Commit graph

1087 commits

Author SHA1 Message Date
Adrian Likins
297dfb1d50 Vault secrets script client inc new 'keyring' client (#27669)
This adds a new type of vault-password script  (a 'client') that takes advantage of and enhances the 
multiple vault password support.

If a vault password script basename ends with the name '-client', consider it a vault password script client. 

A vault password script 'client' just means that the script will take a '--vault-id' command line arg.

The previous vault password script (as invoked by --vault-password-file pointing to an executable) takes
no args and returns the password on stdout. But it doesnt know anything about --vault-id or multiple vault
passwords.

The new 'protocol' of the vault password script takes a cli arg ('--vault-id') so that it can lookup that specific
vault-id and return it's password.

Since existing vault password scripts don't know the new 'protocol', a way to distinguish password scripts
that do understand the protocol was needed.  The convention now is to consider password scripts that are
named like 'something-client.py' (and executable) to be vault password client scripts.

The new client scripts get invoked with the '--vault-id' they were requested for. An example:

     ansible-playbook --vault-id my_vault_id@contrib/vault/vault-keyring-client.py some_playbook.yml

That will cause the 'contrib/vault/vault-keyring-client.py' script to be invoked as:

     contrib/vault/vault-keyring-client.py --vault-id my_vault_id

The previous vault-keyring.py password script was extended to become vault-keyring-client.py. It uses
the python 'keyring' module to request secrets from various backends. The plain 'vault-keyring.py' script
would determine which key id and keyring name to use based on values that had to be set in ansible.cfg.
So it was also limited to one keyring name.

The new vault-keyring-client.py will request the secret for the vault id provided via the '--vault-id' option.
The script can be used without config and can be used for multiple keyring ids (and keyrings).

On success, a vault password client script will print the password to stdout and exit with a return code of 0.
If the 'client' script can't find a secret for the --vault-id, the script will exit with return code of 2 and print an error to stderr.
2017-10-13 15:23:08 -04:00
Tim Rupp
ecee475a3a This patch fixes a number of outstanding bugs and code convention problems. (#31618)
* documentation was not inline with other Ansible modules
* Python 3 specific imports were missing
* monitor_type is no longer required when creating a new pool; it is now the default.
* A new monitor_type choice of "single" was added for a more intuitive way to specify "a single monitor". It uses "and_list" underneath, but provides additional checks to ensure that you are specifying only a single monitor.
* host and port arguments have been deprecated for now. Please use bigip_pool_member instead.
* 'partition' field was missing from documentation.
* A note that "python 2.7 or greater is required" has been added for those who were not aware that this applies for ALL F5 modules.
* Unit tests were fixed to support the above module
2017-10-13 09:47:49 -07:00
Tim Rupp
381b18fd80 Adds a refactored bigip_monitor_http module. (#30998)
This patch refactors the bigip_monitor_http module to use REST
instead of SOAP. It additionally adds unit tests and current F5
code conventions.

Integration tests can be found here
* https://github.com/F5Networks/f5-ansible/blob/devel/test/integration/bigip_monitor_http.yaml
* https://github.com/F5Networks/f5-ansible/tree/devel/test/integration/targets/bigip_monitor_http/tasks
2017-10-12 17:02:05 -07:00
Brian Coca
12c8dd1893 config tests
also a couple of fixes to manager
2017-10-12 19:26:39 -04:00
James Mighion
50052b3d70 Adding a cli transport option for the bigip_command module. (#30391)
* Adding a cli transport option for the bigip_command module.

* Fixing keyerror when using other f5 modules. Adding version_added for new option in bigip_command.

* Removing local connection check because the F5 tasks can be delegated to any host that has the libraries for REST.

* Using the network_common load_provider.

* Adding unit test to cover cli transport and updating previous unit test to ensure cli was not called.
2017-10-12 15:07:15 -07:00
Ganesh Nalawade
88da95bb77 Fix rollback in junos_config (#31424)
* Fix rollback in junos_config

Fixes #30778

*  Call `load_configuration` with rollback id in case
   the id is given as input
*  Pass rollback id to `get_diff()` to fetch diff from device

* Fix unit test
2017-10-11 10:25:56 +05:30
Brian Coca
d84df2405d move from with_<lookup>: to loop:
- old functionality is still available direct lookup use, the following are equivalent

  with_nested: [[1,2,3], ['a','b','c']]

  loop: "{{lookup('nested', [1,2,3], ['a','b','c'])}}"

- avoid squashing with 'loop:'
- fixed test to use new intenal attributes
- removed most of 'lookup docs' as these now reside in the plugins
2017-10-10 15:43:49 -04:00
Toshio Kuratomi
2db9b6d2ca Remove wildcard import in test_nclu 2017-10-09 21:41:02 -07:00
Tim Rupp
75c5d0fedc Adds the bigip_remote_syslog module
This patchs add a remote-syslog module that can be used by people
to manage their (basic, not HSL) syslog configuration
2017-10-09 13:21:16 -07:00
Pilou
1c9bffe248 pip module: fix TypeError (#31395)
* pip: add test: an error occurs when pip not found
* pip: fix TypeError exception when pip executable isn't found
2017-10-09 10:01:21 -07:00
Michael Vermaes
fad3a4dc83 Fix typo in vault decrypt error message (#31335) 2017-10-05 18:09:22 -04:00
Sam Doran
e7902d888c Make ansible_selinux facts a consistent type (#31065)
* Make ansible_selinux facts a consistent type

Rather than returning a bool if the Python library is missing, return a dict with one key containing a message explaining there is no way to tell the status of SELinux on the system becasue the Python library is not present.

* Fix unit test
2017-10-05 09:19:08 -04:00
Matt Clay
a333f2e5b0 Fix ansible-test config management. 2017-10-04 12:52:36 -07:00
Tim Rupp
3717ff64cf Adds the bigip_monitor_https module (#31205)
This patch adds the https_monitor module which allows people
to create and manage HTTPS monitors.
2017-10-04 17:18:59 +01:00
Adrian Likins
65393e4747 Fix ansible_distribution on Ubuntu 10.04 (#31108)
The /etc/os-release based distro detection doesn't
seem to work for Ubuntu 10.04 (no /etc/os-release?).

So it was testing the next case which was /etc/lsb-release to
see if it is 'Mandriva'. Since the check for existence of
(/etc/lsb-release, Mandrive) was the first non-empty dist
file match, 'ansible_distribution' was being set to 'Mandriva'
expecting to be corrected by the data from the dist file content.

But since the dist file parsing for Mandriva didn't match for
Ubuntu 10.04 /etc/lsb-release _and_ there is no Debian specific
lsb-release check, 'ansible_distribution' stayed at 'Mandriva'
and the dist file checking loop keeps going and eventually off
the end of the list before finding a better match.

Adding a debian/ubuntu specific check for /etc/lsb-release after
the debian os-release sets the info correctly and stops further
checking of dist files.

Fixes #30693
2017-10-03 15:32:33 -04:00
Hervé Beraud
db70eeb913 Feature/test inventory (#30707)
* [test] move inventory test to right path
* [feat] add unit test for yaml inventory plugin
2017-10-02 23:01:25 -07:00
Felipe Garcia Bulsoni
46fd083138 LogicalInterconnectGroupFactsModule for HPE OneView (#28847)
* Added support to retrieving LIG resources in HPE OneView

* Fixing copyright header according to review

* Swapping out config for full credentials in parameter for documentation
2017-10-02 16:35:27 -04:00
Felipe Garcia Bulsoni
7d74c126a9 EnclosureFactsModule for HPE OneView (#28852)
* Added support to retrieving Enclosures in HPE OneView

- Added unit tests

* Updated version_added to 2.5

* Changing return type of enclosure_script to string

* Fixing copyright header according to review

* Replaced config for credentials in parameters for documentation
2017-10-02 16:32:36 -04:00
Kedar K
916e6be888 - Fix to return error message back to the module. (#31035) 2017-09-29 17:06:30 +05:30
Adrian Likins
95abc1d82e Fix fact failures cause by ordering of collectors (#30777)
* Fix fact failures cause by ordering of collectors

Some fact collectors need info collected by other facts.
(for ex, service_mgr needs to know 'ansible_system').
This info is passed to the Collector.collect method via
the 'collected_facts' info.

But, the order the fact collectors were running in is
not a set order, so collectors like service_mgr could
run before the PlatformFactCollect ('ansible_system', etc),
so the 'ansible_system' fact would not exist yet. 

Depending on the collector and the deps, this can result
in incorrect behavior and wrong or missing facts.

To make the ordering of the collectors more consistent
and predictable, the code that builds that list is now
driven by the order of collectors in default_collectors.py,
and the rest of the code tries to preserve it.

* Flip the loops when building collector names

iterate over the ordered default_collectors list
selecting them for the final list in order instead
of driving it from the unordered collector_names set.

This lets the list returned by select_collector_classes
to stay in the same order as default_collectors.collectors

For collectors that have implicit deps on other fact collectors,
the default collectors can be ordered to include those early.

* default_collectors.py now uses a handful of sub lists of
collectors that can be ordered in default_collectors.collectors.

fixes #30753
fixes #30623
2017-09-28 10:36:22 -04:00
Felipe Garcia Bulsoni
637571abfb Added new module for managing LIGs in HPE OneView 2017-09-27 21:21:03 +02:00
Adrian Likins
a14d0f3586 Use vault_id when encrypted via vault-edit (#30772)
* Use vault_id when encrypted via vault-edit

On the encryption stage of
'ansible-vault edit --vault-id=someid@passfile somefile',
the vault id was not being passed to encrypt() so the files were
always saved with the default vault id in the 1.1 version format.

When trying to edit that file a second time, also with a --vault-id,
the file would be decrypted with the secret associated with the
provided vault-id, but since the encrypted file had no vault id
in the envelope there would be no match for 'default' secrets.
(Only the --vault-id was included in the potential matches, so
the vault id actually used to decrypt was not).

If that list was empty, there would be an IndexError when trying
to encrypted the changed file. This would result in the displayed
error:

ERROR! Unexpected Exception, this is probably a bug: list index out of range

Fix is two parts:

1) use the vault id when encrypting from edit

2) when matching the secret to use for encrypting after edit,
include the vault id that was used for decryption and not just
the vault id (or lack of vault id) from the envelope.

add unit tests for #30575 and intg tests for 'ansible-vault edit'

Fixes #30575
2017-09-26 12:28:31 -04:00
Kedar K
4c21563ac6 - Adds sub-interface support for nxos_interface and nxos_ip_interface (#30830)
- Support dot1 encapsulation on routed sub-interface
2017-09-26 21:34:51 +05:30
Adrian Likins
3eab636b3f Fix 'distribution' fact for ArchLinux (#30723)
* Fix 'distribution' fact for ArchLinux

Allow empty wasn't breaking out of the process_dist_files
loop, so a empty /etc/arch-release would continue searching
and eventually try /etc/os-release. The os-release parsing
works, but the distro name there is 'Arch Linux' which does
not match the 2.3 behavior of 'Archlinux'

Add a OS_RELEASE_ALIAS map for the cases where we need to get
the distro name from os-release but use an alias.

We can't include 'Archlinux' in SEARCH_STRING because a name match on its keys
but without a match on the content causes a fallback to using the first
whitespace seperated item from the file content as the name.
For os-release, that is in form 'NAME=Arch Linux'

With os-release returning the right name, this also supports the
case where there is no /etc/arch-release, but there is a /etc/os-release

Fixes #30600

* pep8 and comment cleanup
2017-09-25 15:00:31 -04:00
Adrian Likins
12404f470a Fix pkg_mgr fact on OpenBSD (#30725)
* Fix pkg_mgr fact on OpenBSD

Add a OpenBSDPkgMgrFactCollector that hardcodes pkg_mgr
to 'openbsd_pkg'. The ansible collector will choose the
OpenBSD collector if the system is OpenBSD and the 'Generic'
one otherwise.

This removes PkgMgrFactCollectors depenency on the
'system' fact being in collected_facts, which also
avoids ordering issues (if the pkg mgr fact is collected
before the system fact...)

Fixes #30623
2017-09-22 14:22:05 -04:00
Ganesh Nalawade
d72eb08902 Fix nxos provider transport warning issue (#30610)
* Fix nxos provider transport warning issue

*  Add default value of transport arg in provider spec
*  Remove default value if transport arg in top level spec
   This ensure deprecation warning is seen only in case transport
   is given as a top level arg in task
*  Refactor nxos modules to reference transport value from provider
   spec

* Fix unit test

* Remove transport arg assignment in nxos action plugin

* As assigning transport value is handled in provider spec
  top level task arg assignment is no longer required
2017-09-22 10:32:25 +05:30
Tim Rupp
0eb0d96286 Adds module which allows users to manage partitions on a BIG-IP (#30577) 2017-09-21 14:48:51 +01:00
dteach
ca56a248d8 junos_facts: Add Hardware facts. (#30304)
* Add Routing Engine Facts

 - Map routing engine output information to routing_engines facts dict.
 - Add fact 'has_2RE', which is a quick way to determine how many REs
   the chassis has.

* Fix a typo

* Fix more typos

* Add slot number to routing_engine dict

* Add facts about the installed chassis modules

* Fix typo

* Fixed another typo

* Fix Path

* Change path again.

* More Typos

* Add some deubgging

* Add additional information for hardware components.

 - Return information about the Routing Engines.
 - Return a fact to easily determine if the device
   has two routing engines.
 - Return information about the hardware modules.

* Addressed pep8 stardard failures.

* Add unit test fixtures.

* Rename fixture.

* Fix unit test failures.

 - Rename the fixture file to what the unit test expects.
 - Strip out junos namespace attributes.
Rename file to match what the unit test expects.

* Scrubbed the routing engine serial numbers.

* Add unit test facts for new tests.

 - Add unit test for ansible_net_routing_engines fact
 - Add unit test for ansible_net_modules fact
 - Add unit test for ansible_net_has_2RE

* Fixed spacing.
2017-09-20 12:43:07 +05:30
Adrian Likins
307be59092 Don't ask for password confirm on 'ansible-vault edit' (#30514)
* Don't ask for password confirm on 'ansible-vault edit'

This is to match the 2.3 behavior on:

        ansible-vault edit encrypted_file.yml

Previously, the above command would consider that a 'new password'
scenario and prompt accordingly, ie:

        $ ansible-vault edit encrypted_file.yml
        New Password:
        Confirm New Password:

The bug was cause by 'create_new_password' being used for
'edit' action. This also causes the previous implicit 'auto prompt'
to get triggered and prompt the user.

Fix is to make auto prompt explicit in the calling code to handle
the 'edit' case where we want to auto prompt but we do not want
to request a password confirm.

Fixes #30491
2017-09-19 17:39:51 -04:00
Toshio Kuratomi
0a69e27e62 Fix jenkins_plugin test for no net situations (#30568)
Unittests are sometimes run without network connectivity in build
systems.  Make that work correctly by mocking out _get_url_data with the
expected return value.
2017-09-19 13:12:45 -07:00
Matt Clay
dbf9634b1b Enable more pylint rules and fix reported issues. (#30543)
* Enable pylint invalid-encoded-data test.
* Enable pylint anomalous-unicode-escape-in-string test.
2017-09-19 00:45:35 -07:00
Matt Clay
7714dcd04e Enable more pylint rules and fix reported issues. (#30539)
* Enable pylint unreachable test.
* Enable pylint suppressed-message test.
* Enable pylint redundant-unittest-assert test.
* Enable pylint bad-open-mode test.
* Enable pylint signature-differs test.
* Enable pylint unnecessary-pass test.
* Enable pylint unnecessary-lambda test.
* Enable pylint raising-bad-type test.
* Enable pylint logging-not-lazy test.
* Enable pylint logging-format-interpolation test.
* Enable pylint useless-else-on-loop test.
2017-09-18 23:20:32 -07:00
Dag Wieers
6a6f88d035 Clean up ACI error text (#30501)
* Clean up ACI error text
* Get rid of explicit unicode strings, use PY2
2017-09-18 11:51:58 -07:00
Toshio Kuratomi
1fa3fb45bc Update aci tests for new messages from lxml-4.0+ 2017-09-17 19:04:17 -07:00
Mike Wiebe
173c41aefe Rel240/fix nxos pim interface (#29885)
* fix nxos_pim_interface

* Add integration test coverage and fix unit test

* Add clarifying comments

* Make ansibot happy
2017-09-14 13:36:32 -07:00
Ganesh Nalawade
3ff527b1d2 Fixes #30281 eos_banner integration test failure (#30283)
* Fixes #30281 Configure login prompt for eos_banner

* Fix unit test

* Fix pep8 issue
2017-09-14 13:56:32 +05:30
Felipe Garcia Bulsoni
18707136e2 Added support to retrieving SAN Manager resources in HPE OneView
- Added unit tests
- Added _main_ function to oneview unit tests which were missing it
2017-09-13 13:13:19 -07:00
Felipe Garcia Bulsoni
eeb8128baf Added __main__ method to tests so they can be run directly through Python 2017-09-13 13:13:19 -07:00
Matt Clay
442af3744e Miscellaneous pylint fixes.
The following rules are no longer disabled:

- bad-format-string
- duplicate-key
- lost-exception
- trailing-newlines
- unexpected-keyword-arg
- useless-suppression
- using-constant-test
2017-09-13 01:53:08 -07:00
Matt Clay
68aeaa58a8 Fix dangerous default args. (#29839) 2017-09-12 00:11:13 -07:00
Tim Rupp
74ace093b8 Renames the bigip_configsync_actions module (#29747)
Retains the old name by making a symlink. We can remove it in a later
release.
2017-09-12 05:53:44 +01:00
Miguel Ángel Ajo
8e4f112b39 Fixes #23680 bug with py3.x due to binary string handling (#23688)
* This commit includes a unit test to exercise the _is_role
function and make sure it doesn't break in any Python version.
* Import os.path and other minor fixups
2017-09-09 18:40:07 -07:00
Toshio Kuratomi
75249e311e Fix set theory filters for python3
The set theory filters need to use lists rather than generators on python3.

Also add unit tests for most of the mathstuff filters

Fixes #26494
2017-09-09 17:38:39 -07:00
Brian Coca
fe3b4325c2 less confusing 'args' message (#29053)
* less confusing 'args' message

* fix test

* gone native
2017-09-06 18:20:06 -04:00
Nathaniel Case
f84ff216b6 Generalize nxos_bgp event-history detection (#28890)
* More general handling of event-history

* Update unit tests
2017-09-06 17:37:44 -04:00
Nathaniel Case
8bfdbd0f73 nxos_bgp_neighbor: Fix regex &report warnings (#28888)
* Fix over-detection of log-neighbor-as

* Report nxos warnings

* Update nxos_bgp_neighbor unit tests to test remove-private-as
2017-09-01 15:17:42 -04:00
Trishna Guha
252efcebf5 module should fail if eos_user is added without configured_password or nopassword or sshkey (#28780)
* module should fail if eos_user is added without configured_password or nopassword or sshkey

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* fix eos_user unit test

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* fix eos_user integration test

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-08-31 15:29:57 -04:00
Felipe Garcia Bulsoni
fd304d9b5b Added support to SAN Manager resource in HPE OneView (#28787)
- Added unit tests
2017-08-30 18:32:43 +02:00
Felipe Garcia Bulsoni
1e785d4117 FcoeNetworkFactsModule for HPE OneView (#28728)
* Add FcoeNetworkFactsModule for retrieving HPE OneView FCoE Networks

- Allow querying for FCoE Network resources in HPE OneView
- Adds unit tests to new module

* Fix "required: no"
2017-08-30 16:51:28 +02:00
Felipe Garcia Bulsoni
6ea2099ee4 EthernetNetworkFactsModule for HPE OneView (#28723)
* Adds EthernetNetworkFactsModule for retrieve HPE OneView

- Allows retrieving Ethernet Network resources from HPE OneView
- Adds unit tests

* Removed required: no
2017-08-30 16:49:57 +02:00