Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for core changes: stop stripping Unsafe, adapt adapter to config manager changes #416

Merged
merged 18 commits into from Dec 25, 2023
Merged

Fix for core changes: stop stripping Unsafe, adapt adapter to config manager changes #416

merged 18 commits into from Dec 25, 2023

Conversation

briantist
Copy link
Collaborator

@briantist briantist commented Dec 16, 2023
edited

Changes to requests requirement

Changes related to the option adapter and validation

  • A change is core (devel) changes the way config manager (which is used in plugins) sets options, to now "get" the option before setting it.
  • This changes the behavior of the set_option/set_options API in plugins by:
    • failing if the option name you're referencing is not defined in documentation
    • casting/validating the option value to the type defined in documentation (unless it's defined as raw)
  • This affected us in a few areas where we used the options API as a value store for some plugin-internal values, and in one area where an option (ca_cert) is supposed to be a str but internally could be overwritten to str or bool.
    • all areas were updated to avoid the new behavior or work around it in some way
    • tests around the option adapter were updated to check for the now differing behavior between an adapter backed by a dict vs. backed by config manager
  • The core change and the changes we made to compensate are internal implementation details and there are no user-facing changes at this time.

Other changes

  • The docker localenv now limits its version of the docker SDK in its requirements. This only affects development and testing of the collection.
  • The constraints.txt file we had (for tests) was in the wrong place and was not being used. It's been deleted from the old place and duplicated into the unit and integration tests directories.
  • Removed fail-fast on unit and sanity tests in CI
SUMMARY

Fixes #412
Fixes #417

ISSUE TYPE
  • Bugfix Pull Request

@briantist briantist added the bug Something isn't working label Dec 16, 2023
@briantist briantist self-assigned this Dec 16, 2023
@briantist briantist changed the title Fix unsafe handling for core CVE Fix for core changes: stop stripping Unsafe, adapt adapter to config manager changes Dec 24, 2023
@briantist briantist added this to the v6.1.0 milestone Dec 24, 2023
@codecov Codecov
Copy link

codecov bot commented Dec 24, 2023
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (10d7d7e) 98.85% compared to head (3265184) 98.83%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #416      +/-   ##
==========================================
- Coverage   98.85%   98.83%   -0.03%     
==========================================
  Files          82       79       -3     
  Lines        4282     4197      -85     
  Branches      841      825      -16     
==========================================
- Hits         4233     4148      -85     
  Misses         39       39              
  Partials       10       10
Flag Coverage Δ
env_docker-default 98.83% <100.00%> (-0.03%) ⬇️
integration 81.25% <100.00%> (+0.20%) ⬆️
sanity 39.24% <0.00%> (-0.01%) ⬇️
target_auth_approle 89.47% <ø> (ø)
target_auth_aws_iam 50.00% <ø> (ø)
target_auth_azure 53.84% <ø> (ø)
target_auth_cert 86.36% <ø> (ø)
target_auth_jwt 91.30% <ø> (ø)
target_auth_ldap 89.47% <ø> (ø)
target_auth_none 100.00% <ø> (ø)
target_auth_token 71.42% <100.00%> (ø)
target_auth_userpass 85.71% <ø> (ø)
target_connection_options 74.76% <100.00%> (ø)
target_controller 83.40% <98.18%> (-0.64%) ⬇️
target_filter_vault_login_token 77.77% <ø> (ø)
target_import 39.24% <0.00%> (-0.01%) ⬇️
target_lookup_hashi_vault 81.33% <100.00%> (ø)
target_lookup_vault_ansible_settings 56.00% <80.00%> (-0.08%) ⬇️
target_lookup_vault_kv1_get 91.30% <ø> (ø)
target_lookup_vault_kv2_get 91.11% <ø> (ø)
target_lookup_vault_list 90.00% <ø> (ø)
target_lookup_vault_login 88.57% <ø> (ø)
target_lookup_vault_read 90.00% <ø> (ø)
target_lookup_vault_token_create 79.24% <ø> (ø)
target_lookup_vault_write 56.95% <80.00%> (-0.07%) ⬇️
target_module_utils 96.74% <72.72%> (-0.75%) ⬇️
target_module_vault_kv1_get 87.50% <ø> (ø)
target_module_vault_kv2_delete 56.85% <80.00%> (-0.08%) ⬇️
target_module_vault_kv2_get 87.23% <ø> (ø)
target_module_vault_kv2_write 57.26% <80.00%> (-0.07%) ⬇️
target_module_vault_list 85.71% <ø> (ø)
target_module_vault_login 83.72% <ø> (ø)
target_module_vault_pki_generate_certificate 78.72% <ø> (ø)
target_module_vault_read 85.71% <ø> (ø)
target_module_vault_token_create 91.66% <ø> (ø)
target_module_vault_write 56.02% <80.00%> (-0.10%) ⬇️
target_modules 82.67% <60.00%> (+0.31%) ⬆️
units 95.49% <100.00%> (-0.09%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 24, 2023
edited

Docs Build 📝

Thank you for contribution!✨

This PR has been merged and the docs are now incorporated into main:
https://ansible-collections.github.io/community.hashi_vault/branch/main

@briantist briantist added tests Adds or modifies tests ci Specifically related to the CI on this repo dependencies Pull requests that update a dependency file labels Dec 25, 2023
@briantist briantist marked this pull request as ready for review December 25, 2023 21:39
@briantist briantist merged commit c7a3c39 into ansible-collections:main Dec 25, 2023
51 checks passed
@briantist briantist deleted the unsafe-nextgen branch December 25, 2023 21:40
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jan 30, 2024
ansible: 9.2.0
e95740c 
9.2.0

Major Changes
-------------

community.docker
~~~~~~~~~~~~~~~~

- The ``community.docker`` collection now depends on the ``community.library_inventory_filtering_v1`` collection. This utility collection provides host filtering functionality for inventory plugins. If you use the Ansible community package, both collections are included and you do not have to do anything special. If you install the collection with ``ansible-galaxy collection install``, it will be installed automatically. If you install the collection by copying the files of the collection to a place where ansible-core can find it, for example by cloning the git repository, you need to make sure that you also have to install the dependency if you are using the inventory plugins (ansible-collections/community.docker#698).

community.hashi_vault
~~~~~~~~~~~~~~~~~~~~~

- requirements - the ``requests`` package which is required by ``hvac`` now has a more restrictive range for this collection in certain use cases due to breaking security changes in ``ansible-core`` that were backported (ansible-collections/community.hashi_vault#416).

dellemc.openmanage
~~~~~~~~~~~~~~~~~~

- All OME modules are enhanced to support the environment variables `OME_USERNAME` and `OME_PASSWORD` as fallback for credentials.
- All iDRAC and Redfish modules are enhanced to support the environment variables `IDRAC_USERNAME` and `IDRAC_PASSWORD` as fallback for credentials.
- idrac_certificates - The module is enhanced to support the import and export of `CUSTOMCERTIFICATE`.
- idrac_gather_facts - This role is enhanced to support secure boot.
- idrac_license - The module is introduced to configure iDRAC licenses.

infoblox.nios_modules
~~~~~~~~~~~~~~~~~~~~~

- Upgrade Ansible version support from 2.13 to 2.16.
- Upgrade Python version support from 3.8 to 3.10.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@briantist briantist

Labels
bug Something isn't working ci Specifically related to the CI on this repo dependencies Pull requests that update a dependency file tests Adds or modifies tests
Projects
None yet
Milestone
v6.1.0
Development

Successfully merging this pull request may close these issues.

Setting options that don't exist in configuration fails now Lookup failures
1 participant
@briantist