acl: correctly assert needed changes when recursive is true
SUMMARY
Right now, when setting recursive ACLs on a directory, all files in the directory are tested to check if a change is needed. If a single file has expected ACLs already set, then the test returns False and no changes are applied.
Fixes#592
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
acl
ADDITIONAL INFORMATION
I'm very much a beginner in Python, so any criticism is welcome.
Reviewed-by: Hideki Saito <saito@fgrep.org>
(cherry picked from commit c4b1c2b0fb)
Co-authored-by: centosinfra-prod-github-app[bot] <161850885+centosinfra-prod-github-app[bot]@users.noreply.github.com>
Fix all deprecated module_utils imports before ansible-core 2.24 removal
SUMMARY
Fixes all deprecated ansible.module_utils imports across the entire collection that will be removed in ansible-core 2.24.
This PR comprehensively addresses deprecation warnings reported in #686 by updating import statements in 20 files to use the new recommended import paths, and removes 8 unused test utility files that contained deprecated imports.
Deprecated imports replaced:
Deprecated import
Replacement
ansible.module_utils._text
ansible.module_utils.common.text.converters
ansible.module_utils.common._collections_compat
collections.abc
ansible.module_utils.six.moves.shlex_quote
shlex.quote
ansible.module_utils.six.moves.reduce
functools.reduce
ansible.module_utils.six.moves.urllib.parse.urlparse
urllib.parse.urlparse
ansible.module_utils.six.string_types
basestring/str (Python 2/3 compatible)
ansible.module_utils.six.text_type
str
ansible.module_utils.six.PY3
Removed (simplified Python 2/3 conditionals)
ansible.module_utils.six.with_metaclass
Native metaclass= syntax
ansible.module_utils.six.iteritems
dict.items()
Files fixed (20 files, 1 commit per file for easier review):
plugins/action/patch.py
plugins/action/synchronize.py
plugins/callback/cgroup_perf_recap.py
plugins/callback/json.py
plugins/callback/jsonl.py
plugins/callback/profile_roles.py
plugins/callback/profile_tasks.py
plugins/modules/acl.py
plugins/modules/authorized_key.py
plugins/modules/firewalld_info.py
plugins/modules/mount.py
plugins/modules/patch.py
plugins/modules/rhel_rpm_ostree.py
plugins/modules/rpm_ostree_upgrade.py
plugins/modules/seboolean.py
plugins/modules/synchronize.py
plugins/modules/sysctl.py
plugins/shell/csh.py
plugins/shell/fish.py
tests/unit/modules/system/test_mount.py
Files deleted (8 unused test utility files):
These files are dead code - none of them are imported or used anywhere in the test suite or the collection. Removing them also addresses Python 2.7 compatibility concerns raised in code review, as several contained deprecated imports that would be incorrect to fix for Python 2.
tests/unit/compat/builtins.py
tests/unit/mock/loader.py
tests/unit/mock/path.py
tests/unit/mock/procenv.py
tests/unit/mock/vault_helper.py
tests/unit/mock/yaml_helper.py
tests/unit/modules/conftest.py
tests/unit/modules/utils.py
Completeness verified with:
git grep -n -P '_compat|utils._text|utils.six' -- '*.py' | grep -v yml
This command returns no results, confirming all deprecated imports have been replaced.
Notes on Python 2.7 compatibility:
For modules that may run on Python 2.7 managed hosts (e.g., authorized_key.py, synchronize.py, sysctl.py), Python 2/3 compatible fallbacks were used instead of direct Python 3 replacements:
authorized_key.py: try/except ImportError for urllib.parse.urlparse (falls back to urlparse on Python 2)
synchronize.py: try/except ImportError for shlex.quote (falls back to pipes.quote on Python 2)
sysctl.py: uses sys.version_info to set string_types to str on Python 3 (basestring on Python 2)
Also removes corresponding pylint:ansible-bad-import-from entries from tests/sanity/ignore-2.21.txt and tests/sanity/ignore-2.22.txt where applicable.
Fixes#686
ISSUE TYPE
Bugfix Pull Request
ADDITIONAL INFORMATION
Approach:
Each file is fixed in a separate commit for easier code review. The changelog fragment is added in a final commit. Corresponding pylint:ansible-bad-import-from ignore entries in tests/sanity/ignore-2.21.txt and tests/sanity/ignore-2.22.txt are removed in the same commit as the file fix (or the file removal commit).
CI results:
All 59 checks passing (Azure Pipelines sanity, units, lint, Docker, Remote across ansible-core 2.17 through devel, and Zuul ansible/check).
Reviewed-by: Felix Fontein <felix@fontein.de>
Reviewed-by: Pavel Bar
Reviewed-by: Abhijeet Kasurde
(cherry picked from commit 2022c1bd86)
Co-authored-by: centosinfra-prod-github-app[bot] <161850885+centosinfra-prod-github-app[bot]@users.noreply.github.com>
Fixes#462 notice permission denied on authorized_key module
SUMMARY
As of right now the authorized_key module does not notice on an "absent" if a authorized_keys file is simply not readable to the executing user. I am trying to fix that
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
authorized_key
ADDITIONAL INFORMATION
Execute as a user that does not have access to the root users authorized keys file
- name: Delete key from root user
ansible.posix.authorized_key:
state: absent
user: root
key: ssh-rsa xxxxxxxx
- name: Delete key from root user
become: true
ansible.posix.authorized_key:
state: absent
user: root
key: ssh-rsa xxxxxxxx
The one without become will succeed before my change and will fail with a permission denied error after my change. The 2nd task will actually remove a key from root user if become privileges are available for the executing user
Reviewed-by: Brian Coca
Reviewed-by: Klaas Demter
Reviewed-by: Felix Fontein <felix@fontein.de>
Reviewed-by: Hideki Saito <saito@fgrep.org>
(cherry picked from commit 72a6eb9729)
Co-authored-by: softwarefactory-project-zuul[bot] <33884098+softwarefactory-project-zuul[bot]@users.noreply.github.com>
Added lastest branches and updated information
Normalized test versions to cover all supported ones
Apply suggestions from code review
(cherry picked from commit 0cc6be274c)
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* This is a temporary measure until we stop covering Python2
* Skipped sanity[cannot-ignore] to keep backward compatibility with Python2
* Consolidate all ansible-lint option locations into .ansible-lint
* Fixed some typos
Signed-off-by: saito-hideki <saito@fgrep.org>
(cherry picked from commit 9dc73a686a)
[AZP][CI] Update AZP matrix to follow ansible-test changes
SUMMARY
Update AZP matrix to follow ansible-test changes
ansible/ansible/pull/85558
ansible/ansible/pull/85561
ansible/ansible/pull/85562
ISSUE TYPE
CI Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
[CI] bump ansible-core version to 2.20 for devel branch
SUMMARY
Bump ansible-core version to 2.20 for devel branch.
Bump devel test to ansible-core 2.19
Add ansible-core 2.18 to the stable list
ISSUE TYPE
CI Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
[AZP] Add RHEL10 environment to CI matrix
SUMMARY
Add RHEL10 environment to CI matrix
Fixes#642
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
N/A
Fixes issue related to latest ansible-core devel branch
SUMMARY
Fixes a bug related to updating the ansible-core devel branch.
Fixes incorrect load path for json module in cgroup_perf_recap
Remove unnecessary condition from seboolean integration tests
Optimize conditions for selinux integration tests
Fixes#630
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ansible.posix.cgroup_perf_recap
ADDITIONAL INFORMATION
N/A
improve mount integration tests
SUMMARY
added check mode tests (assert no changes made)
added comments to make file less scary
ISSUE TYPE
tests
COMPONENT NAME
mount
ADDITIONAL INFORMATION
Reviewed-by: Abhijeet Kasurde
Reviewed-by: Hideki Saito <saito@fgrep.org>
[Breaking Change] [firewalld] Change type of icmp_block_inversion option from str to bool
SUMMARY
Changed the type of icmp_block_inversion option from str to bool
Fixes#586
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ansible.posix.firewalld
ADDITIONAL INFORMATION
Related #582 and #584
Reviewed-by: Adam Miller <admiller@redhat.com>
Reviewed-by: Andrew Klychkov <aklychko@redhat.com>
authorized_key: Allow local path to a key
SUMMARY
Add option to specify an absolute path to file with SSH key(s) for authorized_key
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
authorized_key
ADDITIONAL INFORMATION
Before this change you would need to get key using ansible.builtin.slurp or something like ansible.builtin.command: cat <file> with register
I tried to keep it as simple as possible
# Now this is possible
- name: Set authorized keys taken from path
ansible.posix.authorized_key:
user: charlie
state: present
key: /home/charlie/.ssh/id_rsa.pub
Reviewed-by: Hideki Saito <saito@fgrep.org>
Reviewed-by: alexander
* bump devel test to ansible-core 2.19
* add ansible-core 2.18 to stable list but CI only covers sanity test at the moment.
Signed-off-by: Hideki Saito <saito@fgrep.org>
(feat) add no_log option for 'opts' parameter
SUMMARY
Allows you to set no_log on just the opts parameter.
This is useful for CIFS/SMB mounts that would otherwise leak secrets.
Adds feature from issue: . #497
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
mount
Reviewed-by: Hideki Saito <saito@fgrep.org>
firewalld: make offline do something
SUMMARY
ansible.posix.firewalld has an offline flag, but it currently does not do anything. What most people expect it to do is allow the task to proceed even when firewalld is offline, so it makes the most sense for it to override the immediate flag and prevent the module from throwing an error in that case.
Fixes#81.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
firewalld
ADDITIONAL INFORMATION
Reviewed-by: Adam Miller <admiller@redhat.com>
Respawn modules to use the system python interpreter
SUMMARY
The seboolean, selinux, firewalld, and firewalld_info modules depend on
system bindings that are only available for the default system python
interpreter. ansible-core is not packaged for the default system python
interpreter on RHEL 8 and 9. When automatic interpreter discovery does
not occur (e.g. when using implicit localhost [1]), ansible-core will
not use the system interpreter to run ansible modules and the
aforementioned modules will not work even if the bindings are installed.
The RHEL ansible-core maintainers as well as the EPEL ansible and
ansible-collection-* package maintainers (inc. me) have gotten multiple
bug reports about this. We have been telling people to fix their setup
to use the correct Python interpreter. Fortunately, ansible-core 2.11
and above have a module utility that'll respawn modules to use the
correct system interpreter.
[1] https://docs.ansible.com/ansible/latest/inventory/implicit_localhost.html
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
seboolean
selinux
firewalld
firewalld_info
Reviewed-by: Adam Miller <admiller@redhat.com>
Update AZP to support stable-2.15 branch
SUMMARY
Update AZP to support stable-2.15 branch.
Fixes#444
ISSUE TYPE
CI tests Pull Request
COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None
