The controller's fixup_perms2 uses filesystem acls to make the temporary
file for copy readable by an unprivileged become user. On Python3, the
acls are then copied to the destination filename so we have to remove
them from there.
We can't remove them prior to the copy because we may not have
permission to read the file if the acls are not present. We can't
remove them in atomic_move() because the move function shouldn't know
anything about controller features. We may want to generalize this into
a helper function, though.
Fixes#44412
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
The host could have been either the inventory name (`inventory_hostname`)
or the discovered hostname (`ansible_hostname`)
Inspecting the source code of `fetch.py` shows that the
inventory name is preferred.
```
if 'inventory_hostname' in task_vars:
target_name = task_vars['inventory_hostname']
```
* Fix wrong example, remove strictness and fix tests
It was obvious that (because of an incorrect example) people were using
the **xml** module incorrectly, specifying the `attribute` parameter
where it was not supported (i.e. ignored).
While this functionality would have been useful, it currently returns as
if the information was requested from the parent, so we cannot simply
make it to what would be expected.
Therefor the real solution is to provide a warning when we find
incorrect use, and deprecate this use. Then later we could implement
this functionality correctly.
While troubleshooting this issue, I found that in some cases our
integration tests were not being run when we expected it.
This fixes#53459
* Change warning
* Fix weird sanity test error
* Add a comment to the deprecate-test
* Use locking for concurrent file access
This implements locking to be used for modules that are used for
concurrent file access, like lineinfile or known_hosts.
* Reinstate lock_timeout
This commit includes:
- New file locking infrastructure for modules
- Enable timeout tests
- Madifications to support concurrency with lineinfile
* Rebase, update changelog and tests
We need to specify ansible_python_interpreter to avoid running interpreter discovery and selecting the incorrect interpreter.
Remove the import of lock in known_hosts since it is not used.
When using before and after in combination, the opposite behavior was induced. This PR makes the the replacement happen between the specified patterns as intended.
* Added integration tests
* Add changelog, porting guide entry, and minor doc fixes
This PR includes:
- fixes to validate-modules issues
All modules already include parameter types.
The remaining files-modules have action plugins, so comparing to the arg_spec only is incorrect.
Leave it up to the module to return the state in the results.
I went through all the modules in files/ and only found one case where the module needed to return this. No other modules return paths that do not exists.
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Introduce new "required_by' argument_spec option
This PR introduces a new **required_by** argument_spec option which allows you to say *"if parameter A is set, parameter B and C are required as well"*.
- The difference with **required_if** is that it can only add dependencies if a parameter is set to a specific value, not when it is just defined.
- The difference with **required_together** is that it has a commutative property, so: *"Parameter A and B are required together, if one of them has been defined"*.
As an example, we need this for the complex options that the xml module provides. One of the issues we often see is that users are not using the correct combination of options, and then are surprised that the module does not perform the requested action(s).
This would be solved by adding the correct dependencies, and mutual exclusives. For us this is important to get this shipped together with the new xml module in Ansible v2.4. (This is related to bugfix https://github.com/ansible/ansible/pull/28657)
```python
module = AnsibleModule(
argument_spec=dict(
path=dict(type='path', aliases=['dest', 'file']),
xmlstring=dict(type='str'),
xpath=dict(type='str'),
namespaces=dict(type='dict', default={}),
state=dict(type='str', default='present', choices=['absent',
'present'], aliases=['ensure']),
value=dict(type='raw'),
attribute=dict(type='raw'),
add_children=dict(type='list'),
set_children=dict(type='list'),
count=dict(type='bool', default=False),
print_match=dict(type='bool', default=False),
pretty_print=dict(type='bool', default=False),
content=dict(type='str', choices=['attribute', 'text']),
input_type=dict(type='str', default='yaml', choices=['xml',
'yaml']),
backup=dict(type='bool', default=False),
),
supports_check_mode=True,
required_by=dict(
add_children=['xpath'],
attribute=['value', 'xpath'],
content=['xpath'],
set_children=['xpath'],
value=['xpath'],
),
required_if=[
['count', True, ['xpath']],
['print_match', True, ['xpath']],
],
required_one_of=[
['path', 'xmlstring'],
['add_children', 'content', 'count', 'pretty_print', 'print_match', 'set_children', 'value'],
],
mutually_exclusive=[
['add_children', 'content', 'count', 'print_match','set_children', 'value'],
['path', 'xmlstring'],
],
)
```
* Rebase and fix conflict
* Add modules that use required_by functionality
* Update required_by schema
* Fix rebase issue
* document how state=file works
this seems to have been lost in previous updates to docs
* Update lib/ansible/modules/files/file.py
Co-Authored-By: bcoca <bcoca@users.noreply.github.com>
We should explain the danger of using relative paths, but we should not
say they aren't allowed. Relative paths work and are useful, but the
caveat is that the starting point can't be guaranteed by ansible. This
commit adds that note, and removes the claim that only absolute paths
are accepted.
* Introduce 'insertbefore' and 'insertafter' to specify the position children have to be inserted.
* Added version_added to new options
* Xpath in example needs single quotes
* Added integration tests for insertafter and insertbefore
* Changed version_added to 2.8
* Change test suite to fit expected behaviour
This reverts some changes from ansible/ansible@723daf3
If a line is found in the file, exactly or via regexp matching, it must
not be added again.
insertafter/insertbefore options are used only when a line is to be
inserted, to specify where it must be added.
* Implement the change in behaviour mentioned in the previous commit
* Fix comment to reflect what the code does
* Set the correct return message.
In these cases, the lines are added, not replaced.
* Add a changelog
* read_csv: new module to read CSV files
* Add a doc reference to the csvfile lookup plugin
* Enable the use of custom dialect options
* Improve error handling
* Fix PEP8
* Fix more PEP8
* Simplify custom dialect code
* Add integration tests
* Fixes for CI
* Fix for python 2.6
The change to add sshpass support for rsync broke synchronize when
a password was provided at all. Have to convert an int into a string to
make it work.
* fix(tasks: synchronize): wrap in sshpass if ssh password was provided
Closes#16616
* fix(tasks: synchronize): pass rsync password to sshpass via fd
* fix(tasks: synchronize): use fail_json instead of AnsibleError
* fixup! fix(tasks: synchronize): use fail_json instead of AnsibleError
fix python2 handling
* feat(module_utils: basic: run_command): add optional arguments `pass_fds` and `before_communicate_callback`
* fix(tasks: synchronize): use module.run_command instead of subprocess.Popen
* fixup! fix(tasks: synchronize): use module.run_command instead of subprocess.Popen
remove unused import
* fixup! fixup! fix(tasks: synchronize): use module.run_command instead of subprocess.Popen
pass_fds only if they passed to run_command()
* Docs: Clean up of 'acl' module docs
This is part of a series of module doc cleanups.
* Changes influenced by review coments
* Changes based on review
You typically want the lineinfile module to operate in an indempotent way, similar to using "sed -i", so your regexp needs to match the line to edit both before and after the edit, otherwise on a second run the regexp will no longer match the original text line and you will end up with a second copy of the replacement line at the top/bottom of the file.
Christian Alexander
Martin Krizek
Steve Bonds
Dag Wieers
Sam Doran
Matt Clay
Keiichi Hirobe
Evan Kaufman
markafarrell
bhavikbhavsar
Jordan Borean
Edwin Smulders
Abhijeet Kasurde
Guillaume Martinez
Kevin
Brian Coca
dan
rwinand
feran
Jérémy Lecour
Toshio Kuratomi
lrrb
Giovanni Sciortino
Florian Pracht
Tomáš Pospíšek
John R Barker
Tim McCormack
Yauhen Kirylau
jfpanisset