* Get no_log parameters from subspec
* Add changelog and unit tests
* Handle list of dicts in suboptions
Add fancy error message (this will probably haunt me)
* Update unit tests to test for list of dicts in suboptions
* Add integration tests
* Validate parameters in dict and list
In case it comes in as a string
* Make changes based on feedback, fix tests
* Simplify validators since we only need to validate dicts
Add test for suboptions passed in as strings to ensure they get validated properly and turned into a dictionary.
ci_complete
* Add a few more integration tests
* clean "changed" after it has been processed
without this change, a loop of `debug` tasks with `changed_when`
causes the "changed" status to get lost before output
* runme.sh tests for debug loop status
* fix default collection resolution in adhoc
* if an adhoc command is run with a playbook-dir under a configured collection, default collection resolution is used to resolve unqualified module/action names
* Set ANSIBLE_PLAYBOOK_DIR in integration tests.
* Fix config conflict in ansible integration test.
* add adhoc default collection test
* text-ify warning string
* mysql_replication: add connection_name param for MariaDB multi source support
* mysql_replication: add connection_name param for MariaDB multi source support, add changelog
* add ANSIBLE_PLAYBOOK_DIR envvar support
* allows `ANSIBLE_PLAYBOOK_DIR` envvar as a fallback on CLI types that support `--playbook-dir`. This should have been implemented with #59464, but was missed due to an oversight.
* added basic integration test
* make first-class PLAYBOOK_DIR config entry
* update changelog
Newer versions of ssh-keygen create PEM keys that are not recognized by Paramiko.
Now ansible-test compensates for this by updating they keys it generates so Paramiko will recognize them.
Previously the temporary directory used to run integration tests resided under the user's home directory. This prevented ansible-playbook from detecting the default collection when running tests.
Now the temporary directory is created within the collection to facilitate default collection detection.
This change effectively filters out any network interfaces which were
not explicitly configured for the guest. This fixes some unexpected behaviour where a machine with multiple IP addresses (for example, when Docker is installed, an internal IPv4 interface is added to
communicate with the container) would show one of the internal
addresses in the 'ipv4' field, but then no other information about the
corresponding hardware interface.
This fixes test errors related to failures copying temporary test results files from a remote system back to the local system.
It also speeds up processing of test results and reduces network utilization by avoiding the temporary files.
* Specifying IP addresses needs API version 1.22 or newer.
* Simplify code.
* Use IPAMConfig.IPv*Address instead of IPAddress and GlobalIPv6Address.
* Add changelog.
* Fix syntax errors.
* Add integration test.
* Don't rely on netaddr.
* Normalize IPv6 addresses before comparison.
* Install netaddr, and use it.
Using a regular recursive resolver to lookup the zone name might not
work when the zone in question belong to a private/internal
domain. The authoritative server being used on the other hand will
definitely know about the zone(s) it's serving.
This approach is also consistent with the nsupdate module already
querying the specified authoritative server for TTL values.
The reason for the implementation having to loop until finding a
direct match is to account for different SOA responses triggered by
CNAMEs and DNAMEs. The previously used `dns.resolver.zone_for_name()`
function does the same.
Resolves#62052
* support creating an image from a volume
* leave filename/volume optional
* enforce volume/filename mutual exclusivity
* bump version_added to 2.10 for volume option
* add changelog fragment
Running from an installed version of ansible-test now results in tests using a dedicated directory for PYTHONPATH instead of using the site-packages directory where ansible is installed.
This provides consistency with tests running from source, which already used a dedicated directory.
Resolves https://github.com/ansible/ansible/issues/62716
* fix get_nc_next.
* add a changelog fragment.
* upadte for changelgo fragment.
* merge two prs, one depens another.
* merge two prs, one depens another.
* update changelog.
* iam_role: Add support for managing MaxSessionDuration
* iam_role: Add support for deleting the IAM Instance Profiles we created
* iam_role: migrate all boto failures to fail_json_aws for consistency
* iam_role: test validity of path so we can throw a more understandable error
* iam_role: (integration tests) Split iam_role integration tests from sts_assume_role tests
- Make the iam_role tests more comprehensive
- Add tests for iam_role_info
* iam_role: (integration tests) Make some of our pauses optional
If the tests appear to be flakey we may need to enable standard_pauses
Improve tests
- add more unit test cases
- add specific integration test with more cases
Testing shows no major downside to calling .strip() twice in a comprehension vs. using a regular for loop and only calling .strip() once. Going with the comprehension for ease of maintenance and because comprehensions are optimized in CPython.
when creating or deleting an object (e.g. via an API), before/after can
be `None` (or at least represented as such by the used library). to
avoid modules havig to do
diff={'before': before or '', 'after': after or ''}
let's just convert `None` to an empty string that can be diffed properly
* Add a representer for AnsibleUnsafeBytes
* changelog
* Add unit tests
Remove native string test until we have time to evaluate how this the function should work
Add non-ASCII characters to test cases
* Compare to the string on Python 2
Add a comment in the test about this behavior
* Ensure k8s apply works with check mode
Update the new predicted object with fields from the previous object
before applying in check mode
Don't log output of `file` with `state: absent` on huge virtualenvs!
Fixes#60510
* Use openshift client fix to improve apply for check mode
Use new apply_object method to get a better approximation
of the expected object in check mode.
Requires released upgrade to openshift
* Add changelog fragment for k8s apply check mode fix
* Update changelogs/fragments/60510-k8s-apply-check-mode.yml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fix plugin names for collection plugins.
Add an integration test to verify plugin __name__ is correct for collection plugins.
* Fix collection loader PEP 302 compliance.
The `find_module` function now returns `None` if the module cannot be found. Previously it would return `self` for modules which did not exist.
Returning a loader from `find_module` which cannot find the module will result in import errors on Python 2.x when using implicit relative imports.
* add changelog
* sanity/units/merge fixes
In some remote environments, the `crontab` executable is
overloaded with a custom executable, which typically does
some pre/post processing before forwarding to crontab.
Instead of using the hardcoded `/usr/bin/crontab`, this uses
the `get_bin_path` utility to locate the default crontab executable.
* ce_bgp_neighbor_af: fix a typo in module's parameter
* ce_bgp_neighbor_af: fix a typo in module's parameter, add version_added and changelog
* ce_bgp_neighbor_af: fix a typo in module's parameter, add aliase
* Support large folder size comparisons for win_find
Changed [int] to [int64] to support larger folders. Otherwise module fails as soon as a large folder is encountered.
* Create 58466-FIX_win_find-Bug-Get-FileStat_fails_on_large_files.yml
The documentation links are now displayed when running from an install.
Previously the links were only displayed when running from source.
This was due to ansible-test checking for the presence of documentation files locally, which are only present when running from source.
The check is no longer necessary since there is a sanity test in place to enforce the presence of documentation for all sanity tests.
Following module used internal results key as part of return json, this commit
changes this to appropriate values -
* vmware_datastore_maintenancemode.py
* vmware_host_kernel_manager.py
* vmware_host_ntp.py
* vmware_host_service_manager.py
* vmware_tag.py
Fixes: #62083
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* ansible-galaxy - add config to control the display wheel
* Fix changelog and make test more stable
* Don't use display thread at all if progress wheel isn't being shown
The default behavior of the ansible-test vcenter plugin is to use the govcsim container to run tests.
However, unless the govcsim mode was specified using the VMWARE_TEST_PLATFORM environment variable, the filter code would skip the tests unless the tests ran on Shippable or the user had an ansible-core-ci key.
Now the filter correctly recognizes that govcsim is the default.
* Fix location of unit test requirements.
* Preserve ansible-test unit test requirements.
* Remove redundant unit test requirements.
* Fix location of network test requirements.
* Preserve ansible-test network test requirements.
* Remove redundant network test requirements.
* Add missing ordereddict requirements.
* Load collection requirements correctly.
* Add changelog fragment.
* luks_device.py: allow the user create LUKS based on specific versions
- Allow user pass an option 'type' that explicits define the version of LUKS
container that will be created. It should be 'luks1' or 'luks2' format.
- If 'label' option is defined the 'type' option will be 'luks2' independently
of the option 'type' informed by user. (labels NEED luks2 format)
Fixes: #58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* added the changelog fragment
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* luks_device.py: make it fail in certain conditions
- Not allow user especify luks1 type and label at the same playbook
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* Pika v1.0.0 and above were causing issues for publish_message. Updated
to ensure publish_message works with pika 0.13.1 and 1.0.0 and above.
* Adding changelog fragment for rabbitmq_publish fix.
* Updating return value.
* In pika v1.0.0 BlockingChannel.is_closing was removed. Updating
plugin accordingly.
Ref: https://github.com/pika/pika/pull/1034
* Adding change fragment for is_closing bug.
* Updated change fragment description.
Use hostnamectl command to get current hostname for host while using
systemd strategy.
Fixes: #59438
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Creating a virtual environment using `venv` when running in a virtual environment created by `virtualenv` results in a copy of the original virtual environment instead of creation of a new one.
To work around this, `ansible-test` now identifies when it is running in a `virtualenv` created virtual environment and uses the real Python interpreter to create the `venv` virtual environment.
* AWS ec2_vpc_net: Enable ipv6 CIDR assignment
Enable IPv6 CIDRs in ec2_vpc_net, and fix ec2_vpc_subnet tests that
were depending on the aws cli for CIDR assignment.
Related to: #27800
The `test/results/` directory for Ansible test output was already ignored when not using git.
When Ansible Collections were switched to `tests/output/` the ignore entry was previously overlooked.
* Fix ansible-doc traceback for removed modules.
This avoids tracebacks with errors like the following when a module has been removed:
module module_name missing documentation (or could not parse documentation): 'NoneType' object does not support item assignment
* Fix ansible-doc sanity test warning handling.
Warnings about removed modules/plugins on stderr are now properly ignored.
Previously an ansible-doc error could result in unrelated errors going undetected because tests were stopped early and the underlying error was ignored.
* Fix ansible-test venv activation.
When using the ansible-test --venv option, an execv wrapper for each python interpreter is now used instead of a symbolic link.
* Fix ansible-test execv wrapper generation.
Use the currently running Python interpreter for the shebang in the execv wrapper instead of the selected interpreter.
This allows the wrapper to work when the selected interpreter is a script instead of a binary.
* Fix ansible-test sanity requirements install.
When running sanity tests on multiple Python versions, install requirements for all versions used instead of only the default version.
* Fix ansible-test --venv when installed.
When running ansible-test from an install, the --venv delegation option needs to make sure the ansible-test code is available in the created virtual environment.
Exposing system site packages does not work because the virtual environment may be for a different Python version than the one on which ansible-test is installed.
* Allow the use of _paramiko_conn even if the connection hasn't been started.
I'm not sure what the benefit is of Noneing paramiko_conn on close, but will keep for now
* Fix test
* Try to fix up net_put & net_get
* Add changelog
Python < 2.7.9 does not have the ssl.SSLContext attribute.
ssl.SSLContext is only required when we want to validate the SSL
connection. If `validate_certs` is false, we don't initialize the
`ssl_context` variable.
Add unit-test coverage and a little refactoring:
- avoid the use of `mocker`, when we can push `monkeypatch` which is
`pytest`'s default.
- use `mock.Mocker()` when possible
closes: #57072
* module_utils/ec2: (unit tests) Move unit tests for module_utils/ec2.py into test/units/module_utils
- compare_policies was refactored from s3_bucket
- "ec2_utils" doesn't seem to have ever existed
* module_utils/ec2: (unit tests) Add unit test for comparing quoted and unquoted bools and numbers within policies
As per https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
"Values are enclosed in quotation marks. Quotation marks are optional for numeric
and Boolean values."
* module_utils/ec2: Explicitly convert bools and ints to strings when comparing policies
See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
* Fixes to ecs_certificate cert chain for #61738
* Added changelog fragment
* Fixes to ecs_certificate for cleaner join, and better integration test
* Fix integration test formatting
* End cert chain with a \n
* Update changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update main.yml
* compare list of dicts
* update example for dhcp_server_opts to include ip_version which is automatically added by openstack
* add note about dhcp_server_opts
* add changelog fragment
* fix forgotten exception+pass
* no need to excplicitly check for None
* fix oops
* fix import error
* missed missing_required_lib
* changelog fragment formatting and grammar fixes
* update requirements in documentation and fix spelling
* Update AWS hacking policy to enable ASG Tagging management
* aws_asg: Add tests for ASG Tagging (including idempotency)
* aws_asg: ignore sort order when comparing tags on the ASG (fix idempotency)
* ec2_asg: (integration tests) test for idempotency when managing metrics collection
* ec2_asg: sort list of enabled metrics to ensure clean comparisons.
* Fix ansible-connection persist after playbook run issue
* PR https://github.com/ansible/ansible/pull/59153 to add support
for delaying the ansible-connection added an old issue of
ansible-connection persisting even after playbook run is finished
till either command timeout or connect timeout is triggered.
ansible-connection persist after playbook execution is done
and also delays the connection initilization untill a method
in invoked from module side on the connection object.
* Add chanegelog
* fix erroneous failures in docker_compose due to deprecation warnings from docker (#60961)
* Update error handling to work with new method of capturing output
Co-Authored-By: Felix Fontein <felix@fontein.de>
* update error handling
* fix syntax error
* fix indentation
* fix indentation (again)
* remove erroneous line
On OpenBSD, 13 asterisk characters as a password hash, marks the
account as disabled. Otherwise daily(8) script which executes
security(8) will email operator about not properly locked accounts.
Before the diff, we see following warning:
> [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
After the diff, warning is gone.
* luks_device.py: Allow manipulate LUKS containers with label or UUID
- Allow create a LUKS2 container format with label support
- Allow manipulate (open, close, modify) an LUKS container based on
both label (LUKS2 format) or UUID instead of using devices only.
Fixes: #58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* test_luks_device.py: organizing tests to support labels
- Add label on some tests and fix errors reported by Shippable
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* luks_device.py: adjusting versions and messages
- Modifying version_added from 2.9 to 2.10
- Fixing some messages
- Created a changelog fragment
- Moving blkid from scope
Fixes#58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* Update DevOps AWS policy
- Fix typos in permission names
- While AWS claims you can use 'arn:aws:codecommit:*' it errors unless you use '*'
* aws_codecommit: (integration tests) Migrate to module_defaults
* aws_codecommit: (integration tests) Fix integration tests
* aws_codecommit: (integration tests) Add tests for updating the description
* aws_codecommit: Add support for updating the description and rename "comment" option to "description"
* Cleanups and version bumping for 2.10
* Fix changelog url now that stable has been branched
* Fix the lenth of the porting guide title now that the version is two digits
The `git submodule status` command is relative to the current git repository by default.
When running from a repository subdirectory paths can be returned above the current directory.
Specifying the current directory with `git submodule status` avoids listing submodules above that directory.
This will fix issues when testing a collection that is rooted below the repository root when that repository uses submodules.
* default collection support
* playbooks run from inside a registered collection will set that collection as the first item in the search order (as will all non-collection roles)
* this allows easy migration of runme.sh style playbook/role integration tests to collections without the playbooks/roles needing to know the name of their enclosing collection
* disable default collection test under Windows
* enable collection search for role dependencies
* unqualified role deps in collection-hosted roles will first search the containing collection
* if the calling role has specified a collections search list in metadata, it will be appended to the search order for unqualified role deps
* disable cycle detection unit test
* failing on 3.7+, needs proper cycle detection
* see #61527
* play, block, task: New attribute forks
With this it is possible to limit the number of concurrent task runs.
forks can now be used in play, block and task. If forks is set in different
levels in the chain, then the smallest value will be used for the task.
The attribute has been added to the Base class as a list to easily provide
all the values that have been set in the different levels of the chain.
A warning has been added because of the conflict with run_once. forks will
be ignored in this case.
The forks limitation in StrategyBase._queue_task is not used for the free
strategy.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Handle forks in free strategy
The forks attribute for the free strategy is handled in run in the free
StrategyModule. This is dony by counting the amount of tasks where the uuid
is the same as the current task, that should be queued next. If this amount
is bigger or equal to the forks attribute from the chain (task, block,
play), then it will be skipped to the next host. Like it is also done with
blocked_hosts.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Test cases for forks with linear and free strategy
With ansible_python_interpreter defined in inventory file using
ansible_playbook_python.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Changing forks keyword to throttle and adding some more docs
* default collection support
* playbooks run from inside a registered collection will set that collection as the first item in the search order (as will all non-collection roles)
* this allows easy migration of runme.sh style playbook/role integration tests to collections without the playbooks/roles needing to know the name of their enclosing collection
* ignore bogus sanity error
* filed #61460
* fixed task unit test failure
* don't append an empty collections list to the ds
* ignore leftover local_action in mod_args ds action parsing
* fix async_extra_data test to not require ssh and bogus locale
* disable default collection test under Windows
* ensure collection location FS code is always bytes
* add changelog
* Fix TypeError in ec2_group.py for Python3 when sorting dictionary list
* Using json.loads() and dumps() to replace sorting
* Bug fixes for ec2_group.py
* Dictionaries cannot be compared/sorted in Python3
* Diff will occur when the IpPermissions have the same IpRanges but have different ordering
* 'before' will be sorted by 'Type' with high priority than 'IP', but 'boto3.describe_security_groups()' function cannot get 'Type' from Amazon
* Add some basic diff mode testing to exercise the rule-sorting code
* Change collection PS util import pattern
* Add changes for py2 compat
* fix up regex and doc errors
* fix up import analysis
* Sanity fix for 2.6 CI workers
* Get collection util path for coverage collection
* Rename OneView _facts modules -> _info
* Adjust PR #.
* Forgot to update test names.
* Remove superfluous blank line.
* Some more things from review.
* Initial commit for rate limiting
- Detects if error code is 429
- Pauses for random time between .5 and 5 seconds before retrying
- If it fails 10 times, give up and tell user
* Redo structure of request() to support rate limiting
* Hold down timer is now a sliding scale
- 3 * number of retries
- Fails after the 30 second wait
* Whitespace fixes
* Redo implementation using decorators
- Errors aren't tested but code works for regular calls
* Unit tests work for error handling
* Add integration tests for successful retries
* Add condition for 502 errors and retry
* Move _error_report out of the class
* PEP8 fixes
* Add changelog entry
* Template value of debugger and then check for validity
* Removed if/else and forcing failure on undefined as per comments
* Added changelog
* changed colon to brackets so it appears as a string
* aws_kms: (integration tests) Test updating a key by ID rather than just my alias
* aws_kms: (integration tests) Test deletion of non-existent and keys that are already marked for deletion
* aws_kms: Ensure we can perform actions on a specific key_id rather than just aliases
In the process switch over to using get_key_details rather than listing all keys.
* aws_kms: When updating keys use the ARN rather than just the ID.
This is important when working with cross-account trusts.
* Handle multiple Content-Type headers correctly
Avoids situations where mulitple Content-Type headers including charset information can result in errors like
```
LookupError: unknown encoding: UTF-8, text/html
```
* Account for multiple conflicting values for content-type and charset
* Add changelog fragment
* Renaming `onepassword_facts` to `onepassword_info`.
* Update module examples.
* Add changelog fragment.
* Add module rename to the 2.9 porting guide.
* Document the parameter types in the module docs.
* Fix incorrect parameter name.
* Update docs/docsite/rst/porting_guides/porting_guide_2.9.rst
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Remove `onepassword_facts` as it has been renamed to `onepassword_info` including fixes for the sanity tests.
* Add support for SubjectKeyIdentifier and AuthorityKeyIdentifier to _info modules.
* Adding SubjectKeyIdentifier and AuthorityKeyIdentifier support to openssl_certificate and openssl_csr.
* Fix type of authority_cert_issuer.
* Add basic tests.
* Add changelog.
* Added proper tests for _info modules.
* Fix docs bug.
* Make sure new features are only used when cryptography backend for openssl_csr is available.
* Work around jinja2 being too old on some CI hosts.
* Add tests for openssl_csr.
* Add openssl_certificate tests.
* Fix idempotence test.
* Move one level up.
* Add ownca_create_authority_key_identifier option.
* Add ownca_create_authority_key_identifier option.
* Add idempotency check.
* Apparently the function call expected different args for cryptography < 2.7.
* Fix copy'n'paste errors and typos.
* string -> general name.
* Add disclaimer.
* Implement always_create / create_if_not_provided / never_create for openssl_certificate.
* Update changelog and porting guide.
* Add comments for defaults.
* aws_kms: (integration tests) Use module_defaults to reduce the copy and paste
* aws_kms: (integration tests) make sure policy option functions.
* aws_kms: (integration tests) Move iam_role creation to start of playbook.
iam_roles aren't fully created when iam_role completes, there's a delay on the Amazon side before they're fully recognised.
* aws_kms: Update policy on existing keys (when passed)
* iam_password_policy: (integration tests) Use module defaults for AWS connection details
* iam_password_policy: (integration tests) Ensure the policy is removed when tests fail
* iam_password_policy: (integration tests) Add regression test for #59102
* iam_password_policy: Only return changed when the policy changes.
* iam_password_policy: PasswordReusePrevention must be omitted to remove/set to 0
* #60930 add changelog
* Update hacking AWS security policy to allow testing of Password Policy Management
* Rename hcloud_datacenter_facts to hcloud_datacenter_info
* Rename hcloud_location_facts to hcloud_location_info
* Rename hcloud_image_facts to hcloud_image_info
* Rename hcloud_floating_ip_facts to hcloud_floating_ip_info
* Rename hcloud_server_type_facts to hcloud_server_type_info
* Rename hcloud_server_facts to hcloud_server_info
* Rename hcloud_ssh_key_facts to hcloud_ssh_key_info
* Rename hcloud_volume_facts to hcloud_volume_info
* Fix typo in hcloud_image_info
* Add to porting guide and add changelog fragment
* Reword porting guide
* add subdir support to collection loading
* collections may now load plugins from subdirs under a plugin type or roles dir, eg `ns.coll.subdir1.subdir2.myrole`->ns.coll's roles/subdir1/subdir2/myrole, `ns.coll.subdir1.mymodule`->ns.coll's plugins/modules/subdir1/mymodule.py
* centralize parsing/validation in AnsibleCollectionRef class
* fix issues loading Jinja2 plugins from multiple sources
* resolves#59462, #59890,
* sanity test fixes
* string fixes
* add changelog entry
* Warn when transforming constructed groups
The `keyed_groups` field has used sanitization since 2.6, but `groups` only started doing so in 2.8.
This adds a warning for the change in behavior.
* changelog
Preserve tag key case by only calling camel_dict_to_snake_dict once,
before the tags are added.
Don't call assert_policy_shape as it seems to fail
Use aws_caller_info in the test suite now that it exists rather
than running `aws sts get_caller_identity`
Ensure that calls using `grant_types` can also use key aliases