Merge 3c881c61fa into 692b906b82

ci: .azure-pipelines/azure-pipelines.yml update distros

SUMMARY
ci: .azure-pipelines/azure-pipelines.yml update distros
As were reported in https://forum.ansible.com/t/ansible-test-images-and-vms-update-devel-2-20-2-19-2-18/45080
ISSUE TYPE


CI

Reviewed-by: Hideki Saito <saito@fgrep.org>

.ansible-lint

@@ -7,5 +7,9 @@ skip_list:
   - meta-runtime[unsupported-version]  # This rule doesn't make any sense
   - fqcn[deep]  # This rule produces false positives for files in tests/unit/plugins/action/fixtures/
   - sanity[cannot-ignore]  # This rule is skipped to keep backward compatibility with Python 2
+
 exclude_paths:
   - changelogs/
+  - .github/
+  - tests/
+  - meta/

.azure-pipelines/azure-pipelines.yml

@@ -57,6 +57,7 @@ stages:
               test: units
             - name: Lint
               test: lint
+
   - stage: Sanity_2_20
     displayName: Ansible 2.20 Sanity & Units & Lint
     dependsOn: []
@@ -72,6 +73,7 @@ stages:
               test: units
             - name: Lint
               test: lint
+
   - stage: Sanity_2_19
     displayName: Ansible 2.19 Sanity & Units & Lint
     dependsOn: []
@@ -87,6 +89,7 @@ stages:
               test: units
             - name: Lint
               test: lint
+
   - stage: Sanity_2_18
     displayName: Ansible 2.18 Sanity & Units & Lint
     dependsOn: []
@@ -102,6 +105,7 @@ stages:
               test: units
             - name: Lint
               test: lint
+
   - stage: Sanity_2_17
     displayName: Ansible 2.17 Sanity & Units & Lint
     dependsOn: []
@@ -117,21 +121,7 @@ stages:
               test: units
             - name: Lint
               test: lint
-  - stage: Sanity_2_16
+
-    displayName: Ansible 2.16 Sanity & Units & Lint
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: "{0}"
-          testFormat: 2.16/{0}
-          targets:
-            - name: Sanity
-              test: sanity
-            - name: Units
-              test: units
-            - name: Lint
-              test: lint
   ## Docker
   - stage: Docker_devel
     displayName: Docker devel
@@ -141,12 +131,13 @@ stages:
         parameters:
           testFormat: devel/linux/{0}/1
           targets:
-            - name: Fedora 42
+            - name: Fedora 43
-              test: fedora42
+              test: fedora43
             - name: Ubuntu 22.04
               test: ubuntu2204
             - name: Ubuntu 24.04
               test: ubuntu2404
+
   - stage: Docker_2_20
     displayName: Docker 2.20
     dependsOn: []
@@ -161,6 +152,7 @@ stages:
               test: ubuntu2204
             - name: Ubuntu 24.04
               test: ubuntu2404
+
   - stage: Docker_2_19
     displayName: Docker 2.19
     dependsOn: []
@@ -175,6 +167,7 @@ stages:
               test: ubuntu2204
             - name: Ubuntu 24.04
               test: ubuntu2404
+
   - stage: Docker_2_18
     displayName: Docker 2.18
     dependsOn: []
@@ -189,6 +182,7 @@ stages:
               test: ubuntu2204
             - name: Ubuntu 24.04
               test: ubuntu2404
+
   - stage: Docker_2_17
     displayName: Docker 2.17
     dependsOn: []
@@ -201,20 +195,6 @@ stages:
               test: fedora39
             - name: Ubuntu 22.04
               test: ubuntu2204
-  - stage: Docker_2_16
-    displayName: Docker 2.16
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.16/linux/{0}/1
-          targets:
-            - name: CentOS 7
-              test: centos7
-            - name: Fedora 38
-              test: fedora38
-            - name: Ubuntu 22.04
-              test: ubuntu2204
 
   ## Remote
   - stage: Remote_devel
@@ -225,14 +205,15 @@ stages:
         parameters:
           testFormat: devel/{0}/1
           targets:
-            - name: RHEL 10.0
+            - name: RHEL 10.1
-              test: rhel/10.0
+              test: rhel/10.1
-            - name: RHEL 9.6
+            - name: RHEL 9.7
-              test: rhel/9.6
+              test: rhel/9.7
             - name: FreeBSD 14.3
               test: freebsd/14.3
-            - name: FreeBSD 13.5
+            - name: FreeBSD 15.0
-              test: freebsd/13.5
+              test: freebsd/15.0
+
   - stage: Remote_2_20
     displayName: Remote 2.20
     dependsOn: []
@@ -241,14 +222,15 @@ stages:
         parameters:
           testFormat: 2.20/{0}/1
           targets:
-            - name: RHEL 10.0
+            - name: RHEL 10.1
-              test: rhel/10.0
+              test: rhel/10.1
-            - name: RHEL 9.6
+            - name: RHEL 9.7
-              test: rhel/9.6
+              test: rhel/9.7
             - name: FreeBSD 14.3
               test: freebsd/14.3
             - name: FreeBSD 13.5
               test: freebsd/13.5
+
   - stage: Remote_2_19
     displayName: Remote 2.19
     dependsOn: []
@@ -257,14 +239,15 @@ stages:
         parameters:
           testFormat: 2.19/{0}/1
           targets:
-            - name: RHEL 10.0
+            - name: RHEL 10.1
-              test: rhel/10.0
+              test: rhel/10.1
-            - name: RHEL 9.5
+            - name: RHEL 9.7
-              test: rhel/9.5
+              test: rhel/9.7
             - name: FreeBSD 14.2
               test: freebsd/14.2
             - name: FreeBSD 13.5
               test: freebsd/13.5
+
   - stage: Remote_2_18
     displayName: Remote 2.18
     dependsOn: []
@@ -273,12 +256,13 @@ stages:
         parameters:
           testFormat: 2.18/{0}/1
           targets:
-            - name: RHEL 10.0
+            - name: RHEL 10.1
-              test: rhel/10.0
+              test: rhel/10.1
-            - name: RHEL 9.4
+            - name: RHEL 9.7
-              test: rhel/9.4
+              test: rhel/9.7
             - name: FreeBSD 13.5
               test: freebsd/13.5
+
   - stage: Remote_2_17
     displayName: Remote 2.17
     dependsOn: []
@@ -292,26 +276,12 @@ stages:
               test: rhel/10.0
             - name: FreeBSD 13.5
               test: freebsd/13.5
-  - stage: Remote_2_16
-    displayName: Remote 2.16
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.16/{0}/1
-          targets:
-            # 2.16 remote target only has RHEL 9.6 image
-            - name: RHEL 9.6
-              test: rhel/9.6
 
   ## Finally
 
   - stage: Summary
     condition: succeededOrFailed()
     dependsOn:
-      - Sanity_2_16
-      - Remote_2_16
-      - Docker_2_16
       - Sanity_2_17
       - Remote_2_17
       - Docker_2_17

.github/BOTMETA.yml

@@ -1,52 +0,0 @@
----
-automerge: false
-files:
-  $module_utils/mount.py:
-    labels: mount
-  $modules/acl.py:
-    authors: astorije bcoca
-    labels: acl
-    ignore: astorije
-  $modules/at.py:
-    authors: risaacson
-    labels: at
-  $modules/authorized_key.py:
-    authors: ansible
-    labels: authorized_key
-  $modules/mount.py:
-    authors: ansible skvidal
-    maintainers: jtyr
-    labels: mount
-    ignore: skvidal
-  $modules/patch.py:
-    authors: jirutka luisperlaz
-  $modules/seboolean.py:
-    authors: sfromm
-    labels: seboolean
-  $modules/selinux.py:
-    authors: goozbach
-    maintainers: samdoran
-    labels: selinux
-  $modules/synchronize.py:
-    authors: tima
-    labels: synchronize
-  $modules/sysctl.py:
-    authors: davixx
-    maintainers: Akasurde
-    labels: sysctl
-  $plugins/:
-    labels: profile
-  $plugins/debug.py:
-    labels: debug
-  $plugins/patch.py:
-    labels: patch
-  $plugins/synchronize.py:
-    labels: synchronize
-  $plugins/timer.py:
-macros:
-  actions: plugins/action
-  callbacks: plugins/callback
-  module_utils: plugins/module_utils
-  modules: plugins/modules
-  plugins: plugins/plugins
-  shells: plugins/shell

.github/workflows/certification.yml

@@ -0,0 +1,35 @@
+---
+# This workflow calls the latest version of the
+# reusable workflow.
+# You can copy this file into your respository if
+# you want to check against pinned versions of
+# Automation Hub tests.
+name: Run collection certification checks
+
+on:
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+  schedule:
+    - cron: '0 6 * * *'
+
+concurrency:
+  group: cert-ver-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+
+# Files that are not related to the core functionality
+# of your collection can cause Ansible Lint to fail.
+# If this happens, add an .ansible-lint file that includes
+# those files and directories to the root of your
+# repository; for example:
+# https://github.com/ansible-collections/partner-certification-checker/blob/main/.ansible-lint
+# https://github.com/ansible-collections/partner-certification-checker/blob/main/.ansible-lint
+
+# If there are sanity test failures that cannot be fixed and are allowed to ignore
+# https://docs.ansible.com/projects/lint/rules/sanity/, create a sanity ignore file
+# https://docs.ansible.com/projects/ansible/devel/dev_guide/testing/sanity/ignores.html#ignore-file-location
+# for each affected version of ansible-core (for example, `tests/sanity/ignore-2.18.txt`) and add corresponding entries.
+jobs:
+  call:
+    uses: ansible-collections/partner-certification-checker/.github/workflows/certification-reusable.yml@v0.1

plugins/modules/acl.py

@@ -211,7 +211,10 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
                 cmd.append('--absolute-names')
             cmd.append('--omit-header')
 
-    if recursive and not use_nfsv4_acls:
+    if recursive:
+        if use_nfsv4_acls:
+            cmd.append('-R')  # Add recursive flag for NFSv4 ACLs
+        else:
             cmd.append('--recursive')
 
     if recalculate_mask == 'mask' and mode in ['set', 'rm']:
@@ -226,13 +229,18 @@ def build_command(module, mode, path, follow, default, recursive, recalculate_ma
             cmd.append('-h')
 
     if default:
+        if not use_nfsv4_acls:
             cmd.insert(1, '-d')
+        elif mode == 'set':
+            # For NFSv4 ACLs, handle default ACLs through the entry format or other means
+            # This is a placeholder for NFSv4 default ACL handling
+            pass
 
     cmd.append(path)
     return cmd
 
 
-def acl_changed(module, cmd, entry, use_nfsv4_acls=False):
+def acl_changed(module, cmd, entry, recursive=False, use_nfsv4_acls=False):
     '''Returns true if the provided command affects the existing ACLs, false otherwise.'''
     # To check the ACL changes, use the output of setfacl or nfs4_setfacl with '--test'.
     # FreeBSD do not have a --test flag, so by default, it is safer to always say "true".
@@ -247,6 +255,18 @@ def acl_changed(module, cmd, entry, use_nfsv4_acls=False):
         if line.endswith('*,*') and not use_nfsv4_acls:
             return False
         # if use_nfsv4_acls and entry is listed
+        if use_nfsv4_acls:
+            # For NFSv4 ACLs, ensure the entry is checked against the actual ACLs
+            for line in lines:
+                if recursive:
+                    # In recursive mode, ensure all entries match
+                    if entry not in line:
+                        return True
+                else:
+                    if entry in line:
+                        return False
+            return True
+
         if use_nfsv4_acls and entry == line:
             counter += 1
 
@@ -371,7 +391,7 @@ def main():
             module, 'set', path, follow,
             default, recursive, recalculate_mask, use_nfsv4_acls, entry
         )
-        changed = acl_changed(module, command, entry, use_nfsv4_acls)
+        changed = acl_changed(module, command, entry, recursive, use_nfsv4_acls)
 
         if changed and not module.check_mode:
             run_acl(module, command)
@@ -386,7 +406,7 @@ def main():
             module, 'rm', path, follow,
             default, recursive, recalculate_mask, use_nfsv4_acls, entry
         )
-        changed = acl_changed(module, command, entry, use_nfsv4_acls)
+        changed = acl_changed(module, command, entry, recursive, use_nfsv4_acls)
 
         if changed and not module.check_mode:
             run_acl(module, command, False)