As we can see in
9537453586
:
CN used to be without whitespaces around the `=` but OpenSSL 1.1 introduced
whitespaces:
1.0.1: subject=/CN=example.com
1.1.0: subject=CN = example.com
This commit makes them optional.
OpenSSL 1.1 is present on the newly-released Debian Stretch, so absence
of this fix makes us not being able to use this module on this distro.
If target_group_arns is an empty list, then return
an empty target_group_names list.
If a connection to elbv2 is not obtainable, then it is
not possible to return target_group_names
* Fix logical flaw (update when diff), use string ports everywhere
* Change port comparison to integer vs. string
The comparison works either way as long as it's consistent. Boto docs
state that it takes in an integer, but if given a string apparently
keeps it as such. This change just ensures that when we compare, we
specifically deal with integers.
So I thought I fixed it before, but there's still one location where
the `rc` value is influential to decide whether a task failed or not.
We already established in #24867 that it is up to the module to decide
what the return code actually means, not the task executor. We modified
the existing modules to move that logic into the module (eg. for
command, shell, etc.)
This relates to the integration tests of win_robocopy, where different
return codes have different meanings:
- 0 -- No files copied.
- 1 -- Files copied successfully! (changed)
- 2 -- Some Extra files or directories were detected. No files were copied. (warning)
- 3 -- (2+1) Some files were copied. Additional files were present. (changed)
- 4 -- Some mismatched files or directories were detected. Housekeeping might be required! (changed + warning)
- 5 -- (4+1) Some files were copied. Some files were mismatched. (changed + warning)
- 6 -- (4+2) Additional files and mismatched files exist. No files were copied. (warning)
- 7 -- (4+1+2) Files were copied, a file mismatch was present, and additional files were present. (changed + warning)
- 8 -- Some files or directories could not be copied! (changed + failed)
- 9 - 15 -- Fatal error. Check log message! (failed)
- 16 -- Serious Error! No files were copied! Do you have permissions to access $src and $dest? (failed)
This also fixes#24652
Make pyca/cryptography the preferred backend for cryptographic needs (mainly vault) falling back to pycrypto
pyca/cryptography is already implicitly a dependency in many cases
through paramiko (2.0+) as well as the new openssl_publickey module,
which requires pyOpenSSL 16.0+. Additionally, pyca/cryptography is
an optional dep for better performance with vault already.
This commit leverages cryptography's padding, constant time comparisons,
and CBC/CTR modes to reduce the amount of code ansible needs to
maintain.
* Handle wrong password given for VaultAES format
* Do not display deprecation warning for cryptography on python-2.6
* Namespace all of the pycrypto imports and always import them
Makes unittests better and the code less likely to get stupid mistakes
(like using HMAC from cryptogrpahy when the one from pycrypto is needed)
* Add back in atfork since we need pycrypto to reinitialize its RNG just in case we're being used with old paramiko
* contrib/inventory/gce: Remove spurious require on pycrypto
(cherry picked from commit 9e16b9db275263b3ea8d1b124966fdebfc9ab271)
* Add cryptography to ec2_win_password module requirements
* Fix python3 bug which would pass text strings to a function which
requires byte strings.
* Attempt to add pycrypto version to setup deps
* Change hacking README for dual pycrypto/cryptography
* update dependencies for various CI scripts
* additional CI dockerfile/script updates
* add paramiko to the windows and sanity requirement set
This is needed because ansible lists it as a requirement. Previously
the missing dep wasn't enforced, but cryptography imports pkg_resources
so you can't ignore a requirement any more
* Add integration test cases for old vault and for wrong passwords
* helper script for manual testing of pycrypto/cryptography
* Skip the pycrypto tests so that users without it installed can still run the unittests
* Run unittests for vault with both cryptography and pycrypto backend
* Add new windows module win_psmodule
* Add checkmode, allow_clobber parameter, integration tests
* Add aliases, replace win_raw with win_shell
* restore original test_win_group1.yml, add powershel version test
* fix var type
* add conditional on assert
* integration tests conditional tasks review
* documentation fix, test fix, adds result.change
* fix yml
* fix railing whitespace
* add nuget_changed and repository_changed in result
There are too many possible special cases for Ansible to be able to
precheck known_hosts files without introducing all kinds of false
failures.
* Alternative known_hosts paths
* Alternative host name aliases
* ssh host certificates
* SSHFP + DNSSEC
Fixes#24860
Fix adds support for adding VMWare vSwitch without
any physical NICs (uplinks). This makes nic_name as
an optional parameter. Also, updated documentation and
examples to reflect these changes.
Fixes#25632
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Mutually reference Windows and non-Windows modules
To make it easier for Windows or non-Windows users to find the relevant
module information, we are mutually referencing both variants in their
documentation.
We are also adding a special note if a module works on both Windows and
non-Windows targets.
* Mutually reference Windows and non-Windows modules
To make it easier for Windows or non-Windows users to find the relevant
module information, we are mutually referencing both variants in their
documentation.
We are also adding a special note if a module works on both Windows and
non-Windows targets.
* Replace 'look at' with 'use', as requested
ci_complete
So I noticed this when doing integration tests:
Failed to copy file Could not find a part of the path
and this change turns it into:
Failed to copy file: Could not find a part of the path
I also moved something out of the exception handling.
* openbsd_pkg: Handle versionless names with branch.
This makes package names such as "openldap-server--%openldap" work.
Problem reported by Landry Breuil.
While here fix cornercase check for versionless packages and add some
more debug output to packet parsing.
Fixes#25910.
* openbsd_pkg: Split up lines to pass build checks.
===
The test ansible-test sanity --test pep8 failed with the following errors:
lib/ansible/modules/packaging/os/openbsd_pkg.py:383:161: E501 line too long (292 > 160 characters)
lib/ansible/modules/packaging/os/openbsd_pkg.py:398:161: E501 line too long (198 > 160 characters)
===
* cisco_imc_xml: New module to manage Cisco IMC hardware
This module provides direct access to the Cisco IMC API.
See the included examples for a glimpse of what it can do.
* Rename cisco_imc_xml to imc_xml
After discussion with Peter Sprygada renamed from cisco_imc to imc.
As Cisco ACI is named aci as well.