ansible-core 2.19.0b6__py3-none-any.whl → 2.19.0rc1__py3-none-any.whl

ansible/_internal/_json/__init__.py

@@ -81,6 +81,7 @@ class AnsibleVariableVisitor:
         convert_custom_scalars: bool = False,
         convert_to_native_values: bool = False,
         apply_transforms: bool = False,
+        visit_keys: bool = False,
         encrypted_string_behavior: EncryptedStringBehavior = EncryptedStringBehavior.DECRYPT,
     ):
         super().__init__()  # supports StateTrackingMixIn
@@ -92,6 +93,7 @@ class AnsibleVariableVisitor:
         self.convert_custom_scalars = convert_custom_scalars
         self.convert_to_native_values = convert_to_native_values
         self.apply_transforms = apply_transforms
+        self.visit_keys = visit_keys
         self.encrypted_string_behavior = encrypted_string_behavior
 
         if apply_transforms:
@@ -134,47 +136,55 @@ class AnsibleVariableVisitor:
 
         return result
 
+    def _visit_key(self, key: t.Any) -> t.Any:
+        """Internal implementation to recursively visit a key if visit_keys is enabled."""
+        if not self.visit_keys:
+            return key
+
+        return self._visit(None, key)  # key=None prevents state tracking from seeing the key as value
+
     def _visit(self, key: t.Any, value: _T) -> _T:
         """Internal implementation to recursively visit a data structure's contents."""
         self._current = key  # supports StateTrackingMixIn
 
-        value_type = type(value)
+        value_type: type = type(value)
 
-        if self.apply_transforms and value_type in _transform._type_transform_mapping:
+        # handle EncryptedString conversion before more generic transformation and native conversions
+        if value_type is EncryptedString:  # pylint: disable=unidiomatic-typecheck
+            match self.encrypted_string_behavior:
+                case EncryptedStringBehavior.DECRYPT:
+                    value = str(value)  # type: ignore[assignment]
+                    value_type = str
+                case EncryptedStringBehavior.REDACT:
+                    value = "<redacted>"  # type: ignore[assignment]
+                    value_type = str
+                case EncryptedStringBehavior.FAIL:
+                    raise AnsibleVariableTypeError.from_value(obj=value)
+        elif self.apply_transforms and value_type in _transform._type_transform_mapping:
             value = self._template_engine.transform(value)
             value_type = type(value)
 
-        # DTFIX3: need to handle native copy for keys too
         if self.convert_to_native_values and isinstance(value, _datatag.AnsibleTaggedObject):
             value = value._native_copy()
             value_type = type(value)
 
         result: _T
 
-        # DTFIX3: the visitor is ignoring dict/mapping keys except for debugging and schema-aware checking, it should be doing type checks on keys
-        #                keep in mind the allowed types for keys is a more restrictive set than for values (str and tagged str only, not EncryptedString)
-        # DTFIX5: some type lists being consulted (the ones from datatag) are probably too permissive, and perhaps should not be dynamic
+        # DTFIX-FUTURE: Visitor generally ignores dict/mapping keys by default except for debugging and schema-aware checking.
+        #               It could be checking keys destined for variable storage to apply more strict rules about key shape and type.
 
         if (result := self._early_visit(value, value_type)) is not _sentinel:
             pass
         # DTFIX7: de-duplicate and optimize; extract inline generator expressions and fallback function or mapping for native type calculation?
         elif value_type in _ANSIBLE_ALLOWED_MAPPING_VAR_TYPES:  # check mappings first, because they're also collections
             with self:  # supports StateTrackingMixIn
-                result = AnsibleTagHelper.tag_copy(value, ((k, self._visit(k, v)) for k, v in value.items()), value_type=value_type)
+                result = AnsibleTagHelper.tag_copy(value, ((self._visit_key(k), self._visit(k, v)) for k, v in value.items()), value_type=value_type)
         elif value_type in _ANSIBLE_ALLOWED_NON_SCALAR_COLLECTION_VAR_TYPES:
             with self:  # supports StateTrackingMixIn
                 result = AnsibleTagHelper.tag_copy(value, (self._visit(k, v) for k, v in enumerate(t.cast(t.Iterable, value))), value_type=value_type)
-        elif self.encrypted_string_behavior != EncryptedStringBehavior.FAIL and isinstance(value, EncryptedString):
-            match self.encrypted_string_behavior:
-                case EncryptedStringBehavior.REDACT:
-                    result = "<redacted>"  # type: ignore[assignment]
-                case EncryptedStringBehavior.PRESERVE:
-                    result = value  # type: ignore[assignment]
-                case EncryptedStringBehavior.DECRYPT:
-                    result = str(value)  # type: ignore[assignment]
         elif self.convert_mapping_to_dict and _internal.is_intermediate_mapping(value):
             with self:  # supports StateTrackingMixIn
-                result = {k: self._visit(k, v) for k, v in value.items()}  # type: ignore[assignment]
+                result = {self._visit_key(k): self._visit(k, v) for k, v in value.items()}  # type: ignore[assignment]
         elif self.convert_sequence_to_list and _internal.is_intermediate_iterable(value):
             with self:  # supports StateTrackingMixIn
                 result = [self._visit(k, v) for k, v in enumerate(t.cast(t.Iterable, value))]  # type: ignore[assignment]
@@ -184,12 +194,13 @@ class AnsibleVariableVisitor:
             result = float(value)  # type: ignore[assignment]
         elif self.convert_custom_scalars and isinstance(value, int) and not isinstance(value, bool):
             result = int(value)  # type: ignore[assignment]
-        else:
-            if value_type not in _ANSIBLE_ALLOWED_VAR_TYPES:
-                raise AnsibleVariableTypeError.from_value(obj=value)
-
+        elif value_type in _ANSIBLE_ALLOWED_VAR_TYPES:
             # supported scalar type that requires no special handling, just return as-is
             result = value
+        elif self.encrypted_string_behavior is EncryptedStringBehavior.PRESERVE and isinstance(value, EncryptedString):
+            result = value  # type: ignore[assignment]
+        else:
+            raise AnsibleVariableTypeError.from_value(obj=value)
 
         if self.origin and not Origin.is_tagged_on(result):
             # apply shared instance default origin tag

ansible/_internal/_json/_profiles/_legacy.py

@@ -1,6 +1,6 @@
 """
 Backwards compatibility profile for serialization other than inventory (which should use inventory_legacy for backward-compatible trust behavior).
-Behavior is equivalent to pre 2.18 `AnsibleJSONEncoder` with vault_to_text=True.
+Behavior is equivalent to pre 2.19 `AnsibleJSONEncoder` with vault_to_text=True.
 """
 
 from __future__ import annotations as _annotations

ansible/_internal/_templating/_jinja_bits.py

@@ -20,7 +20,7 @@ from jinja2.lexer import TOKEN_VARIABLE_BEGIN, TOKEN_VARIABLE_END, TOKEN_STRING,
 from jinja2.nativetypes import NativeCodeGenerator
 from jinja2.nodes import Const, EvalContext
 from jinja2.runtime import Context, Macro
-from jinja2.sandbox import ImmutableSandboxedEnvironment
+from jinja2.sandbox import SandboxedEnvironment
 from jinja2.utils import missing, LRUCache
 
 from ansible.utils.display import Display
@@ -78,6 +78,21 @@ The values following this prefix up to the first newline are parsed as Jinja2 te
 To include this literal value at the start of a string, a space or other character must precede it.
 """
 
+JINJA_KEYWORDS = frozenset(
+    {
+        # scalar singletons (see jinja2.nodes.Name.can_assign)
+        'true',
+        'false',
+        'none',
+        'True',
+        'False',
+        'None',
+        # other
+        'not',  # unary operator always applicable to names
+    }
+)
+"""Names which have special meaning to Jinja and cannot be resolved as variable names."""
+
 display = Display()
 
 
@@ -503,9 +518,6 @@ def create_template_error(ex: Exception, variable: t.Any, is_expression: bool) -
     return exception_to_raise
 
 
-# DTFIX3: implement CapturedExceptionMarker deferral support on call (and lookup), filter/test plugins, etc.
-#                also update the protomatter integration test once this is done (the test was written differently since this wasn't done yet)
-
 _BUILTIN_FILTER_ALIASES: dict[str, str] = {}
 _BUILTIN_TEST_ALIASES: dict[str, str] = {
     '!=': 'ne',
@@ -520,7 +532,7 @@ _BUILTIN_FILTERS = filter_loader._wrap_funcs(defaults.DEFAULT_FILTERS, _BUILTIN_
 _BUILTIN_TESTS = test_loader._wrap_funcs(t.cast(dict[str, t.Callable], defaults.DEFAULT_TESTS), _BUILTIN_TEST_ALIASES)
 
 
-class AnsibleEnvironment(ImmutableSandboxedEnvironment):
+class AnsibleEnvironment(SandboxedEnvironment):
     """
     Our custom environment, which simply allows us to override the class-level
     values for the Template and Context classes used by jinja2 internally.
@@ -531,6 +543,21 @@ class AnsibleEnvironment(ImmutableSandboxedEnvironment):
     code_generator_class = AnsibleCodeGenerator
     intercepted_binops = frozenset(('eq',))
 
+    _allowed_unsafe_attributes: dict[str, type | tuple[type, ...]] = dict(
+        # Allow bitwise operations on int until bitwise filters are available.
+        # see: https://github.com/ansible/ansible/issues/85204
+        __and__=int,
+        __lshift__=int,
+        __or__=int,
+        __rshift__=int,
+        __xor__=int,
+    )
+    """
+    Attributes which are considered unsafe by `is_safe_attribute`, which should be allowed when used on specific types.
+    The attributes allowed here are intended only for backward compatibility with existing use cases.
+    They should be exposed as filters in a future release and eventually deprecated.
+    """
+
     _lexer_cache = LRUCache(50)
 
     # DTFIX-FUTURE: bikeshed a name/mechanism to control template debugging
@@ -594,6 +621,9 @@ class AnsibleEnvironment(ImmutableSandboxedEnvironment):
         if _TemplateConfig.sandbox_mode == _SandboxMode.ALLOW_UNSAFE_ATTRIBUTES:
             return True
 
+        if (type_or_tuple := self._allowed_unsafe_attributes.get(attr)) and isinstance(obj, type_or_tuple):
+            return True
+
         return super().is_safe_attribute(obj, attr, value)
 
     @property
@@ -794,18 +824,18 @@ class AnsibleEnvironment(ImmutableSandboxedEnvironment):
         *args: t.Any,
         **kwargs: t.Any,
     ) -> t.Any:
-        if _DirectCall.is_marked(__obj):
-            # Both `_lookup` and `_query` handle arg proxying and `Marker` args internally.
-            # Performing either before calling them will interfere with that processing.
-            return super().call(__context, __obj, *args, **kwargs)
+        try:
+            if _DirectCall.is_marked(__obj):
+                # Both `_lookup` and `_query` handle arg proxying and `Marker` args internally.
+                # Performing either before calling them will interfere with that processing.
+                return super().call(__context, __obj, *args, **kwargs)
 
-        # Jinja's generated macro code handles Markers, so pre-emptive raise on Marker args and lazy retrieval should be disabled for the macro invocation.
-        is_macro = isinstance(__obj, Macro)
+            # Jinja's generated macro code handles Markers, so preemptive raise on Marker args and lazy retrieval should be disabled for the macro invocation.
+            is_macro = isinstance(__obj, Macro)
 
-        if not is_macro and (first_marker := get_first_marker_arg(args, kwargs)) is not None:
-            return first_marker
+            if not is_macro and (first_marker := get_first_marker_arg(args, kwargs)) is not None:
+                return first_marker
 
-        try:
             with JinjaCallContext(accept_lazy_markers=is_macro):
                 call_res = super().call(__context, __obj, *lazify_container_args(args), **lazify_container_kwargs(kwargs))
 
@@ -819,6 +849,8 @@ class AnsibleEnvironment(ImmutableSandboxedEnvironment):
 
         except MarkerError as ex:
             return ex.source
+        except Exception as ex:
+            return CapturedExceptionMarker(ex)
 
 
 AnsibleTemplate.environment_class = AnsibleEnvironment

ansible/_internal/_templating/_jinja_common.py

@@ -96,7 +96,7 @@ class Marker(StrictUndefined, Tripwire):
         return AnsibleUndefinedVariable(self._undefined_message, obj=self._marker_template_source)
 
     def _as_message(self) -> str:
-        """Return the error message to show when this marker must be represented as a string, such as for subsitutions or warnings."""
+        """Return the error message to show when this marker must be represented as a string, such as for substitutions or warnings."""
         return self._undefined_message
 
     def _fail_with_undefined_error(self, *args: t.Any, **kwargs: t.Any) -> t.NoReturn:

ansible/_internal/_templating/_jinja_plugins.py

@@ -23,7 +23,7 @@ from ansible.utils.display import Display
 
 from ._datatag import _JinjaConstTemplate
 from ._errors import AnsibleTemplatePluginRuntimeError, AnsibleTemplatePluginLoadError, AnsibleTemplatePluginNotFoundError
-from ._jinja_common import MarkerError, _TemplateConfig, get_first_marker_arg, Marker, JinjaCallContext
+from ._jinja_common import MarkerError, _TemplateConfig, get_first_marker_arg, Marker, JinjaCallContext, CapturedExceptionMarker
 from ._lazy_containers import lazify_container_kwargs, lazify_container_args, lazify_container, _AnsibleLazyTemplateMixin
 from ._utils import LazyOptions, TemplateContext
 
@@ -119,7 +119,10 @@ class JinjaPluginIntercept(c.MutableMapping):
         except MarkerError as ex:
             return ex.source
         except Exception as ex:
-            raise AnsibleTemplatePluginRuntimeError(instance.plugin_type, instance.ansible_name) from ex  # DTFIX-FUTURE: which name to use? use plugin info?
+            try:
+                raise AnsibleTemplatePluginRuntimeError(instance.plugin_type, instance.ansible_name) from ex  # DTFIX-FUTURE: which name to use? PluginInfo?
+            except AnsibleTemplatePluginRuntimeError as captured:
+                return CapturedExceptionMarker(captured)
 
     def _wrap_test(self, instance: AnsibleJinja2Plugin) -> t.Callable:
         """Intercept point for all test plugins to ensure that args are properly templated/lazified."""

ansible/_internal/_templating/_utils.py

@@ -99,9 +99,10 @@ Omit = object.__new__(_OmitType)
 _datatag._untaggable_types.add(_OmitType)
 
 
-# DTFIX5: review these type sets to ensure they're not overly permissive/dynamic
 IGNORE_SCALAR_VAR_TYPES = {value for value in _datatag._ANSIBLE_ALLOWED_SCALAR_VAR_TYPES if not issubclass(value, str)}
+"""Scalar variable types that short-circuit bypass templating."""
 
 PASS_THROUGH_SCALAR_VAR_TYPES = _datatag._ANSIBLE_ALLOWED_SCALAR_VAR_TYPES | {
     _OmitType,  # allow pass through of omit for later handling after top-level finalize completes
 }
+"""Scalar variable types which are allowed to appear in finalized template results."""

ansible/_internal/ansible_collections/ansible/_protomatter/plugins/filter/dump_object.py

@@ -3,12 +3,21 @@ from __future__ import annotations
 import dataclasses
 import typing as t
 
+from ansible.template import accept_args_markers
+from ansible._internal._templating._jinja_common import ExceptionMarker
 
+
+@accept_args_markers
 def dump_object(value: t.Any) -> object:
     """Internal filter to convert objects not supported by JSON to types which are."""
     if dataclasses.is_dataclass(value):
         return dataclasses.asdict(value)  # type: ignore[arg-type]
 
+    if isinstance(value, ExceptionMarker):
+        return dict(
+            exception=value._as_exception(),
+        )
+
     return value
 
 

ansible/cli/__init__.py

@@ -212,9 +212,9 @@ class CLI(ABC):
             # used by --vault-id and --vault-password-file
             vault_ids.append(id_slug)
 
-        # if an action needs an encrypt password (create_new_password=True) and we dont
+        # if an action needs an encrypt password (create_new_password=True) and we don't
         # have other secrets setup, then automatically add a password prompt as well.
-        # prompts cant/shouldnt work without a tty, so dont add prompt secrets
+        # prompts can't/shouldn't work without a tty, so don't add prompt secrets
         if ask_vault_pass or (not vault_ids and auto_prompt):
 
             id_slug = u'%s@%s' % (C.DEFAULT_VAULT_IDENTITY, u'prompt_ask_vault_pass')

ansible/cli/_ssh_askpass.py

@@ -3,45 +3,52 @@
 from __future__ import annotations
 
 import json
+import multiprocessing.resource_tracker
 import os
 import re
 import sys
 import typing as t
-from multiprocessing.shared_memory import SharedMemory
 
-HOST_KEY_RE = re.compile(
-    r'(The authenticity of host |differs from the key for the IP address)',
-)
+from multiprocessing.shared_memory import SharedMemory
 
 
 def main() -> t.Never:
-    try:
-        if HOST_KEY_RE.search(sys.argv[1]):
-            sys.stdout.buffer.write(b'no')
-            sys.stdout.flush()
-            sys.exit(0)
-    except IndexError:
-        pass
-
-    kwargs: dict[str, bool] = {}
-    if sys.version_info[:2] >= (3, 13):
-        # deprecated: description='unneeded due to track argument for SharedMemory' python_version='3.12'
-        kwargs['track'] = False
-    try:
-        shm = SharedMemory(name=os.environ['_ANSIBLE_SSH_ASKPASS_SHM'], **kwargs)
-    except FileNotFoundError:
-        # We must be running after the ansible fork is shutting down
-        sys.exit(1)
+    if len(sys.argv) > 1:
+        exit_code = 0 if handle_prompt(sys.argv[1]) else 1
+    else:
+        exit_code = 1
+
+    sys.exit(exit_code)
+
+
+def handle_prompt(prompt: str) -> bool:
+    if re.search(r'(The authenticity of host |differs from the key for the IP address)', prompt):
+        sys.stdout.write('no')
+        sys.stdout.flush()
+        return True
+
+    # deprecated: description='Python 3.13 and later support track' python_version='3.12'
+    can_track = sys.version_info[:2] >= (3, 13)
+    kwargs = dict(track=False) if can_track else {}
+
+    # This SharedMemory instance is intentionally not closed or unlinked.
+    # Closing will occur naturally in the SharedMemory finalizer.
+    # Unlinking is the responsibility of the process which created it.
+    shm = SharedMemory(name=os.environ['_ANSIBLE_SSH_ASKPASS_SHM'], **kwargs)
+
+    if not can_track:
+        # When track=False is not available, we must unregister explicitly, since it otherwise only occurs during unlink.
+        # This avoids resource tracker noise on stderr during process exit.
+        multiprocessing.resource_tracker.unregister(shm._name, 'shared_memory')
+
     cfg = json.loads(shm.buf.tobytes().rstrip(b'\x00'))
 
-    try:
-        if cfg['prompt'] not in sys.argv[1]:
-            sys.exit(1)
-    except IndexError:
-        sys.exit(1)
+    if cfg['prompt'] not in prompt:
+        return False
 
-    sys.stdout.buffer.write(cfg['password'].encode('utf-8'))
+    # Report the password provided by the SharedMemory instance.
+    # The contents are left untouched after consumption to allow subsequent attempts to succeed.
+    # This can occur when multiple password prompting methods are enabled, such as password and keyboard-interactive, which is the default on macOS.
+    sys.stdout.write(cfg['password'])
     sys.stdout.flush()
-    shm.buf[:] = b'\x00' * shm.size
-    shm.close()
-    sys.exit(0)
+    return True

ansible/cli/adhoc.py

@@ -88,8 +88,11 @@ class AdHocCLI(CLI):
         if not module_args:
             module_args = parse_kv(module_args_raw, check_raw=check_raw)
 
-        mytask = {'action': {'module': context.CLIARGS['module_name'], 'args': module_args},
-                  'timeout': context.CLIARGS['task_timeout']}
+        mytask = dict(
+            action=context.CLIARGS['module_name'],
+            args=module_args,
+            timeout=context.CLIARGS['task_timeout'],
+        )
 
         mytask = Origin(description=f'<adhoc {context.CLIARGS["module_name"]!r} task>').tag(mytask)
 
@@ -184,7 +187,7 @@ class AdHocCLI(CLI):
                 variable_manager=variable_manager,
                 loader=loader,
                 passwords=passwords,
-                stdout_callback=cb,
+                stdout_callback_name=cb,
                 run_additional_callbacks=C.DEFAULT_LOAD_CALLBACK_PLUGINS,
                 run_tree=run_tree,
                 forks=context.CLIARGS['forks'],

ansible/cli/console.py

@@ -194,7 +194,7 @@ class ConsoleCLI(CLI, cmd.Cmd):
         result = None
         try:
             check_raw = module in C._ACTION_ALLOWS_RAW_ARGS
-            task = dict(action=dict(module=module, args=parse_kv(module_args, check_raw=check_raw)), timeout=self.task_timeout)
+            task = dict(action=module, args=parse_kv(module_args, check_raw=check_raw), timeout=self.task_timeout)
             play_ds = dict(
                 name="Ansible Shell",
                 hosts=self.cwd,
@@ -222,7 +222,7 @@ class ConsoleCLI(CLI, cmd.Cmd):
                     variable_manager=self.variable_manager,
                     loader=self.loader,
                     passwords=self.passwords,
-                    stdout_callback=cb,
+                    stdout_callback_name=cb,
                     run_additional_callbacks=C.DEFAULT_LOAD_CALLBACK_PLUGINS,
                     run_tree=False,
                     forks=self.forks,

ansible/cli/doc.py

@@ -1309,7 +1309,7 @@ class DocCLI(CLI, RoleMixin):
                             if ignore in item:
                                 del item[ignore]
 
-            # reformat cli optoins
+            # reformat cli options
             if 'cli' in opt and opt['cli']:
                 conf['cli'] = []
                 for cli in opt['cli']:
@@ -1440,7 +1440,7 @@ class DocCLI(CLI, RoleMixin):
         pad = display.columns * 0.20
         limit = max(display.columns - int(pad), 70)
 
-        text.append("> %s %s (%s)" % (plugin_type.upper(), _format(doc.pop('plugin_name'), 'bold'), doc.pop('filename')))
+        text.append("> %s %s (%s)" % (plugin_type.upper(), _format(doc.pop('plugin_name'), 'bold'), doc.pop('filename') or 'Jinja2'))
 
         if isinstance(doc['description'], list):
             descs = doc.pop('description')

ansible/config/base.yml

@@ -41,6 +41,15 @@ _CALLBACK_DISPATCH_ERROR_BEHAVIOR:
     ignore: just continue silently
   env: [ { name: _ANSIBLE_CALLBACK_DISPATCH_ERROR_BEHAVIOR } ]
   version_added: '2.19'
+_MODULE_METADATA:
+  name: Enable experimental module metadata
+  description:
+    - Enables experimental module-level metadata controls for serialization profile selection.
+    - This is for internal use only.
+  type: boolean
+  default: false
+  env: [ { name: _ANSIBLE_MODULE_METADATA } ]
+  version_added: '2.19'
 ALLOW_BROKEN_CONDITIONALS:
   # This config option will be deprecated once it no longer has any effect (2.23).
   name: Allow broken conditionals
@@ -2176,12 +2185,6 @@ WIN_ASYNC_STARTUP_TIMEOUT:
   vars:
     - {name: ansible_win_async_startup_timeout}
   version_added: '2.10'
-WRAP_STDERR:
-  description: Control line-wrapping behavior on console warnings and errors from default output callbacks (eases pattern-based output testing)
-  env: [{name: ANSIBLE_WRAP_STDERR}]
-  default: false
-  type: bool
-  version_added: "2.19"
 YAML_FILENAME_EXTENSIONS:
   name: Valid YAML extensions
   default: [".yml", ".yaml", ".json"]

ansible/executor/module_common.py

@@ -364,7 +364,7 @@ def _get_shebang(interpreter, task_vars, templar: _template.Templar, args=tuple(
                                                    options=TemplateOptions(value_for_omit=None))
 
     if not interpreter_out:
-        # nothing matched(None) or in case someone configures empty string or empty intepreter
+        # nothing matched(None) or in case someone configures empty string or empty interpreter
         interpreter_out = interpreter
 
     # set shebang
@@ -659,9 +659,14 @@ metadata_versions: dict[t.Any, type[ModuleMetadata]] = {
     1: ModuleMetadataV1,
 }
 
+_DEFAULT_LEGACY_METADATA = ModuleMetadataV1(serialization_profile='legacy')
+
 
 def _get_module_metadata(module: ast.Module) -> ModuleMetadata:
-    # DTFIX2: while module metadata works, this feature isn't fully baked and should be turned off before release
+    # experimental module metadata; off by default
+    if not C.config.get_config_value('_MODULE_METADATA'):
+        return _DEFAULT_LEGACY_METADATA
+
     metadata_nodes: list[ast.Assign] = []
 
     for node in module.body:
@@ -674,9 +679,7 @@ def _get_module_metadata(module: ast.Module) -> ModuleMetadata:
                         metadata_nodes.append(node)
 
     if not metadata_nodes:
-        return ModuleMetadataV1(
-            serialization_profile='legacy',
-        )
+        return _DEFAULT_LEGACY_METADATA
 
     if len(metadata_nodes) > 1:
         raise ValueError('Module METADATA must defined only once.')
@@ -951,7 +954,7 @@ class _BuiltModule:
 class _CachedModule:
     """Cached Python module created by AnsiballZ."""
 
-    # DTFIX5: secure this (locked down pickle, don't use pickle, etc.)
+    # FIXME: switch this to use a locked down pickle config or don't use pickle- easy to mess up and reach objects that shouldn't be pickled
 
     zip_data: bytes
     metadata: ModuleMetadata

ansible/executor/powershell/psrp_put_file.ps1

@@ -102,7 +102,7 @@ begin {
             Set-Property 'MaximumAllowedMemory' $null
     }
     catch {
-        # Satify pslint, we purposefully ignore this error as it is not critical it works.
+        # Satisfy pslint, we purposefully ignore this error as it is not critical it works.
         $null = $null
     }
 }

ansible/executor/task_executor.py

@@ -872,7 +872,7 @@ class TaskExecutor:
                 async_result = async_handler.run(task_vars=task_vars)
                 # We do not bail out of the loop in cases where the failure
                 # is associated with a parsing error. The async_runner can
-                # have issues which result in a half-written/unparseable result
+                # have issues which result in a half-written/unparsable result
                 # file on disk, which manifests to the user as a timeout happening
                 # before it's time to timeout.
                 if (async_result.get('finished', False) or
@@ -910,7 +910,7 @@ class TaskExecutor:
             if async_result.get('_ansible_parsed'):
                 return dict(failed=True, msg="async task did not complete within the requested time - %ss" % self._task.async_val, async_result=async_result)
             else:
-                return dict(failed=True, msg="async task produced unparseable results", async_result=async_result)
+                return dict(failed=True, msg="async task produced unparsable results", async_result=async_result)
         else:
             # If the async task finished, automatically cleanup the temporary
             # status file left behind.