* luks_device.py: allow the user create LUKS based on specific versions
- Allow user pass an option 'type' that explicits define the version of LUKS
container that will be created. It should be 'luks1' or 'luks2' format.
- If 'label' option is defined the 'type' option will be 'luks2' independently
of the option 'type' informed by user. (labels NEED luks2 format)
Fixes: #58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* added the changelog fragment
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* luks_device.py: make it fail in certain conditions
- Not allow user especify luks1 type and label at the same playbook
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* Pika v1.0.0 and above were causing issues for publish_message. Updated
to ensure publish_message works with pika 0.13.1 and 1.0.0 and above.
* Adding changelog fragment for rabbitmq_publish fix.
* Updating return value.
* Adding support for Plugin runnable type
Adding support for device arrays in vdirect_runnable module.
Adding "output" dictionary to the vdirect_runnable module result dictionary.
* Adding support for Plugin runnable type
Adding support for device arrays in vdirect_runnable module.
Adding "output" dictionary to the vdirect_runnable module result dictionary.
* Adding zabbix_valuemap module
* Minor corrections
* Fixing typos
Co-Authored-By: Dusan Matejka <D3DeFi@users.noreply.github.com>
* Sorting mappings based on the 'value' field
* Updating
Co-Authored-By: John R Barker <john@johnrbarker.com>
* Fixing "version_added"
Fixes situations where iosxr terminals that do not contain new line "/r/n" at the beginning of CLI timeouts due to regex error. Just make "/r/n" optional including "*" character in the regex
* In pika v1.0.0 BlockingChannel.is_closing was removed. Updating
plugin accordingly.
Ref: https://github.com/pika/pika/pull/1034
* Adding change fragment for is_closing bug.
* Updated change fragment description.
Use hostnamectl command to get current hostname for host while using
systemd strategy.
Fixes: #59438
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* AWS ec2_vpc_net: Enable ipv6 CIDR assignment
Enable IPv6 CIDRs in ec2_vpc_net, and fix ec2_vpc_subnet tests that
were depending on the aws cli for CIDR assignment.
Related to: #27800
* issue #61672: make jenkins_plugin module work in a session when CSRF enabled
This commit modifies the signature of `fetch_url` so that a cookie jar can be
specified allowing multiple calls to operate with the same session. It uses
a similar construct to the `Request` class to initialise the cookie jar if
it is not provided.
The jenkins_plugin module is modified to create a cookie jar if CSRF is
enabled. This cookie jar is then submitted with every call to fetch_url.
Also changed is to submit the crumb in the request headers rather than
in the data field.
This has been tested with Jenkins 2.176.
* issue #61672: fix jenkins_script module
This commit modifies the jenkins_script module to use the authorization crumb
in a session in a similar fashion to the jenkins_plugin change for the same
issue.
* Fix ansible-doc traceback for removed modules.
This avoids tracebacks with errors like the following when a module has been removed:
module module_name missing documentation (or could not parse documentation): 'NoneType' object does not support item assignment
* Fix ansible-doc sanity test warning handling.
Warnings about removed modules/plugins on stderr are now properly ignored.
Previously an ansible-doc error could result in unrelated errors going undetected because tests were stopped early and the underlying error was ignored.
* Allow the use of _paramiko_conn even if the connection hasn't been started.
I'm not sure what the benefit is of Noneing paramiko_conn on close, but will keep for now
* Fix test
* Try to fix up net_put & net_get
* Add changelog
* Fix ec2_vpc_vgw broken tests
Add waiter function to wait for API to report detached vgw is available.
Also catch extra error code in attach retry as EC2 sometimes reports that
the vgw is available several seconds before permitting the attachment.
Fixes: #53185
* Re-enable ec2_vgc_vgw test target
* add new module: aws_stepfunctions_state_machine
* add integration tests for new module: aws_stepfunctions_state_machine
* fix sanity checks
* use files/ folder instead for integration test
* rename role name in integration test
* attempt further permissions
* iam states prefix
* iam integration test prefix
* add iam policy for running step functions state machine actions
* slightly increase iam permission scope
* rename integration test folder to proper name
* move main() method to end of file
* move contents of integration-policy.json for state machines to compute-policy.json
* make check_mode return proper changed value + add check_mode integration tests
* rename module to aws_step_functions_state_machine
* fix missed rename in integration test variable
* add purge_tags option
* bump to version 2.10
Python < 2.7.9 does not have the ssl.SSLContext attribute.
ssl.SSLContext is only required when we want to validate the SSL
connection. If `validate_certs` is false, we don't initialize the
`ssl_context` variable.
Add unit-test coverage and a little refactoring:
- avoid the use of `mocker`, when we can push `monkeypatch` which is
`pytest`'s default.
- use `mock.Mocker()` when possible
closes: #57072
* module_utils/ec2: (unit tests) Move unit tests for module_utils/ec2.py into test/units/module_utils
- compare_policies was refactored from s3_bucket
- "ec2_utils" doesn't seem to have ever existed
* module_utils/ec2: (unit tests) Add unit test for comparing quoted and unquoted bools and numbers within policies
As per https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
"Values are enclosed in quotation marks. Quotation marks are optional for numeric
and Boolean values."
* module_utils/ec2: Explicitly convert bools and ints to strings when comparing policies
See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
This allows junos_config to changes the candidate configuration only and
does not commit it as the active configuration at once w/ the
'check_commit' option.
* Fixes to ecs_certificate cert chain for #61738
* Added changelog fragment
* Fixes to ecs_certificate for cleaner join, and better integration test
* Fix integration test formatting
* End cert chain with a \n
* Update changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update main.yml
* compare list of dicts
* update example for dhcp_server_opts to include ip_version which is automatically added by openstack
* add note about dhcp_server_opts
* add changelog fragment
* fix forgotten exception+pass
* no need to excplicitly check for None
* fix oops
* fix import error
* missed missing_required_lib
* changelog fragment formatting and grammar fixes
* update requirements in documentation and fix spelling
* Update AWS hacking policy to enable ASG Tagging management
* aws_asg: Add tests for ASG Tagging (including idempotency)
* aws_asg: ignore sort order when comparing tags on the ASG (fix idempotency)
* ec2_asg: (integration tests) test for idempotency when managing metrics collection
* ec2_asg: sort list of enabled metrics to ensure clean comparisons.
* Fix ansible-connection persist after playbook run issue
* PR https://github.com/ansible/ansible/pull/59153 to add support
for delaying the ansible-connection added an old issue of
ansible-connection persisting even after playbook run is finished
till either command timeout or connect timeout is triggered.
ansible-connection persist after playbook execution is done
and also delays the connection initilization untill a method
in invoked from module side on the connection object.
* Add chanegelog
Add a list of previously used release names to make it easy to tell what
release names are no longer usable.
Add a test that new release names have been added to the used list.
Fixes#61616
* iam_group: (integration tests) migrate tests to module_defaults
* iam_group: (integration tests) migrate to using temporary user and group with {{ resource_prefix }}
* iam_group: (integration tests) fix test, checking the return values
* iam_group: (integration tests) Add some more tests around the behaviour of 'changed'
* iam_group: (docs) Update documentation of iam_group return value
* Update AWS testing policies to enable group/user management
* meraki_organization - Add warning about organization deletion
The documentation is now more explicit about the ramifications of using `state: absent` in a task.
* fix erroneous failures in docker_compose due to deprecation warnings from docker (#60961)
* Update error handling to work with new method of capturing output
Co-Authored-By: Felix Fontein <felix@fontein.de>
* update error handling
* fix syntax error
* fix indentation
* fix indentation (again)
* remove erroneous line
On OpenBSD, 13 asterisk characters as a password hash, marks the
account as disabled. Otherwise daily(8) script which executes
security(8) will email operator about not properly locked accounts.
Before the diff, we see following warning:
> [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
After the diff, warning is gone.
* remove choices from gather_network_resources facts and allow negating subset without needing to add a new subset specific for negation
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* negated all, min should not return any fact
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Migrate ec2_eip module to boto3
This patch is a step towards the integration of several PRs that have
attempted to migrate this code
closes#55190closes#45478
Follow-up PRs will address the outstanding changes made in #55190
* fix issues and limitations in account mgmt commands
* fix pep8 and example yaml errors
* remove new option and update option aliases
* find next empty slot when adding user via PATCH
##### SUMMARY
Looks like the "parent_group" option in "keyed_groups" is a very recent feature that is not being documented.
This pull request just adds a simple example of the usage of this useful feature.
##### ISSUE TYPE
- Docs Pull Request
+label: docsite_pr
* docs: Update apt_key.py add requirements of gpg. The module needs to have gpg installed, otherwise it will end up with error {"changed": false, "msg": "Failed to find required executable gpg in paths: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Co-Authored-By: John R Barker <john@johnrbarker.com>
##### SUMMARY
Although there is an example showing that username is not required with personal access token, it will be nice to more clearly state in options description.
##### ISSUE TYPE
- Docs Pull Request
+label: docsite_pr
* luks_device.py: Allow manipulate LUKS containers with label or UUID
- Allow create a LUKS2 container format with label support
- Allow manipulate (open, close, modify) an LUKS container based on
both label (LUKS2 format) or UUID instead of using devices only.
Fixes: #58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* test_luks_device.py: organizing tests to support labels
- Add label on some tests and fix errors reported by Shippable
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* luks_device.py: adjusting versions and messages
- Modifying version_added from 2.9 to 2.10
- Fixing some messages
- Created a changelog fragment
- Moving blkid from scope
Fixes#58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
While it's possible to host InfluxDB on a different path prefix
(through a reverse proxy such as nginx or traefik), the Ansible
influxdb_* modules did't support that use case.
The patch adds a 'path' parameter, which is passed to the influxdb
Python client.
Example for connecting to InfluxDB running on http://localhost/influxdb
- hosts: all
tasks:
- influxdb_database:
database_name: test
path: influxdb
port: 80
* Check for eos_config in action plugin by module name, not entire fqmn
* Modify toher action plugins to find module name
* Restore missing `not`
* Cover netconf plugin as well
* Whoops
* Update DevOps AWS policy
- Fix typos in permission names
- While AWS claims you can use 'arn:aws:codecommit:*' it errors unless you use '*'
* aws_codecommit: (integration tests) Migrate to module_defaults
* aws_codecommit: (integration tests) Fix integration tests
* aws_codecommit: (integration tests) Add tests for updating the description
* aws_codecommit: Add support for updating the description and rename "comment" option to "description"
* Cleanups and version bumping for 2.10
* Fix changelog url now that stable has been branched
* Fix the lenth of the porting guide title now that the version is two digits
* Refactor galaxy collection API for v3 support
* Added unit tests for GalaxyAPI and starting to fix other failures
* finalise tests
* more unit test fixes
* Initial nxos_file_copy action plugin work
* Remove code from nxos_file_copy module
* Add file_push and file_pull support
* Additional refactoring and shipable updates
* Simplify outcomes and update doc header
* Add more error data information for easier debugging
* Reorder outcomes and add additional tests
* Capture more data for permission denied outcome
* Properly load module_prefix for collections
Now that we are using collections for tasks, we need to properly split
the name and load the prefix properly.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
* Add unit tests for task_executor
This commit adds missing unit tests for action handler in test_task_executor.
Signed-off-by: Daniel Mellado <dmellado@redhat.com>
Add support for create or re-configure VM with multiple CD-ROMs attaching to IDE controller now, will implement SATA controller support later.
parameters can be set as below:
cdrom:
- controller_type: ide
controller_number: 0
unit_number: 0
type: client
* default collection support
* playbooks run from inside a registered collection will set that collection as the first item in the search order (as will all non-collection roles)
* this allows easy migration of runme.sh style playbook/role integration tests to collections without the playbooks/roles needing to know the name of their enclosing collection
* disable default collection test under Windows
* enable collection search for role dependencies
* unqualified role deps in collection-hosted roles will first search the containing collection
* if the calling role has specified a collections search list in metadata, it will be appended to the search order for unqualified role deps
* disable cycle detection unit test
* failing on 3.7+, needs proper cycle detection
* see #61527
* rename modules
* created links
* fixed sanity
* removed unnecessary ignore rules
* added depreciation warning
* update ignore.txt to match
* removed unnecessary ignore rules
* update ignore.txt to match
* make ignore.txt same as in devel
* cr
* additional sanity
* New module - na_ontap_ldap_client
* Fixing module example usage
* Fixing module documentation - ansible-test sanity
* Fulfile merge request comments
- required_if used for options
- 'client_config' option renamed to 'name'
- docstring updated
- imports placed according to Ansible module best practices
* create an ems log event for users with auto support turned on
* Fix required_if state=present options
* play, block, task: New attribute forks
With this it is possible to limit the number of concurrent task runs.
forks can now be used in play, block and task. If forks is set in different
levels in the chain, then the smallest value will be used for the task.
The attribute has been added to the Base class as a list to easily provide
all the values that have been set in the different levels of the chain.
A warning has been added because of the conflict with run_once. forks will
be ignored in this case.
The forks limitation in StrategyBase._queue_task is not used for the free
strategy.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Handle forks in free strategy
The forks attribute for the free strategy is handled in run in the free
StrategyModule. This is dony by counting the amount of tasks where the uuid
is the same as the current task, that should be queued next. If this amount
is bigger or equal to the forks attribute from the chain (task, block,
play), then it will be skipped to the next host. Like it is also done with
blocked_hosts.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Test cases for forks with linear and free strategy
With ansible_python_interpreter defined in inventory file using
ansible_playbook_python.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Changing forks keyword to throttle and adding some more docs
* default collection support
* playbooks run from inside a registered collection will set that collection as the first item in the search order (as will all non-collection roles)
* this allows easy migration of runme.sh style playbook/role integration tests to collections without the playbooks/roles needing to know the name of their enclosing collection
* ignore bogus sanity error
* filed #61460
* fixed task unit test failure
* don't append an empty collections list to the ds
* ignore leftover local_action in mod_args ds action parsing
* fix async_extra_data test to not require ssh and bogus locale
* disable default collection test under Windows
* ensure collection location FS code is always bytes
* add changelog
* Fix TypeError in ec2_group.py for Python3 when sorting dictionary list
* Using json.loads() and dumps() to replace sorting
* Bug fixes for ec2_group.py
* Dictionaries cannot be compared/sorted in Python3
* Diff will occur when the IpPermissions have the same IpRanges but have different ordering
* 'before' will be sorted by 'Type' with high priority than 'IP', but 'boto3.describe_security_groups()' function cannot get 'Type' from Amazon
* Add some basic diff mode testing to exercise the rule-sorting code
* Addition of ecs_certificate module.
* Documentation and code fixes
* Updates per code review
* Doc fixes, rename of chain_path to full_chain_path, add regex for cert_Expiry check
* Fixes to pep8 check to make regexp string 'raw'.
* Mistakes with find/replace of caseing.
* Added integration tests and some doc cleanup
* Some additional assertions and test typo cleanup
* Update lib/ansible/modules/crypto/entrust/ecs_certificate.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Responses to code review comments
* Remove fake passwords from aliases file.
* Add na_santricity_firmware module.
Manages NetApp E-Series firmware upgrades.
Includes unit and integration tests.
* Add legacy support to na_santricity_firmware module.
* Rename na_santricity_firmware to netapp_e_firmware
* Improved netapp_e_firmware example documentation.
* Add na_santricity_drive_firmware module
Manage NetApp E-Series drive firmware downloads
Includes unit and integration tests
* Rename na_santricity_drive_firmware to netapp_e_drive_firmware
* Add galaxy collections API v3 support
Issue: ansible/galaxy-dev#60
- Determine if server supports v3
Use 'available_versions' from `GET /api`
to determine if 'v3' api is available on
the server.
- Support v3 pagination style
ie, 'limit/offset style', with the paginated
responses based on https://jsonapi.org/format/#fetching-pagination
v2 galaxy uses pagination that is more or less
'django rest framework style' or 'page/page_size style',
based on the default drf pagination described
at https://www.django-rest-framework.org/api-guide/pagination/#pagenumberpagination
- Support galaxy v3 style error response
The error objects returned by the galaxy v3 api are based
on the JSONAPI response/errors format
(https://jsonapi.org/format/#errors).
This handles that style response. At least for publish_collection
for now. Needs extracting/generalizing.
Handle HTTPError in CollectionRequirement.from_name()
with _handle_http_error(). It will raise AnsibleError
based on the json in an error response.
- Update unit tests
update test/unit/galaxy/test_collection*
to paramaterize calls to test against
mocked v2 and v3 servers apis.
Update artifacts_versions_json() to tale an
api version paramater.
Add error_json() for generating v3/v3 style error
responses.
So now, the urls generated and the pagination schema
of the response will use the v3 version if
the passed in GalaxyAPI 'galaxy_api' instance
has 'v3' in it's available_api_versions
* Move checking of server avail versions to collections.py
collections.py needs to know the server api versions
supported before it makes collection related calls,
so the 'lazy' server version check in api.GalaxyAPI
is never called and isn't set, so 'v3' servers weren't
found.
Update unit tests to mock the return value of the
request instead of GalaxyAPI itself.