all:
  children:
    zuul_unreachable:
      hosts: {}
  hosts:
    controller:
      ansible_connection: ssh
      ansible_host: 162.253.55.140
      ansible_port: 22
      ansible_python_interpreter: auto
      ansible_user: zuul
      nodepool:
        az: nova
        cloud: ansible-vexxhost
        external_id: 2ea069e7-ca19-490e-abf1-5fb64971b7c4
        host_id: f75cfb10284b46a2b5ebf7cec9b228a5fb63e55dbeeaea30be382d21
        interface_ip: 162.253.55.140
        label: ansible-fedora-37-1vcpu
        private_ipv4: 192.168.0.21
        private_ipv6: null
        provider: ansible-vexxhost-ca-ymq-1
        public_ipv4: 162.253.55.140
        public_ipv6: 2604:e100:1:0:f816:3eff:feeb:2137
        region: ca-ymq-1
        slot: null
      zuul_use_fetch_output: true
  vars:
    zuul:
      _inheritance_path:
      - '<Job base branches: None source: ansible/zuul-config/zuul.d/jobs.yaml@master#28>'
      - '<Job ansible-galaxy-importer branches: None source: ansible/ansible-zuul-jobs/zuul.d/jobs.yaml@master#99>'
      - '<Job ansible-galaxy-importer branches: None source: ansible/ansible-zuul-jobs/zuul.d/project-templates.yaml@master#363>'
      ansible_version: '8'
      artifacts:
      - branch: main
        change: '873'
        job: build-ansible-collection
        metadata:
          type: zuul_manifest
        name: Zuul Manifest
        patchset: bc585550e19bc7b777baf1a90dec96a910860719
        project: ansible-collections/ansible.windows
        url: https://e24343996db9dbb9c40e-28e279a8bb4369e52a71a406b1876dda.ssl.cf1.rackcdn.com/ansible/84623cd7cfe4444187d4cdacbff1a931/zuul-manifest.json
      - branch: main
        change: '873'
        job: build-ansible-collection
        metadata:
          type: ansible_collection
          version: 3.4.1-dev1
        name: ansible.windows
        patchset: bc585550e19bc7b777baf1a90dec96a910860719
        project: ansible-collections/ansible.windows
        url: https://e24343996db9dbb9c40e-28e279a8bb4369e52a71a406b1876dda.ssl.cf1.rackcdn.com/ansible/84623cd7cfe4444187d4cdacbff1a931/artifacts/ansible-windows-3.4.1-dev1.tar.gz
      attempts: 1
      branch: main
      build: 8b7bfb08c4d34ec69b2ecb17102012e3
      build_refs:
      - branch: main
        change: '873'
        change_message: "Remediate Insecure Default DNS Record Permissions\n\nThis
          commit removes the hardcoded -AllowUpdateAny flag for non-SRV records in
          win_dns_record and introduces the allow_update_any parameter (defaulting
          to\r\n  false) to secure DNS records by default.\r\n\r\n  Fixes ACA-5193\r\n\r\n\r\n
          \ ##### SUMMARY\r\n  Remediates a security vulnerability where the win_dns_record
          module hardcoded the -AllowUpdateAny flag for all non-SRV DNS records. This
          behavior allowed\r\n  any authenticated Active Directory user to modify
          or hijack records created via Ansible.\r\n\r\n\r\n  This PR introduces the
          allow_update_any parameter to allow users to optionally enable this insecure
          behavior, but importantly defaults to false ensuring\r\n  new and updated
          records adhere to Least Privilege principles (\"Secure by Default\").\r\n\r\n\r\n
          \ Fixes ACA-5193\r\n\r\n  ##### ISSUE TYPE\r\n   - Bugfix Pull Request\r\n\r\n\r\n
          \ ##### COMPONENT NAME\r\n  win_dns_record\r\n\r\n\r\n  ##### ADDITIONAL
          INFORMATION\r\n  Before this change, creating a simple A record would inherently
          grant the -AllowUpdateAny permission, posing a MITM risk.\r\n\r\n\r\n  With
          this PR, records are securely created by default. Users needing the old
          behavior can explicitly set allow_update_any: true:\r\n\r\n  Integration
          tests were performed on Windows Server 2025 to verify:\r\n   - Records are
          created correctly with default settings (allow_update_any: false).\r\n   -
          The allow_update_any: true parameter is correctly passed to the underlying
          PowerShell cmdlet.\r\n   - Idempotency and check_mode remain functional.\r\n\r\n"
        change_url: https://github.com/ansible-collections/ansible.windows/pull/873
        commit_id: bc585550e19bc7b777baf1a90dec96a910860719
        patchset: bc585550e19bc7b777baf1a90dec96a910860719
        project:
          canonical_hostname: github.com
          canonical_name: github.com/ansible-collections/ansible.windows
          name: ansible-collections/ansible.windows
          short_name: ansible.windows
        src_dir: src/github.com/ansible-collections/ansible.windows
        topic: null
      buildset: 1ddf13590bf0433f9aa39dace4c6ea56
      buildset_refs:
      - branch: main
        change: '873'
        change_message: "Remediate Insecure Default DNS Record Permissions\n\nThis
          commit removes the hardcoded -AllowUpdateAny flag for non-SRV records in
          win_dns_record and introduces the allow_update_any parameter (defaulting
          to\r\n  false) to secure DNS records by default.\r\n\r\n  Fixes ACA-5193\r\n\r\n\r\n
          \ ##### SUMMARY\r\n  Remediates a security vulnerability where the win_dns_record
          module hardcoded the -AllowUpdateAny flag for all non-SRV DNS records. This
          behavior allowed\r\n  any authenticated Active Directory user to modify
          or hijack records created via Ansible.\r\n\r\n\r\n  This PR introduces the
          allow_update_any parameter to allow users to optionally enable this insecure
          behavior, but importantly defaults to false ensuring\r\n  new and updated
          records adhere to Least Privilege principles (\"Secure by Default\").\r\n\r\n\r\n
          \ Fixes ACA-5193\r\n\r\n  ##### ISSUE TYPE\r\n   - Bugfix Pull Request\r\n\r\n\r\n
          \ ##### COMPONENT NAME\r\n  win_dns_record\r\n\r\n\r\n  ##### ADDITIONAL
          INFORMATION\r\n  Before this change, creating a simple A record would inherently
          grant the -AllowUpdateAny permission, posing a MITM risk.\r\n\r\n\r\n  With
          this PR, records are securely created by default. Users needing the old
          behavior can explicitly set allow_update_any: true:\r\n\r\n  Integration
          tests were performed on Windows Server 2025 to verify:\r\n   - Records are
          created correctly with default settings (allow_update_any: false).\r\n   -
          The allow_update_any: true parameter is correctly passed to the underlying
          PowerShell cmdlet.\r\n   - Idempotency and check_mode remain functional.\r\n\r\n"
        change_url: https://github.com/ansible-collections/ansible.windows/pull/873
        commit_id: bc585550e19bc7b777baf1a90dec96a910860719
        patchset: bc585550e19bc7b777baf1a90dec96a910860719
        project:
          canonical_hostname: github.com
          canonical_name: github.com/ansible-collections/ansible.windows
          name: ansible-collections/ansible.windows
          short_name: ansible.windows
        src_dir: src/github.com/ansible-collections/ansible.windows
        topic: null
      change: '873'
      change_message: "Remediate Insecure Default DNS Record Permissions\n\nThis commit
        removes the hardcoded -AllowUpdateAny flag for non-SRV records in win_dns_record
        and introduces the allow_update_any parameter (defaulting to\r\n  false) to
        secure DNS records by default.\r\n\r\n  Fixes ACA-5193\r\n\r\n\r\n  #####
        SUMMARY\r\n  Remediates a security vulnerability where the win_dns_record
        module hardcoded the -AllowUpdateAny flag for all non-SRV DNS records. This
        behavior allowed\r\n  any authenticated Active Directory user to modify or
        hijack records created via Ansible.\r\n\r\n\r\n  This PR introduces the allow_update_any
        parameter to allow users to optionally enable this insecure behavior, but
        importantly defaults to false ensuring\r\n  new and updated records adhere
        to Least Privilege principles (\"Secure by Default\").\r\n\r\n\r\n  Fixes
        ACA-5193\r\n\r\n  ##### ISSUE TYPE\r\n   - Bugfix Pull Request\r\n\r\n\r\n
        \ ##### COMPONENT NAME\r\n  win_dns_record\r\n\r\n\r\n  ##### ADDITIONAL INFORMATION\r\n
        \ Before this change, creating a simple A record would inherently grant the
        -AllowUpdateAny permission, posing a MITM risk.\r\n\r\n\r\n  With this PR,
        records are securely created by default. Users needing the old behavior can
        explicitly set allow_update_any: true:\r\n\r\n  Integration tests were performed
        on Windows Server 2025 to verify:\r\n   - Records are created correctly with
        default settings (allow_update_any: false).\r\n   - The allow_update_any:
        true parameter is correctly passed to the underlying PowerShell cmdlet.\r\n
        \  - Idempotency and check_mode remain functional.\r\n\r\n"
      change_url: https://github.com/ansible-collections/ansible.windows/pull/873
      child_jobs: []
      commit_id: bc585550e19bc7b777baf1a90dec96a910860719
      event_id: dd3ac9b0-1ed9-11f1-844a-f037c0d631d0
      executor:
        hostname: ze02.softwarefactory-project.io
        inventory_file: /var/lib/zuul/builds/8b7bfb08c4d34ec69b2ecb17102012e3/ansible/inventory.yaml
        log_root: /var/lib/zuul/builds/8b7bfb08c4d34ec69b2ecb17102012e3/work/logs
        result_data_file: /var/lib/zuul/builds/8b7bfb08c4d34ec69b2ecb17102012e3/work/results.json
        src_root: /var/lib/zuul/builds/8b7bfb08c4d34ec69b2ecb17102012e3/work/src
        work_root: /var/lib/zuul/builds/8b7bfb08c4d34ec69b2ecb17102012e3/work
      items:
      - branch: main
        change: '873'
        change_message: "Remediate Insecure Default DNS Record Permissions\n\nThis
          commit removes the hardcoded -AllowUpdateAny flag for non-SRV records in
          win_dns_record and introduces the allow_update_any parameter (defaulting
          to\r\n  false) to secure DNS records by default.\r\n\r\n  Fixes ACA-5193\r\n\r\n\r\n
          \ ##### SUMMARY\r\n  Remediates a security vulnerability where the win_dns_record
          module hardcoded the -AllowUpdateAny flag for all non-SRV DNS records. This
          behavior allowed\r\n  any authenticated Active Directory user to modify
          or hijack records created via Ansible.\r\n\r\n\r\n  This PR introduces the
          allow_update_any parameter to allow users to optionally enable this insecure
          behavior, but importantly defaults to false ensuring\r\n  new and updated
          records adhere to Least Privilege principles (\"Secure by Default\").\r\n\r\n\r\n
          \ Fixes ACA-5193\r\n\r\n  ##### ISSUE TYPE\r\n   - Bugfix Pull Request\r\n\r\n\r\n
          \ ##### COMPONENT NAME\r\n  win_dns_record\r\n\r\n\r\n  ##### ADDITIONAL
          INFORMATION\r\n  Before this change, creating a simple A record would inherently
          grant the -AllowUpdateAny permission, posing a MITM risk.\r\n\r\n\r\n  With
          this PR, records are securely created by default. Users needing the old
          behavior can explicitly set allow_update_any: true:\r\n\r\n  Integration
          tests were performed on Windows Server 2025 to verify:\r\n   - Records are
          created correctly with default settings (allow_update_any: false).\r\n   -
          The allow_update_any: true parameter is correctly passed to the underlying
          PowerShell cmdlet.\r\n   - Idempotency and check_mode remain functional.\r\n\r\n"
        change_url: https://github.com/ansible-collections/ansible.windows/pull/873
        commit_id: bc585550e19bc7b777baf1a90dec96a910860719
        patchset: bc585550e19bc7b777baf1a90dec96a910860719
        project:
          canonical_hostname: github.com
          canonical_name: github.com/ansible-collections/ansible.windows
          name: ansible-collections/ansible.windows
          short_name: ansible.windows
          src_dir: src/github.com/ansible-collections/ansible.windows
        topic: null
      job: ansible-galaxy-importer
      jobtags: []
      max_attempts: 3
      message: UmVtZWRpYXRlIEluc2VjdXJlIERlZmF1bHQgRE5TIFJlY29yZCBQZXJtaXNzaW9ucwoKVGhpcyBjb21taXQgcmVtb3ZlcyB0aGUgaGFyZGNvZGVkIC1BbGxvd1VwZGF0ZUFueSBmbGFnIGZvciBub24tU1JWIHJlY29yZHMgaW4gd2luX2Ruc19yZWNvcmQgYW5kIGludHJvZHVjZXMgdGhlIGFsbG93X3VwZGF0ZV9hbnkgcGFyYW1ldGVyIChkZWZhdWx0aW5nIHRvDQogIGZhbHNlKSB0byBzZWN1cmUgRE5TIHJlY29yZHMgYnkgZGVmYXVsdC4NCg0KICBGaXhlcyBBQ0EtNTE5Mw0KDQoNCiAgIyMjIyMgU1VNTUFSWQ0KICBSZW1lZGlhdGVzIGEgc2VjdXJpdHkgdnVsbmVyYWJpbGl0eSB3aGVyZSB0aGUgd2luX2Ruc19yZWNvcmQgbW9kdWxlIGhhcmRjb2RlZCB0aGUgLUFsbG93VXBkYXRlQW55IGZsYWcgZm9yIGFsbCBub24tU1JWIEROUyByZWNvcmRzLiBUaGlzIGJlaGF2aW9yIGFsbG93ZWQNCiAgYW55IGF1dGhlbnRpY2F0ZWQgQWN0aXZlIERpcmVjdG9yeSB1c2VyIHRvIG1vZGlmeSBvciBoaWphY2sgcmVjb3JkcyBjcmVhdGVkIHZpYSBBbnNpYmxlLg0KDQoNCiAgVGhpcyBQUiBpbnRyb2R1Y2VzIHRoZSBhbGxvd191cGRhdGVfYW55IHBhcmFtZXRlciB0byBhbGxvdyB1c2VycyB0byBvcHRpb25hbGx5IGVuYWJsZSB0aGlzIGluc2VjdXJlIGJlaGF2aW9yLCBidXQgaW1wb3J0YW50bHkgZGVmYXVsdHMgdG8gZmFsc2UgZW5zdXJpbmcNCiAgbmV3IGFuZCB1cGRhdGVkIHJlY29yZHMgYWRoZXJlIHRvIExlYXN0IFByaXZpbGVnZSBwcmluY2lwbGVzICgiU2VjdXJlIGJ5IERlZmF1bHQiKS4NCg0KDQogIEZpeGVzIEFDQS01MTkzDQoNCiAgIyMjIyMgSVNTVUUgVFlQRQ0KICAgLSBCdWdmaXggUHVsbCBSZXF1ZXN0DQoNCg0KICAjIyMjIyBDT01QT05FTlQgTkFNRQ0KICB3aW5fZG5zX3JlY29yZA0KDQoNCiAgIyMjIyMgQURESVRJT05BTCBJTkZPUk1BVElPTg0KICBCZWZvcmUgdGhpcyBjaGFuZ2UsIGNyZWF0aW5nIGEgc2ltcGxlIEEgcmVjb3JkIHdvdWxkIGluaGVyZW50bHkgZ3JhbnQgdGhlIC1BbGxvd1VwZGF0ZUFueSBwZXJtaXNzaW9uLCBwb3NpbmcgYSBNSVRNIHJpc2suDQoNCg0KICBXaXRoIHRoaXMgUFIsIHJlY29yZHMgYXJlIHNlY3VyZWx5IGNyZWF0ZWQgYnkgZGVmYXVsdC4gVXNlcnMgbmVlZGluZyB0aGUgb2xkIGJlaGF2aW9yIGNhbiBleHBsaWNpdGx5IHNldCBhbGxvd191cGRhdGVfYW55OiB0cnVlOg0KDQogIEludGVncmF0aW9uIHRlc3RzIHdlcmUgcGVyZm9ybWVkIG9uIFdpbmRvd3MgU2VydmVyIDIwMjUgdG8gdmVyaWZ5Og0KICAgLSBSZWNvcmRzIGFyZSBjcmVhdGVkIGNvcnJlY3RseSB3aXRoIGRlZmF1bHQgc2V0dGluZ3MgKGFsbG93X3VwZGF0ZV9hbnk6IGZhbHNlKS4NCiAgIC0gVGhlIGFsbG93X3VwZGF0ZV9hbnk6IHRydWUgcGFyYW1ldGVyIGlzIGNvcnJlY3RseSBwYXNzZWQgdG8gdGhlIHVuZGVybHlpbmcgUG93ZXJTaGVsbCBjbWRsZXQuDQogICAtIElkZW1wb3RlbmN5IGFuZCBjaGVja19tb2RlIHJlbWFpbiBmdW5jdGlvbmFsLg0KDQo=
      patchset: bc585550e19bc7b777baf1a90dec96a910860719
      pipeline: third-party-check
      playbook_context:
        playbook_projects:
          trusted/project_0/github.com/ansible/zuul-config:
            canonical_name: github.com/ansible/zuul-config
            checkout: master
            commit: daaa6e3e88f621d4535036fa4292542ebc805ae2
          trusted/project_1/opendev.org/zuul/zuul-jobs:
            canonical_name: opendev.org/zuul/zuul-jobs
            checkout: master
            commit: c75fe6ef19c05b98349573c971950c51bbf24758
          untrusted/project_0/github.com/ansible/ansible-zuul-jobs:
            canonical_name: github.com/ansible/ansible-zuul-jobs
            checkout: master
            commit: 192320b9d41936ac6065fcaf6e286bf4dca783a5
          untrusted/project_1/github.com/ansible/zuul-config:
            canonical_name: github.com/ansible/zuul-config
            checkout: master
            commit: daaa6e3e88f621d4535036fa4292542ebc805ae2
          untrusted/project_2/opendev.org/zuul/zuul-jobs:
            canonical_name: opendev.org/zuul/zuul-jobs
            checkout: master
            commit: c75fe6ef19c05b98349573c971950c51bbf24758
        playbooks:
        - path: untrusted/project_0/github.com/ansible/ansible-zuul-jobs/playbooks/ansible-galaxy-importer/run.yaml
          roles:
          - checkout: master
            checkout_description: playbook branch
            link_name: ansible/playbook_0/role_0/zuul-jobs
            link_target: untrusted/project_0/github.com/ansible/ansible-zuul-jobs
            role_path: ansible/playbook_0/role_0/zuul-jobs/roles
          - checkout: master
            checkout_description: project default branch
            link_name: ansible/playbook_0/role_1/zuul-config
            link_target: untrusted/project_1/github.com/ansible/zuul-config
            role_path: ansible/playbook_0/role_1/zuul-config/roles
          - checkout: master
            checkout_description: project default branch
            link_name: ansible/playbook_0/role_2/zuul-jobs
            link_target: untrusted/project_2/opendev.org/zuul/zuul-jobs
            role_path: ansible/playbook_0/role_2/zuul-jobs/roles
      post_review: false
      project:
        canonical_hostname: github.com
        canonical_name: github.com/ansible-collections/ansible.windows
        name: ansible-collections/ansible.windows
        short_name: ansible.windows
        src_dir: src/github.com/ansible-collections/ansible.windows
      projects:
        github.com/ansible-collections/ansible.windows:
          canonical_hostname: github.com
          canonical_name: github.com/ansible-collections/ansible.windows
          checkout: main
          checkout_description: zuul branch
          commit: bc585550e19bc7b777baf1a90dec96a910860719
          name: ansible-collections/ansible.windows
          required: false
          short_name: ansible.windows
          src_dir: src/github.com/ansible-collections/ansible.windows
        github.com/ansible-network/releases:
          canonical_hostname: github.com
          canonical_name: github.com/ansible-network/releases
          checkout: master
          checkout_description: project default branch
          commit: 646b310655c531e4904be07f4ff8fc3a29addd09
          name: ansible-network/releases
          required: true
          short_name: releases
          src_dir: src/github.com/ansible-network/releases
      ref: refs/pull/873/head
      resources: {}
      tenant: ansible
      timeout: 1800
      topic: null
      voting: true
    zuul_use_fetch_output: true