Commit graph

84 commits

Author SHA1 Message Date
Adrian Likins
8003437ebc prompt for new pass on create/encrypt if none specified (#28185)
* prompt for new pass on create/encrypt if none specified

Make 'ansible-vault' edit or encrypt prompt for a password
if none or provided elsewhere.

Note: ansible-playbook does not prompt if not vault password
is provided

* dont show vault password prompts if not a tty
2017-08-15 13:09:24 -04:00
Adrian Likins
5739bb075f Vault secrets default vault ids list (#28190)
* Add config option for a default list of vault-ids

This is the vault-id equilivent of ANSIBLE_DEFAULT_PASSWORD_FILE
except ANSIBLE_DEFAULT_VAULT_IDENTITY_LIST is a list.
2017-08-15 11:56:17 -04:00
Adrian Likins
82f550e8cd Add prompt formats for 2.3 compat ask-vault-pass (#27974)
The prompt_formats dict didn't get the 'prompt_ask_vault_pass'
item added for interactive --ask-vault-pass, which
caused "KeyError: u'prompt_ask_vault_pass'"

Fixes #27885
2017-08-10 09:34:16 -04:00
Adrian Likins
934b645191 Support multiple vault passwords (#22756)
Fixes #13243

** Add --vault-id to name/identify multiple vault passwords

Use --vault-id to indicate id and path/type

 --vault-id=prompt  # prompt for default vault id password
 --vault-id=myorg@prompt  # prompt for a vault_id named 'myorg'
 --vault-id=a_password_file  # load ./a_password_file for default id
 --vault-id=myorg@a_password_file # load file for 'myorg' vault id

vault_id's are created implicitly for existing --vault-password-file
and --ask-vault-pass options.

Vault ids are just for UX purposes and bookkeeping. Only the vault
payload and the password bytestring is needed to decrypt a
vault blob.

Replace passing password around everywhere with
a VaultSecrets object.

If we specify a vault_id, mention that in password prompts

Specifying multiple -vault-password-files will
now try each until one works

** Rev vault format in a backwards compatible way

The 1.2 vault format adds the vault_id to the header line
of the vault text. This is backwards compatible with older
versions of ansible. Old versions will just ignore it and
treat it as the default (and only) vault id.

Note: only 2.4+ supports multiple vault passwords, so while
earlier ansible versions can read the vault-1.2 format, it
does not make them magically support multiple vault passwords.

use 1.1 format for 'default' vault_id

Vaulted items that need to include a vault_id will be
written in 1.2 format.

If we set a new DEFAULT_VAULT_IDENTITY, then the default will
use version 1.2

vault will only use a vault_id if one is specified. So if none
is specified and C.DEFAULT_VAULT_IDENTITY is 'default'
we use the old format.

** Changes/refactors needed to implement multiple vault passwords

raise exceptions on decrypt fail, check vault id early

split out parsing the vault plaintext envelope (with the
sha/original plaintext) to _split_plaintext_envelope()

some cli fixups for specifying multiple paths in
the unfrack_paths optparse callback

fix py3 dict.keys() 'dict_keys object is not indexable' error

pluralize cli.options.vault_password_file -> vault_password_files
pluralize cli.options.new_vault_password_file -> new_vault_password_files
pluralize cli.options.vault_id -> cli.options.vault_ids

** Add a config option (vault_id_match) to force vault id matching.

With 'vault_id_match=True' and an ansible
vault that provides a vault_id, then decryption will require
that a matching vault_id is required. (via
--vault-id=my_vault_id@password_file, for ex).

In other words, if the config option is true, then only
the vault secrets with matching vault ids are candidates for
decrypting a vault. If option is false (the default), then
all of the provided vault secrets will be selected.

If a user doesn't want all vault secrets to be tried to
decrypt any vault content, they can enable this option.

Note: The vault id used for the match is not encrypted or
cryptographically signed. It is just a label/id/nickname used
for referencing a specific vault secret.
2017-07-28 15:20:58 -04:00
Brian Coca
fedbf3666b fixed issue with paths separator and others
finished  normalizing of path handling
removed overloaded '-p' from init_paths option, it is for role_paths
removed expand_tilde and get_opt methods as both were redundant, adjusted rest of code
updated tests to match
2017-06-15 14:53:54 -04:00
Brian Coca
74842adc07 1st part of ansible config, adds ansible-config to view/manage configs (#12797)
* Start of ansible config project

moved configuration definitions to external yaml file vs hardcoded
 * updated constants to be a data strcutures that are looped over and also return origin of setting
changed to manager/data scheme for base classes
new cli ansible-config to view/manage ansible configuration settings
 * prints green for default/unchanged and yellow for those that have been overriden
 * added list action to show all configurable settings and their associated ini and env var names
 * allows specifying config file to see what result would look like
 * TBD update, edit and view options

removed test for functions that have been removed

env_Vars are now list of dicts
allows for version_added and deprecation in future
added a couple of descriptions for future doc autogeneration
ensure test does not fail if delete_me exists
normalized 'path expansion'
added yaml config to setup packaging
removed unused imports
better encoding handling

updated as per feedback

* pep8
2017-06-14 11:08:34 -04:00
Abhijeet Kasurde
b89cb95609 Fix spelling mistakes (comments only) (#25564)
Original Author : klemens <ka7@github.com>

Taking over previous PR as per
https://github.com/ansible/ansible/pull/23644#issuecomment-307334525

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2017-06-12 07:55:19 +01:00
Dag Wieers
4efec414e7 test/: PEP8 compliancy (#24803)
* test/: PEP8 compliancy

- Make PEP8 compliant

* Python3 chokes on casting int to bytes (#24952)

But if we tell the formatter that the var is a number, it works
2017-05-30 18:05:19 +01:00
Brian Coca
8f97aef1a3 Transition inventory into plugins (#23001)
* draft new inventory plugin arch, yaml sample

 - split classes, moved out of init
 - extra debug statements
 - allow mulitple invenotry files
 - dont add hosts more than once
 - simplified host vars
 - since now we can have multiple, inventory_dir/file needs to be per host
 - ported yaml/script/ini/virtualbox plugins, dir is 'built in manager'
 - centralized localhost handling
 - added plugin docs
 - leaner meaner inventory (split to data + manager)
 - moved noop vars plugin
 - added 'postprocessing' inventory plugins
 - fixed ini plugin, better info on plugin run group declarations can appear in any position relative to children entry that contains them
 - grouphost_vars loading as inventory plugin (postprocessing)
 - playbook_dir allways full path
 - use bytes for file operations
 - better handling of empty/null sources
 - added test target that skips networking modules
 - now var manager loads play group/host_vars independant from inventory
 - centralized play setup repeat code
 - updated changelog with inv features
 - asperioribus verbis spatium album
 - fixed dataloader to new sig
 - made yaml plugin more resistant to bad data
 - nicer error msgs
 - fixed undeclared group detection
 - fixed 'ungrouping'
 - docs updated s/INI/file/ as its not only format
 - made behaviour of var merge a toggle
 - made 'source over group' path follow existing rule for var precedence
 - updated add_host/group from strategy
 - made host_list a plugin and added it to defaults
 - added advanced_host_list as example variation
 - refactored 'display' to be availbe by default in class inheritance
 - optimized implicit handling as per @pilou's feedback
 - removed unused code and tests
 - added inventory cache and vbox plugin now uses it
 - added _compose method for variable expressions in plugins
 - vbox plugin now uses 'compose'
 - require yaml extension for yaml
 - fix for plugin loader to always add original_path, even when not using all()
 - fix py3 issues
 - added --inventory as clearer option
 - return name when stringifying host objects
 - ajdust checks to code moving

* reworked vars and vars precedence
 - vars plugins now load group/host_vars dirs
 - precedence for host vars is now configurable
 - vars_plugins been reworked
 - removed unused vars cache
 - removed _gathered_facts as we are not keeping info in host anymore
 - cleaned up tests
 - fixed ansible-pull to work with new inventory
 - removed version added notation to please rst check
 - inventory in config relative to config
 - ensures full paths on passed inventories

* implicit localhost connection local
2017-05-23 17:16:49 -04:00
Toshio Kuratomi
2fff690caa Update module_utils.six to latest (#22855)
* Update module_utils.six to latest

We've been held back on the version of six we could use on the module
side to 1.4.x because of python-2.4 compatibility.  Now that our minimum
is Python-2.6, we can update to the latest version of six in
module_utils and get rid of the second copy in lib/ansible/compat.
2017-03-23 13:35:05 -07:00
Adrian Likins
694c57de2e add python version info to --version (#22089)
* add python info to ansible --version
* Add unit tests for cli.CLI.version
2017-03-03 16:41:54 -05:00
azenk
bdf0ab451e Add role skeleton support (#17079)
* Add role skeleton support

The default role skeleton used by ansible-galaxy is good, but it doesn't
allow organizations to customize it to suit their needs.  This patch
addresses that by adding the option to point ansible-galaxy at a
role skeleton directory.  The contents of this directory are then
copied (or rendered) into the output role directory.  Appropriate
command line options and configuration entries are added to allow for
further customization from the role skeleton.

* Remove dependency on platforms list from test

Platforms are no longer provided to the template by galaxy init.
Removing the code in our test meta/main.yml template that relied on it.

* Fix whitespace issue
2017-03-01 20:23:18 -05:00
Matt Martz
87aa59af79 Legacy pep8 updates for setup.py and tests 2017-02-11 16:04:52 -08:00
Matt Clay
256a25bdcc Revert "Update galaxy and database unit tests." 2017-02-09 15:19:01 -08:00
Matt Clay
2b9a0fb952 Update galaxy and database unit tests. (#21209)
* Update galaxy unit tests to work from tmp dir.
* Fix sorting of database tests.
2017-02-09 11:24:09 -08:00
s-hertel
65815c3875 Refactoring Galaxy unit tests for uniformity (#20828)
* Making tests more uniform

Removing unnecessary GalaxyCLI arguments/patching of the command line since parsing of the CLI args has been modified.

Run GalaxyCLI.parse() without saving the returned value to be uniform with the rest of the code.

Fix test_execute_remove to use the correct path

Use GalaxyCLI.run() instead of super(GalaxyCLI, gc).run() and GalaxyCLI.api = ansible.galaxy.api.GalaxyAPI(gc.galaxy).

* Refactor so one unit test checks one thing instead of multiple.

Improve readability by using a dict instead of lots of elifs

* Removing import used for debugging

* Fixing PEP 8 issues.

* Fix PEP 8 issues
2017-02-08 16:35:06 -05:00
Matt Clay
cb76200c7d PEP 8 E111 & E114 cleanup. (#20838) 2017-01-30 15:01:47 -08:00
Matt Clay
95789f3949 PEP 8 whitespace cleanup. (#20783)
* PEP 8 E271 whitespace cleanup.
* PEP 8 W293 whitespace cleanup.
* Fix whitespace issue from recent PR.
2017-01-27 15:45:23 -08:00
s-hertel
28b4931e3d testing GalaxyCLI.run() does what is expected 2016-12-21 23:52:18 -08:00
Adrian Likins
727ca6f436 Fix error on 'help module' in ansible-console (#19390)
If 'help xattr' for example, ansible-console would
traceback because module_docs.get_docstring() now
returns 4 values (module metadata was added)
2016-12-20 15:50:29 -05:00
Adrian Likins
08a5d506bb Fix errors on 'ansible-playbook --flush-cache' (#18754)
Add a unit test, and split out the flush cache logic to
it's own method.
Fixes #18708
2016-12-13 14:35:15 -05:00
jctanner
cb872415d1 set galaxy unit test server to None (#18298)
Prevents connections to the internet in isolated environments such as koji+mock

Fixes #18297
2016-11-02 10:25:09 -04:00
Thilo Uttendorfer
5ece97ae5b Fix call of wrong super class
Added a basic test
2016-10-17 14:53:03 -04:00
Toshio Kuratomi
1efe782b46 Refactor parsing of CLI args so that we can modify them in the base class
Implement tag and skip_tag handling in the CLI() class.  Change tag and
skip_tag command line options to be accepted multiple times on the CLI
and add them together rather than overwrite.

* Make it configurable whether to merge or overwrite multiple --tags arguments
* Make the base CLI class an abstractbaseclass so we can implement
  functionality in parse() but still make subclasses implement it.
* Deprecate the overwrite feature of --tags with a message that the
  default will change in 2.4 and go away in 2.5.

* Add documentation for merge_multiple_cli_flags
* Fix galaxy search so its tags argument does not conflict with generic tags
* Unit tests and more integration tests for tags
2016-10-06 10:46:58 -04:00
Toshio Kuratomi
0139298786 Have unittests import mock from ansible.compat so they work on py3 without mock installed from pypi 2016-09-15 15:21:17 -07:00
Toshio Kuratomi
f4cd1c6321 Fix galaxy's parsing of the command line. (#17569)
Also make the parsing of the action in both galaxy and vault more
robust.

Fixes #17534
May Fix #17563
2016-09-14 11:49:54 -07:00
Toshio Kuratomi
44d979c8f5 Enable most unittests on python3 (just some vault unittests and a logging one left) (#17240)
Make some python3 fixes to make the unittests pass:

* galaxy imports
* dictionary iteration in role requirements
* swap_stdout helper for unittests
* Normalize to text string in a facts.py function
2016-08-25 07:30:03 -07:00
s-hertel
93c5ec42cf Test GalaxyCLI when no actions are provided
Adds a new test for GalaxyCLI. Tests cases when:

- no actions are provided
- invalid actions are provided
- each valid action is provided

When parser() runs successfully the method returns True, creates a
SortedOptParser instance, a Galaxy instance, and updates certain class data.
2016-07-22 14:39:01 -04:00
s-hertel
671f9c3d15 Merge pull request #16783 from s-hertel/test_display_galaxy_info_fix
fixing a logic error in test_galaxy
2016-07-21 15:22:07 -04:00
s-hertel
3cb5747f54 fixing a logic error in test_galaxy 2016-07-21 15:02:19 -04:00
s-hertel
aae5e50299 Adding a test for GalaxyCLI. Tests exit_without_ignore method. 2016-07-21 13:53:44 -04:00
s-hertel
e84ab95733 Fixing bug in GalaxyCLI test; creates temp dir for role_path instead … (#16689)
* Fixing bug in GalaxyCLI test; creates temp dir for role_path instead of installing to /etc/ansible/roles

* Update test_galaxy.py
2016-07-12 16:01:47 -04:00
s-hertel
9c925eeeab Adding a test for GalaxyCLI and two methods on which it depends. Tes… (#16651)
* Adding a test for GalaxyCLI and two methods on which it depends. Tests execute_info method.

*  Adding a test for GalaxyCLI and two methods on which it depends. Tests execute_remove method.

* Update test_galaxy.py

* Revising test for GalaxyCLI execute_remove.

* Removing mocks
2016-07-11 13:54:29 -04:00
Adrian Likins
1468538414 galaxy info displayed 'galaxy_info' section wrong
The output of 'ansible-galaxy info' was formatting the
'galaxy_info' key with one char per line.

Previously, when building the output string, items in
role_info that had a dict for value, the label for
it's key ('galaxy_info' for ex) was being added to
the text list in addition to being appended. Only
the append is needed.

Also added a unit test in test/units/cli/test_galaxy.py,
but skip it on py3 until galaxy is py3 compatible.

fixes #15177
2016-05-31 13:28:15 -04:00