Merge c8d3acb75f into 5321a9ecb5

[CI] bump ansible-core version to 2.19 for devel branch

SUMMARY

bump devel test to ansible-core 2.19
add ansible-core 2.18 to the stable list (CI only covers sanity tests at the moment)

ISSUE TYPE

CI Pull Request

COMPONENT NAME
ansible.posix
ADDITIONAL INFORMATION
None

.azure-pipelines/azure-pipelines.yml

@@ -57,6 +57,21 @@ stages:
               test: units
             - name: Lint
               test: lint
+  - stage: Sanity_2_18
+    displayName: Ansible 2.18 sanity
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          nameFormat: "{0}"
+          testFormat: 2.18/{0}
+          targets:
+            - name: Sanity
+              test: sanity
+            - name: Units
+              test: units
+            - name: Lint
+              test: lint
   - stage: Sanity_2_17
     displayName: Ansible 2.17 sanity
     dependsOn: []
@@ -113,6 +128,20 @@ stages:
               test: ubuntu2204
             - name: Ubuntu 24.04
               test: ubuntu2404
+  - stage: Docker_2_18
+    displayName: Docker devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.18/linux/{0}/1
+          targets:
+            - name: Fedora 40
+              test: fedora40
+            - name: Ubuntu 22.04
+              test: ubuntu2204
+            - name: Ubuntu 24.04
+              test: ubuntu2404
   - stage: Docker_2_17
     displayName: Docker 2.17
     dependsOn: []
@@ -176,6 +205,18 @@ stages:
               test: rhel/9.4
             - name: FreeBSD 13.3
               test: freebsd/13.3
+  - stage: Remote_2_18
+    displayName: Remote devel
+    dependsOn: []
+    jobs:
+      - template: templates/matrix.yml
+        parameters:
+          testFormat: 2.18/{0}/1
+          targets:
+            - name: RHEL 9.4
+              test: rhel/9.4
+            - name: FreeBSD 13.3
+              test: freebsd/13.3
   - stage: Remote_2_17
     displayName: Remote 2.17
     dependsOn: []
@@ -234,8 +275,11 @@ stages:
       - Sanity_2_17
       - Remote_2_17
       - Docker_2_17
+      - Sanity_2_18
+      - Remote_2_18
+      - Docker_2_18
       - Sanity_devel
-      - Remote_devel
+      # - Remote_devel # Wait for test environment release
-      - Docker_devel
+      # - Docker_devel # Wait for test environment release
     jobs:
       - template: templates/coverage.yml

.github/BOTMETA.yml

@@ -40,7 +40,6 @@ files:
     labels: debug
   $plugins/patch.py:
     labels: patch
-  $plugins/skippy.py:
   $plugins/synchronize.py:
     labels: synchronize
   $plugins/timer.py:

CHANGELOG.rst

@@ -5,6 +5,48 @@ ansible.posix Release Notes
 .. contents:: Topics
 
 
+v1.6.0
+======
+
+Release Summary
+---------------
+
+This is the minor release of the ``ansible.posix`` collection.
+This changelog contains all changes to the modules and plugins
+in this collection that have been added after the release of
+``ansible.posix`` 1.5.4.
+
+Major Changes
+-------------
+
+- Dropping support for Ansible 2.9, ansible-core 2.15 will be minimum required version for this release
+
+Minor Changes
+-------------
+
+- Add summary_only parameter to profile_roles and profile_tasks callbacks.
+- firewalld - add functionality to set forwarding (https://github.com/ansible-collections/ansible.posix/pull/548).
+- firewalld - added offline flag implementation (https://github.com/ansible-collections/ansible.posix/pull/484)
+- firewalld - respawn module to use the system python interpreter when the ``firewall`` python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
+- firewalld_info - Only warn about ignored zones, when there are zones ignored.
+- firewalld_info - respawn module to use the system python interpreter when the ``firewall`` python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
+- mount - add no_log option for opts parameter (https://github.com/ansible-collections/ansible.posix/pull/563).
+- seboolean - respawn module to use the system python interpreter when the ``selinux`` python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
+- selinux - respawn module to use the system python interpreter when the ``selinux`` python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
+
+Removed Features (previously deprecated)
+----------------------------------------
+
+- skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
+
+Bugfixes
+--------
+
+- Bugfix in the documentation regarding the path option for authorised_key(https://github.com/ansible-collections/ansible.posix/issues/483).
+- seboolean - make it work with disabled SELinux
+- synchronize - maintain proper formatting of the remote paths (https://github.com/ansible-collections/ansible.posix/pull/361).
+- sysctl - fix sysctl to work properly on symlinks (https://github.com/ansible-collections/ansible.posix/issues/111).
+
 v1.5.4
 ======
 

README.md

@@ -22,7 +22,7 @@ For more information about communication, see the [Ansible communication guide](
 <!--start requires_ansible-->
 ## Ansible version compatibility
 
-This collection has been tested against following Ansible versions: **>=2.14**.
+This collection has been tested against following Ansible versions: **>=2.15**.
 <!--end requires_ansible-->
 
 ## Included content
@@ -74,10 +74,13 @@ None
 
 <!-- List the versions of Ansible the collection has been tested with. Must match what is in galaxy.yml. -->
 
-- ansible-core 2.17 (devel)
+- ansible-core 2.19 (devel)
+- ansible-core 2.18 (stable) *
+- ansible-core 2.17 (stable)
 - ansible-core 2.16 (stable)
 - ansible-core 2.15 (stable)
-- ansible-core 2.14 (stable)
+
+*Note: For ansible-core 2.18, CI only covers sanity tests and no integration tests will be run until the test environment is released.*
 
 ## Roadmap
 

changelogs/changelog.yaml

@@ -347,3 +347,61 @@ releases:
     - 451_firewall_fix_protocol_parameter.yml
     - 456_sysctl_fix_nonetype.yml
     release_date: '2023-05-10'
+  1.6.0:
+    changes:
+      bugfixes:
+      - Bugfix in the documentation regarding the path option for authorised_key(https://github.com/ansible-collections/ansible.posix/issues/483).
+      - seboolean - make it work with disabled SELinux
+      - synchronize - maintain proper formatting of the remote paths (https://github.com/ansible-collections/ansible.posix/pull/361).
+      - sysctl - fix sysctl to work properly on symlinks (https://github.com/ansible-collections/ansible.posix/issues/111).
+      major_changes:
+      - Dropping support for Ansible 2.9, ansible-core 2.15 will be minimum required
+        version for this release
+      minor_changes:
+      - Add summary_only parameter to profile_roles and profile_tasks callbacks.
+      - firewalld - add functionality to set forwarding (https://github.com/ansible-collections/ansible.posix/pull/548).
+      - firewalld - added offline flag implementation (https://github.com/ansible-collections/ansible.posix/pull/484)
+      - firewalld - respawn module to use the system python interpreter when the ``firewall``
+        python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
+      - firewalld_info - Only warn about ignored zones, when there are zones ignored.
+      - firewalld_info - respawn module to use the system python interpreter when
+        the ``firewall`` python module is not available for ``ansible_python_interpreter``
+        (https://github.com/ansible-collections/ansible.posix/pull/460).
+      - mount - add no_log option for opts parameter (https://github.com/ansible-collections/ansible.posix/pull/563).
+      - seboolean - respawn module to use the system python interpreter when the ``selinux``
+        python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
+      - selinux - respawn module to use the system python interpreter when the ``selinux``
+        python module is not available for ``ansible_python_interpreter`` (https://github.com/ansible-collections/ansible.posix/pull/460).
+      release_summary: 'This is the minor release of the ``ansible.posix`` collection.
+
+        This changelog contains all changes to the modules and plugins
+
+        in this collection that have been added after the release of
+
+        ``ansible.posix`` 1.5.4.'
+      removed_features:
+      - skippy - Remove skippy pluglin as it is no longer supported(https://github.com/ansible-collections/ansible.posix/issues/350).
+    fragments:
+    - 1.6.0.yml
+    - 206_fix_sysctl_to_work_on_symlinks.yml
+    - 333_doc_absent_precision.yml
+    - 361_maintain_proper_formating_remote_paths.yml
+    - 421-remove-deprecation-warning.yml
+    - 460-respawn.yaml
+    - 466-tests.yml
+    - 477_ci_update.yml
+    - 484-firewalld-offline.yml
+    - 487_ci_update.yml
+    - 490_doc_authorized_key_path.yml
+    - 496_seboolean-make-it-wrk-with-SELinux-disabled.yaml
+    - 504-firewalld_info-warning.yaml
+    - 508_ci_update.yml
+    - 510_ci_update.yml
+    - 511_profile-callbacks-add-summary-only-parameter.yml
+    - 548_add_foward.yml
+    - 556_remove_skippy_callback.yml
+    - 562_update_core_version.yml
+    - 563_add_no_log_option.yml
+    - dropping-ansible29.yml
+    - test-reqs.yml
+    release_date: '2024-09-11'

changelogs/fragments/206_fix_sysctl_to_work_on_symlinks.yml

@@ -1,3 +0,0 @@
----
-bugfixes:
-- sysctl - fix sysctl to work properly on symlinks (https://github.com/ansible-collections/ansible.posix/issues/111).

changelogs/fragments/333_doc_absent_precision.yml

@@ -1,4 +0,0 @@
----
-trivial:
-- mount - fix description in the documentation of the state ``absent`` to match its actual behavior
-  and point out that ``src`` is ignored with state ``absent`` and ``unmounted`` (https://github.com/ansible-collections/ansible.posix/issues/322)

changelogs/fragments/421-remove-deprecation-warning.yml

@@ -1,2 +0,0 @@
-trivial:
-  - synchronize - instantiate the connection plugin without the ``new_stdin`` argument, which is deprecated in ansible-core 2.15 (https://github.com/ansible-collections/ansible.posix/pull/421).

changelogs/fragments/460-respawn.yaml

@@ -1,10 +0,0 @@
----
-minor_changes:
-  - "seboolean - respawn module to use the system python interpreter when the ``selinux`` python module is not available for ``ansible_python_interpreter``
-    (https://github.com/ansible-collections/ansible.posix/pull/460)."
-  - "selinux - respawn module to use the system python interpreter when the ``selinux`` python module is not available for ``ansible_python_interpreter``
-    (https://github.com/ansible-collections/ansible.posix/pull/460)."
-  - "firewalld - respawn module to use the system python interpreter when the ``firewall`` python module is not available for ``ansible_python_interpreter``
-    (https://github.com/ansible-collections/ansible.posix/pull/460)."
-  - "firewalld_info - respawn module to use the system python interpreter when the ``firewall`` python module is not available for ``ansible_python_interpreter``
-    (https://github.com/ansible-collections/ansible.posix/pull/460)."

changelogs/fragments/466-tests.yml

@@ -1,2 +0,0 @@
-trivial:
-  - "Fix integration tests so they work with ansible-core devel / 2.16 (https://github.com/ansible-collections/ansible.posix/pull/466)."

changelogs/fragments/477_ci_update.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - "Drop Python3.9 and update versions of RHEL,Fedora and FreeBSD for ansible-core:devel test(https://github.com/ansible-collections/ansible.posix/issues/476)."

changelogs/fragments/484-firewalld-offline.yml

@@ -1,2 +0,0 @@
-minor_changes:
-  - firewalld - added offline flag implementation (https://github.com/ansible-collections/ansible.posix/pull/484)

changelogs/fragments/487_ci_update.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - "Drop FreeBSD12.4 from CI for ansible-core:devel(https://github.com/ansible-collections/ansible.posix/issues/486)."

changelogs/fragments/490_doc_authorized_key_path.yml

@@ -1,3 +0,0 @@
----
-bugfixes:
-  - "Bugfix in the documentation regarding the path option for authorised_key(https://github.com/ansible-collections/ansible.posix/issues/483)."

changelogs/fragments/496_seboolean-make-it-wrk-with-SELinux-disabled.yaml

@@ -1,3 +0,0 @@
----
-bugfixes:
-  - seboolean - make it work with disabled SELinux

changelogs/fragments/504-firewalld_info-warning.yaml

@@ -1,2 +0,0 @@
-minor_changes:
-  - firewalld_info - Only warn about ignored zones, when there are zones ignored.

changelogs/fragments/508_ci_update.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - "Refactoring remote CI targets."

changelogs/fragments/510_ci_update.yml

@@ -1,3 +0,0 @@
----
-trivial:
-  - "Replace Fedora 38 with 39 for container test(https://github.com/ansible-collections/ansible.posix/issues/509)."

changelogs/fragments/511_profile-callbacks-add-summary-only-parameter.yml

@@ -1,3 +0,0 @@
----
-minor_changes:
-  - "Add summary_only parameter to profile_roles and profile_tasks callbacks."

changelogs/fragments/566_bump_version_161.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Bump version to 1.6.1 for next release.

changelogs/fragments/567_remove_version_added.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - mount - remove wrong version_added section from ``opts_no_log``.

changelogs/fragments/570_nfs4_acl.yml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - acl - Fixed to set ACLs on paths mounted with NFS version 4 correctly (https://github.com/ansible-collections/ansible.posix/issues/240).

changelogs/fragments/571_ci_bump_core_version.yml

@@ -0,0 +1,3 @@
+---
+trivial:
+  - Bump ansible-core version to 2.19 of devel branch and add 2.18 to CI.

changelogs/fragments/dropping-ansible29.yml

@@ -1,2 +0,0 @@
-major_changes:
-  - "Dropping support for Ansible 2.9, ansible-core 2.14 will be minimum required version for this release"

changelogs/fragments/test-reqs.yml

@@ -1,2 +0,0 @@
-trivial:
-  - "Move Galaxy test requirements from old transitional format in tests/requirements.yml to standard Ansible Galaxy requirements files in tests/integration/requirements.yml and tests/unit/requirements.yml."

galaxy.yml

@@ -1,7 +1,7 @@
 ---
 namespace: ansible
 name: posix
-version: 1.5.4
+version: 1.6.1
 readme: README.md
 authors:
   - Ansible (github.com/ansible)
@@ -10,6 +10,6 @@ license_file: COPYING
 tags: [posix, networking, shell, unix]
 dependencies: {}
 repository: https://github.com/ansible-collections/ansible.posix
-documentation: https://github.com/ansible-collections/ansible.posix/tree/main/docs
+documentation: https://docs.ansible.com/ansible/latest/collections/ansible/posix/
 homepage: https://github.com/ansible-collections/ansible.posix
 issues: https://github.com/ansible-collections/ansible.posix

meta/runtime.yml

@@ -1,8 +1,2 @@
 ---
-requires_ansible: ">=2.14.0"
+requires_ansible: ">=2.15.0"
-plugin_routing:
-  callback:
-    skippy:
-      deprecation:
-        removal_date: "2022-06-01"
-        warning_text: See the plugin documentation for more details

plugins/action/synchronize.py

@@ -77,7 +77,14 @@ class ActionModule(ActionBase):
 
         if self._host_is_ipv6_address(host):
             return '[%s%s]:%s' % (user_prefix, host, path)
-        return '%s%s:%s' % (user_prefix, host, path)
+
+        # preserve formatting of remote paths if host or user@host is explicitly defined in the path
+        if ':' not in path:
+            return '%s%s:%s' % (user_prefix, host, path)
+        elif '@' not in path:
+            return '%s%s' % (user_prefix, path)
+        else:
+            return path
 
     def _process_origin(self, host, path, user):
 

plugins/callback/skippy.py

@@ -1,43 +0,0 @@
-# (c) 2012-2014, Michael DeHaan <michael.dehaan@gmail.com>
-# (c) 2017 Ansible Project
-# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-
-# Make coding more python3-ish
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
-
-DOCUMENTATION = '''
-    name: skippy
-    type: stdout
-    requirements:
-      - set as main display callback
-    short_description: Ansible screen output that ignores skipped status
-    deprecated:
-      why: The 'default' callback plugin now supports this functionality
-      removed_at_date: '2022-06-01'
-      alternative: "'default' callback plugin with 'display_skipped_hosts = no' option"
-    extends_documentation_fragment:
-      - default_callback
-    description:
-      - This callback does the same as the default except it does not output skipped host/task/item status
-'''
-
-from ansible.plugins.callback.default import CallbackModule as CallbackModule_default
-
-
-class CallbackModule(CallbackModule_default):
-
-    '''
-    This is the default callback interface, which simply prints messages
-    to stdout when new callback events are received.
-    '''
-
-    CALLBACK_VERSION = 2.0
-    CALLBACK_TYPE = 'stdout'
-    CALLBACK_NAME = 'ansible.posix.skippy'
-
-    def v2_runner_on_skipped(self, result):
-        pass
-
-    def v2_runner_item_on_skipped(self, result):
-        pass

plugins/modules/acl.py

@@ -75,6 +75,10 @@ options:
   use_nfsv4_acls:
     description:
     - Use NFSv4 ACLs instead of POSIX ACLs.
+    - This feature uses C(nfs4_setfacl) and C(nfs4_getfacl). The behavior depends on those implementation.
+      And currently it only supports C(A) in ACE, so C(D) must be replaced with the appropriate C(A).
+    - Permission is set as optimised ACLs by the system. You can check the actual ACLs that has been set using the return value.
+    - More info C(man nfs4_setfacl)
     type: bool
     default: false
   recalculate_mask:
@@ -179,7 +183,7 @@ def split_entry(entry):
 def build_entry(etype, entity, permissions=None, use_nfsv4_acls=False):
     '''Builds and returns an entry string. Does not include the permissions bit if they are not provided.'''
     if use_nfsv4_acls:
-        return ':'.join([etype, entity, permissions, 'allow'])
+        return ':'.join(['A', 'g' if etype == 'group' else '', entity, permissions + 'tcy'])
 
     if permissions:
         return etype + ':' + entity + ':' + permissions
@@ -187,22 +191,27 @@ def build_entry(etype, entity, permissions=None, use_nfsv4_acls=False):
     return etype + ':' + entity
 
 
-def build_command(module, mode, path, follow, default, recursive, recalculate_mask, entry=''):
+def build_command(module, mode, path, follow, default, recursive, recalculate_mask, use_nfsv4_acls, entry=''):
     '''Builds and returns a getfacl/setfacl command.'''
     if mode == 'set':
-        cmd = [module.get_bin_path('setfacl', True)]
+        cmd = [module.get_bin_path('nfs4_setfacl' if use_nfsv4_acls else 'setfacl', True)]
-        cmd.extend(['-m', entry])
+        cmd.extend(['-a' if use_nfsv4_acls else '-m', entry])
     elif mode == 'rm':
-        cmd = [module.get_bin_path('setfacl', True)]
+        cmd = [module.get_bin_path('nfs4_setfacl' if use_nfsv4_acls else 'setfacl', True)]
         cmd.extend(['-x', entry])
     else:  # mode == 'get'
         cmd = [module.get_bin_path('getfacl', True)]
         # prevents absolute path warnings and removes headers
         if platform.system().lower() == 'linux':
+            if use_nfsv4_acls:
+                # use nfs4_getfacl instead of getfacl if use_nfsv4_acls is True
+                cmd = [module.get_bin_path('nfs4_getfacl', True)]
+            else:
+                cmd = [module.get_bin_path('getfacl', True)]
+                cmd.append('--absolute-names')
             cmd.append('--omit-header')
-            cmd.append('--absolute-names')
 
-    if recursive:
+    if recursive and not use_nfsv4_acls:
         cmd.append('--recursive')
 
     if recalculate_mask == 'mask' and mode in ['set', 'rm']:
@@ -210,7 +219,7 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
     elif recalculate_mask == 'no_mask' and mode in ['set', 'rm']:
         cmd.append('--no-mask')
 
-    if not follow:
+    if not follow and not use_nfsv4_acls:
         if platform.system().lower() == 'linux':
             cmd.append('--physical')
         elif platform.system().lower() == 'freebsd':
@@ -223,24 +232,34 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
     return cmd
 
 
-def acl_changed(module, cmd):
+def acl_changed(module, cmd, entry, use_nfsv4_acls=False):
     '''Returns true if the provided command affects the existing ACLs, false otherwise.'''
-    # FreeBSD do not have a --test flag, so by default, it is safer to always say "true"
+    # To check the ACL changes, use the output of setfacl or nfs4_setfacl with '--test'.
+    # FreeBSD do not have a --test flag, so by default, it is safer to always say "true".
     if platform.system().lower() == 'freebsd':
         return True
 
     cmd = cmd[:]  # lists are mutables so cmd would be overwritten without this
     cmd.insert(1, '--test')
     lines = run_acl(module, cmd)
-
+    counter = 0
     for line in lines:
-        if not line.endswith('*,*'):
+        if line.endswith('*,*') and not use_nfsv4_acls:
-            return True
+            return False
-    return False
+        # if use_nfsv4_acls and entry is listed
+        if use_nfsv4_acls and entry == line:
+            counter += 1
+
+    # The current 'nfs4_setfacl --test' lists a new entry,
+    #  which will be added at the top of list, followed by the existing entries.
+    # So if the entry has already been registered, the entry should be find twice.
+    if counter == 2:
+        return False
+    return True
 
 
 def run_acl(module, cmd, check_rc=True):
-
+    '''Runs the provided command and returns the output as a list of lines.'''
     try:
         (rc, out, err) = module.run_command(cmd, check_rc=check_rc)
     except Exception as e:
@@ -313,7 +332,7 @@ def main():
             module.fail_json(msg="'recalculate_mask' MUST NOT be set to 'mask' or 'no_mask' when 'state=query'.")
 
     if not entry:
-        if state == 'absent' and permissions:
+        if state == 'absent' and permissions and not use_nfsv4_acls:
             module.fail_json(msg="'permissions' MUST NOT be set when 'state=absent'.")
 
         if state == 'absent' and not entity:
@@ -350,21 +369,24 @@ def main():
         entry = build_entry(etype, entity, permissions, use_nfsv4_acls)
         command = build_command(
             module, 'set', path, follow,
-            default, recursive, recalculate_mask, entry
+            default, recursive, recalculate_mask, use_nfsv4_acls, entry
         )
-        changed = acl_changed(module, command)
+        changed = acl_changed(module, command, entry, use_nfsv4_acls)
 
         if changed and not module.check_mode:
             run_acl(module, command)
         msg = "%s is present" % entry
 
     elif state == 'absent':
-        entry = build_entry(etype, entity, use_nfsv4_acls)
+        if use_nfsv4_acls:
+            entry = build_entry(etype, entity, permissions, use_nfsv4_acls)
+        else:
+            entry = build_entry(etype, entity, use_nfsv4_acls)
         command = build_command(
             module, 'rm', path, follow,
-            default, recursive, recalculate_mask, entry
+            default, recursive, recalculate_mask, use_nfsv4_acls, entry
         )
-        changed = acl_changed(module, command)
+        changed = acl_changed(module, command, entry, use_nfsv4_acls)
 
         if changed and not module.check_mode:
             run_acl(module, command, False)
@@ -375,7 +397,10 @@ def main():
 
     acl = run_acl(
         module,
-        build_command(module, 'get', path, follow, default, recursive, recalculate_mask)
+        build_command(
+            module, 'get', path, follow, default, recursive,
+            recalculate_mask, use_nfsv4_acls
+        )
     )
 
     module.exit_json(changed=changed, msg=msg, acl=acl)

plugins/modules/firewalld.py

@@ -108,6 +108,11 @@ options:
       - The amount of time in seconds the rule should be in effect for when non-permanent.
     type: int
     default: 0
+  forward:
+    description:
+      - The forward setting you would like to enable/disable to/from zones within firewalld.
+      - This option only is supported by firewalld v0.9.0 or later.
+    type: str
   masquerade:
     description:
       - The masquerade setting you would like to enable/disable to/from zones within firewalld.
@@ -138,8 +143,8 @@ notes:
   - This module needs C(python-firewall) or C(python3-firewall) on managed nodes.
     It is usually provided as a subset with C(firewalld) from the OS distributor for the OS default Python interpreter.
 requirements:
-- firewalld >= 0.2.11
+- firewalld >= 0.9.0
-- python-firewall >= 0.2.11
+- python-firewall >= 0.9.0
 author:
 - Adam Miller (@maxamillion)
 '''
@@ -198,6 +203,12 @@ EXAMPLES = r'''
     permanent: true
     state: enabled
 
+- ansible.posix.firewalld:
+    forward: true
+    state: enabled
+    permanent: true
+    zone: internal
+
 - ansible.posix.firewalld:
     masquerade: true
     state: enabled
@@ -405,6 +416,49 @@ class ProtocolTransaction(FirewallTransaction):
         self.update_fw_settings(fw_zone, fw_settings)
 
 
+class ForwardTransaction(FirewallTransaction):
+    """
+    ForwardTransaction
+    """
+
+    def __init__(self, module, action_args=None, zone=None, desired_state=None, permanent=False, immediate=False):
+        super(ForwardTransaction, self).__init__(
+            module, action_args=action_args, desired_state=desired_state, zone=zone, permanent=permanent, immediate=immediate
+        )
+
+        self.enabled_msg = "Added forward to zone %s" % self.zone
+        self.disabled_msg = "Removed forward from zone %s" % self.zone
+
+    def get_enabled_immediate(self):
+        if self.fw.queryForward(self.zone) is True:
+            return True
+        else:
+            return False
+
+    def get_enabled_permanent(self):
+        fw_zone, fw_settings = self.get_fw_zone_settings()
+        if fw_settings.queryForward() is True:
+            return True
+        else:
+            return False
+
+    def set_enabled_immediate(self):
+        self.fw.addForward(self.zone)
+
+    def set_enabled_permanent(self):
+        fw_zone, fw_settings = self.get_fw_zone_settings()
+        fw_settings.setForward(True)
+        self.update_fw_settings(fw_zone, fw_settings)
+
+    def set_disabled_immediate(self):
+        self.fw.removeForward(self.zone)
+
+    def set_disabled_permanent(self):
+        fw_zone, fw_settings = self.get_fw_zone_settings()
+        fw_settings.setForward(False)
+        self.update_fw_settings(fw_zone, fw_settings)
+
+
 class MasqueradeTransaction(FirewallTransaction):
     """
     MasqueradeTransaction
@@ -821,6 +875,7 @@ def main():
             state=dict(type='str', required=True, choices=['absent', 'disabled', 'enabled', 'present']),
             timeout=dict(type='int', default=0),
             interface=dict(type='str'),
+            forward=dict(type='str'),
             masquerade=dict(type='str'),
             offline=dict(type='bool', default=False),
             target=dict(type='str', choices=['default', 'ACCEPT', 'DROP', '%%REJECT%%']),
@@ -833,7 +888,7 @@ def main():
         ),
         mutually_exclusive=[
             ['icmp_block', 'icmp_block_inversion', 'service', 'protocol', 'port', 'port_forward', 'rich_rule',
-             'interface', 'masquerade', 'source', 'target']
+             'interface', 'forward', 'masquerade', 'source', 'target']
         ],
     )
 
@@ -842,6 +897,7 @@ def main():
     immediate = module.params['immediate']
     timeout = module.params['timeout']
     interface = module.params['interface']
+    forward = module.params['forward']
     masquerade = module.params['masquerade']
     offline = module.params['offline']
 
@@ -905,7 +961,7 @@ def main():
 
     modification = False
     if any([icmp_block, icmp_block_inversion, service, protocol, port, port_forward, rich_rule,
-            interface, masquerade, source, target]):
+            interface, forward, masquerade, source, target]):
         modification = True
     if modification and desired_state in ['absent', 'present'] and target is None:
         module.fail_json(
@@ -1072,6 +1128,29 @@ def main():
         changed, transaction_msgs = transaction.run()
         msgs = msgs + transaction_msgs
 
+    if forward is not None:
+        # Type of forward will be changed to boolean in a future release.
+        forward_status = False
+        try:
+            forward_status = boolean(forward, False)
+        except TypeError:
+            module.warn('The value of the forward option is "%s". '
+                        'The type of the option will be changed from string to boolean in a future release. '
+                        'To avoid unexpected behavior, please change the value to boolean.' % forward)
+
+        expected_state = 'enabled' if (desired_state == 'enabled') == forward_status else 'disabled'
+        transaction = ForwardTransaction(
+            module,
+            action_args=(),
+            zone=zone,
+            desired_state=expected_state,
+            permanent=permanent,
+            immediate=immediate,
+        )
+
+        changed, transaction_msgs = transaction.run()
+        msgs = msgs + transaction_msgs
+
     if masquerade is not None:
         # Type of masquerade will be changed to boolean in a future release.
         masquerade_status = True

plugins/modules/mount.py

@@ -43,6 +43,11 @@ options:
     description:
       - Mount options (see fstab(5), or vfstab(4) on Solaris).
     type: str
+  opts_no_log:
+    description:
+      - Do not log opts.
+    type: bool
+    default: false
   dump:
     description:
       - Dump (see fstab(5)).
@@ -209,6 +214,7 @@ EXAMPLES = r'''
     src: //192.168.1.200/share
     path: /mnt/smb_share
     opts: "rw,vers=3,file_mode=0600,dir_mode=0700,dom={{ ad_domain }},username={{ ad_username }},password={{ ad_password }}"
+    opts_no_log: true
     fstype: cifs
     state: ephemeral
 '''
@@ -768,6 +774,7 @@ def main():
             fstype=dict(type='str'),
             path=dict(type='path', required=True, aliases=['name']),
             opts=dict(type='str'),
+            opts_no_log=dict(type='bool', default=False),
             passno=dict(type='str', no_log=False, default='0'),
             src=dict(type='path'),
             backup=dict(type='bool', default=False),
@@ -781,6 +788,9 @@ def main():
         ),
     )
 
+    if module.params['opts_no_log']:
+        module.no_log_values.add(module.params['opts'])
+
     # solaris args:
     #   name, src, fstype, opts, boot, passno, state, fstab=/etc/vfstab
     # linux args:

plugins/modules/synchronize.py

@@ -449,8 +449,8 @@ def main():
         except ValueError:
             module.fail_json(msg='Could not determine controller hostname for rsync to send to')
     else:
-        source = module.params['src']
+        source = '"' + module.params['src'] + '"'
-        dest = module.params['dest']
+        dest = '"' + module.params['dest'] + '"'
     dest_port = module.params['dest_port']
     delete = module.params['delete']
     private_key = module.params['private_key']

tests/integration/targets/firewalld/tasks/source_test_cases.yml

@@ -83,5 +83,6 @@
   ansible.builtin.assert:
     that:
       - result is not changed
-      - "result.msg ==
+      - >
-        'parameters are mutually exclusive: icmp_block|icmp_block_inversion|service|protocol|port|port_forward|rich_rule|interface|masquerade|source|target'"
+        result.msg == 'parameters are mutually exclusive:
+        icmp_block|icmp_block_inversion|service|protocol|port|port_forward|rich_rule|interface|forward|masquerade|source|target'

tests/integration/targets/firewalld/tasks/zone_test_cases.yml

@@ -23,6 +23,55 @@
     that:
       - result is not changed
 
+- name: Zone forwarding test
+  when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version is version('8', '>='))
+  block:
+    - name: Enable zone forwarding
+      ansible.posix.firewalld:
+        zone: custom
+        forward: true
+        permanent: true
+        state: enabled
+      register: result
+
+    - name: Assert zone forwarding is enabled
+      ansible.builtin.debug:
+        var: result is changed
+
+    - name: Enable zone forwarding (verify not changed)
+      ansible.posix.firewalld:
+        zone: custom
+        forward: true
+        permanent: true
+        state: enabled
+      register: result
+
+    - name: Assert zone forwarding is enabled (verify not changed)
+      ansible.builtin.debug:
+        var: result is not changed
+
+    - name: Disable zone forwarding
+      ansible.posix.firewalld:
+        zone: custom
+        forward: false
+        permanent: true
+        state: enabled
+
+    - name: Assert zone forwarding is disabled
+      ansible.builtin.debug:
+        var: result is changed
+
+    - name: Disable zone forwarding (verify not changed)
+      ansible.posix.firewalld:
+        zone: custom
+        forward: false
+        permanent: true
+        state: enabled
+
+    - name: Assert zone forwarding is disabled (verify not changed)
+      ansible.builtin.debug:
+        var: result is not changed
+
 - name: Firewalld remove zone custom
   ansible.posix.firewalld:
     zone: custom

tests/integration/targets/mount/tasks/main.yml

@@ -739,3 +739,53 @@
         - /tmp/myfs_A.img
         - /tmp/myfs_B.img
         - /tmp/myfs
+
+- name: Block to test opts_no_log option
+  when: ansible_system == 'Linux'
+  block:
+    - name: Create an empty file
+      community.general.filesize:
+        path: /tmp/myfs.img
+        size: 1M
+    - name: Format FS
+      community.general.filesystem:
+        fstype: ext4
+        dev: /tmp/myfs.img
+    - name: Mount the FS with opts_no_log option true
+      ansible.posix.mount:
+        path: /tmp/myfs
+        src: /tmp/myfs.img
+        fstype: ext4
+        state: mounted
+        opts: rw
+        opts_no_log: true
+      register: mount_info
+    - name: Assert opts_no_log option true
+      ansible.builtin.assert:
+        that:
+          - mount_info.opts == 'VALUE_SPECIFIED_IN_NO_LOG_PARAMETER'
+    - name: Remount the FS with opts_no_log option false
+      ansible.posix.mount:
+        path: /tmp/myfs
+        src: /tmp/myfs.img
+        fstype: ext4
+        state: remounted
+        opts: rw,user
+        opts_no_log: false
+      register: mount_info
+    - name: Assert opts_no_log option false
+      ansible.builtin.assert:
+        that:
+          - mount_info.opts == 'rw,user'
+  always:
+    - name: Unmount FS
+      ansible.posix.mount:
+        path: /tmp/myfs
+        state: absent
+    - name: Remove the test FS
+      ansible.builtin.file:
+        path: '{{ item }}'
+        state: absent
+      loop:
+        - /tmp/myfs.img
+        - /tmp/myfs

tests/sanity/ignore-2.19.txt

@@ -0,0 +1 @@
+tests/utils/shippable/timing.py shebang