* Revert "Revert "openssl_csr: Allow to use cryptography as backend (#50324)""
This reverts commit bbd2e31e9f.
* Remove more complicated selection copy'n'pasted from openssl_privatekey.
* Add tests for backend selection.
* Add openssl_csr test for arbitrary string commonName.
* Allow to disable commonName -> SAN copying (fixes#36690).
* Fix subversion integration test on Fedora 29.
This upgrades the sqlite-libs and subversion packages to make sure
that the version of sqlite expected by subversion is installed.
* Fix compatibility with RHEL and CentOS.
* removed info declaration from documentation fragment as this is not implemented
* added optional headers for POST and PUT requests
* updated documentation
* added missing headers field decalaration
* removed info choice from state field
* added tests for the new utm_utils function
* fixed class invocation
* added missing required params
* fixed the pytests
This will permit the script to pass through content which could
not be previously decoded or encoded. This could occur when running
some tests on macOS using file paths with non-ASCII characters.
* added timestamps to nxos_command module
nxos_command module now returns timestamps field, which shows command execution time
* fixed unit test failure for /lib/ansible/module_utils/basic
* cosmetic changes to align with PEP 8
* Corner case in which import_role would add another instance of a role with the same signature into roles: when it already existed there.
roles:
- name: a
tasks:
- import_role: name=a
would execute role 'a' 3 times instead of the intended 2 (x2 in roles: phase +1 in tasks:)
* added tests
Previously empty test targets were ignored by ansible-test.
This would prevent them from participating in dependency analysis.
These targets are actually empty roles, and should be processed as such.
* Further cleanup of integration test inventory.
* Preserve aci and msc inventory in template.
* Update ansible-test inventory template handling.
* Fix classification of inventory file.
* Integration tests now have their own list of allowed shebangs.
* Use `#!/usr/bin/env bash` instead of `#!/bin/bash`
since the location is different on various platforms.
Some integration test targets have dependencies on files outside
the `test/integration/targets/` directory tree. Changes to these
dependencies can result in unexpected test failures since they do
not trigger integration tests which depend on them.
* Log dependencies at verbosity level 4.
This makes it easier to debug target dependency issues.
* Scan symlinks for target dependencies.
Some test targets use symlinks to files in other test targets.
These dependencies were previously undetected. This could result in
changes made to dependencies without triggering the dependent tests.
* Track missing target deps with `needs/target/*`.
Some existing test targets have untracked dependencies on other
test targets. This can result in changes to those dependencies
not triggering their dependent tests, resulting in test failures
after a PR is merged.
This PR adds the appropriate `needs/target/*` aliases to track
those dependencies, along with appropriate processing in
ansible-test to handle the new aliases.
* Scan meta dependencies in script targets.
Script targets are often former role targets which were converted
to allow custom invocations of ansible-playbook. These targets still
have their meta dependencies, but they were not being detected.
This could result in changes to dependencies not triggering the
targets which depend on them.
Previously, the following dependencies:
A used by B
B used by C
Would have been converted to:
A used by C
B used by C
Intead of being expanded to:
A used by B
A used by C
B used by C
This change preserves the existing dependency when expanding it.
* Fix encoding issues with file paths.
Discovered while testing with ANSIBLE_CONFIG env var set to a path
that contained unicode characters while LC_ALL=C.
* Fix unit tests.
* Fix another path encoding issue.
When a user home dir is not created with `useradd`, the home dir will now
be created with umask from /etc/login.defs. Also fixed a bug in which
after a local user is deleted, and the same user exists in the central
user management system, the module would create that user's home.
* Added new vmware module for gathering facts for DRS groups
* Update lib/ansible/modules/cloud/vmware/vmware_drs_group_facts.py
* Updated doc
* Fixed integration test with mutual exclusive paramteres
Co-Authored-By: karstenjakobsen <karsten@karstenjakobsen.dk>
* Added new vmware module for creating DRS VM or Host groups in a given cluster
* Fixed typo in module name
* Added better docstrings. Fixed better messaging for existing groups. Added delete example.
* Update doc
* Update lib/ansible/modules/cloud/vmware/vmware_drs_group.py
* Updated logic, so result is populated with correct data even if no changes are made
* Update lib/ansible/modules/cloud/vmware/vmware_drs_group.py
* Improved performance by getting group_obj in init()
* Fixed syntax error and added group_name as required if state is
* Added state= to integration test
Co-Authored-By: karstenjakobsen <karsten@karstenjakobsen.dk>
* Allow to use cryptography as backend for openssl_csr.
* Use different curve.
* Adding changelog.
Includes changelog fragment for #49416, which didn't include one.
* Make TLS available for RabbitMQ
* Use correct path
* Include cleanup
* Also remove unused package
* Don't generate a TLS cert every time if one already has been generated
* Add newlines, clean up repository and clarify block purpose
* One too many new lines :)
* Make TLS certs static
* Pluribus Networks port cos bw module
* Indentation fix
* Documentation fix
* Corrected indetentation for required_one_of
* Added maintainer name in BOTMETA.yml
* Removed maintainer name in BOTMETA.yml as my team is already there
* Move var_blending test inventory into test.
* Remove Amazon specific inventory entry for tests.
* Remove Azure specific inventory entry for tests.
* Move var_precedence test inventory into test.
* Move unicode test inventory into test.
* Remove unused inventory entry.
* Move gathering_facts test inventory into test.
* Move delegate_to test inventory into test.
* Clean up inventory for binary_modules test.
* Clean up integration test inventory.
* Add tests for WANT_JSON and old style modules
* quote source path
* Attempt to further appease tests
* Check for file and not just exists
* omg don't be dumb
* moar fixes
* shellcheck is the worst :)
* Test the custom modules for failure without arg files
Provide toggle flag to allow display of unreachable task to stderr
using default callback plugin.
Fixes: #48069
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fixing the exception import from tower modules
* Adding tests for checking tower modules are failing with correct msg
* fixed failing tests
* fixed failing test in tower_team
* Included support to AIX group subsystems
AIX systems has subsystems as services but also uses group
subsystems.
For example, spooler is a group subsystem to services
qdaemon, writesrv, and lpd.
This change enables the possibility to use also the group
susbsystmes such as spooler, nfs, etc.
When the service name is informed, first the module will
check if the name is a subsystem, if not it will check if
the name is a group subsystem and also it subsystems states.
This change makes services more flexible with AIX systems.
* Included test/legacy/aix_services.yml for tests
As discussed on IRC ansible-devel channes, was include the
legacy tests for further manual tests.
* Introduce 'insertbefore' and 'insertafter' to specify the position children have to be inserted.
* Added version_added to new options
* Xpath in example needs single quotes
* Added integration tests for insertafter and insertbefore
* Changed version_added to 2.8
* Improve cleanup.
* Add check mode tests.
Failing tests commented out; will be fixed in #49948.
* Add reload and reset tests.
* Add tests for other global state.
* Work around ufw bugs.
* Cloudscale integration test setup
CloudProvider and CloudEnvironment classes for Cloudscale integration
tests. This also contains a cloudscale_common role with common
variables for all tests.
* cloudscale_volume module
New cloud module to manage volumes on the cloudscale.ch IaaS service.
* Add checkpoint httpapi plugin and access rule facts module
* WIP checkpoint_access_rule module
* Add publish and install policy, plus fix empty json object request for publish
* Refactor publish and install_policy onto module_utils
* Add update resource logic
* Add checkpoint_host_facts module
* Return code and response on get_acess_rule function
* Add checkpoint_host module
* Add checkpoint_run_script module
* Add checkpoint_task_facts module
* Show all tasks if no task id is passed
Note, this is only available on v1.3 of Checkpoint WS API
* Add update logic to checkpoint host
* Add full details on get task call
* Add checkpoint httpapi plugin
* Fix pep8
* Use auth instead of sid property and return False on handle_httperror method
* Fix version in docstring
* Remove constructor
* Remove Accept from base headers
* Do not override http error handler and assign Checkpoint sid to connection _auth
There is scaffolding in the base class to autoappend the token, given
it is assigned to connection _send
* Use new connection queue message method instead of display
* Remove unused display
* Catch ValueError, since it's a parent of JSONDecodeError
* Make static methods that are not used outside the class regular methods
* Add missing self to previously static methods
* Fix logout
Was carrying copy pasta from ftd plugin
* Remove send_auth_request
* Use BASE_HEADERS constant
* Simplify copyright header on httpapi plugin
* Remove access rule module
* Remove unused imports
* Add unit test
* Fix pep8
* Add test
* Add test
* Fix pep8
* new module: AIX LVM file system and NFS
This module creates, removes, mount and unmount LVM and NFS file system
for AIX using /etc/filesystems. For LVM file systems is also possible
to resize the file system.
* better parameters options structure
better parameters options structure
* Improved file system resize returns
Added better tratment for return codes for file system resize.
When a resize is not possible because no enough space on lv or
shrink is not allowed.
* improved doc and creation file system return code
- improved doc
- creation file system return code 10 was treated.
* Doc recomendations, dict result, line limit
- Added doc recomendations
- Changed return to dict results on main()
- Using 159 columns for code limit
* wrong changed return when file system is already
Fixed wrong changed return when file system is already mounted.
When the file system is already mounted the return for changed
is False.
* Fixed description and included playbook for tests
- Fixed description
- Included playbook for manual tests
* Various small bits to get this merged ASAP
* Rename test/legacy/aix_filesystem.yml to test/integration/targets/aix_filesystem/tasks/main.yml
Move integration test to its proper location
* Create aliases
* Fix CI issues
* Fix backup issue in network config modules
* Fix `get_working_path` not found issue introduced due to
backup config code refactor (PR #50208)
* Further refactor config related action plugins to minimize
duplicate code
* Remove unwated imports in config action plugins
* Add common network class for action plugin and related code refactor
* Fix review comment
User module can contain Indentation errors or syntax errors.
Handle AST exceptions rather than showing traceback while importing such module.
Fixes: #21707
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Note: Python2 is not as intelligent at detecting false import loops as
Python3. context_objects.py cannot be added to cli/arguments because it
would set up an import loop between cli/__init__.py,
cli/arguments/context_objects.py, and context.py on Python2.
ci_complete
The goal of breaking apart the base_parser() function is to get rid of
a bunch of conditionals and parameters in the code and, instead, make
code look like simple composition.
When splitting, a choice had to be made as to whether this would operate
by side effect (modifying a passed in parser) or side effect-free
(returning a new parser everytime).
Making a version that's side-effect-free appears to be fighting with the
optparse API (it wants to work by creating a parser object, configuring
the object, and then parsing the arguments with it) so instead, make it
clear that our helper functions are modifying the passed in parser by
(1) not returning the parser and (2) changing the function names to be
more clear that it is operating by side-effect.
Also move all of the generic optparse code, along with the argument
context classes, into a new subdirectory.
* Once cli args are parsed, they're constant. So, save the parsed args
into the global context for everyone else to use them from now on.
* Port cli scripts to use the CLIARGS in the context
* Refactor call to parse cli args into the run() method
* Fix unittests for changes to the internals of CLI arg parsing
* Port callback plugins to use context.CLIARGS
* Got rid of the private self._options attribute
* Use context.CLIARGS in the individual callback plugins instead.
* Also output positional arguments in default and unixy plugins
* Code has been simplified since we're now dealing with a dict rather
than Optparse.Value
* Move get_all_subclasses out of sys_info as it is unrelated to system
information.
* get_all_subclasses now returns a set() instead of a list.
* Don't port get_platform to sys_info as it is deprecated. Code using
the common API should just use platform.system() directly.
* Rename load_platform_subclass() to get_platform_subclass and do not
instantiate the rturned class.
* Test the compat shims in module_utils/basic.py separately from the new
API in module_utils/common/sys_info.py and module_utils/common/_utils.py
* urldecode filter for Jinja2
We needed this in order to deconstruct correct URLs using Jinja2.
And we might as well upstream this.
* Add integration tests
* Fixes for Python 3
* Add urlencode for older Jinja2
* add openssh_cert module
* fix some linter issues
* address review feedback
* add basis for integration tests
* change valid datetime formats
* handle principals as set not as list
* handle principals as set not as list
* handle principals as set not as list
* fix order of dnf api operations so transactions don't fail
Previously dnf.base.fill_sack() was called before
dnf.base.update_cache() which apparently breaks dnf transaction
logic as per https://bugzilla.redhat.com/show_bug.cgi?id=1658694Fixes#49060
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog and test case
Signed-off-by: Adam Miller <admiller@redhat.com>
Codecov.io have made some improvements to results processing.
Upload all the coverage data to see is codecov can process this.
Reverts https://github.com/ansible/ansible/pull/47515
* Fix Issue #39598
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Fix unit test for onyx_config
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Add comments for save running config
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Enhance onyx_config bug fix
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Fix result['changed'] = True comment
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* MSC: Various bugfixes and features enhancements
This PR includes:
- Lookups of roles, labels and domains
- Auto-create new labels
- Improvements to comparing complex datastructures
- Force removal of sites
- Support non top-level queries
- Document internal functions
- Add parameter types to modules
- Fix documentation examples
- Improvements to idempotency wrt. returning changed
- Support site locations
- Update permission list
- Various improvements to integration tests
* Fix Ci issues
* Refactor integration test for lvg module to introduce grow/reduce test
* List correctly current PV in lvg module: fix lvg reduce
Previous behaviour was to only take into account PV passed in 'pvs'
argument. This lead to reduce not working as expecting:
* with state=present and list of wanted pvs, lvg found only the pvs to
add or already present and ignored the pv to remove (obviously absent
from the list of given PV)
* with state=absent and a pv to remove, lvg found that the remaining pvs
list is empty (ignoring possible other PV in the vg) and decides to
remove the vg entirely (as supposely no PV are left anymore to store
lvm metadata)
* Add changelog fragment
* Refactoring of cnos_interface module like what followed by other vendors
* To remove cnos-interface from E326 validation ignore list
* Effect of default parameters impacted UT
* Added organization in the scm_credential get
* Fallback looking for cred in project org
* Tests project with multi org credential
* Fixed CI issue
* Added changelog fragment
* Fix mandatory statement error for junos modules
Fixes#40267
* Add error regex in junos terminal plugin to error out
in case of commit fails
* If commit fails add logic to discard changes before existing
else next task will result in error
* Add integration test
* Minor update
* Revert "allow caller to deal with timeout (#49449)"
This reverts commit 63279823a7.
Flawed on many levels
* Adds poor API to a public function
* Papers over the fact that the public function is doing something bad
by catching exceptions it cannot handle in the first place
* Papers over the real cause of the issue which is a bug in the timeout
decorator
* Doesn't reraise properly
* Catches the wrong exception
Fixes#49824Fixes#49817
* Make the timeout decorator properly raise an exception outside of the function's scope
signal handlers which raise exceptions will never work well because the
exception can be raised anywhere in the called code. This leads to
exception race conditions where the exceptions could end up being
hanlded by unintended pieces of the called code.
The timeout decorator was using just that idiom. It was especially bad
because the decorator syntactically occurs outside of the called code
but because of the signal handler, the exception was being raised inside
of the called code.
This change uses a thread instead of a signal to manage the timeout in
parallel to the execution of the decorated function. Since raising of
the exception happens inside of the decorator, now, instead of inside of
a signal handler, the timeout exception is raised from outside of the
called code as expected which makes reasoning about where exceptions are
to be expected intuitive again.
Fixes#43884
* Add a common case test.
Adding an integration test driven from our unittests. Most of the time
we'll timeout in run_command which is running things in a subprocess.
Create a test for that specific case in case anything funky comes up
between threading and execve.
* Don't use OSError-based TimeoutError as a base class
Unlike most standard exceptions, OSError has a specific parameter list
with specific meanings. Instead follow the example of other stdlib
functions, concurrent.futures and multiprocessing and define a separate
TimeoutException.
* Add comment and docstring to point out that this is not hte Python3 TimeoutError
* Fix example in ini.py
* Fix unittest in test_ini.py to pass CI as latest ansible returns list in
different order. To prevent such issues in future results are sorted
* PEP8 E501 styling improvements
Co-Authored-By: Sergii Golovatiuk <sgolovat@redhat.com>
* no-smart-quotes: Skip files by path in code-smell
This is to ensure the generated docs do not trigger code-smell issues on
contributor systems.
* Implement feedback from review
* Add cryptography backend for openssl_privatekey.
* Adding ECC support.
No support for X25519 and X449, since they don't support serialization.
* Improve finterprint calculation to work with Python 3.
* Add fingerprint check.
* Fix typo.
* Use separate curve option for elliptic curves, and use type 'ECC'.
* Using curve names as defined in IANA registry.
* Bump minimal supported cryptography version. Older versions might work as well, but I couldn't test them.
* Improve documentation.
* Change test suite to fit expected behaviour
This reverts some changes from ansible/ansible@723daf3
If a line is found in the file, exactly or via regexp matching, it must
not be added again.
insertafter/insertbefore options are used only when a line is to be
inserted, to specify where it must be added.
* Implement the change in behaviour mentioned in the previous commit
* Fix comment to reflect what the code does
* Set the correct return message.
In these cases, the lines are added, not replaced.
* Add a changelog
* Allow tags to be templated from a variable. Fixes#49825
* Restore _load_tags to ensure we do csv tag splitting
* Add tests for csv tags and templated tags
* evaluate_tags doesn't need to accept strings, because _load_tags handles this