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/test/integration/targets/no_log/dynamic.yml
2024-11-04 19:35:35.000000000 +0100
@@ -1,27 +1,42 @@
- name: test dynamic no log
hosts: testhost
gather_facts: no
- ignore_errors: yes
tasks:
- name: no loop, task fails, dynamic no_log
- debug:
- msg: "SHOW {{ var_does_not_exist }}"
+ raw: echo {{ var_does_not_exist }}
no_log: "{{ not (unsafe_show_logs|bool) }}"
+ ignore_errors: yes
+ register: result
+
+ - assert:
+ that:
+ - result is failed
+ - result.results is not defined
- name: loop, task succeeds, dynamic does no_log
- debug:
- msg: "SHOW {{ item }}"
+ raw: echo {{ item }}
loop:
- a
- b
- c
no_log: "{{ not (unsafe_show_logs|bool) }}"
+ register: result
+
+ - assert:
+ that:
+ - result.results | length == 3
- name: loop, task fails, dynamic no_log
- debug:
- msg: "SHOW {{ var_does_not_exist }}"
+ raw: echo {{ var_does_not_exist }}
loop:
- a
- b
- c
no_log: "{{ not (unsafe_show_logs|bool) }}"
+ ignore_errors: yes
+ register: result
+
+ - assert:
+ that:
+ - result is failed
+ - result.results is not defined # DT needs result.results | length
== 3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/no_log/no_log_config.yml
new/ansible_core-2.16.13/test/integration/targets/no_log/no_log_config.yml
--- old/ansible_core-2.16.12/test/integration/targets/no_log/no_log_config.yml
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/test/integration/targets/no_log/no_log_config.yml
2024-11-04 19:35:35.000000000 +0100
@@ -10,4 +10,4 @@
- debug:
- debug:
- loop: '{{ range(3) }}'
+ loop: '{{ range(3) | list }}'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/no_log/no_log_local.yml
new/ansible_core-2.16.13/test/integration/targets/no_log/no_log_local.yml
--- old/ansible_core-2.16.12/test/integration/targets/no_log/no_log_local.yml
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/test/integration/targets/no_log/no_log_local.yml
2024-11-04 19:35:35.000000000 +0100
@@ -4,19 +4,22 @@
hosts: testhost
gather_facts: no
tasks:
+ - include_vars: secretvars.yml
+ no_log: true
+
- name: args should be logged in the absence of no_log
- shell: echo "LOG_ME_TASK_SUCCEEDED"
+ shell: echo "{{log_me_prefix}}TASK_SUCCEEDED"
- name: failed args should be logged in the absence of no_log
- shell: echo "LOG_ME_TASK_FAILED"
+ shell: echo "{{log_me_prefix}}TASK_FAILED"
failed_when: true
ignore_errors: true
- name: item args should be logged in the absence of no_log
shell: echo {{ item }}
- with_items: [ "LOG_ME_ITEM", "LOG_ME_SKIPPED", "LOG_ME_ITEM_FAILED" ]
- when: item != "LOG_ME_SKIPPED"
- failed_when: item == "LOG_ME_ITEM_FAILED"
+ with_items: [ "{{log_me_prefix}}ITEM", "{{log_me_prefix}}SKIPPED",
"{{log_me_prefix}}ITEM_FAILED" ]
+ when: item != log_me_prefix ~ "SKIPPED"
+ failed_when: item == log_me_prefix ~ "ITEM_FAILED"
ignore_errors: true
- name: args should not be logged when task-level no_log set
@@ -61,7 +64,7 @@
no_log: true
- name: args should be logged when task-level no_log overrides play-level
- shell: echo "LOG_ME_OVERRIDE"
+ shell: echo "{{log_me_prefix}}OVERRIDE"
no_log: false
- name: Add a fake host for next play
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/no_log/no_log_suboptions.yml
new/ansible_core-2.16.13/test/integration/targets/no_log/no_log_suboptions.yml
---
old/ansible_core-2.16.12/test/integration/targets/no_log/no_log_suboptions.yml
2024-10-07 21:36:35.000000000 +0200
+++
new/ansible_core-2.16.13/test/integration/targets/no_log/no_log_suboptions.yml
2024-11-04 19:35:35.000000000 +0100
@@ -5,20 +5,20 @@
tasks:
- name: Task with suboptions
module:
- secret: GLAMOROUS
+ secret: "{{ s106 }}"
subopt_dict:
- str_sub_opt1: AFTERMATH
+ str_sub_opt1: "{{ s107 }}"
str_sub_opt2: otherstring
nested_subopt:
- n_subopt1: MANPOWER
+ n_subopt1: "{{ s101 }}"
subopt_list:
- - subopt1: UNTAPPED
+ - subopt1: "{{ s102 }}"
subopt2: thridstring
- - subopt1: CONCERNED
+ - subopt1: "{{ s103 }}"
- name: Task with suboptions as string
module:
- secret: MARLIN
- subopt_dict: str_sub_opt1=FLICK
+ secret: "{{ s104 }}"
+ subopt_dict: str_sub_opt1={{ s105 }}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/no_log/no_log_suboptions_invalid.yml
new/ansible_core-2.16.13/test/integration/targets/no_log/no_log_suboptions_invalid.yml
---
old/ansible_core-2.16.12/test/integration/targets/no_log/no_log_suboptions_invalid.yml
2024-10-07 21:36:35.000000000 +0200
+++
new/ansible_core-2.16.13/test/integration/targets/no_log/no_log_suboptions_invalid.yml
2024-11-04 19:35:35.000000000 +0100
@@ -4,42 +4,45 @@
ignore_errors: yes
tasks:
+ - include_vars: secretvars.yml
+ no_log: true
+
- name: Task with suboptions and invalid parameter
module:
- secret: SUPREME
+ secret: "{{ s201 }}"
invalid: param
subopt_dict:
- str_sub_opt1: IDIOM
+ str_sub_opt1: "{{ s202 }}"
str_sub_opt2: otherstring
nested_subopt:
- n_subopt1: MOCKUP
+ n_subopt1: "{{ s203 }}"
subopt_list:
- - subopt1: EDUCATED
+ - subopt1: "{{ s204 }}"
subopt2: thridstring
- - subopt1: FOOTREST
+ - subopt1: "{{ s205 }}"
- name: Task with suboptions as string with invalid parameter
module:
- secret: FOOTREST
+ secret: "{{ s213 }}"
invalid: param
- subopt_dict: str_sub_opt1=CRAFTY
+ subopt_dict: str_sub_opt1={{ s206 }}
- name: Task with suboptions with dict instead of list
module:
- secret: FELINE
+ secret: "{{ s207 }}"
subopt_dict:
- str_sub_opt1: CRYSTAL
+ str_sub_opt1: "{{ s208 }}"
str_sub_opt2: otherstring
nested_subopt:
- n_subopt1: EXPECTANT
+ n_subopt1: "{{ s209 }}"
subopt_list:
foo: bar
- name: Task with suboptions with incorrect data type
module:
- secret: AGROUND
+ secret: "{{ s210 }}"
subopt_dict: 9068.21361
subopt_list:
- - subopt1: GOLIATH
- - subopt1: FREEFALL
+ - subopt1: "{{ s211 }}"
+ - subopt1: "{{ s212 }}"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/no_log/runme.sh
new/ansible_core-2.16.13/test/integration/targets/no_log/runme.sh
--- old/ansible_core-2.16.12/test/integration/targets/no_log/runme.sh
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/test/integration/targets/no_log/runme.sh
2024-11-04 19:35:35.000000000 +0100
@@ -1,26 +1,32 @@
#!/usr/bin/env bash
-set -eux
+set -eux -o pipefail
+
+# ensure _ansible_no_log returned by actions is actually respected
+ansible-playbook ansible_no_log_in_result.yml -vvvvv >
"${OUTPUT_DIR}/output.log" 2> /dev/null
+
+[ "$(grep -c "action result should be masked" "${OUTPUT_DIR}/output.log")" =
"0" ]
+[ "$(grep -c "the output has been hidden" "${OUTPUT_DIR}/output.log")" = "4" ]
# This test expects 7 loggable vars and 0 non-loggable ones.
# If either mismatches it fails, run the ansible-playbook command to debug.
[ "$(ansible-playbook no_log_local.yml -i ../../inventory -vvvvv "$@" | awk \
-'BEGIN { logme = 0; nolog = 0; } /LOG_ME/ { logme += 1;} /DO_NOT_LOG/ { nolog
+= 1;} END { printf "%d/%d", logme, nolog; }')" = "27/0" ]
+'BEGIN { logme = 0; nolog = 0; } /LOG_ME/ { logme += 1;} /DO_NOT_LOG/ { nolog
+= 1;} END { printf "%d/%d", logme, nolog; }')" = "26/0" ]
# deal with corner cases with no log and loops
# no log enabled, should produce 6 censored messages
-[ "$(ansible-playbook dynamic.yml -i ../../inventory -vvvvv "$@" -e
unsafe_show_logs=no|grep -c 'output has been hidden')" = "6" ]
+[ "$(ansible-playbook dynamic.yml -i ../../inventory -vvvvv "$@" -e
unsafe_show_logs=no|grep -c 'output has been hidden')" = "6" ] # DT needs 7
# no log disabled, should produce 0 censored
[ "$(ansible-playbook dynamic.yml -i ../../inventory -vvvvv "$@" -e
unsafe_show_logs=yes|grep -c 'output has been hidden')" = "0" ]
# test no log for sub options
-[ "$(ansible-playbook no_log_suboptions.yml -i ../../inventory -vvvvv "$@" |
grep -Ec '(MANPOWER|UNTAPPED|CONCERNED|MARLIN|FLICK)')" = "0" ]
+[ "$(ansible-playbook no_log_suboptions.yml -i ../../inventory -vvvvv "$@" |
grep -Ec 'SECRET')" = "0" ]
# test invalid data passed to a suboption
-[ "$(ansible-playbook no_log_suboptions_invalid.yml -i ../../inventory -vvvvv
"$@" | grep -Ec
'(SUPREME|IDIOM|MOCKUP|EDUCATED|FOOTREST|CRAFTY|FELINE|CRYSTAL|EXPECTANT|AGROUND|GOLIATH|FREEFALL)')"
= "0" ]
+[ "$(ansible-playbook no_log_suboptions_invalid.yml -i ../../inventory -vvvvv
"$@" | grep -Ec 'SECRET')" = "0" ]
# test variations on ANSIBLE_NO_LOG
[ "$(ansible-playbook no_log_config.yml -i ../../inventory -vvvvv "$@" | grep
-Ec 'the output has been hidden')" = "1" ]
[ "$(ANSIBLE_NO_LOG=0 ansible-playbook no_log_config.yml -i ../../inventory
-vvvvv "$@" | grep -Ec 'the output has been hidden')" = "1" ]
-[ "$(ANSIBLE_NO_LOG=1 ansible-playbook no_log_config.yml -i ../../inventory
-vvvvv "$@" | grep -Ec 'the output has been hidden')" = "6" ]
+[ "$(ANSIBLE_NO_LOG=1 ansible-playbook no_log_config.yml -i ../../inventory
-vvvvv "$@" | grep -Ec 'the output has been hidden')" = "6" ] # DT needs 5
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/no_log/secretvars.yml
new/ansible_core-2.16.13/test/integration/targets/no_log/secretvars.yml
--- old/ansible_core-2.16.12/test/integration/targets/no_log/secretvars.yml
1970-01-01 01:00:00.000000000 +0100
+++ new/ansible_core-2.16.13/test/integration/targets/no_log/secretvars.yml
2024-11-04 19:35:35.000000000 +0100
@@ -0,0 +1,32 @@
+# These values are in a separate vars file and referenced dynamically to avoid
spurious counts from contextual error messages
+# that show the playbook contents inline (since unencrypted playbook contents
are not considered secret).
+log_me_prefix: LOG_ME_
+
+# Unique values are used for each secret below to ensure that one secret
"learned" does not cause another non-secret
+# value to be considered secret simply because they share the same value. A
common substring is, however, present in
+# each one to simplify searching for secret values in test output. Having a
unique value for each also helps in
+# debugging when unexpected output is encountered.
+
+# secrets for no_log_suboptions.yml
+s101: SECRET101
+s102: SECRET102
+s103: SECRET103
+s104: SECRET104
+s105: SECRET105
+s106: SECRET106
+s107: SECRET107
+
+# secrets for no_log_suboptions_invalid.yml
+s201: SECRET201
+s202: SECRET202
+s203: SECRET203
+s204: SECRET204
+s205: SECRET205
+s206: SECRET206
+s207: SECRET207
+s208: SECRET208
+s209: SECRET209
+s210: SECRET210
+s211: SECRET211
+s212: SECRET212
+s213: SECRET213
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/old_style_vars_plugins/runme.sh
new/ansible_core-2.16.13/test/integration/targets/old_style_vars_plugins/runme.sh
---
old/ansible_core-2.16.12/test/integration/targets/old_style_vars_plugins/runme.sh
2024-10-07 21:36:35.000000000 +0200
+++
new/ansible_core-2.16.13/test/integration/targets/old_style_vars_plugins/runme.sh
2024-11-04 19:35:35.000000000 +0100
@@ -38,13 +38,13 @@
ANSIBLE_DEBUG=True ansible-playbook test_task_vars.yml > out.txt
[ "$(grep -c "Loading VarsModule 'host_group_vars'" out.txt)" -eq 1 ]
-[ "$(grep -c "Loading VarsModule 'require_enabled'" out.txt)" -gt 50 ]
-[ "$(grep -c "Loading VarsModule 'auto_enabled'" out.txt)" -gt 50 ]
+[ "$(grep -c "Loading VarsModule 'require_enabled'" out.txt)" -eq 22 ]
+[ "$(grep -c "Loading VarsModule 'auto_enabled'" out.txt)" -eq 22 ]
export ANSIBLE_VARS_ENABLED=ansible.builtin.host_group_vars
ANSIBLE_DEBUG=True ansible-playbook test_task_vars.yml > out.txt
[ "$(grep -c "Loading VarsModule 'host_group_vars'" out.txt)" -eq 1 ]
[ "$(grep -c "Loading VarsModule 'require_enabled'" out.txt)" -lt 3 ]
-[ "$(grep -c "Loading VarsModule 'auto_enabled'" out.txt)" -gt 50 ]
+[ "$(grep -c "Loading VarsModule 'auto_enabled'" out.txt)" -eq 22 ]
ansible localhost -m include_role -a 'name=a' "$@"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/user/tasks/main.yml
new/ansible_core-2.16.13/test/integration/targets/user/tasks/main.yml
--- old/ansible_core-2.16.12/test/integration/targets/user/tasks/main.yml
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/test/integration/targets/user/tasks/main.yml
2024-11-04 19:35:35.000000000 +0100
@@ -38,7 +38,8 @@
- import_tasks: test_ssh_key_passphrase.yml
- import_tasks: test_password_lock.yml
- import_tasks: test_password_lock_new_user.yml
-- import_tasks: test_local.yml
+- include_tasks: test_local.yml
when: not (ansible_distribution == 'openSUSE Leap' and
ansible_distribution_version is version('15.4', '>='))
-- import_tasks: test_umask.yml
+- include_tasks: test_umask.yml
when: ansible_facts.system == 'Linux'
+- import_tasks: ssh_keygen.yml
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/user/tasks/ssh_keygen.yml
new/ansible_core-2.16.13/test/integration/targets/user/tasks/ssh_keygen.yml
--- old/ansible_core-2.16.12/test/integration/targets/user/tasks/ssh_keygen.yml
1970-01-01 01:00:00.000000000 +0100
+++ new/ansible_core-2.16.13/test/integration/targets/user/tasks/ssh_keygen.yml
2024-11-04 19:35:35.000000000 +0100
@@ -0,0 +1,100 @@
+- name: user generating ssh keys tests
+ become: true
+ vars:
+ home: "{{ (ansible_facts['os_family'] ==
'Darwin')|ternary('/Users/ansibulluser/', '/home/ansibulluser/')}}"
+ ssh_key_file: .ssh/ansible_test_rsa
+ pub_file: '{{ssh_key_file}}.pub'
+ key_files:
+ - '{{ssh_key_file}}'
+ - '{{pub_file}}'
+ block:
+ - name: Ensure clean/non existsing ansibulluser
+ user: name=ansibulluser state=absent
+
+ - name: Test creating ssh key creation
+ block:
+ - name: Create user with ssh key
+ user:
+ name: ansibulluser
+ state: present
+ generate_ssh_key: yes
+ ssh_key_file: '{{ ssh_key_file}}'
+
+ - name: check files exist
+ stat:
+ path: '{{home ~ item}}'
+ register: stat_keys
+ loop: '{{ key_files }}'
+
+ - name: ensure they exist
+ assert:
+ that:
+ - stat_keys.results[item].stat.exists
+ loop: [0, 1]
+
+ always:
+ - name: Clean ssh keys
+ file: path={{ home ~ item }} state=absent
+ loop: '{{ key_files }}'
+
+ - name: Ensure clean/non existsing ansibulluser
+ user: name=ansibulluser state=absent
+
+ - name: Ensure we don't break on conflicts
+ block:
+ - name: flag file for test
+ tempfile:
+ register: flagfile
+
+ - name: precreate public .ssh
+ file: path={{home ~ '.ssh'}} state=directory
+
+ - name: setup public key linked to flag file
+ file: path={{home ~ pub_file}} src={{flagfile.path}} state=link
+
+ - name: Create user with ssh key
+ user:
+ name: ansibulluser
+ state: present
+ generate_ssh_key: yes
+ ssh_key_file: '{{ ssh_key_file }}'
+ ignore_errors: true
+ register: user_no_force
+
+ - stat: path={{home ~ pub_file}}
+ register: check_pub
+
+ - name: ensure we didn't overwrite
+ assert:
+ that:
+ - check_pub.stat.exists
+ - check_pub.stat.islnk
+ - check_pub.stat.uid == 0
+
+ - name: Create user with ssh key
+ user:
+ name: ansibulluser
+ state: present
+ generate_ssh_key: yes
+ ssh_key_file: '{{ ssh_key_file }}'
+ force: true
+ ignore_errors: true
+ register: user_force
+
+ - stat: path={{home ~ pub_file}}
+ register: check_pub2
+
+ - name: ensure we failed since we didn't force overwrite
+ assert:
+ that:
+ - user_force is success
+ - check_pub2.stat.exists
+ - not check_pub2.stat.islnk
+ - check_pub2.stat.uid != 0
+ always:
+ - name: Clean up files
+ file: path={{ home ~ item }} state=absent
+ loop: '{{ key_files + [flagfile.path] }}'
+
+ - name: Ensure clean/non existsing ansibulluser
+ user: name=ansibulluser state=absent
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/integration/targets/user/tasks/test_local.yml
new/ansible_core-2.16.13/test/integration/targets/user/tasks/test_local.yml
--- old/ansible_core-2.16.12/test/integration/targets/user/tasks/test_local.yml
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/test/integration/targets/user/tasks/test_local.yml
2024-11-04 19:35:35.000000000 +0100
@@ -39,6 +39,15 @@
tags:
- user_test_local_mode
+- name: Ensure no local_ansibulluser
+ user:
+ name: local_ansibulluser
+ state: absent
+ local: yes
+ remove: true
+ tags:
+ - user_test_local_mode
+
- name: Create local_ansibulluser
user:
name: local_ansibulluser
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/lib/ansible_test/_internal/docker_util.py
new/ansible_core-2.16.13/test/lib/ansible_test/_internal/docker_util.py
--- old/ansible_core-2.16.12/test/lib/ansible_test/_internal/docker_util.py
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/test/lib/ansible_test/_internal/docker_util.py
2024-11-04 19:35:35.000000000 +0100
@@ -20,6 +20,8 @@
SubprocessError,
cache,
OutputStream,
+ InternalError,
+ format_command_output,
)
from .util_common import (
@@ -300,7 +302,7 @@
options = ['--volume', '/sys/fs/cgroup:/probe:ro']
cmd = ['sh', '-c', ' && echo "-" && '.join(multi_line_commands)]
- stdout = run_utility_container(args, 'ansible-test-probe', cmd, options)[0]
+ stdout, stderr = run_utility_container(args, 'ansible-test-probe', cmd,
options)
if args.explain:
return ContainerHostProperties(
@@ -313,6 +315,12 @@
blocks = stdout.split('\n-\n')
+ if len(blocks) != len(multi_line_commands):
+ message = f'Unexpected probe output. Expected
{len(multi_line_commands)} blocks but found {len(blocks)}.\n'
+ message += format_command_output(stdout, stderr)
+
+ raise InternalError(message.strip())
+
values = blocks[0].split('\n')
audit_parts = values[0].split(' ', 1)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/lib/ansible_test/_internal/util.py
new/ansible_core-2.16.13/test/lib/ansible_test/_internal/util.py
--- old/ansible_core-2.16.12/test/lib/ansible_test/_internal/util.py
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/test/lib/ansible_test/_internal/util.py
2024-11-04 19:35:35.000000000 +0100
@@ -930,14 +930,7 @@
error_callback: t.Optional[c.Callable[[SubprocessError], None]] = None,
) -> None:
message = 'Command "%s" returned exit status %s.\n' %
(shlex.join(cmd), status)
-
- if stderr:
- message += '>>> Standard Error\n'
- message += '%s%s\n' % (stderr.strip(), Display.clear)
-
- if stdout:
- message += '>>> Standard Output\n'
- message += '%s%s\n' % (stdout.strip(), Display.clear)
+ message += format_command_output(stdout, stderr)
self.cmd = cmd
self.message = message
@@ -981,6 +974,21 @@
self._callback()
+def format_command_output(stdout: str, stderr: str) -> str:
+ """Return a formatted string containing the given stdout and stderr (if
any)."""
+ message = ''
+
+ if stderr := stderr.strip():
+ message += '>>> Standard Error\n'
+ message += f'{stderr}{Display.clear}\n'
+
+ if stdout := stdout.strip():
+ message += '>>> Standard Output\n'
+ message += f'{stdout}{Display.clear}\n'
+
+ return message
+
+
def retry(func: t.Callable[..., TValue], ex_type: t.Type[BaseException] =
SubprocessError, sleep: int = 10, attempts: int = 10, warn: bool = True) ->
TValue:
"""Retry the specified function on failure."""
for dummy in range(1, attempts):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/lib/ansible_test/_util/controller/sanity/pylint/plugins/hide_unraisable.py
new/ansible_core-2.16.13/test/lib/ansible_test/_util/controller/sanity/pylint/plugins/hide_unraisable.py
---
old/ansible_core-2.16.12/test/lib/ansible_test/_util/controller/sanity/pylint/plugins/hide_unraisable.py
2024-10-07 21:36:35.000000000 +0200
+++
new/ansible_core-2.16.13/test/lib/ansible_test/_util/controller/sanity/pylint/plugins/hide_unraisable.py
2024-11-04 19:35:35.000000000 +0100
@@ -1,4 +1,4 @@
-"""Temporary plugin to prevent stdout noise pollution from finalization of
abandoned generators under Python 3.12"""
+"""Temporary plugin to prevent stdout noise pollution from finalization of
abandoned generators."""
from __future__ import annotations
import sys
@@ -10,7 +10,7 @@
def _mask_finalizer_valueerror(ur: t.Any) -> None:
"""Mask only ValueErrors from finalizing abandoned generators; delegate
everything else"""
- # work around Py3.12 finalizer changes that sometimes spews this error
message to stdout
+ # work around Python finalizer issue that sometimes spews this error
message to stdout
# see https://github.com/pylint-dev/pylint/issues/9138
if ur.exc_type is ValueError and 'generator already executing' in
str(ur.exc_value):
return
@@ -20,5 +20,4 @@
def register(linter: PyLinter) -> None: # pylint: disable=unused-argument
"""PyLint plugin registration entrypoint"""
- if sys.version_info >= (3, 12):
- sys.unraisablehook = _mask_finalizer_valueerror
+ sys.unraisablehook = _mask_finalizer_valueerror
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/units/executor/test_play_iterator.py
new/ansible_core-2.16.13/test/units/executor/test_play_iterator.py
--- old/ansible_core-2.16.12/test/units/executor/test_play_iterator.py
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/test/units/executor/test_play_iterator.py
2024-11-04 19:35:35.000000000 +0100
@@ -152,10 +152,6 @@
(host_state, task) = itr.get_next_task_for_host(hosts[0])
self.assertIsNotNone(task)
self.assertEqual(task.action, 'debug')
- # implicit meta: flush_handlers
- (host_state, task) = itr.get_next_task_for_host(hosts[0])
- self.assertIsNotNone(task)
- self.assertEqual(task.action, 'meta')
# role task
(host_state, task) = itr.get_next_task_for_host(hosts[0])
self.assertIsNotNone(task)
@@ -266,18 +262,10 @@
self.assertIsNotNone(task)
self.assertEqual(task.action, 'debug')
self.assertEqual(task.args, dict(msg="this is a sub-block in an
always"))
- # implicit meta: flush_handlers
- (host_state, task) = itr.get_next_task_for_host(hosts[0])
- self.assertIsNotNone(task)
- self.assertEqual(task.action, 'meta')
# post task
(host_state, task) = itr.get_next_task_for_host(hosts[0])
self.assertIsNotNone(task)
self.assertEqual(task.action, 'debug')
- # implicit meta: flush_handlers
- (host_state, task) = itr.get_next_task_for_host(hosts[0])
- self.assertIsNotNone(task)
- self.assertEqual(task.action, 'meta')
# end of iteration
(host_state, task) = itr.get_next_task_for_host(hosts[0])
self.assertIsNone(task)
@@ -342,11 +330,6 @@
all_vars=dict(),
)
- # implicit meta: flush_handlers
- (host_state, task) = itr.get_next_task_for_host(hosts[0])
- self.assertIsNotNone(task)
- self.assertEqual(task.action, 'meta')
- self.assertEqual(task.args, dict(_raw_params='flush_handlers'))
# get the first task
(host_state, task) = itr.get_next_task_for_host(hosts[0])
self.assertIsNotNone(task)
@@ -364,16 +347,6 @@
self.assertIsNotNone(task)
self.assertEqual(task.action, 'debug')
self.assertEqual(task.args, dict(msg='this is the always task'))
- # implicit meta: flush_handlers
- (host_state, task) = itr.get_next_task_for_host(hosts[0])
- self.assertIsNotNone(task)
- self.assertEqual(task.action, 'meta')
- self.assertEqual(task.args, dict(_raw_params='flush_handlers'))
- # implicit meta: flush_handlers
- (host_state, task) = itr.get_next_task_for_host(hosts[0])
- self.assertIsNotNone(task)
- self.assertEqual(task.action, 'meta')
- self.assertEqual(task.args, dict(_raw_params='flush_handlers'))
# end of iteration
(host_state, task) = itr.get_next_task_for_host(hosts[0])
self.assertIsNone(task)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ansible_core-2.16.12/test/units/plugins/strategy/test_linear.py
new/ansible_core-2.16.13/test/units/plugins/strategy/test_linear.py
--- old/ansible_core-2.16.12/test/units/plugins/strategy/test_linear.py
2024-10-07 21:36:35.000000000 +0200
+++ new/ansible_core-2.16.13/test/units/plugins/strategy/test_linear.py
2024-11-04 19:35:35.000000000 +0100
@@ -87,16 +87,6 @@
strategy._hosts_cache = [h.name for h in hosts]
strategy._hosts_cache_all = [h.name for h in hosts]
- # implicit meta: flush_handlers
- hosts_left = strategy.get_hosts_left(itr)
- hosts_tasks = strategy._get_next_task_lockstep(hosts_left, itr)
- host1_task = hosts_tasks[0][1]
- host2_task = hosts_tasks[1][1]
- self.assertIsNotNone(host1_task)
- self.assertIsNotNone(host2_task)
- self.assertEqual(host1_task.action, 'meta')
- self.assertEqual(host2_task.action, 'meta')
-
# debug: task1, debug: task1
hosts_left = strategy.get_hosts_left(itr)
hosts_tasks = strategy._get_next_task_lockstep(hosts_left, itr)
@@ -112,69 +102,35 @@
# mark the second host failed
itr.mark_host_failed(hosts[1])
- # debug: task2, meta: noop
+ # debug: task2, noop
hosts_left = strategy.get_hosts_left(itr)
hosts_tasks = strategy._get_next_task_lockstep(hosts_left, itr)
- host1_task = hosts_tasks[0][1]
- host2_task = hosts_tasks[1][1]
- self.assertIsNotNone(host1_task)
- self.assertIsNotNone(host2_task)
- self.assertEqual(host1_task.action, 'debug')
- self.assertEqual(host2_task.action, 'meta')
- self.assertEqual(host1_task.name, 'task2')
- self.assertEqual(host2_task.name, '')
+ self.assertEqual(len(hosts_tasks), 1)
+ host, task = hosts_tasks[0]
+ self.assertEqual(host.name, 'host00')
+ self.assertEqual(task.action, 'debug')
+ self.assertEqual(task.name, 'task2')
- # meta: noop, debug: rescue1
+ # noop, debug: rescue1
hosts_left = strategy.get_hosts_left(itr)
hosts_tasks = strategy._get_next_task_lockstep(hosts_left, itr)
- host1_task = hosts_tasks[0][1]
- host2_task = hosts_tasks[1][1]
- self.assertIsNotNone(host1_task)
- self.assertIsNotNone(host2_task)
- self.assertEqual(host1_task.action, 'meta')
- self.assertEqual(host2_task.action, 'debug')
- self.assertEqual(host1_task.name, '')
- self.assertEqual(host2_task.name, 'rescue1')
+ self.assertEqual(len(hosts_tasks), 1)
+ host, task = hosts_tasks[0]
+ self.assertEqual(host.name, 'host01')
+ self.assertEqual(task.action, 'debug')
+ self.assertEqual(task.name, 'rescue1')
- # meta: noop, debug: rescue2
+ # noop, debug: rescue2
hosts_left = strategy.get_hosts_left(itr)
hosts_tasks = strategy._get_next_task_lockstep(hosts_left, itr)
- host1_task = hosts_tasks[0][1]
- host2_task = hosts_tasks[1][1]
- self.assertIsNotNone(host1_task)
- self.assertIsNotNone(host2_task)
- self.assertEqual(host1_task.action, 'meta')
- self.assertEqual(host2_task.action, 'debug')
- self.assertEqual(host1_task.name, '')
- self.assertEqual(host2_task.name, 'rescue2')
-
- # implicit meta: flush_handlers
- hosts_left = strategy.get_hosts_left(itr)
- hosts_tasks = strategy._get_next_task_lockstep(hosts_left, itr)
- host1_task = hosts_tasks[0][1]
- host2_task = hosts_tasks[1][1]
- self.assertIsNotNone(host1_task)
- self.assertIsNotNone(host2_task)
- self.assertEqual(host1_task.action, 'meta')
- self.assertEqual(host2_task.action, 'meta')
-
- # implicit meta: flush_handlers
- hosts_left = strategy.get_hosts_left(itr)
- hosts_tasks = strategy._get_next_task_lockstep(hosts_left, itr)
- host1_task = hosts_tasks[0][1]
- host2_task = hosts_tasks[1][1]
- self.assertIsNotNone(host1_task)
- self.assertIsNotNone(host2_task)
- self.assertEqual(host1_task.action, 'meta')
- self.assertEqual(host2_task.action, 'meta')
+ self.assertEqual(len(hosts_tasks), 1)
+ host, task = hosts_tasks[0]
+ self.assertEqual(host.name, 'host01')
+ self.assertEqual(task.action, 'debug')
+ self.assertEqual(task.name, 'rescue2')
# end of iteration
- hosts_left = strategy.get_hosts_left(itr)
- hosts_tasks = strategy._get_next_task_lockstep(hosts_left, itr)
- host1_task = hosts_tasks[0][1]
- host2_task = hosts_tasks[1][1]
- self.assertIsNone(host1_task)
- self.assertIsNone(host2_task)
+ assert not
strategy._get_next_task_lockstep(strategy.get_hosts_left(itr), itr)
def test_noop_64999(self):
fake_loader = DictDataLoader({
@@ -242,16 +198,6 @@
strategy._hosts_cache = [h.name for h in hosts]
strategy._hosts_cache_all = [h.name for h in hosts]
- # implicit meta: flush_handlers
- hosts_left = strategy.get_hosts_left(itr)
- hosts_tasks = strategy._get_next_task_lockstep(hosts_left, itr)
- host1_task = hosts_tasks[0][1]
- host2_task = hosts_tasks[1][1]
- self.assertIsNotNone(host1_task)
- self.assertIsNotNone(host2_task)
- self.assertEqual(host1_task.action, 'meta')
- self.assertEqual(host2_task.action, 'meta')
-
# debug: task1, debug: task1
hosts_left = strategy.get_hosts_left(itr)
hosts_tasks = strategy._get_next_task_lockstep(hosts_left, itr)
@@ -267,17 +213,14 @@
# mark the second host failed
itr.mark_host_failed(hosts[1])
- # meta: noop, debug: rescue1
+ # noop, debug: rescue1
hosts_left = strategy.get_hosts_left(itr)
hosts_tasks = strategy._get_next_task_lockstep(hosts_left, itr)
- host1_task = hosts_tasks[0][1]
- host2_task = hosts_tasks[1][1]
- self.assertIsNotNone(host1_task)
- self.assertIsNotNone(host2_task)
- self.assertEqual(host1_task.action, 'meta')
- self.assertEqual(host2_task.action, 'debug')
- self.assertEqual(host1_task.name, '')
- self.assertEqual(host2_task.name, 'rescue1')
+ self.assertEqual(len(hosts_tasks), 1)
+ host, task = hosts_tasks[0]
+ self.assertEqual(host.name, 'host01')
+ self.assertEqual(task.action, 'debug')
+ self.assertEqual(task.name, 'rescue1')
# debug: after_rescue1, debug: after_rescue1
hosts_left = strategy.get_hosts_left(itr)
@@ -291,30 +234,5 @@
self.assertEqual(host1_task.name, 'after_rescue1')
self.assertEqual(host2_task.name, 'after_rescue1')
- # implicit meta: flush_handlers
- hosts_left = strategy.get_hosts_left(itr)
- hosts_tasks = strategy._get_next_task_lockstep(hosts_left, itr)
- host1_task = hosts_tasks[0][1]
- host2_task = hosts_tasks[1][1]
- self.assertIsNotNone(host1_task)
- self.assertIsNotNone(host2_task)
- self.assertEqual(host1_task.action, 'meta')
- self.assertEqual(host2_task.action, 'meta')
-
- # implicit meta: flush_handlers
- hosts_left = strategy.get_hosts_left(itr)
- hosts_tasks = strategy._get_next_task_lockstep(hosts_left, itr)
- host1_task = hosts_tasks[0][1]
- host2_task = hosts_tasks[1][1]
- self.assertIsNotNone(host1_task)
- self.assertIsNotNone(host2_task)
- self.assertEqual(host1_task.action, 'meta')
- self.assertEqual(host2_task.action, 'meta')
-
# end of iteration
- hosts_left = strategy.get_hosts_left(itr)
- hosts_tasks = strategy._get_next_task_lockstep(hosts_left, itr)
- host1_task = hosts_tasks[0][1]
- host2_task = hosts_tasks[1][1]
- self.assertIsNone(host1_task)
- self.assertIsNone(host2_task)
+ assert not
strategy._get_next_task_lockstep(strategy.get_hosts_left(itr), itr)
++++++ ansible_core-2.16.12.tar.gz.sha256 -> ansible_core-2.16.13.tar.gz.sha256
++++++
---
/work/SRC/openSUSE:Factory/ansible-core-2.16/ansible_core-2.16.12.tar.gz.sha256
2024-10-11 17:03:29.697654395 +0200
+++
/work/SRC/openSUSE:Factory/.ansible-core-2.16.new.2017/ansible_core-2.16.13.tar.gz.sha256
2024-11-15 15:43:03.669966926 +0100
@@ -1 +1 @@
-5b594cf5fda0d49d5f21448e4b708c1859f61713bfa6fb85674dbbb0a44af1be
ansible_core-2.16.12.tar.gz
+45194e11efe3c4c0c9bb0b112b6ddc1ca5028a01be6b41bae593576a8b1127af
ansible_core-2.16.13.tar.gz
