Commit graph

20 commits

Author SHA1 Message Date
Toshio Kuratomi
e238ae999b Cyptography pr 20566 rebase (#25560)
Make pyca/cryptography the preferred backend for cryptographic needs (mainly vault) falling back to pycrypto

pyca/cryptography is already implicitly a dependency in many cases
through paramiko (2.0+) as well as the new openssl_publickey module,
which requires pyOpenSSL 16.0+. Additionally, pyca/cryptography is
an optional dep for better performance with vault already.

This commit leverages cryptography's padding, constant time comparisons,
and CBC/CTR modes to reduce the amount of code ansible needs to
maintain.

* Handle wrong password given for VaultAES format

* Do not display deprecation warning for cryptography on python-2.6

* Namespace all of the pycrypto imports and always import them

  Makes unittests better and the code less likely to get stupid mistakes
  (like using HMAC from cryptogrpahy when the one from pycrypto is needed)

* Add back in atfork since we need pycrypto to reinitialize its RNG just in case we're being used with old paramiko

* contrib/inventory/gce: Remove spurious require on pycrypto

(cherry picked from commit 9e16b9db275263b3ea8d1b124966fdebfc9ab271)

* Add cryptography to ec2_win_password module requirements
  * Fix python3 bug which would pass text strings to a function which
    requires byte strings.

* Attempt to add pycrypto version to setup deps

* Change hacking README for dual pycrypto/cryptography

* update dependencies for various CI scripts

* additional CI dockerfile/script updates

* add paramiko to the windows and sanity requirement set

  This is needed because ansible lists it as a requirement. Previously
  the missing dep wasn't enforced, but cryptography imports pkg_resources
  so you can't ignore a requirement any more

* Add integration test cases for old vault and for wrong passwords

* helper script for manual testing of pycrypto/cryptography

* Skip the pycrypto tests so that users without it installed can still run the unittests

* Run unittests for vault with both cryptography and pycrypto backend
2017-06-27 06:00:15 -07:00
Matt Martz
d3249e7875 pep8 fixes for contrib (#24344) 2017-05-09 16:38:08 -05:00
Tom Melendez
9d5c399313 Added subnetwork parameter to inventory instance dictionary. (#23984) 2017-04-26 12:44:58 +01:00
Markus Liljedahl
67dc8c146e Added support for specifying zone for gce dynamic inventory (#20938) 2017-03-16 08:28:30 -04:00
Matt Clay
10d9318de7 PEP 8 indent cleanup. (#20800)
* PEP 8 E121 cleanup.

* PEP 8 E126 cleanup.

* PEP 8 E122 cleanup.
2017-01-29 07:28:53 +00:00
Matt Clay
d0d1158c5e PEP 8 cleanup. (#20789)
* PEP 8 E703 cleanup.
* PEP 8 E701 cleanup.
* PEP 8 E711 cleanup.
* PEP 8 W191 and E101 cleanup.
2017-01-28 00:12:11 -08:00
Carlos E. Garcia
0b8011436d minor spelling changes 2016-12-13 13:51:13 -05:00
Tom Melendez
9400ba1728 [GCE] inventory script supports paginated API results. (#18554)
The inventory script now supports paginated results.  This means that inventory may exceed 500 instances.
2016-12-08 11:35:19 -05:00
James Tanner
2d2bb626d4 Port has_key to python3 compatible syntax 2016-11-16 13:02:09 -08:00
Tom Melendez
54caf3c5d5 [GCE] Caching support for inventory script. (#18093)
* [GCE] Caching support for inventory script.

The GCE inventory script now supports reading from a cache rather than making the request each time.  The format of the list and host output have not changed.

On script execution, the cache is checked to see if it older than 'cache_max_age', and if so, it is rebuilt (it can also be explicity rebuilt).

To support this functionality, the following have been added.

* Config file (gce.ini) changes: A new 'cache' section has been added to the config file, with 'cache_path' and 'cache_max_age' options to allow for configuration.  There are intelligent defaults in place if that section and options are not found in the configuration file.

* Command line argument: A new --refresh-cache argument has been added to force the cache to be rebuild.

* A CloudInventoryCache class, contained in the same file has been added.  As a seperate class, it allowed for testing (unit tests not included in this PR) and hopefully could be re-used in the future (it contains borrowed code from other inventory scripts)

* load_inventory_from_cache and do_api_calls_and_update_cache methods (, which were largely lifted from other inventory scripts, in a hope to promote consistency in the future) to determine if the cache is fresh and rebuild if necessary.

* A 'main' check, to support the script being imported and testable.

A new dictionary has been added to the list output, located at ['_meta']['stats'] that informs if the cache was used and how long it took to load the inventory (in 'cache_used' and 'inventory_load_time', respectively).

* fixed default value error; change cache time to 300
2016-10-24 16:32:50 -04:00
Adrian Likins
57a911e098 Use sys.exit(msg) i/o print() and sys.exit() (#15465)
Any non-0 exits should be showing an error message
to stderr instead of to stdout.
2016-08-23 11:09:23 -04:00
Wayne Witzel III
bb8d1168ac Added the ability to filter gce grouped_instances by region/zone (#14138) 2016-07-14 22:10:39 -04:00
Kenny Woodson
ebf1feb5bb Adding instance_states option to gce inventory 2016-06-17 10:11:23 -04:00
Matt Hite
fbfc24fb40 New inventory_ip_type option in gce inventory tool 2016-05-03 15:32:12 -07:00
Vlad Panainte
8259c091d6 fix logging 2016-03-18 16:25:40 +00:00
Marius Gedminas
3f9879aedb Use print() as function under contrib/
This fixes the remaining Python 3 syntax errors, so re-enable compileall
for contrib/ again.
2015-08-28 09:18:13 +03:00
Marius Gedminas
9ae66a7f5c Use 'except ... as' syntax in contrib/ and test/ too 2015-08-27 22:15:57 +03:00
Mathieu Lecarme
1873e8ed08 GCE tag prefix for creating ansible group. 2015-07-17 22:28:30 +02:00
Brian Coca
9c5a6d7b5a fixed all references to old plugins/inventory to point at contrib/inventory 2015-07-10 13:00:12 -04:00
Brian Coca
d0c6d2ff1c poreted log_plays, syslog_json and osx_say callbacks to v2
renamed plugins to contrib (they are not really plugins)
rewrote README.md to reflect new usage
added new dir to setup.py so it gets copied with installation, in views
of making using inventory scripts easier in teh future
2015-07-10 10:30:33 -04:00
Renamed from plugins/inventory/gce.py (Browse further)