* mysql_user: Match quotes, double quotes and backticks when checking current privileges
(cherry picked from commit 1ae0e2138332dad30f5bdd9a46d46b1abf9be868)
* Add changelog fragment for PR #40092
(cherry picked from commit 8974ce3c78557a4ea36b7c33b5dc9361bdea92a1)
* mysql_user: fix malformed regex used to check current privileges
* Raise AnsibleConnectionError on winrm con errors
Currently all uncaught exceptions of the requests library that is used
in winrm will lead to an "Unexpected failure during module execution".
Instead of letting all exceptions bubble up we catch the connection
related errors (inkl. timeouts) and re-raise them as
AnsibleConnectionError so Ansible will mark the host as unreachable and
exit with the correct return code.
This is especially important for Zuul (https://zuul-ci.org) to
distinguish between failures and connection/host related errors.
* Update lib/ansible/plugins/connection/winrm.py
Co-Authored-By: westphahl <westphahl@gmail.com>
* Add changelog fragment
* Disallow use of remote home directories containing .. in their path
* Add CVE to changelog
(cherry picked from commit b34d141)
Co-authored-by: Matt Martz <matt@sivel.net>
* Test out Server 2019 - ci_complete
* run tests and continue on error - ci_complete
* Add the full matrix back in
(cherry picked from commit 0334c20630)
This is an implementation of 8bffcf8e50
that was done in the PR https://github.com/ansible/ansible/pull/48082 to devel.
The changes have been manually brought across to the the stable-2.7 branch as it
cannot be cleanly cherry picked due to the substantial differences in become
between these versions.
Currently we impersonate the `SYSTEM` token in order to elevate our become
process with the highest privileges it has available but there are some edge
cases where the first `SYSTEM` token we come across doesn't have the
`SeTcbPrivilege` which is required for the above. This PR adds a further check
in the search for a `SYSTEM` token to make sure it has the `SeTcbPrivilege`
before continuing.
(cherry picked from commit cc5088c9e1)
* recent changes to args for hosted template file broke the test; changed test to use a specific known-working commit instead of `master`.
* long-term may want to consider hosting the template in httptester or just embedding a local copy
(cherry picked from commit 46bf387)
Co-authored-by: Matt Davis <mrd@redhat.com>
* ansible-test: Add Ubuntu 18.04 to Shippable CI nodes
* re-add ubuntu1604/3 to matrix
* forgot to add environment for git kill gpg-agent
(cherry picked from commit 828df4b336)
* Catch SSH authentication errors and don't retry multiple times to prevent account lock out
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Subclass AnsibleAuthenticationFailure from AnsibleConnectionFailure
Use comparison rather than range() because it's much more efficient.
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Make paramiko_ssh connection plugin behave the same way
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add changelog
Signed-off-by: Sam Doran <sdoran@redhat.com>
(cherry picked from commit 9d4c0dc111)
* check for result['status'] in systemd module
* instead of checking for result['state'], actually check for chroot and warn
* allow systemctl status to work if in a chroot, update warn text
* simply change warning message
(cherry picked from commit 37960ccc87)
* Fix subversion integration test on Fedora 29.
This upgrades the sqlite-libs and subversion packages to make sure
that the version of sqlite expected by subversion is installed.
* Fix compatibility with RHEL and CentOS.
(cherry picked from commit d4dbc7f2e0)
Co-authored-by: Matt Clay <matt@mystile.com>
* Fix mandatory statement error for junos modules
Fixes#40267
* Add error regex in junos terminal plugin to error out
in case of commit fails
* If commit fails add logic to discard changes before existing
else next task will result in error
* Add integration test
* Minor update
(cherry picked from commit cc8e90395a)