There is a common pattern in modules where some parameters are required
only if another parameter is present AND set to a particular value. For
instance, if a cloud server state is "present" it's important to
indicate the image to be used, but if it's "absent", the image that was
used to launch it is not necessary. Provide a check that takes as an
input a list of 3-element tuples containing parameter to depend on, the
value it should be set to, and a list of parameters which are required
if the required parameter is set to the required value.
Also modifies the template action plugin to use this new param
when executing the file/copy modules for templating so that links
are preserved correctly.
Fixes#8998
* makes speed acceptable for some datasets
* obfuscates multiple detected passwords
* obfuscates more characters to account for some corner cases when
trying to detect passwords.
Fixes#8364
Linux and BSD derivatives do not allow unprivileged users to
"give away" files to others for security reasons. (System V
derivatives allow that but they're rare nowadays.)
The run_command module function will now poll stdout/stderr for
data rather than using the builtin command communicate(), which can
hang under certain circumstances.
Fixes#7452Fixes#7748Fixes#8163
* Strip lookup calls out of inventory variables and clean unsafe data
returned from lookup plugins (CVE-2014-4966)
* Make sure vars don't insert extra parameters into module args and prevent
duplicate params from superseding previous params (CVE-2014-4967)
The distro version is a string ('jessie/sid') on Debian unstable and testing.
Because load_platform_subclass() evaluations every subclass as it loops,
comparing numbers when get_distribution_version() does not return a number will
break.
This patch fixes that by returning a number (`0`) when we have an invalid
version, instead of returning `None` or a string.
The new CentOS 7 beta lists the distribution as "CentOS Linux", which
breaks the distribution detection and class loading. This patch fixes
that by taking just the first entry in the string when a space is
detected.
If the module directory is not writable/executable to the current user
(most likely because of a sudo to a non-root user), the ssh_wrapper
will be created in the default location for mkstemp() calls. To facilitate
the deletion of these new files, a new mechanism for cleaning up files
created by the module was also added.
Fixes#7375
This is a corner case for remote file systems that don't support
chown() and where the source and destination for the atomic_move
are on that remote file system.
Fixes#7372
Previously, we set the LANG (and LC_CTYPE) environment variables
directly in the module code and applied them with os.environ().
Instead, we are now pre-pending those variables to the environment
string used to execute the command which allows the user to
override the localization values by setting the environment values
directly (even on a per-task basis):
- subversion: repo=file:///path/to/repos/svn_über dest=/tmp/svntest
environment:
LANG: "C"
LC_CTYPE: "en_US.UTF-8"
So if a user wishes to default their LANG back to C, they can still
avoid unicode issues by doing the above.
Fixes#7060
