We do not go through the effort of finding the right PROTOCOL setting if
we have SSLContext in the stdlib. So we do not want to hit the code
that uses PROTOCOL to set the urllib3-provided ssl context when
SSLContext is available. Also, the urllib3 implementation appears to
have a bug in some recent versions. Preferring the stdlib version will
work around that for those with Python-2.7.9+ as well.
Fixes#26235Fixes#25402Fixes#31998
(cherry picked from commit 725ae96e1b)
Linux' sysfs _always_ reports device size in 512b sector units,
regardless of the device's actual, physical blocksize.
Backport of PR#34475 originally written by jtru
Original Commit ID: 603d31685c01caa62db137d8aab1a54180e3373d
Signed-off-by: Adam Miller <admiller@redhat.com>
* Revert "If pip install requirements.txt fails, upgrade pip (#32399)"
This reverts commit 2fb4f547a9.
* Avoid pep8 user warning in 1.7.1.
* Limit cryptography version for Windows tests.
* Upgrade pip in virtualenv for pip test.
* Upgrade pip in virtualenv for groupby_filter test.
* Upgrade pip in virtualenv for template_jinja2_latest test.
* If pip install requirements.txt fails, upgrade pip
* Use pycodestyle instead of pep8 (#25947)
(cherry picked from commit 4b3d6dfa8a)
* Ignore more
* pylint lint fixes
* Ignore more
* Fix password leak in logs for provider argument
Since provider argument is not validated against a spec
the `no_log` arguments are not handled leading to password
leaking to syslogs.
To fix this:
* Mask password and other `no_log` provider arguments in action plugin
* In case of eapi and nxapi as the password is used in module code,
* copy the provider password to top-level password argument which
* handles `no_log` correctly. This will, however, throw a deprecation
* warning message for password arg even if it is not given as a
* top-level argument.
* Remove auth details from provider args in action plugin
* Update CHANGELOG
* wait_for: treat broken connections as "unready"
We have observed the following condition while waiting for hosts:
```
Traceback (most recent call last):
File "/var/folders/f8/23xp00654plcv2b2tcc028680000gn/T/ansible_8hxm4_/ansible_module_wait_for.py", line 585, in <module>
main()
File "/var/folders/f8/23xp00654plcv2b2tcc028680000gn/T/ansible_8hxm4_/ansible_module_wait_for.py", line 535, in main
s.shutdown(socket.SHUT_RDWR)
File "/usr/local/opt/python/Frameworks/Python.framework/Versions/2.7/lib/python2.7/socket.py", line 228, in meth
return getattr(self._sock,name)(*args)
socket.error: [Errno 57] Socket is not connected
```
This appears to happen while the host is still starting; we believe something is
accepting our connection but immediately resetting it. In these cases, we'd
prefer to continue waiting instead of immediately failing the play.
This patch has been applied locally for some time, and we have seen no adverse
effects.
* wait_for: fixup change
We were missing an import and a space after the `#`
(cherry picked from commit 402b095841)
params could be logged so never use it for passwords.
Also add code to raise an error if passwords are used in that field.
References #30874
(cherry picked from commit 863fcb5ace)
* Consistency and document treatment of default bool values
* Document that default bool values can be any Ansible recognized bool.
choose the one that reads better in context
* For fragments used by the copy module, make bool types use type=bool and not choices
* Edit for clarity
(cherry picked from commit 8a2f069468)
* Fixes verify_ssl option when False in ansible_tower module util
* fixed comparison to None per PEP-8 standards
(cherry picked from commit 4980ebf064)
