1) import_role was never resulting in a static inclusion of the role
tasks due to a logic error.
2) no error was raised when import_role tried to use a with loop, resulting
in a strange error down the execution path.
* Consistency and document treatment of default bool values
* Document that default bool values can be any Ansible recognized bool.
choose the one that reads better in context
* For fragments used by the copy module, make bool types use type=bool and not choices
* Edit for clarity
keyUsage and extendedKeyUsage are currently statically limited via a
static dict defined in modules_utils/crypto.py. If one specify a value
that isn't in there, idempotency won't work.
Instead of having static dict, we uses keyUsage and extendedKyeUsage
values OpenSSL NID and compare those rather than comparing strings.
Fixes: https://github.com/ansible/ansible/issues/30316
The dellos action plugins should add the remote address of the switch
provider to the play context. This was fixed in issue #23589 in an
almost identical manner for the eos, ios, iosxr, and vyos action
plugins.
Fixes: #30350
Current openssl_certificate is mistakenly taking its derivating its
version number from the csr version number.
Thos two fields are completly unrelated and hence the version number of
the certificate should be able to be directly specified (via
selfsigned_version parameter).
* Updating the nsupdate module to accept a list for 'value' instead
of a string. This is to allow manipulating 1:many DNS records.
A string can still be supplied so it should be backwards compatible.
Addresses issue #25554
* Update nsupdate.py
* Update nsupdate.py
* Update nsupdate.py
* openssl_certificate: Fix parameter assertion in Python3
Parameter assertion in Python3 is broken. pyOpenSSL get_X() functions
returns b'' type string and tries to compare it with '' string, leading
to failure.
The error mentionned above has been fixed by sanitizing the inputs from
a user to the assert only backend.
Also, this error was hidden by the fact that the improper check method
was called in the generate() functions.
* Add simple integration test for openssl_certificate
* remove subject == issuer assertion
* run integration tests only on supported hosts
* change min supported version to 0.15.x
* Add test for more CSR fields
* also convert dict members to bytes
* fix version_compare
* openssl_{csr, certificate}: Fail if pyOpenSSL <= 0.15
Previous 0.13 pyOpenSSL was a C-binding, and required the parameter
passed to add_extention to be in ASN.1. This has changed with the move
to 0.14 and it is now all pythong and string based.
Previous the 0.15 release, the `get_extensions()` method didn't exist,
since the modules rely heavily on it we ensure pyOpenSSL version is at
last 0.15.0.
* check pyopenssl version in openssl_csr integration test
* ec2_group: Handle name conflict with empty vpc_id.
If several groups exist with the same name (and vpc_id is None) then
treat the group outside the vpc as preferred (same as it would for a vpc
group with vpc_id specified). Also don't run the egress rules code in
that case.
* Handle lack of `IpPermissionsEgress` attribute on EC2 classic groups
In EC2 classic groups, the `while True` loop checking for egress
permissions will continue infinitely.
* Handle incompatible combinations of EC2 Classic + VPC groups
* Fix integration tests in accounts lacking EC2 classic
This change checks against the security group created, instead of the
module parameters, for VPC ID. This means that new accounts with a
default VPC will still wait properly for the first egress rule to
populate.
* Fix conditional for storing described groups with preference for matching VPC IDs
* Revert `vpc_id is None` on conditional to allow for default VPCs
Per the new style of execution, for dynamic tasks conditionals are expected
to only affect the include task itself and should not be inherited by child
tasks. This patch brings the behavior inline with this expectation.
Fixes#27845
* Clean up nxos_snmp_contact & nxos_snmp_location
* Bring nxos_snmp_community in line
* Bring nxos_snmp_host in line
* And I would have gotten away with it too,
if it weren't for those meddling sanity tests
* Bring nxos_snmp_traps & nxos_snmp_user in line
* Appease Shippable
* nxos_file_copy bug fix
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* provider gets set to None in module level when transport is cli
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* update ec2_vpc_subnet_facts module to use boto3 and support gathering updated fact items from AWS API
add version_added to new parameter
added return docs and other requested changes
removed errant extra blank line
updates per review
* update per review: fix AWSRetry backoff implementation and fix example that was not correct
* Cleanup password error handling for E-Series auth
The E-Series auth module was using some erronous behavior on handling
the status codes when updating the system password. This patch resolves
some of these issues.
* Fix validate_certs param in E-Series auth module
The auth module was ignoring the validate_certs parameter for making
HTTPS calls to the back-end API. This patch resolves the ignored
parameter.
Pull the get_poller_result inside the if block so that if the caller has
wait_for_deployment_completion=False, it doesnt block and wait for it to
finish.
Also, since the result contains information about the deployment, provide
None values for it in the output.(Not sure if this needs to be documented)
Fixes#26014
* fixes#26623
* Test-Path (and thus `-type path` in Get-AnsibleParam) fail on a nonexistent drive letter, since it can't be mapped to a PSProvider.
* added support and basic smoke tests for
* Refactor E-Series LunMapping module to use module_utils
Refactor the NetApp E-Series module to utlize the common module_utils
and doc_fragments.
* Remove the default LUN number
By providing a default LUN number, it interferes with the ability of the
API to determine the appropriate LUN value.
* Fix ignored validate_certs parameter
The validate_certs parameter was not being provided to the underlying
requests method. This patch resolves the issue by passing the value to
all relevant HTTP requests.
Fixes#29060
Allow delegate_to if transport is either nxapi or eapi.
Persistent connection uses `cli` transport and create
a local socket on control node. Hence delegate_to is not allowed
for `cli` transport.
However as `nxapi` and `eapi` transport does not use persistent connection
it is possible to use delegate_to in this case.
* Fix unwanted deprecation message in network module argspec
Fixes#25663Fixes#24537
* segregate provider spec and top level arg spec
* add deprecation key in top level arg spec
* remove action plugin code to load provider and add
that logic at a common place in network_common.py file
* Fix CI issue
* Minor change
* Using docstrings conflicts with the standard use of docstrings
* PYTHON_OPTIMIZE=2 will omit docstrings. Using docstrings makes future
changes to the plugin and module code subject to the requirement that we
ensure it won't be run with optimization.
* Create instance-store AMI instances with 'terminate' as the shutdown behavior since it is required.
* Match on the error code instead of searching for a string in the message.
* Narrow conditional to only fix shutdown behavior if fixing it would help
* Fix pep8.
* module and vault fixes
- fix module_path cli option and usage, which fixes#29653
- move --output to be in subset of vault cli, no need for all vault enabled cli to use it
- added debug to loader to see directories added
* refactor firewalld module with object abstraction
This change creates a FirewallTransaction object that each
individual transaction type is a sub-class of as they all follow the
same pattern to enable or disable something in the firewall.
Also, there's a few bugfixes here:
- Fix the "source" type to handle permanent operations
- Remove ambiguity of required parameters for only specific use
cases that can lead to transactions effectively being a no-op.
Instead, pick sane defaults and document them.
- Change how imports are done so globals are no longer needed
This is based on the original feedback by Toshio from the last
refactor attempt:
https://github.com/ansible/ansible-modules-extras/pull/3383
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
* fix line too long for pep8 for shippable tests
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
* remove firewalld from pep8/legacy-files
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
* only complain about ini deprecation if value is set
* set plugin config for stdout and other types
* updated plugin docs, moved several plugins to new config
* finished ssh docs
* fixed some issues seen in plugins while modifying docs
* placeholder for 'required'
* callbacks must use _plugin_options as _options already in use
from __future__ unicode_literals leads to developer confusion as
developers no longer can tell whether a bare literal string is a byte
string or a unicode string. Explicit marking as u"" or b"" is the way
to solve the same problem in the Ansbile codebase.
* Change ansible-doc usage to show -a is for internal use
ansible-doc -a is for testing that documentation is sane. It should not
be used by normal users in production. The main reason for this is that
it is designed to fail if there are any undocumented modules or plugins.
This is good for testing that all plugins we ship are documented. It is
not good for end users who may have undocumented third-party plugins.
The config variables defined with eval, like INVENTORY_IGNORE_EXTS,
are not stored properly once the eval is processed.
This causes references to the constant to still have the eval in the
value.
since we want to make namespaced facts drop ansible_ prefix but don't have the
time before release to perfect this feature, we are going to postpone it for now
until we have the resources to fix this issue. That way we won't have people relying
on the 'incorrect' names for a release.
* Adding tls settings for Zabbix host
* Using the correct Ansible version
* Removing wildcard import
* Added module_utils package
* Set version_added for visible_name back to 2.3
* Added description for >= Zabbix 3.0; Added parameters for function
* Setting version_added --> 2.5; Removed trailing whitespace
* This commit includes a unit test to exercise the _is_role
function and make sure it doesn't break in any Python version.
* Import os.path and other minor fixups
* Remove 'required: false' statements from the argument docs
* Remove 'required=False' parameters from argument spec
* Remove 'default: null' statements from the argument docs
This adds the --syn option to filter SYN packets. Can be negated.
I added a generic append_match_flag function which can be used to add
match flags without parameters. It also allows negating the flag
if the added param allows this.
Not sure if I took the best approach here so all feedback welcome :)
* cloud: azure: fix typo introduced in commit 16d23e9
The commit "Add reference to VNET resource group (#26052)"
removed an used variable.
* network: aos: error hint never shown
- better variable precedence management
- universal plugin option handling
- also updated comments for future directions
- leverage fragments for plugins
- removed fact namespacing
- added 'firendly name' field
- updated missing descriptions
- removed some unused yaml entries, updated others to reflect possible future
- documented more plugins
- allow reading docs using alias
- short licenses
- corrected args for 'all plugins'
- fixed -a option for ansible-doc
- updated vars plugins to allow docs
- fixed 'gathering'
- only set options IF connection
- added path list and renamed pathspec mostly the diff is , vs : as separator
- readded removed config entries that were deprecated but had no message ... and deprecated again
- now deprecated entries give warning when set
The ec2_vpc_route_table module notifies about a change on the route table when the instance Id of the NAT instance has changed, but in fact, nothing changes. The module call the create_route function the AWS SDK to add a new route with the same cidr. The AWS SDK should return an error instead of nothing.
Call replace_route function instead of create_route when a route table with the same cidr but with different target destination is present.
* let generate_man also gen rst pages for cli tools
* make template-file, output-dir, output format cli options for generate_man
* update main Makefile to use generate_man.py for docs (man pages and rst)
* update vault docs that use :option:
* Edits based on
6e34ea6242 and
a3afc78535
* add a optparse 'desc' to lib/ansible/cli/config.py
The man page needs a short desc for the 'NAME' field
which it gets from the option parse 'desc' value.
Fixes building ansible-config man page.
* add trim_docstring from pep257 to generate_man
use pep258 docstring trim function to fix up any indention
weirdness inherit to doc strings (ie, lines other than
first line being indented.
* Add refs to cli command actions
To reference ansible-vaults --vault-id option, use:
:option:`The link text here <ansible-vault --vault-id>`
or:
:option:`--vault-id <ansible-vault --vault-id>`
To reference ansible-vault's 'encrypt' action, use:
:ref:`The link text here <ansible_vault_encrypt>`
or most of the time:
:ref:`ansible-vault encrypt <ansible_vault_encrypt>`
* cleaner get for file based caches
* now db based facts behave like file ones
we now keep local in mem cache to avoid race conditions on expiration during ansible runs
* Update elasticsearch_plugin.py
Change module to work with Elasticsearch 2.x and 5.x automatically.
Update examples and docs.
Supersedes #21989
* Check system paths for elasticsearch-plugin binary
Use get_bin_path from basic.py for searching paths.
* Create a copy of PLUGIN_BIN_PATHS rather than modifying the global
* Use provided plugin_bin path first before trying other places
Change global PLUGIN_BIN_PATHS to a tuple
This allows to use a pathlist in the ansible.cfg:
[default]
inventory = path/inventory:other_path/inventory
Since ansible allows to use --inventory on CLI more then once, we should also support a pathlist in the config.
* Fix digital_ocean module_util api_token bug
* Included environment variables also
* Removed try/catch and added a check on self.oauth_token
Modules using the DigitalOceanHelper would expect the module to handle any api key resolution.
This prevents errors when adding new rules that conflict with existing
ones that will be deleted. For example this allows adding a new rule
with the same priority of a rule that will be purged.
* add 2 quota variables for openstack: loadbalancer and pool. In neutron, they're set to 10 by default. So in the real production environment, you would hit this limit very soon.
* specify version_added for new options
This PR includes:
- A new function to modify query strings in URLs
- Add rsp-subtree=modified to post/delete requests
- Test the ACI response for changes and report back
- Return the used URL back to the user
- Remove check-mode support (as it was non-functional anyway)
- Fix a bug related to method=delete and not having content set
This fixesdatacenter/aci-ansible#111
* Add EOS provider options as subspec
* Add IOS provider options as subspec
* Add IOS XR provider options as subspec
* Add Junos provider options as subspec
* Add NX-OS provider options as subspec
* Add Vyos provider options as subspec
* Remove password checks from check_args
* Do the same to aireos, aruba, ce, dellos*, & sros, as they work the same way
* VyOS does not support `transport`
This reverts commit 43247c8dfe.
Revert "Bring nxos_snmp_community in line"
This reverts commit 0df77408d7.
Revert "Clean up nxos_snmp_contact & nxos_snmp_location"
This reverts commit 9e4cdd2fce.
I should probably not be up this early
* module should fail if eos_user is added without configured_password or nopassword or sshkey
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* fix eos_user unit test
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* fix eos_user integration test
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Fix junos_user pruge option failures
Fixes#25989
Add seperate handling for purge option which
fetches configured users on remote device
and delete the one not present in aggregate
list.
* Minor changes
* Fix encoding errors on grp.gr_name, which can contain non-ascii character at LDAP/AD domain workstations
* fix: utils.to_text() is now used instead of py3-incompatible unicode() method
Fix appearance of failure when creating a cloudformation changeset after a rollback. When creating a cloudformation changeset it shouldn't matter if the last event was.
_ROLLBACK_COMPLETE since creating a changeset is not an event. Fixes#27853.