all:
  children:
    zuul_unreachable:
      hosts: {}
  hosts:
    controller:
      ansible_connection: ssh
      ansible_host: 162.253.55.52
      ansible_port: 22
      ansible_python_interpreter: auto
      ansible_user: zuul
      nodepool:
        az: nova
        cloud: ansible-vexxhost
        external_id: 8fbd86cb-08e4-4b17-9dd9-e677d9455af0
        host_id: 10c1e16bf10cc0356f6413b8d85f4adcc374d6467225cbe839d96881
        interface_ip: 162.253.55.52
        label: ansible-fedora-37-1vcpu
        private_ipv4: 192.168.0.212
        private_ipv6: null
        provider: ansible-vexxhost-ca-ymq-1
        public_ipv4: 162.253.55.52
        public_ipv6: 2604:e100:1:0:f816:3eff:fe68:c75c
        region: ca-ymq-1
        slot: null
      zuul_use_fetch_output: true
  vars:
    zuul:
      _inheritance_path:
      - '<Job base branches: None source: ansible/zuul-config/zuul.d/jobs.yaml@master#28>'
      - '<Job ansible-galaxy-importer branches: None source: ansible/ansible-zuul-jobs/zuul.d/jobs.yaml@master#99>'
      - '<Job ansible-galaxy-importer branches: None source: ansible/ansible-zuul-jobs/zuul.d/project-templates.yaml@master#363>'
      ansible_version: '8'
      artifacts:
      - branch: main
        change: '873'
        job: build-ansible-collection
        metadata:
          type: zuul_manifest
        name: Zuul Manifest
        patchset: f44e4e63c3a2856c8c2f8e96bb0684ca3b956185
        project: ansible-collections/ansible.windows
        url: https://4ee84a06fdcf1b19a9f7-61ebf66e134d9f51fe4a3fc263e01589.ssl.cf5.rackcdn.com/ansible/5a647673abbf4cb0a6bffb4daeca0d2a/zuul-manifest.json
      - branch: main
        change: '873'
        job: build-ansible-collection
        metadata:
          type: ansible_collection
          version: 3.4.1-dev1
        name: ansible.windows
        patchset: f44e4e63c3a2856c8c2f8e96bb0684ca3b956185
        project: ansible-collections/ansible.windows
        url: https://4ee84a06fdcf1b19a9f7-61ebf66e134d9f51fe4a3fc263e01589.ssl.cf5.rackcdn.com/ansible/5a647673abbf4cb0a6bffb4daeca0d2a/artifacts/ansible-windows-3.4.1-dev1.tar.gz
      attempts: 2
      branch: main
      build: c4b72b611ea247f3956cca8267ab27c2
      build_refs:
      - branch: main
        change: '873'
        change_message: "Remediate Insecure Default DNS Record Permissions\n\nThis
          commit removes the hardcoded -AllowUpdateAny flag for non-SRV records in
          win_dns_record and introduces the allow_update_any parameter (defaulting
          to\r\n  false) to secure DNS records by default.\r\n\r\n  Fixes ACA-5193\r\n\r\n\r\n
          \ ##### SUMMARY\r\n  Remediates a security vulnerability where the win_dns_record
          module hardcoded the -AllowUpdateAny flag for all non-SRV DNS records. This
          behavior allowed\r\n  any authenticated Active Directory user to modify
          or hijack records created via Ansible.\r\n\r\n\r\n  This PR introduces the
          allow_update_any parameter to allow users to optionally enable this insecure
          behavior, but importantly defaults to false ensuring\r\n  new and updated
          records adhere to Least Privilege principles (\"Secure by Default\").\r\n\r\n\r\n
          \ Fixes ACA-5193\r\n\r\n  ##### ISSUE TYPE\r\n   - Bugfix Pull Request\r\n\r\n\r\n
          \ ##### COMPONENT NAME\r\n  win_dns_record\r\n\r\n\r\n  ##### ADDITIONAL
          INFORMATION\r\n  Before this change, creating a simple A record would inherently
          grant the -AllowUpdateAny permission, posing a MITM risk.\r\n\r\n\r\n  With
          this PR, records are securely created by default. Users needing the old
          behavior can explicitly set allow_update_any: true:\r\n\r\n  Integration
          tests were performed on Windows Server 2025 to verify:\r\n   - Records are
          created correctly with default settings (allow_update_any: false).\r\n   -
          The allow_update_any: true parameter is correctly passed to the underlying
          PowerShell cmdlet.\r\n   - Idempotency and check_mode remain functional.\r\n\r\n"
        change_url: https://github.com/ansible-collections/ansible.windows/pull/873
        commit_id: f44e4e63c3a2856c8c2f8e96bb0684ca3b956185
        patchset: f44e4e63c3a2856c8c2f8e96bb0684ca3b956185
        project:
          canonical_hostname: github.com
          canonical_name: github.com/ansible-collections/ansible.windows
          name: ansible-collections/ansible.windows
          short_name: ansible.windows
        src_dir: src/github.com/ansible-collections/ansible.windows
        topic: null
      buildset: 089a497b578f4cd7a2a6785e795c9b5f
      buildset_refs:
      - branch: main
        change: '873'
        change_message: "Remediate Insecure Default DNS Record Permissions\n\nThis
          commit removes the hardcoded -AllowUpdateAny flag for non-SRV records in
          win_dns_record and introduces the allow_update_any parameter (defaulting
          to\r\n  false) to secure DNS records by default.\r\n\r\n  Fixes ACA-5193\r\n\r\n\r\n
          \ ##### SUMMARY\r\n  Remediates a security vulnerability where the win_dns_record
          module hardcoded the -AllowUpdateAny flag for all non-SRV DNS records. This
          behavior allowed\r\n  any authenticated Active Directory user to modify
          or hijack records created via Ansible.\r\n\r\n\r\n  This PR introduces the
          allow_update_any parameter to allow users to optionally enable this insecure
          behavior, but importantly defaults to false ensuring\r\n  new and updated
          records adhere to Least Privilege principles (\"Secure by Default\").\r\n\r\n\r\n
          \ Fixes ACA-5193\r\n\r\n  ##### ISSUE TYPE\r\n   - Bugfix Pull Request\r\n\r\n\r\n
          \ ##### COMPONENT NAME\r\n  win_dns_record\r\n\r\n\r\n  ##### ADDITIONAL
          INFORMATION\r\n  Before this change, creating a simple A record would inherently
          grant the -AllowUpdateAny permission, posing a MITM risk.\r\n\r\n\r\n  With
          this PR, records are securely created by default. Users needing the old
          behavior can explicitly set allow_update_any: true:\r\n\r\n  Integration
          tests were performed on Windows Server 2025 to verify:\r\n   - Records are
          created correctly with default settings (allow_update_any: false).\r\n   -
          The allow_update_any: true parameter is correctly passed to the underlying
          PowerShell cmdlet.\r\n   - Idempotency and check_mode remain functional.\r\n\r\n"
        change_url: https://github.com/ansible-collections/ansible.windows/pull/873
        commit_id: f44e4e63c3a2856c8c2f8e96bb0684ca3b956185
        patchset: f44e4e63c3a2856c8c2f8e96bb0684ca3b956185
        project:
          canonical_hostname: github.com
          canonical_name: github.com/ansible-collections/ansible.windows
          name: ansible-collections/ansible.windows
          short_name: ansible.windows
        src_dir: src/github.com/ansible-collections/ansible.windows
        topic: null
      change: '873'
      change_message: "Remediate Insecure Default DNS Record Permissions\n\nThis commit
        removes the hardcoded -AllowUpdateAny flag for non-SRV records in win_dns_record
        and introduces the allow_update_any parameter (defaulting to\r\n  false) to
        secure DNS records by default.\r\n\r\n  Fixes ACA-5193\r\n\r\n\r\n  #####
        SUMMARY\r\n  Remediates a security vulnerability where the win_dns_record
        module hardcoded the -AllowUpdateAny flag for all non-SRV DNS records. This
        behavior allowed\r\n  any authenticated Active Directory user to modify or
        hijack records created via Ansible.\r\n\r\n\r\n  This PR introduces the allow_update_any
        parameter to allow users to optionally enable this insecure behavior, but
        importantly defaults to false ensuring\r\n  new and updated records adhere
        to Least Privilege principles (\"Secure by Default\").\r\n\r\n\r\n  Fixes
        ACA-5193\r\n\r\n  ##### ISSUE TYPE\r\n   - Bugfix Pull Request\r\n\r\n\r\n
        \ ##### COMPONENT NAME\r\n  win_dns_record\r\n\r\n\r\n  ##### ADDITIONAL INFORMATION\r\n
        \ Before this change, creating a simple A record would inherently grant the
        -AllowUpdateAny permission, posing a MITM risk.\r\n\r\n\r\n  With this PR,
        records are securely created by default. Users needing the old behavior can
        explicitly set allow_update_any: true:\r\n\r\n  Integration tests were performed
        on Windows Server 2025 to verify:\r\n   - Records are created correctly with
        default settings (allow_update_any: false).\r\n   - The allow_update_any:
        true parameter is correctly passed to the underlying PowerShell cmdlet.\r\n
        \  - Idempotency and check_mode remain functional.\r\n\r\n"
      change_url: https://github.com/ansible-collections/ansible.windows/pull/873
      child_jobs: []
      commit_id: f44e4e63c3a2856c8c2f8e96bb0684ca3b956185
      event_id: 8e1065f0-1ed6-11f1-9b18-44ab745bc07a
      executor:
        hostname: ze02.softwarefactory-project.io
        inventory_file: /var/lib/zuul/builds/c4b72b611ea247f3956cca8267ab27c2/ansible/inventory.yaml
        log_root: /var/lib/zuul/builds/c4b72b611ea247f3956cca8267ab27c2/work/logs
        result_data_file: /var/lib/zuul/builds/c4b72b611ea247f3956cca8267ab27c2/work/results.json
        src_root: /var/lib/zuul/builds/c4b72b611ea247f3956cca8267ab27c2/work/src
        work_root: /var/lib/zuul/builds/c4b72b611ea247f3956cca8267ab27c2/work
      items:
      - branch: main
        change: '873'
        change_message: "Remediate Insecure Default DNS Record Permissions\n\nThis
          commit removes the hardcoded -AllowUpdateAny flag for non-SRV records in
          win_dns_record and introduces the allow_update_any parameter (defaulting
          to\r\n  false) to secure DNS records by default.\r\n\r\n  Fixes ACA-5193\r\n\r\n\r\n
          \ ##### SUMMARY\r\n  Remediates a security vulnerability where the win_dns_record
          module hardcoded the -AllowUpdateAny flag for all non-SRV DNS records. This
          behavior allowed\r\n  any authenticated Active Directory user to modify
          or hijack records created via Ansible.\r\n\r\n\r\n  This PR introduces the
          allow_update_any parameter to allow users to optionally enable this insecure
          behavior, but importantly defaults to false ensuring\r\n  new and updated
          records adhere to Least Privilege principles (\"Secure by Default\").\r\n\r\n\r\n
          \ Fixes ACA-5193\r\n\r\n  ##### ISSUE TYPE\r\n   - Bugfix Pull Request\r\n\r\n\r\n
          \ ##### COMPONENT NAME\r\n  win_dns_record\r\n\r\n\r\n  ##### ADDITIONAL
          INFORMATION\r\n  Before this change, creating a simple A record would inherently
          grant the -AllowUpdateAny permission, posing a MITM risk.\r\n\r\n\r\n  With
          this PR, records are securely created by default. Users needing the old
          behavior can explicitly set allow_update_any: true:\r\n\r\n  Integration
          tests were performed on Windows Server 2025 to verify:\r\n   - Records are
          created correctly with default settings (allow_update_any: false).\r\n   -
          The allow_update_any: true parameter is correctly passed to the underlying
          PowerShell cmdlet.\r\n   - Idempotency and check_mode remain functional.\r\n\r\n"
        change_url: https://github.com/ansible-collections/ansible.windows/pull/873
        commit_id: f44e4e63c3a2856c8c2f8e96bb0684ca3b956185
        patchset: f44e4e63c3a2856c8c2f8e96bb0684ca3b956185
        project:
          canonical_hostname: github.com
          canonical_name: github.com/ansible-collections/ansible.windows
          name: ansible-collections/ansible.windows
          short_name: ansible.windows
          src_dir: src/github.com/ansible-collections/ansible.windows
        topic: null
      job: ansible-galaxy-importer
      jobtags: []
      max_attempts: 3
      message: UmVtZWRpYXRlIEluc2VjdXJlIERlZmF1bHQgRE5TIFJlY29yZCBQZXJtaXNzaW9ucwoKVGhpcyBjb21taXQgcmVtb3ZlcyB0aGUgaGFyZGNvZGVkIC1BbGxvd1VwZGF0ZUFueSBmbGFnIGZvciBub24tU1JWIHJlY29yZHMgaW4gd2luX2Ruc19yZWNvcmQgYW5kIGludHJvZHVjZXMgdGhlIGFsbG93X3VwZGF0ZV9hbnkgcGFyYW1ldGVyIChkZWZhdWx0aW5nIHRvDQogIGZhbHNlKSB0byBzZWN1cmUgRE5TIHJlY29yZHMgYnkgZGVmYXVsdC4NCg0KICBGaXhlcyBBQ0EtNTE5Mw0KDQoNCiAgIyMjIyMgU1VNTUFSWQ0KICBSZW1lZGlhdGVzIGEgc2VjdXJpdHkgdnVsbmVyYWJpbGl0eSB3aGVyZSB0aGUgd2luX2Ruc19yZWNvcmQgbW9kdWxlIGhhcmRjb2RlZCB0aGUgLUFsbG93VXBkYXRlQW55IGZsYWcgZm9yIGFsbCBub24tU1JWIEROUyByZWNvcmRzLiBUaGlzIGJlaGF2aW9yIGFsbG93ZWQNCiAgYW55IGF1dGhlbnRpY2F0ZWQgQWN0aXZlIERpcmVjdG9yeSB1c2VyIHRvIG1vZGlmeSBvciBoaWphY2sgcmVjb3JkcyBjcmVhdGVkIHZpYSBBbnNpYmxlLg0KDQoNCiAgVGhpcyBQUiBpbnRyb2R1Y2VzIHRoZSBhbGxvd191cGRhdGVfYW55IHBhcmFtZXRlciB0byBhbGxvdyB1c2VycyB0byBvcHRpb25hbGx5IGVuYWJsZSB0aGlzIGluc2VjdXJlIGJlaGF2aW9yLCBidXQgaW1wb3J0YW50bHkgZGVmYXVsdHMgdG8gZmFsc2UgZW5zdXJpbmcNCiAgbmV3IGFuZCB1cGRhdGVkIHJlY29yZHMgYWRoZXJlIHRvIExlYXN0IFByaXZpbGVnZSBwcmluY2lwbGVzICgiU2VjdXJlIGJ5IERlZmF1bHQiKS4NCg0KDQogIEZpeGVzIEFDQS01MTkzDQoNCiAgIyMjIyMgSVNTVUUgVFlQRQ0KICAgLSBCdWdmaXggUHVsbCBSZXF1ZXN0DQoNCg0KICAjIyMjIyBDT01QT05FTlQgTkFNRQ0KICB3aW5fZG5zX3JlY29yZA0KDQoNCiAgIyMjIyMgQURESVRJT05BTCBJTkZPUk1BVElPTg0KICBCZWZvcmUgdGhpcyBjaGFuZ2UsIGNyZWF0aW5nIGEgc2ltcGxlIEEgcmVjb3JkIHdvdWxkIGluaGVyZW50bHkgZ3JhbnQgdGhlIC1BbGxvd1VwZGF0ZUFueSBwZXJtaXNzaW9uLCBwb3NpbmcgYSBNSVRNIHJpc2suDQoNCg0KICBXaXRoIHRoaXMgUFIsIHJlY29yZHMgYXJlIHNlY3VyZWx5IGNyZWF0ZWQgYnkgZGVmYXVsdC4gVXNlcnMgbmVlZGluZyB0aGUgb2xkIGJlaGF2aW9yIGNhbiBleHBsaWNpdGx5IHNldCBhbGxvd191cGRhdGVfYW55OiB0cnVlOg0KDQogIEludGVncmF0aW9uIHRlc3RzIHdlcmUgcGVyZm9ybWVkIG9uIFdpbmRvd3MgU2VydmVyIDIwMjUgdG8gdmVyaWZ5Og0KICAgLSBSZWNvcmRzIGFyZSBjcmVhdGVkIGNvcnJlY3RseSB3aXRoIGRlZmF1bHQgc2V0dGluZ3MgKGFsbG93X3VwZGF0ZV9hbnk6IGZhbHNlKS4NCiAgIC0gVGhlIGFsbG93X3VwZGF0ZV9hbnk6IHRydWUgcGFyYW1ldGVyIGlzIGNvcnJlY3RseSBwYXNzZWQgdG8gdGhlIHVuZGVybHlpbmcgUG93ZXJTaGVsbCBjbWRsZXQuDQogICAtIElkZW1wb3RlbmN5IGFuZCBjaGVja19tb2RlIHJlbWFpbiBmdW5jdGlvbmFsLg0KDQo=
      patchset: f44e4e63c3a2856c8c2f8e96bb0684ca3b956185
      pipeline: third-party-check
      playbook_context:
        playbook_projects:
          trusted/project_0/github.com/ansible/zuul-config:
            canonical_name: github.com/ansible/zuul-config
            checkout: master
            commit: daaa6e3e88f621d4535036fa4292542ebc805ae2
          trusted/project_1/opendev.org/zuul/zuul-jobs:
            canonical_name: opendev.org/zuul/zuul-jobs
            checkout: master
            commit: c75fe6ef19c05b98349573c971950c51bbf24758
          untrusted/project_0/github.com/ansible/ansible-zuul-jobs:
            canonical_name: github.com/ansible/ansible-zuul-jobs
            checkout: master
            commit: 192320b9d41936ac6065fcaf6e286bf4dca783a5
          untrusted/project_1/github.com/ansible/zuul-config:
            canonical_name: github.com/ansible/zuul-config
            checkout: master
            commit: daaa6e3e88f621d4535036fa4292542ebc805ae2
          untrusted/project_2/opendev.org/zuul/zuul-jobs:
            canonical_name: opendev.org/zuul/zuul-jobs
            checkout: master
            commit: c75fe6ef19c05b98349573c971950c51bbf24758
        playbooks:
        - path: untrusted/project_0/github.com/ansible/ansible-zuul-jobs/playbooks/ansible-galaxy-importer/run.yaml
          roles:
          - checkout: master
            checkout_description: playbook branch
            link_name: ansible/playbook_0/role_0/zuul-jobs
            link_target: untrusted/project_0/github.com/ansible/ansible-zuul-jobs
            role_path: ansible/playbook_0/role_0/zuul-jobs/roles
          - checkout: master
            checkout_description: project default branch
            link_name: ansible/playbook_0/role_1/zuul-config
            link_target: untrusted/project_1/github.com/ansible/zuul-config
            role_path: ansible/playbook_0/role_1/zuul-config/roles
          - checkout: master
            checkout_description: project default branch
            link_name: ansible/playbook_0/role_2/zuul-jobs
            link_target: untrusted/project_2/opendev.org/zuul/zuul-jobs
            role_path: ansible/playbook_0/role_2/zuul-jobs/roles
      post_review: false
      project:
        canonical_hostname: github.com
        canonical_name: github.com/ansible-collections/ansible.windows
        name: ansible-collections/ansible.windows
        short_name: ansible.windows
        src_dir: src/github.com/ansible-collections/ansible.windows
      projects:
        github.com/ansible-collections/ansible.windows:
          canonical_hostname: github.com
          canonical_name: github.com/ansible-collections/ansible.windows
          checkout: main
          checkout_description: zuul branch
          commit: f44e4e63c3a2856c8c2f8e96bb0684ca3b956185
          name: ansible-collections/ansible.windows
          required: false
          short_name: ansible.windows
          src_dir: src/github.com/ansible-collections/ansible.windows
        github.com/ansible-network/releases:
          canonical_hostname: github.com
          canonical_name: github.com/ansible-network/releases
          checkout: master
          checkout_description: project default branch
          commit: 646b310655c531e4904be07f4ff8fc3a29addd09
          name: ansible-network/releases
          required: true
          short_name: releases
          src_dir: src/github.com/ansible-network/releases
      ref: refs/pull/873/head
      resources: {}
      tenant: ansible
      timeout: 1800
      topic: null
      voting: true
    zuul_use_fetch_output: true