ansible-core 2.18.0rc2__py3-none-any.whl → 2.18.1rc1__py3-none-any.whl

ansible/executor/task_executor.py

@@ -150,6 +150,7 @@ class TaskExecutor:
                         if 'unreachable' in item and item['unreachable']:
                             item_ignore_unreachable = item.pop('_ansible_ignore_unreachable')
                             if not res.get('unreachable'):
+                                res['unreachable'] = True
                                 self._task.ignore_unreachable = item_ignore_unreachable
                             elif self._task.ignore_unreachable and not item_ignore_unreachable:
                                 self._task.ignore_unreachable = item_ignore_unreachable

ansible/module_utils/ansible_release.py

@@ -17,6 +17,6 @@
 
 from __future__ import annotations
 
-__version__ = '2.18.0rc2'
+__version__ = '2.18.1rc1'
 __author__ = 'Ansible, Inc.'
 __codename__ = "Fool in the Rain"

ansible/module_utils/csharp/Ansible.AccessToken.cs

@@ -339,19 +339,47 @@ namespace Ansible.AccessToken
         public static IEnumerable<SafeNativeHandle> EnumerateUserTokens(SecurityIdentifier sid,
             TokenAccessLevels access = TokenAccessLevels.Query)
         {
+            return EnumerateUserTokens(sid, access, (p, h) => true);
+        }
+
+        public static IEnumerable<SafeNativeHandle> EnumerateUserTokens(
+            SecurityIdentifier sid,
+            TokenAccessLevels access,
+            Func<System.Diagnostics.Process, SafeNativeHandle, bool> processFilter)
+        {
+            // We always need the Query access level so we can query the TokenUser
+            access |= TokenAccessLevels.Query;
+
             foreach (System.Diagnostics.Process process in System.Diagnostics.Process.GetProcesses())
             {
-                // We always need the Query access level so we can query the TokenUser
                 using (process)
-                using (SafeNativeHandle hToken = TryOpenAccessToken(process, access | TokenAccessLevels.Query))
+                using (SafeNativeHandle processHandle = NativeMethods.OpenProcess(ProcessAccessFlags.QueryInformation, false, (UInt32)process.Id))
                 {
-                    if (hToken == null)
+                    if (processHandle.IsInvalid)
+                    {
                         continue;
+                    }
 
-                    if (!sid.Equals(GetTokenUser(hToken)))
+                    if (!processFilter(process, processHandle))
+                    {
                         continue;
+                    }
+
+                    SafeNativeHandle accessToken;
+                    if (!NativeMethods.OpenProcessToken(processHandle, access, out accessToken))
+                    {
+                        continue;
+                    }
+
+                    using (accessToken)
+                    {
+                        if (!sid.Equals(GetTokenUser(accessToken)))
+                        {
+                            continue;
+                        }
 
-                    yield return hToken;
+                        yield return accessToken;
+                    }
                 }
             }
         }
@@ -440,18 +468,5 @@ namespace Ansible.AccessToken
             for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T))))
                 array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T));
         }
-
-        private static SafeNativeHandle TryOpenAccessToken(System.Diagnostics.Process process, TokenAccessLevels access)
-        {
-            try
-            {
-                using (SafeNativeHandle hProcess = OpenProcess(process.Id, ProcessAccessFlags.QueryInformation, false))
-                    return OpenProcessToken(hProcess, access);
-            }
-            catch (Win32Exception)
-            {
-                return null;
-            }
-        }
     }
 }

ansible/module_utils/csharp/Ansible.Become.cs

@@ -93,10 +93,21 @@ namespace Ansible.Become
             CachedRemoteInteractive,
             CachedUnlock
         }
+
+        [Flags]
+        public enum ProcessChildProcessPolicyFlags
+        {
+            None = 0x0,
+            NoChildProcessCreation = 0x1,
+            AuditNoChildProcessCreation = 0x2,
+            AllowSecureProcessCreation = 0x4,
+        }
     }
 
     internal class NativeMethods
     {
+        public const int ProcessChildProcessPolicy = 13;
+
         [DllImport("advapi32.dll", SetLastError = true)]
         public static extern bool AllocateLocallyUniqueId(
             out Luid Luid);
@@ -116,6 +127,13 @@ namespace Ansible.Become
         [DllImport("kernel32.dll")]
         public static extern UInt32 GetCurrentThreadId();
 
+        [DllImport("kernel32.dll", SetLastError = true)]
+        public static extern bool GetProcessMitigationPolicy(
+            SafeNativeHandle hProcess,
+            int MitigationPolicy,
+            ref NativeHelpers.ProcessChildProcessPolicyFlags lpBuffer,
+            IntPtr dwLength);
+
         [DllImport("user32.dll", SetLastError = true)]
         public static extern NoopSafeHandle GetProcessWindowStation();
 
@@ -217,6 +235,7 @@ namespace Ansible.Become
         };
         private static int WINDOWS_STATION_ALL_ACCESS = 0x000F037F;
         private static int DESKTOP_RIGHTS_ALL_ACCESS = 0x000F01FF;
+        private static bool _getProcessMitigationPolicySupported = true;
 
         public static Result CreateProcessAsUser(string username, string password, string command)
         {
@@ -333,12 +352,13 @@ namespace Ansible.Become
                 // Grant access to the current Windows Station and Desktop to the become user
                 GrantAccessToWindowStationAndDesktop(account);
 
-                // Try and impersonate a SYSTEM token. We need the SeTcbPrivilege for
-                //  - LogonUser for a service SID
-                //  - S4U logon
-                //  - Token elevation
+                // Try and impersonate a SYSTEM token, we need a SYSTEM token to either become a well known service
+                // account or have administrative rights on the become access token.
+                // If we ultimately are becoming the SYSTEM account we want the token with the most privileges available.
+                // https://github.com/ansible/ansible/issues/71453
+                bool usedForProcess = becomeSid == "S-1-5-18";
                 systemToken = GetPrimaryTokenForUser(new SecurityIdentifier("S-1-5-18"),
-                    new List<string>() { "SeTcbPrivilege" });
+                    new List<string>() { "SeTcbPrivilege" }, usedForProcess);
                 if (systemToken != null)
                 {
                     try
@@ -356,9 +376,11 @@ namespace Ansible.Become
 
             try
             {
+                if (becomeSid == "S-1-5-18")
+                    userTokens.Add(systemToken);
                 // Cannot use String.IsEmptyOrNull() as an empty string is an account that doesn't have a pass.
                 // We only use S4U if no password was defined or it was null
-                if (!SERVICE_SIDS.Contains(becomeSid) && password == null && logonType != LogonType.NewCredentials)
+                else if (!SERVICE_SIDS.Contains(becomeSid) && password == null && logonType != LogonType.NewCredentials)
                 {
                     // If no password was specified, try and duplicate an existing token for that user or use S4U to
                     // generate one without network credentials
@@ -381,11 +403,6 @@ namespace Ansible.Become
                     string domain = null;
                     switch (becomeSid)
                     {
-                        case "S-1-5-18":
-                            logonType = LogonType.Service;
-                            domain = "NT AUTHORITY";
-                            username = "SYSTEM";
-                            break;
                         case "S-1-5-19":
                             logonType = LogonType.Service;
                             domain = "NT AUTHORITY";
@@ -427,8 +444,10 @@ namespace Ansible.Become
             return userTokens;
         }
 
-        private static SafeNativeHandle GetPrimaryTokenForUser(SecurityIdentifier sid,
-            List<string> requiredPrivileges = null)
+        private static SafeNativeHandle GetPrimaryTokenForUser(
+            SecurityIdentifier sid,
+            List<string> requiredPrivileges = null,
+            bool usedForProcess = false)
         {
             // According to CreateProcessWithTokenW we require a token with
             //  TOKEN_QUERY, TOKEN_DUPLICATE and TOKEN_ASSIGN_PRIMARY
@@ -438,7 +457,19 @@ namespace Ansible.Become
                 TokenAccessLevels.AssignPrimary |
                 TokenAccessLevels.Impersonate;
 
-            foreach (SafeNativeHandle hToken in TokenUtil.EnumerateUserTokens(sid, dwAccess))
+            SafeNativeHandle userToken = null;
+            int privilegeCount = 0;
+
+            // If we are using this token for the process, we need to check the
+            // process mitigation policy allows child processes to be created.
+            var processFilter = usedForProcess
+                ? (Func<System.Diagnostics.Process, SafeNativeHandle, bool>)((p, t) =>
+                {
+                    return GetProcessChildProcessPolicyFlags(t) == NativeHelpers.ProcessChildProcessPolicyFlags.None;
+                })
+                : ((p, t) => true);
+
+            foreach (SafeNativeHandle hToken in TokenUtil.EnumerateUserTokens(sid, dwAccess, processFilter))
             {
                 // Filter out any Network logon tokens, using become with that is useless when S4U
                 // can give us a Batch logon
@@ -448,6 +479,10 @@ namespace Ansible.Become
 
                 List<string> actualPrivileges = TokenUtil.GetTokenPrivileges(hToken).Select(x => x.Name).ToList();
 
+                // If the token has less or the same number of privileges than the current token, skip it.
+                if (usedForProcess && privilegeCount >= actualPrivileges.Count)
+                    continue;
+
                 // Check that the required privileges are on the token
                 if (requiredPrivileges != null)
                 {
@@ -459,16 +494,22 @@ namespace Ansible.Become
                 // Duplicate the token to convert it to a primary token with the access level required.
                 try
                 {
-                    return TokenUtil.DuplicateToken(hToken, TokenAccessLevels.MaximumAllowed,
+                    userToken = TokenUtil.DuplicateToken(hToken, TokenAccessLevels.MaximumAllowed,
                         SecurityImpersonationLevel.Anonymous, TokenType.Primary);
+                    privilegeCount = actualPrivileges.Count;
                 }
                 catch (Process.Win32Exception)
                 {
                     continue;
                 }
+
+                // If we don't care about getting the token with the most privileges, escape the loop as we already
+                // have a token.
+                if (!usedForProcess)
+                    break;
             }
 
-            return null;
+            return userToken;
         }
 
         private static SafeNativeHandle GetS4UTokenForUser(SecurityIdentifier sid, LogonType logonType)
@@ -581,6 +622,35 @@ namespace Ansible.Become
                 return null;
         }
 
+        private static NativeHelpers.ProcessChildProcessPolicyFlags GetProcessChildProcessPolicyFlags(SafeNativeHandle processHandle)
+        {
+            // Because this is only used to check the policy, we ignore any
+            // errors and pretend that the policy is None.
+            NativeHelpers.ProcessChildProcessPolicyFlags policy = NativeHelpers.ProcessChildProcessPolicyFlags.None;
+
+            if (_getProcessMitigationPolicySupported)
+            {
+                try
+                {
+                    if (NativeMethods.GetProcessMitigationPolicy(
+                        processHandle,
+                        NativeMethods.ProcessChildProcessPolicy,
+                        ref policy,
+                        (IntPtr)4))
+                    {
+                        return policy;
+                    }
+                }
+                catch (EntryPointNotFoundException)
+                {
+                    // If the function is not available, we won't try to call it again
+                    _getProcessMitigationPolicySupported = false;
+                }
+            }
+
+            return policy;
+        }
+
         private static NativeHelpers.SECURITY_LOGON_TYPE GetTokenLogonType(SafeNativeHandle hToken)
         {
             TokenStatistics stats = TokenUtil.GetTokenStatistics(hToken);
@@ -637,4 +707,4 @@ namespace Ansible.Become
             { }
         }
     }
-}
+}

ansible/modules/command.py

@@ -15,12 +15,11 @@ version_added: historical
 description:
      - The M(ansible.builtin.command) module takes the command name followed by a list of space-delimited arguments.
      - The given command will be executed on all selected nodes.
-     - The command(s) will not be
-       processed through the shell, so variables like C($HOSTNAME) and operations
-       like C("*"), C("<"), C(">"), C("|"), C(";") and C("&") will not work.
+     - The command(s) will not be processed through the shell, so operations like C("*"), C("<"), C(">"), C("|"), C(";") and C("&") will not work.
+       Also, environment variables are resolved via Python, not shell, see O(expand_argument_vars) and are left unchanged if not matched.
        Use the M(ansible.builtin.shell) module if you need these features.
-     - To create C(command) tasks that are easier to read than the ones using space-delimited
-       arguments, pass parameters using the C(args) L(task keyword,https://docs.ansible.com/ansible/latest/reference_appendices/playbooks_keywords.html#task)
+     - To create C(command) tasks that are easier to read than the ones using space-delimited arguments,
+       pass parameters using the C(args) L(task keyword,https://docs.ansible.com/ansible/latest/reference_appendices/playbooks_keywords.html#task)
        or use O(cmd) parameter.
      - Either a free form command or O(cmd) parameter is required, see the examples.
      - For Windows targets, use the M(ansible.windows.win_command) module instead.
@@ -41,8 +40,8 @@ attributes:
 options:
   expand_argument_vars:
     description:
-      - Expands the arguments that are variables, for example C($HOME) will be expanded before being passed to the
-        command to run.
+      - Expands the arguments that are variables, for example C($HOME) will be expanded before being passed to the command to run.
+      - If a variable is not matched, it is left unchanged, unlike shell substitution which would remove it.
       - Set to V(false) to disable expansion and treat the value as a literal argument.
     type: bool
     default: true

ansible/modules/dnf5.py

@@ -358,6 +358,21 @@ libdnf5 = None
 
 def is_installed(base, spec):
     settings = libdnf5.base.ResolveSpecSettings()
+    try:
+        settings.set_group_with_name(True)
+        # Disable checking whether SPEC is a binary -> `/usr/(s)bin/<SPEC>`,
+        # this prevents scenarios like the following:
+        #   * the `sssd-common` package is installed and provides `/usr/sbin/sssd` binary
+        #   * the `sssd` package is NOT installed
+        #   * due to `set_with_binaries(True)` being default `is_installed(base, "sssd")` would "unexpectedly" return True
+        # If users wish to target the `sssd` binary they can by specifying the full path `name=/usr/sbin/sssd` explicitly
+        # due to settings.set_with_filenames(True) being default.
+        settings.set_with_binaries(False)
+    except AttributeError:
+        # dnf5 < 5.2.0.0
+        settings.group_with_name = True
+        settings.with_binaries = False
+
     installed_query = libdnf5.rpm.PackageQuery(base)
     installed_query.filter_installed()
     match, nevra = installed_query.resolve_pkg_spec(spec, settings, True)
@@ -646,9 +661,12 @@ class Dnf5Module(YumDnf):
         settings = libdnf5.base.GoalJobSettings()
         try:
             settings.set_group_with_name(True)
+            settings.set_with_binaries(False)
         except AttributeError:
             # dnf5 < 5.2.0.0
             settings.group_with_name = True
+            settings.with_binaries = False
+
         if self.bugfix or self.security:
             advisory_query = libdnf5.advisory.AdvisoryQuery(base)
             types = []

ansible/plugins/lookup/varnames.py

@@ -13,11 +13,14 @@ DOCUMENTATION = """
       _terms:
         description: List of Python regex patterns to search for in variable names.
         required: True
+    seealso:
+        - plugin_type: lookup
+          plugin: ansible.builtin.vars
 """
 
 EXAMPLES = """
 - name: List variables that start with qz_
-  ansible.builtin.debug: msg="{{ lookup('ansible.builtin.varnames', '^qz_.+')}}"
+  ansible.builtin.debug: msg="{{ lookup('ansible.builtin.varnames', '^qz_.+') }}"
   vars:
     qz_1: hello
     qz_2: world
@@ -25,13 +28,16 @@ EXAMPLES = """
     qz_: "I won't show either"
 
 - name: Show all variables
-  ansible.builtin.debug: msg="{{ lookup('ansible.builtin.varnames', '.+')}}"
+  ansible.builtin.debug: msg="{{ lookup('ansible.builtin.varnames', '.+') }}"
 
 - name: Show variables with 'hosts' in their names
-  ansible.builtin.debug: msg="{{ lookup('ansible.builtin.varnames', 'hosts')}}"
+  ansible.builtin.debug: msg="{{ q('varnames', 'hosts') }}"
 
 - name: Find several related variables that end specific way
-  ansible.builtin.debug: msg="{{ lookup('ansible.builtin.varnames', '.+_zone$', '.+_location$') }}"
+  ansible.builtin.debug: msg="{{ query('ansible.builtin.varnames', '.+_zone$', '.+_location$') }}"
+
+- name: display values from variables found via varnames (note "*" is used to dereference the list to a 'list of arguments')
+  debug: msg="{{ lookup('vars', *lookup('varnames', 'ansible_play_.+')) }}"
 
 """
 

ansible/plugins/lookup/vars.py

@@ -17,6 +17,10 @@ DOCUMENTATION = """
         description:
             - What to return if a variable is undefined.
             - If no default is set, it will result in an error if any of the variables is undefined.
+    seealso:
+    - plugin_type: lookup
+      plugin: ansible.builtin.varnames
+
 """
 
 EXAMPLES = """
@@ -27,20 +31,23 @@ EXAMPLES = """
     myvar: ename
 
 - name: Show default empty since i dont have 'variablnotename'
-  ansible.builtin.debug: msg="{{ lookup('ansible.builtin.vars', 'variabl' + myvar, default='')}}"
+  ansible.builtin.debug: msg="{{ lookup('ansible.builtin.vars', 'variabl' + myvar, default='') }}"
   vars:
     variablename: hello
     myvar: notename
 
 - name: Produce an error since i dont have 'variablnotename'
-  ansible.builtin.debug: msg="{{ lookup('ansible.builtin.vars', 'variabl' + myvar)}}"
+  ansible.builtin.debug: msg="{{ q('vars', 'variabl' + myvar) }}"
   ignore_errors: True
   vars:
     variablename: hello
     myvar: notename
 
 - name: find several related variables
-  ansible.builtin.debug: msg="{{ lookup('ansible.builtin.vars', 'ansible_play_hosts', 'ansible_play_batch', 'ansible_play_hosts_all') }}"
+  ansible.builtin.debug: msg="{{ query('ansible.builtin.vars', 'ansible_play_hosts', 'ansible_play_batch', 'ansible_play_hosts_all') }}"
+
+- name: show values from variables found via varnames (note "*" is used to dereference the list to a 'list of arguments')
+  debug: msg="{{ q('vars', *q('varnames', 'ansible_play_.+')) }}"
 
 - name: Access nested variables
   ansible.builtin.debug: msg="{{ lookup('ansible.builtin.vars', 'variabl' + myvar).sub_var }}"

ansible/release.py

@@ -17,6 +17,6 @@
 
 from __future__ import annotations
 
-__version__ = '2.18.0rc2'
+__version__ = '2.18.1rc1'
 __author__ = 'Ansible, Inc.'
 __codename__ = "Fool in the Rain"

ansible/template/__init__.py

@@ -48,7 +48,7 @@ from ansible.module_utils.six import string_types
 from ansible.module_utils.common.text.converters import to_native, to_text, to_bytes
 from ansible.module_utils.common.collections import is_sequence
 from ansible.plugins.loader import filter_loader, lookup_loader, test_loader
-from ansible.template.native_helpers import ansible_native_concat, ansible_eval_concat, ansible_concat
+from ansible.template.native_helpers import AnsibleUndefined, ansible_native_concat, ansible_eval_concat, ansible_concat
 from ansible.template.template import AnsibleJ2Template
 from ansible.template.vars import AnsibleJ2Vars
 from ansible.utils.display import Display
@@ -312,35 +312,6 @@ def _wrap_native_text(func):
     return functools.update_wrapper(wrapper, func)
 
 
-class AnsibleUndefined(StrictUndefined):
-    '''
-    A custom Undefined class, which returns further Undefined objects on access,
-    rather than throwing an exception.
-    '''
-    def __getattr__(self, name):
-        if name == '__UNSAFE__':
-            # AnsibleUndefined should never be assumed to be unsafe
-            # This prevents ``hasattr(val, '__UNSAFE__')`` from evaluating to ``True``
-            raise AttributeError(name)
-        # Return original Undefined object to preserve the first failure context
-        return self
-
-    def __getitem__(self, key):
-        # Return original Undefined object to preserve the first failure context
-        return self
-
-    def __repr__(self):
-        return 'AnsibleUndefined(hint={0!r}, obj={1!r}, name={2!r})'.format(
-            self._undefined_hint,
-            self._undefined_obj,
-            self._undefined_name
-        )
-
-    def __contains__(self, item):
-        # Return original Undefined object to preserve the first failure context
-        return self
-
-
 class AnsibleContext(Context):
     '''
     A custom context, which intercepts resolve_or_missing() calls and sets a flag

ansible/template/native_helpers.py

@@ -5,13 +5,19 @@ from __future__ import annotations
 
 
 import ast
+from collections.abc import Mapping
 from itertools import islice, chain
 from types import GeneratorType
 
+from ansible.module_utils.common.collections import is_sequence
 from ansible.module_utils.common.text.converters import to_text
 from ansible.module_utils.six import string_types
 from ansible.parsing.yaml.objects import AnsibleVaultEncryptedUnicode
 from ansible.utils.native_jinja import NativeJinjaText
+from ansible.utils.unsafe_proxy import wrap_var
+import ansible.module_utils.compat.typing as t
+
+from jinja2.runtime import StrictUndefined
 
 
 _JSON_MAP = {
@@ -28,6 +34,40 @@ class Json2Python(ast.NodeTransformer):
         return ast.Constant(value=_JSON_MAP[node.id])
 
 
+def _is_unsafe(value: t.Any) -> bool:
+    """
+    Our helper function, which will also recursively check dict and
+    list entries due to the fact that they may be repr'd and contain
+    a key or value which contains jinja2 syntax and would otherwise
+    lose the AnsibleUnsafe value.
+    """
+    to_check = [value]
+    seen = set()
+
+    while True:
+        if not to_check:
+            break
+
+        val = to_check.pop(0)
+        val_id = id(val)
+
+        if val_id in seen:
+            continue
+        seen.add(val_id)
+
+        if isinstance(val, AnsibleUndefined):
+            continue
+        if isinstance(val, Mapping):
+            to_check.extend(val.keys())
+            to_check.extend(val.values())
+        elif is_sequence(val):
+            to_check.extend(val)
+        elif getattr(val, '__UNSAFE__', False):
+            return True
+
+    return False
+
+
 def ansible_eval_concat(nodes):
     """Return a string of concatenated compiled nodes. Throw an undefined error
     if any of the nodes is undefined.
@@ -43,17 +83,28 @@ def ansible_eval_concat(nodes):
     if not head:
         return ''
 
+    unsafe = False
+
     if len(head) == 1:
         out = head[0]
 
         if isinstance(out, NativeJinjaText):
             return out
 
+        unsafe = _is_unsafe(out)
         out = to_text(out)
     else:
         if isinstance(nodes, GeneratorType):
             nodes = chain(head, nodes)
-        out = ''.join([to_text(v) for v in nodes])
+
+        out_values = []
+        for v in nodes:
+            if not unsafe and _is_unsafe(v):
+                unsafe = True
+
+            out_values.append(to_text(v))
+
+        out = ''.join(out_values)
 
     # if this looks like a dictionary, list or bool, convert it to such
     if out.startswith(('{', '[')) or out in ('True', 'False'):
@@ -68,6 +119,9 @@ def ansible_eval_concat(nodes):
         except (TypeError, ValueError, SyntaxError, MemoryError):
             pass
 
+    if unsafe:
+        out = wrap_var(out)
+
     return out
 
 
@@ -78,7 +132,19 @@ def ansible_concat(nodes):
 
     Used in Templar.template() when jinja2_native=False and convert_data=False.
     """
-    return ''.join([to_text(v) for v in nodes])
+    unsafe = False
+    values = []
+    for v in nodes:
+        if not unsafe and _is_unsafe(v):
+            unsafe = True
+
+        values.append(to_text(v))
+
+    out = ''.join(values)
+    if unsafe:
+        out = wrap_var(out)
+
+    return out
 
 
 def ansible_native_concat(nodes):
@@ -95,6 +161,8 @@ def ansible_native_concat(nodes):
     if not head:
         return None
 
+    unsafe = False
+
     if len(head) == 1:
         out = head[0]
 
@@ -115,10 +183,21 @@ def ansible_native_concat(nodes):
         # short-circuit literal_eval for anything other than strings
         if not isinstance(out, string_types):
             return out
+
+        unsafe = _is_unsafe(out)
+
     else:
         if isinstance(nodes, GeneratorType):
             nodes = chain(head, nodes)
-        out = ''.join([to_text(v) for v in nodes])
+
+        out_values = []
+        for v in nodes:
+            if not unsafe and _is_unsafe(v):
+                unsafe = True
+
+            out_values.append(to_text(v))
+
+        out = ''.join(out_values)
 
     try:
         evaled = ast.literal_eval(
@@ -128,10 +207,45 @@ def ansible_native_concat(nodes):
             ast.parse(out, mode='eval')
         )
     except (TypeError, ValueError, SyntaxError, MemoryError):
+        if unsafe:
+            out = wrap_var(out)
+
         return out
 
     if isinstance(evaled, string_types):
         quote = out[0]
-        return f'{quote}{evaled}{quote}'
+        evaled = f'{quote}{evaled}{quote}'
+
+    if unsafe:
+        evaled = wrap_var(evaled)
 
     return evaled
+
+
+class AnsibleUndefined(StrictUndefined):
+    """
+    A custom Undefined class, which returns further Undefined objects on access,
+    rather than throwing an exception.
+    """
+    def __getattr__(self, name):
+        if name == '__UNSAFE__':
+            # AnsibleUndefined should never be assumed to be unsafe
+            # This prevents ``hasattr(val, '__UNSAFE__')`` from evaluating to ``True``
+            raise AttributeError(name)
+        # Return original Undefined object to preserve the first failure context
+        return self
+
+    def __getitem__(self, key):
+        # Return original Undefined object to preserve the first failure context
+        return self
+
+    def __repr__(self):
+        return 'AnsibleUndefined(hint={0!r}, obj={1!r}, name={2!r})'.format(
+            self._undefined_hint,
+            self._undefined_obj,
+            self._undefined_name
+        )
+
+    def __contains__(self, item):
+        # Return original Undefined object to preserve the first failure context
+        return self

ansible/vars/hostvars.py

@@ -92,10 +92,12 @@ class HostVars(Mapping):
         return self._find_host(host_name) is not None
 
     def __iter__(self):
-        yield from self._inventory.hosts
+        # include implicit localhost only if it has variables set
+        yield from self._inventory.hosts | {'localhost': self._inventory.localhost} if self._inventory.localhost else {}
 
     def __len__(self):
-        return len(self._inventory.hosts)
+        # include implicit localhost only if it has variables set
+        return len(self._inventory.hosts) + (1 if self._inventory.localhost else 0)
 
     def __repr__(self):
         out = {}

{ansible_core-2.18.0rc2.dist-info → ansible_core-2.18.1rc1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: ansible-core
-Version: 2.18.0rc2
+Version: 2.18.1rc1
 Summary: Radically simple IT automation
 Author: Ansible Project
 Project-URL: Homepage, https://ansible.com/
@@ -32,11 +32,11 @@ License-File: licenses/Apache-License.txt
 License-File: licenses/MIT-license.txt
 License-File: licenses/PSF-license.txt
 License-File: licenses/simplified_bsd.txt
-Requires-Dist: jinja2 >=3.0.0
-Requires-Dist: PyYAML >=5.1
+Requires-Dist: jinja2>=3.0.0
+Requires-Dist: PyYAML>=5.1
 Requires-Dist: cryptography
 Requires-Dist: packaging
-Requires-Dist: resolvelib <1.1.0,>=0.5.3
+Requires-Dist: resolvelib<1.1.0,>=0.5.3
 
 [![PyPI version](https://img.shields.io/pypi/v/ansible-core.svg)](https://pypi.org/project/ansible-core)
 [![Docs badge](https://img.shields.io/badge/docs-latest-brightgreen.svg)](https://docs.ansible.com/ansible/latest/)

{ansible_core-2.18.0rc2.dist-info → ansible_core-2.18.1rc1.dist-info}/RECORD

@@ -3,7 +3,7 @@ ansible/__main__.py,sha256=24j-7-YT4lZ2fmV80JD-VRoYBnxR7YoP_VP-orJtDt0,796
 ansible/constants.py,sha256=dSgbrzNsmhYc4GQOWZvRm4XKgf--_MUWcMa_9_7l5Pc,9757
 ansible/context.py,sha256=oKYyfjfWpy8vDeProtqfnqSmuij_t75_5e5t0U_hQ1g,1933
 ansible/keyword_desc.yml,sha256=xD-MRMB8mSRaj2ADwRnjIEbOwJKbc6BYadouGPfS0mI,7462
-ansible/release.py,sha256=gXhvjcTPfQX0uSeFezLYafifTwn4dkgfRceZe8lieM4,839
+ansible/release.py,sha256=0ZMgTOTRKMyYnQWknncQyldpI2t8HSHVuMmm_U-K_sE,839
 ansible/_vendor/__init__.py,sha256=2QBeBwT7uG7M3Aw-pIdCpt6XPtHMCpbEKfACYKA7xIg,2033
 ansible/cli/__init__.py,sha256=e0KjeLfG1Ketbwl-uOmQ-zXoq3_El80LnHTGu80d1gs,28111
 ansible/cli/adhoc.py,sha256=quJ9WzRzf3dz_dtDGmahNMffqyNVy1jzQCMo21YL5Qg,8194
@@ -37,7 +37,7 @@ ansible/executor/module_common.py,sha256=4pVfjMgCle9ttAZTeuwSx3Kdi0rljagyHC11i4V
 ansible/executor/play_iterator.py,sha256=Oazd9aWy4zB67uy27sYg4BveFx_Uf_tIsbhD76hMc28,32496
 ansible/executor/playbook_executor.py,sha256=qurZBiWjAWWRYcHb3ti4sBI8_WotOYvTRDar4JC3leE,14764
 ansible/executor/stats.py,sha256=gcBhJQrZTgE95737d6lArJ3FpTlbAfVt6GMhEqs5ZPU,3180
-ansible/executor/task_executor.py,sha256=1kc49j7Iwf2UZm4DuSwgihJ51Wzuey2vcQZlBwWeGK4,61280
+ansible/executor/task_executor.py,sha256=99oxT0B787aRpw7B8OssXWuzltcfiraGISnIpHTo7U4,61338
 ansible/executor/task_queue_manager.py,sha256=fC404XkveICb7hRwIVu4PvRNgFkFLCNihsGsUDHVFzg,18640
 ansible/executor/task_result.py,sha256=48zZWpxCiM0Z_MVG9zGQGCxHLNzs1horT68Qmfa-v_8,5696
 ansible/executor/discovery/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -141,7 +141,7 @@ ansible/inventory/host.py,sha256=PDb5OTplhfpUIvdHiP2BckUOB1gUl302N-3sW0_sTyg,503
 ansible/inventory/manager.py,sha256=45mHgZTAkQ3IjAtrgsNzJXvynC-HIEor-JJE-V3xXN4,29454
 ansible/module_utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 ansible/module_utils/_text.py,sha256=VkWgAnSNVCbTQqZgllUObBFsH3uM4EUW5srl1UR9t1g,544
-ansible/module_utils/ansible_release.py,sha256=gXhvjcTPfQX0uSeFezLYafifTwn4dkgfRceZe8lieM4,839
+ansible/module_utils/ansible_release.py,sha256=0ZMgTOTRKMyYnQWknncQyldpI2t8HSHVuMmm_U-K_sE,839
 ansible/module_utils/api.py,sha256=r4wd6XZGhUnxMF416Ry6ebgq8BIhjCPSPOvO2ZtrYxE,5785
 ansible/module_utils/basic.py,sha256=fogfpo_l7JtS34WvgwwOebmPfMhFjQaJN5CwjKgUJVE,86291
 ansible/module_utils/connection.py,sha256=8TviwCucQ7d_JILwaUHE4tCuNfR3U1WFkmxLMxWa8Rw,7671
@@ -184,9 +184,9 @@ ansible/module_utils/compat/selectors.py,sha256=OcR8ACS6Cr9ShlFlv8sC3QQZ7qUaP5Wh
 ansible/module_utils/compat/selinux.py,sha256=9bq2UMTE_PILEHdvUsXPk_84oWfKiMppyrZs7qH4jdI,3488
 ansible/module_utils/compat/typing.py,sha256=J_K9Ru1-f0KSKO_WhWGRCh0WBNWl6jUmQK1_0yYYZOs,736
 ansible/module_utils/compat/version.py,sha256=ifck3MH9LhxMENpZXOrntEqX6b7X8shknt3Fweg6AzQ,12734
-ansible/module_utils/csharp/Ansible.AccessToken.cs,sha256=4HzIFQKGG3ZTg8tehVcM_ukMi057wxxLdYFZoqsij5I,15871
+ansible/module_utils/csharp/Ansible.AccessToken.cs,sha256=TIOpRx4lv9FlhMyWfHS30CIMRtM3uqR8-u6Rv0X1HWE,16390
 ansible/module_utils/csharp/Ansible.Basic.cs,sha256=xp1pMZNhib3vhR3Wdc5JlDv1SORo4dIGjc17LmnLr1g,78845
-ansible/module_utils/csharp/Ansible.Become.cs,sha256=E2z2LFYv5bC7hzLP6GfZt8oYZEGN8bryOzbJfumpZ4U,29716
+ansible/module_utils/csharp/Ansible.Become.cs,sha256=g0FyAMO3kl186IGhgACQhNAMP8o2UHNzXVUv0Enau2w,32793
 ansible/module_utils/csharp/Ansible.Privilege.cs,sha256=7e46na6k6ygdRwN53bzfIS8O-IwfM1TF_q5DeFH2Z80,19398
 ansible/module_utils/csharp/Ansible.Process.cs,sha256=bON6hExhSB-SR2p2ryFZj6kU3a5TxonFv498wg2Je98,19452
 ansible/module_utils/csharp/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -289,14 +289,14 @@ ansible/modules/assert.py,sha256=EAfJEQ21pgdKqhqQAI_pfJIQPyKX0XEP2BP6kJgLCgU,295
 ansible/modules/async_status.py,sha256=iuNMObp1piLIaoO-7ZiueUNitk-5CDW93l9iVPqd53I,4574
 ansible/modules/async_wrapper.py,sha256=OjA0E7lm8mvlxXA76-HVvjc_H1fHae0Euh25exY6gEc,11619
 ansible/modules/blockinfile.py,sha256=A_6b-ZHKWIB8G5mgn6rFJeZfoUtqUO80orHx5j5TBPY,15451
-ansible/modules/command.py,sha256=dxhIvyeOwQG_SkVSHN0h652z6a3sTAR532HB_zwM4hc,13962
+ansible/modules/command.py,sha256=ItnYqvij_n4UOR344EetJ9xn_abCAj5_qklJ-rzlN8A,14155
 ansible/modules/copy.py,sha256=2A1rh9Mpl8oFgTeS7xmVSUZ1v920I60jMEgrkwfBwyg,32106
 ansible/modules/cron.py,sha256=qR5ePdI3GZQeBSCn9YqxTxWlNEblCaTFnBRZqLjtnPo,26353
 ansible/modules/deb822_repository.py,sha256=SLJM8bBLc70WYu3-OA67wd5hMft3pznYAMIidYOtmUU,15791
 ansible/modules/debconf.py,sha256=Y49U5pM6UpKvYAvDbOhYe6kmQFAaxjl7YoYnPrOaGGU,9362
 ansible/modules/debug.py,sha256=BFbzrU_vl-Try5DuLV20_sLgqxEJlPV9uOrgAtby2e8,2908
 ansible/modules/dnf.py,sha256=rsb28kjMMnTu-rPW0Pdnbs2RPyvfdhWgXeUORUSgzEI,52288
-ansible/modules/dnf5.py,sha256=9nM6v8C4icI0vQ_5HIpmCY_XtYPOGHUhBwKabt7pz2Q,28230
+ansible/modules/dnf5.py,sha256=csebof_G-_9HPDRJw65bnWv492jXL5Om7O4adw5w0Xg,29128
 ansible/modules/dpkg_selections.py,sha256=lTWBhmVFrf6PsV4_BoR23wVTJOloCH1YNPcAn0m7DTY,2805
 ansible/modules/expect.py,sha256=O4emRoJ09i3OLmVX5j84WHkGKWg6bMytYpZlExOrSmc,9369
 ansible/modules/fail.py,sha256=95z8jFyVaizwwupSce04kj1wwnOmbM0ooUX7mXluoyU,1659
@@ -576,8 +576,8 @@ ansible/plugins/lookup/template.py,sha256=xFYWKY808hHPj7nJbaLM2mZro79p6TjpFXyAcR
 ansible/plugins/lookup/together.py,sha256=T4J2miqHTnrDP6-CrlJ3wgI0UgyZyYVRVrDTWx3olpY,2110
 ansible/plugins/lookup/unvault.py,sha256=5LU8Lf7Gx0yRh8z0u1giSXkd93pkSZ34ibkoQnHCsyw,2049
 ansible/plugins/lookup/url.py,sha256=8JzzKOuWNI4st--CwmJZx-16ykFZKhcZdj4wb1za0Tk,9583
-ansible/plugins/lookup/varnames.py,sha256=h5ZAHOx8MlEvv466AirXCaGZ5DeH95evGb2he8_aKqA,2330
-ansible/plugins/lookup/vars.py,sha256=eXVZdwumdcp3ajaDX7JyIYeGvQ6L-HxHGfnob9Pnkg8,3424
+ansible/plugins/lookup/varnames.py,sha256=4WKSH-u0ZnQD47r20c5OenaG6Vlamp6nweIZSFOJ0b8,2595
+ansible/plugins/lookup/vars.py,sha256=W9at2j3xBk6z4IXfSutTEHqdzbiTI1B1tuYOLdd1BMQ,3672
 ansible/plugins/netconf/__init__.py,sha256=50w1g2rhUo6L-xtiMT20jbR8WyOnhwNSRd2IRNSjNX4,17094
 ansible/plugins/shell/__init__.py,sha256=8pc3ab91OGbnvzk3oQ-sU8uXMXNoNbjtdCbdXmZYTWY,8985
 ansible/plugins/shell/cmd.py,sha256=kPCSKrJJFH5XTkmteEI3P1Da6WfPSXxDnV39VFpgD-A,2170
@@ -645,8 +645,8 @@ ansible/plugins/test/version.yml,sha256=2d55HZGIniPu53z6_bV4C26_1sqRAHJqCwesOU3m
 ansible/plugins/test/version_compare.yml,sha256=2d55HZGIniPu53z6_bV4C26_1sqRAHJqCwesOU3ma38,3283
 ansible/plugins/vars/__init__.py,sha256=D3YwVKABesBwag9e7GsLOxlRWqEO5NgfHDmYSq0z_1k,1331
 ansible/plugins/vars/host_group_vars.py,sha256=Qouyds_KOEuqaz4GlTYQnQUxXyTyyjFMj7maRnH8miU,6284
-ansible/template/__init__.py,sha256=PZCt_0sZreC4AAg-XSdwoo1VG237Z_B9NElxU1Yu1oU,40686
-ansible/template/native_helpers.py,sha256=XjaTCQFSq0X6xTVENviRKYRVqmgI7IXCx70DeZ0C7F4,4333
+ansible/template/__init__.py,sha256=Raj_xvUtICZnReq0UhYTiJXQJVcC16Q9q2iQ4_KbUeo,39682
+ansible/template/native_helpers.py,sha256=l-Jo2-ExemCheK-Yi-NRIUYkJyHqCGjRsW2ANTrqmuQ,7213
 ansible/template/template.py,sha256=47dvX9AqSKlp6-n2QRPrHyhI3bboVyOpQekmQYryUB4,1583
 ansible/template/vars.py,sha256=YUCVqNLS3wjYHACSei7f5uwZMZRBTwiyjGge09EP00E,2854
 ansible/utils/__init__.py,sha256=mRvbCJPA-_veSG5ka3v04G5vsarLVDeB3EWFsu6geSI,749
@@ -683,7 +683,7 @@ ansible/utils/collection_loader/_collection_meta.py,sha256=L8NWlDs5KBMASIKRGoFTN
 ansible/vars/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 ansible/vars/clean.py,sha256=X2WMksJMWITQ9FsM-Fb_YxT_hAGDqJ3urSTJzYBEdAk,5999
 ansible/vars/fact_cache.py,sha256=M57vMhkQ2DrzvNaZkfaCmKQJUqP1Rn_A31_X-5YBfzQ,1903
-ansible/vars/hostvars.py,sha256=ggUQ5luCajjX7sEvFCHpIuB_stWPRb089cZ3I1v1Vmo,5070
+ansible/vars/hostvars.py,sha256=o11xrzDVYn23renGbb3lx3R-nH9qOjLFju5IYJanDxg,5324
 ansible/vars/manager.py,sha256=nFJcvbhanUQO7loAUiFHEnGCuRpxsmYXCj8e9XVJTYc,30972
 ansible/vars/plugins.py,sha256=PocWZPMqFl1LoNgWlGFNxwg9nZnUzhQmlXO4g7bcP2A,4503
 ansible/vars/reserved.py,sha256=kZiQMPvaFin35006gLwDpX16w-9xlu6EaL4LSTKP40U,2531
@@ -744,7 +744,7 @@ ansible_test/_internal/completion.py,sha256=G_4MfyNoISRBEM3Adgh66KBJH2e0mVRS8Ice
 ansible_test/_internal/config.py,sha256=phNYKVGNOJKuzt0zWOpe2rLrqANlwwfNePPx3V2ZVEk,12131
 ansible_test/_internal/connections.py,sha256=-gK9FqvmpsjENdYNkvWgFgqYHJSS_F2XkvQzH2_s86E,7855
 ansible_test/_internal/constants.py,sha256=Zwgp8wtUuge_8xMPg0pDUt58fBd9KA7YEPTQqAQv8ac,1969
-ansible_test/_internal/containers.py,sha256=8uRbrDtQKJznPYHbrCDuxZI0teyhcL8qT3mAO2M_DU8,33905
+ansible_test/_internal/containers.py,sha256=TrkHL4ntmb7HrmD55BzSdqF35s7oFKu0vCywpWfRt-k,34137
 ansible_test/_internal/content_config.py,sha256=QKR_XVBgYRNZL-XawF2pN2ERTZ6lSm1AJg9ZQRD6IHE,5588
 ansible_test/_internal/core_ci.py,sha256=pyiwFG_TgDSQw34qW-PG8T2VYS6XxiF0zOEWGYXRRek,17309
 ansible_test/_internal/coverage_util.py,sha256=_SPR0sqkgPoGw2bzuRS5gr4XOyIU8MQ4a9U8FgyWHho,9283
@@ -773,7 +773,7 @@ ansible_test/_internal/target.py,sha256=Whtb_n0jn4zbiMmX7je5jewgzsRczfXRm_ndYtjT
 ansible_test/_internal/test.py,sha256=znQmGjKACqDU8T0EAPqcv2qyy0J7M2w4OmyYhwHLqT0,14515
 ansible_test/_internal/thread.py,sha256=WQoZ2q2ljmEkKHRDkIqwxW7eZbkCKDrG3YZfcaxHzHw,2596
 ansible_test/_internal/timeout.py,sha256=X8LxoMSU85lw4MszfEljaG6V7Aff4Btveg3r89Fe25U,4052
-ansible_test/_internal/util.py,sha256=iv1RD99PvhMixH0wxinwqkaM0POv-zrVxwbkbruHEDI,38868
+ansible_test/_internal/util.py,sha256=o8efNGzuieD3mf3B7Ash1r25dEcePB7L-HOwu5EPFto,38908
 ansible_test/_internal/util_common.py,sha256=wSygjQRWlkFNpqQnPSSXnz_3Cr0pWrPvCP-6lMdfuAk,17490
 ansible_test/_internal/venv.py,sha256=k7L9_Ocpsdwp4kQFLF59BVguymd2nqJ-bLHH1NlMET0,5521
 ansible_test/_internal/ci/__init__.py,sha256=QOaC_8_wUzqFEbsFCXYAnElWoUo6gB40CXvP9RJ-Iyo,7738
@@ -980,13 +980,13 @@ ansible_test/config/cloud-config-vultr.ini.template,sha256=XLKHk3lg_8ReQMdWfZzhh
 ansible_test/config/config.yml,sha256=1zdGucnIl6nIecZA7ISIANvqXiHWqq6Dthsk_6MUwNc,2642
 ansible_test/config/inventory.networking.template,sha256=bFNSk8zNQOaZ_twaflrY0XZ9mLwUbRLuNT0BdIFwvn4,1335
 ansible_test/config/inventory.winrm.template,sha256=1QU8W-GFLnYEw8yY9bVIvUAVvJYPM3hyoijf6-M7T00,1098
-ansible_core-2.18.0rc2.dist-info/Apache-License.txt,sha256=y16Ofl9KOYjhBjwULGDcLfdWBfTEZRXnduOspt-XbhQ,11325
-ansible_core-2.18.0rc2.dist-info/COPYING,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-ansible_core-2.18.0rc2.dist-info/METADATA,sha256=yJz_cgLahyCU3CiI1tgxw-XLtVulnaw8B87804oNu_s,7674
-ansible_core-2.18.0rc2.dist-info/MIT-license.txt,sha256=jLXp2XurnyZKbye40g9tfmLGtVlxh3pPD4n8xNqX8xc,1023
-ansible_core-2.18.0rc2.dist-info/PSF-license.txt,sha256=g7BC_H1qyg8Q1o5F76Vrm8ChSWYI5-dyj-CdGlNKBUo,2484
-ansible_core-2.18.0rc2.dist-info/WHEEL,sha256=P9jw-gEje8ByB7_hXoICnHtVCrEwMQh-630tKvQWehc,91
-ansible_core-2.18.0rc2.dist-info/entry_points.txt,sha256=S9yJij5Im6FgRQxzkqSCnPQokC7PcWrDW_NSygZczJU,451
-ansible_core-2.18.0rc2.dist-info/simplified_bsd.txt,sha256=8R5R7R7sOa0h1Fi6RNgFgHowHBfun-OVOMzJ4rKAk2w,1237
-ansible_core-2.18.0rc2.dist-info/top_level.txt,sha256=IFbRLjAvih1DYzJWg3_F6t4sCzEMxRO7TOMNs6GkYHo,21
-ansible_core-2.18.0rc2.dist-info/RECORD,,
+ansible_core-2.18.1rc1.dist-info/Apache-License.txt,sha256=y16Ofl9KOYjhBjwULGDcLfdWBfTEZRXnduOspt-XbhQ,11325
+ansible_core-2.18.1rc1.dist-info/COPYING,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+ansible_core-2.18.1rc1.dist-info/METADATA,sha256=xerWczD5k1pQDFa0-MXY3saZd-FsBLqEmJDkPzkktsM,7671
+ansible_core-2.18.1rc1.dist-info/MIT-license.txt,sha256=jLXp2XurnyZKbye40g9tfmLGtVlxh3pPD4n8xNqX8xc,1023
+ansible_core-2.18.1rc1.dist-info/PSF-license.txt,sha256=g7BC_H1qyg8Q1o5F76Vrm8ChSWYI5-dyj-CdGlNKBUo,2484
+ansible_core-2.18.1rc1.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+ansible_core-2.18.1rc1.dist-info/entry_points.txt,sha256=S9yJij5Im6FgRQxzkqSCnPQokC7PcWrDW_NSygZczJU,451
+ansible_core-2.18.1rc1.dist-info/simplified_bsd.txt,sha256=8R5R7R7sOa0h1Fi6RNgFgHowHBfun-OVOMzJ4rKAk2w,1237
+ansible_core-2.18.1rc1.dist-info/top_level.txt,sha256=IFbRLjAvih1DYzJWg3_F6t4sCzEMxRO7TOMNs6GkYHo,21
+ansible_core-2.18.1rc1.dist-info/RECORD,,

{ansible_core-2.18.0rc2.dist-info → ansible_core-2.18.1rc1.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (75.3.0)
+Generator: setuptools (75.6.0)
 Root-Is-Purelib: true
 Tag: py3-none-any
 

ansible_test/_internal/containers.py

@@ -292,10 +292,13 @@ def get_docker_preferred_network_name(args: EnvironmentConfig) -> t.Optional[str
         current_container_id = get_docker_container_id()
 
         if current_container_id:
-            # Make sure any additional containers we launch use the same network as the current container we're running in.
-            # This is needed when ansible-test is running in a container that is not connected to Docker's default network.
-            container = docker_inspect(args, current_container_id, always=True)
-            network = container.get_network_name()
+            try:
+                # Make sure any additional containers we launch use the same network as the current container we're running in.
+                # This is needed when ansible-test is running in a container that is not connected to Docker's default network.
+                container = docker_inspect(args, current_container_id, always=True)
+                network = container.get_network_name()
+            except ContainerNotFoundError:
+                display.warning('Unable to detect the network for the current container. Use the `--docker-network` option if containers are unreachable.')
 
     # The default docker behavior puts containers on the same network.
     # The default podman behavior puts containers on isolated networks which don't allow communication between containers or network disconnect.

ansible_test/_internal/util.py

@@ -1014,15 +1014,15 @@ class HostConnectionError(ApplicationError):
             self._callback()
 
 
-def format_command_output(stdout: str, stderr: str) -> str:
+def format_command_output(stdout: str | None, stderr: str | None) -> str:
     """Return a formatted string containing the given stdout and stderr (if any)."""
     message = ''
 
-    if stderr := stderr.strip():
+    if stderr and (stderr := stderr.strip()):
         message += '>>> Standard Error\n'
         message += f'{stderr}{Display.clear}\n'
 
-    if stdout := stdout.strip():
+    if stdout and (stdout := stdout.strip()):
         message += '>>> Standard Output\n'
         message += f'{stdout}{Display.clear}\n'