* luks_device.py: allow the user create LUKS based on specific versions
- Allow user pass an option 'type' that explicits define the version of LUKS
container that will be created. It should be 'luks1' or 'luks2' format.
- If 'label' option is defined the 'type' option will be 'luks2' independently
of the option 'type' informed by user. (labels NEED luks2 format)
Fixes: #58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* added the changelog fragment
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* luks_device.py: make it fail in certain conditions
- Not allow user especify luks1 type and label at the same playbook
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* Pika v1.0.0 and above were causing issues for publish_message. Updated
to ensure publish_message works with pika 0.13.1 and 1.0.0 and above.
* Adding changelog fragment for rabbitmq_publish fix.
* Updating return value.
* In pika v1.0.0 BlockingChannel.is_closing was removed. Updating
plugin accordingly.
Ref: https://github.com/pika/pika/pull/1034
* Adding change fragment for is_closing bug.
* Updated change fragment description.
Use hostnamectl command to get current hostname for host while using
systemd strategy.
Fixes: #59438
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Creating a virtual environment using `venv` when running in a virtual environment created by `virtualenv` results in a copy of the original virtual environment instead of creation of a new one.
To work around this, `ansible-test` now identifies when it is running in a `virtualenv` created virtual environment and uses the real Python interpreter to create the `venv` virtual environment.
* AWS ec2_vpc_net: Enable ipv6 CIDR assignment
Enable IPv6 CIDRs in ec2_vpc_net, and fix ec2_vpc_subnet tests that
were depending on the aws cli for CIDR assignment.
Related to: #27800
The `test/results/` directory for Ansible test output was already ignored when not using git.
When Ansible Collections were switched to `tests/output/` the ignore entry was previously overlooked.
* Fix ansible-doc traceback for removed modules.
This avoids tracebacks with errors like the following when a module has been removed:
module module_name missing documentation (or could not parse documentation): 'NoneType' object does not support item assignment
* Fix ansible-doc sanity test warning handling.
Warnings about removed modules/plugins on stderr are now properly ignored.
Previously an ansible-doc error could result in unrelated errors going undetected because tests were stopped early and the underlying error was ignored.
* Fix ansible-test venv activation.
When using the ansible-test --venv option, an execv wrapper for each python interpreter is now used instead of a symbolic link.
* Fix ansible-test execv wrapper generation.
Use the currently running Python interpreter for the shebang in the execv wrapper instead of the selected interpreter.
This allows the wrapper to work when the selected interpreter is a script instead of a binary.
* Fix ansible-test sanity requirements install.
When running sanity tests on multiple Python versions, install requirements for all versions used instead of only the default version.
* Fix ansible-test --venv when installed.
When running ansible-test from an install, the --venv delegation option needs to make sure the ansible-test code is available in the created virtual environment.
Exposing system site packages does not work because the virtual environment may be for a different Python version than the one on which ansible-test is installed.
* Allow the use of _paramiko_conn even if the connection hasn't been started.
I'm not sure what the benefit is of Noneing paramiko_conn on close, but will keep for now
* Fix test
* Try to fix up net_put & net_get
* Add changelog
Python < 2.7.9 does not have the ssl.SSLContext attribute.
ssl.SSLContext is only required when we want to validate the SSL
connection. If `validate_certs` is false, we don't initialize the
`ssl_context` variable.
Add unit-test coverage and a little refactoring:
- avoid the use of `mocker`, when we can push `monkeypatch` which is
`pytest`'s default.
- use `mock.Mocker()` when possible
closes: #57072
* module_utils/ec2: (unit tests) Move unit tests for module_utils/ec2.py into test/units/module_utils
- compare_policies was refactored from s3_bucket
- "ec2_utils" doesn't seem to have ever existed
* module_utils/ec2: (unit tests) Add unit test for comparing quoted and unquoted bools and numbers within policies
As per https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
"Values are enclosed in quotation marks. Quotation marks are optional for numeric
and Boolean values."
* module_utils/ec2: Explicitly convert bools and ints to strings when comparing policies
See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
* Fixes to ecs_certificate cert chain for #61738
* Added changelog fragment
* Fixes to ecs_certificate for cleaner join, and better integration test
* Fix integration test formatting
* End cert chain with a \n
* Update changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update main.yml
* compare list of dicts
* update example for dhcp_server_opts to include ip_version which is automatically added by openstack
* add note about dhcp_server_opts
* add changelog fragment
* fix forgotten exception+pass
* no need to excplicitly check for None
* fix oops
* fix import error
* missed missing_required_lib
* changelog fragment formatting and grammar fixes
* update requirements in documentation and fix spelling
* Update AWS hacking policy to enable ASG Tagging management
* aws_asg: Add tests for ASG Tagging (including idempotency)
* aws_asg: ignore sort order when comparing tags on the ASG (fix idempotency)
* ec2_asg: (integration tests) test for idempotency when managing metrics collection
* ec2_asg: sort list of enabled metrics to ensure clean comparisons.
* Fix ansible-connection persist after playbook run issue
* PR https://github.com/ansible/ansible/pull/59153 to add support
for delaying the ansible-connection added an old issue of
ansible-connection persisting even after playbook run is finished
till either command timeout or connect timeout is triggered.
ansible-connection persist after playbook execution is done
and also delays the connection initilization untill a method
in invoked from module side on the connection object.
* Add chanegelog
* fix erroneous failures in docker_compose due to deprecation warnings from docker (#60961)
* Update error handling to work with new method of capturing output
Co-Authored-By: Felix Fontein <felix@fontein.de>
* update error handling
* fix syntax error
* fix indentation
* fix indentation (again)
* remove erroneous line
On OpenBSD, 13 asterisk characters as a password hash, marks the
account as disabled. Otherwise daily(8) script which executes
security(8) will email operator about not properly locked accounts.
Before the diff, we see following warning:
> [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
After the diff, warning is gone.
* luks_device.py: Allow manipulate LUKS containers with label or UUID
- Allow create a LUKS2 container format with label support
- Allow manipulate (open, close, modify) an LUKS container based on
both label (LUKS2 format) or UUID instead of using devices only.
Fixes: #58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* test_luks_device.py: organizing tests to support labels
- Add label on some tests and fix errors reported by Shippable
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* luks_device.py: adjusting versions and messages
- Modifying version_added from 2.9 to 2.10
- Fixing some messages
- Created a changelog fragment
- Moving blkid from scope
Fixes#58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* Update DevOps AWS policy
- Fix typos in permission names
- While AWS claims you can use 'arn:aws:codecommit:*' it errors unless you use '*'
* aws_codecommit: (integration tests) Migrate to module_defaults
* aws_codecommit: (integration tests) Fix integration tests
* aws_codecommit: (integration tests) Add tests for updating the description
* aws_codecommit: Add support for updating the description and rename "comment" option to "description"
* Cleanups and version bumping for 2.10
* Fix changelog url now that stable has been branched
* Fix the lenth of the porting guide title now that the version is two digits
The `git submodule status` command is relative to the current git repository by default.
When running from a repository subdirectory paths can be returned above the current directory.
Specifying the current directory with `git submodule status` avoids listing submodules above that directory.
This will fix issues when testing a collection that is rooted below the repository root when that repository uses submodules.
* default collection support
* playbooks run from inside a registered collection will set that collection as the first item in the search order (as will all non-collection roles)
* this allows easy migration of runme.sh style playbook/role integration tests to collections without the playbooks/roles needing to know the name of their enclosing collection
* disable default collection test under Windows
* enable collection search for role dependencies
* unqualified role deps in collection-hosted roles will first search the containing collection
* if the calling role has specified a collections search list in metadata, it will be appended to the search order for unqualified role deps
* disable cycle detection unit test
* failing on 3.7+, needs proper cycle detection
* see #61527
* play, block, task: New attribute forks
With this it is possible to limit the number of concurrent task runs.
forks can now be used in play, block and task. If forks is set in different
levels in the chain, then the smallest value will be used for the task.
The attribute has been added to the Base class as a list to easily provide
all the values that have been set in the different levels of the chain.
A warning has been added because of the conflict with run_once. forks will
be ignored in this case.
The forks limitation in StrategyBase._queue_task is not used for the free
strategy.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Handle forks in free strategy
The forks attribute for the free strategy is handled in run in the free
StrategyModule. This is dony by counting the amount of tasks where the uuid
is the same as the current task, that should be queued next. If this amount
is bigger or equal to the forks attribute from the chain (task, block,
play), then it will be skipped to the next host. Like it is also done with
blocked_hosts.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Test cases for forks with linear and free strategy
With ansible_python_interpreter defined in inventory file using
ansible_playbook_python.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Changing forks keyword to throttle and adding some more docs
* default collection support
* playbooks run from inside a registered collection will set that collection as the first item in the search order (as will all non-collection roles)
* this allows easy migration of runme.sh style playbook/role integration tests to collections without the playbooks/roles needing to know the name of their enclosing collection
* ignore bogus sanity error
* filed #61460
* fixed task unit test failure
* don't append an empty collections list to the ds
* ignore leftover local_action in mod_args ds action parsing
* fix async_extra_data test to not require ssh and bogus locale
* disable default collection test under Windows
* ensure collection location FS code is always bytes
* add changelog
* Fix TypeError in ec2_group.py for Python3 when sorting dictionary list
* Using json.loads() and dumps() to replace sorting
* Bug fixes for ec2_group.py
* Dictionaries cannot be compared/sorted in Python3
* Diff will occur when the IpPermissions have the same IpRanges but have different ordering
* 'before' will be sorted by 'Type' with high priority than 'IP', but 'boto3.describe_security_groups()' function cannot get 'Type' from Amazon
* Add some basic diff mode testing to exercise the rule-sorting code
* Change collection PS util import pattern
* Add changes for py2 compat
* fix up regex and doc errors
* fix up import analysis
* Sanity fix for 2.6 CI workers
* Get collection util path for coverage collection
* Rename OneView _facts modules -> _info
* Adjust PR #.
* Forgot to update test names.
* Remove superfluous blank line.
* Some more things from review.
* Initial commit for rate limiting
- Detects if error code is 429
- Pauses for random time between .5 and 5 seconds before retrying
- If it fails 10 times, give up and tell user
* Redo structure of request() to support rate limiting
* Hold down timer is now a sliding scale
- 3 * number of retries
- Fails after the 30 second wait
* Whitespace fixes
* Redo implementation using decorators
- Errors aren't tested but code works for regular calls
* Unit tests work for error handling
* Add integration tests for successful retries
* Add condition for 502 errors and retry
* Move _error_report out of the class
* PEP8 fixes
* Add changelog entry
* Template value of debugger and then check for validity
* Removed if/else and forcing failure on undefined as per comments
* Added changelog
* changed colon to brackets so it appears as a string
* aws_kms: (integration tests) Test updating a key by ID rather than just my alias
* aws_kms: (integration tests) Test deletion of non-existent and keys that are already marked for deletion
* aws_kms: Ensure we can perform actions on a specific key_id rather than just aliases
In the process switch over to using get_key_details rather than listing all keys.
* aws_kms: When updating keys use the ARN rather than just the ID.
This is important when working with cross-account trusts.
* Handle multiple Content-Type headers correctly
Avoids situations where mulitple Content-Type headers including charset information can result in errors like
```
LookupError: unknown encoding: UTF-8, text/html
```
* Account for multiple conflicting values for content-type and charset
* Add changelog fragment
* Renaming `onepassword_facts` to `onepassword_info`.
* Update module examples.
* Add changelog fragment.
* Add module rename to the 2.9 porting guide.
* Document the parameter types in the module docs.
* Fix incorrect parameter name.
* Update docs/docsite/rst/porting_guides/porting_guide_2.9.rst
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Remove `onepassword_facts` as it has been renamed to `onepassword_info` including fixes for the sanity tests.
* Add support for SubjectKeyIdentifier and AuthorityKeyIdentifier to _info modules.
* Adding SubjectKeyIdentifier and AuthorityKeyIdentifier support to openssl_certificate and openssl_csr.
* Fix type of authority_cert_issuer.
* Add basic tests.
* Add changelog.
* Added proper tests for _info modules.
* Fix docs bug.
* Make sure new features are only used when cryptography backend for openssl_csr is available.
* Work around jinja2 being too old on some CI hosts.
* Add tests for openssl_csr.
* Add openssl_certificate tests.
* Fix idempotence test.
* Move one level up.
* Add ownca_create_authority_key_identifier option.
* Add ownca_create_authority_key_identifier option.
* Add idempotency check.
* Apparently the function call expected different args for cryptography < 2.7.
* Fix copy'n'paste errors and typos.
* string -> general name.
* Add disclaimer.
* Implement always_create / create_if_not_provided / never_create for openssl_certificate.
* Update changelog and porting guide.
* Add comments for defaults.
* aws_kms: (integration tests) Use module_defaults to reduce the copy and paste
* aws_kms: (integration tests) make sure policy option functions.
* aws_kms: (integration tests) Move iam_role creation to start of playbook.
iam_roles aren't fully created when iam_role completes, there's a delay on the Amazon side before they're fully recognised.
* aws_kms: Update policy on existing keys (when passed)
* iam_password_policy: (integration tests) Use module defaults for AWS connection details
* iam_password_policy: (integration tests) Ensure the policy is removed when tests fail
* iam_password_policy: (integration tests) Add regression test for #59102
* iam_password_policy: Only return changed when the policy changes.
* iam_password_policy: PasswordReusePrevention must be omitted to remove/set to 0
* #60930 add changelog
* Update hacking AWS security policy to allow testing of Password Policy Management
* Rename hcloud_datacenter_facts to hcloud_datacenter_info
* Rename hcloud_location_facts to hcloud_location_info
* Rename hcloud_image_facts to hcloud_image_info
* Rename hcloud_floating_ip_facts to hcloud_floating_ip_info
* Rename hcloud_server_type_facts to hcloud_server_type_info
* Rename hcloud_server_facts to hcloud_server_info
* Rename hcloud_ssh_key_facts to hcloud_ssh_key_info
* Rename hcloud_volume_facts to hcloud_volume_info
* Fix typo in hcloud_image_info
* Add to porting guide and add changelog fragment
* Reword porting guide
* add subdir support to collection loading
* collections may now load plugins from subdirs under a plugin type or roles dir, eg `ns.coll.subdir1.subdir2.myrole`->ns.coll's roles/subdir1/subdir2/myrole, `ns.coll.subdir1.mymodule`->ns.coll's plugins/modules/subdir1/mymodule.py
* centralize parsing/validation in AnsibleCollectionRef class
* fix issues loading Jinja2 plugins from multiple sources
* resolves#59462, #59890,
* sanity test fixes
* string fixes
* add changelog entry
* Warn when transforming constructed groups
The `keyed_groups` field has used sanitization since 2.6, but `groups` only started doing so in 2.8.
This adds a warning for the change in behavior.
* changelog
Preserve tag key case by only calling camel_dict_to_snake_dict once,
before the tags are added.
Don't call assert_policy_shape as it seems to fail
Use aws_caller_info in the test suite now that it exists rather
than running `aws sts get_caller_identity`
Ensure that calls using `grant_types` can also use key aliases
* aws_kms: Rename various policy manipulation options to reduce confusion
AWS KMS now has the concept of issuing a 'grant', which is independent
of the policy attached to a key. Rename the following options to make
it clearer that the operate on the CMK Policy *not* on CMK Grants
* aws_kms: don't just rename grant_types/mode, deprecate them too.
* Make win_domain_user idempotent for passwordchanges
* Add changelog fragment
* Use test-credentials function from win_user.
* Split domain from username
* Update win_domain_user.ps1
* Fix ci
* Update win_domain_user.ps1
Fix ci
* Implement review
* Logic cleanup and remove securestring
* Fix typo
* fix syntax
fix syntax
* Use AD object instead of user input as requested by review
* migrate to Ansible.AccessToken
* Add support for passing networks as dicts
* Add function to compare a list of different objects
* Handle comparing falsy values to missing values
* Pass docker versions to Service
* Move can_update_networks to Service class
* Pass Networks in TaskTemplate when supported
* Remove weird __str__
* Add networks integration tests
* Add unit tests
* Add example
* Add changelog fragment
* Make sure that network options are clean
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Set networks elements as raw in arg spec
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fix wrong variable naming
* Check for network options that are not valid
* Only check for None options
* Validate that aliases is a list
* Addition of entrust provider to openssl_certificate module
* Fix native return values of error messages and JSON response.
* Documentation and syntax fixes per ansibot.
* Refactored structure of for loop due to ansible test failures in python 2.6
* Remove OCSP functionality for inclusion in possible seperate future pull request.
* Remove reissue support.
* Indicate the entrust parameters are specific to entrust.
* Comment fixes to make it clear module_utils request is used.
* Fixes to not_after documentation
* Response to pull request comments and cleanup of error handling for bad connections to properly use the 'six' HttpError for compatibility with both Python 2/3 underlying url libraries.
* pep8/pycodestyle fixes.
* Added code fragment and response to comments.
* Update license to simplified BSD
* Fixed botmeta typo
* Include license text in api.yml
* Remove unsupported certificate types, and always submit an explicit organization to match organization in CSR
* Fix documentation misquote, add expired to a comment, and fix path check timing.
* Update changelogs/fragments/59272-support-for-entrust-provider-in-openssl_certificate_module.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Add cryptography backend for get_certificate.
* Add changelog.
* Use short names (if possible).
* Adjust version (to behave as pyOpenSSL).
* Work around bugs (needed for cryptography 1.2.3).
* Don't run cryptography backend tests for CentOS 6.
* Bump cryptography requirement to 1.6 or newer.
Otherwise, signature_algorithm_oid isn't there, either.
* Simplify requirement text.
* CentOS 6 has cryptography 1.9, so we still need to block.
* Add auto-detect test.
* Improve YAML.
* fix: docker_swarm_service does not publish both tcp and udp ports for same published port
* fix the linting problems and add the changelog fragment.
* add test
* modify test to ensure result rather than return value
* Mark logout as changed when docker logout does not return 'Not logged in to '.
* Add changelog.
* Improve logout detection.
* Also return output of 'docker logout'.
* ansible-galaxy tidy up arg parse with better validation
* Add support back in for -v before sub aprser
* Added deprecation warning for manually parsed verbosity
* Adding waiter to cluster remove process
* blank line contains whitespace
* update aws_eks integration test
* Refactor aws_eks test suite to use pip
* update version testing
* missing parens...
* add changelog fragment
* Add waiter to module_utils, fix exception handling.
* Correct EKS waiter checks
* various mod_args fixes
* filter task keywords when parsing actions from task_ds- prevents repeatedly banging on the pluginloader for things we know aren't modules/actions
* clean up module/action error messaging. Death to `no action in task!`- actually list the candidate modules/actions from the task if present.
* remove shadowed_module test
* previous discussion was that this behavior isn't worth the complexity or performance costs in mod_args
* fix/add test, remove module shadow logic
* address review feedback
- Split the key validation to separate private and public.
- In case public key does not exist, recreate it.
- Validate comment of the key.
- In case comment changed, update the private and public keys.
* Improve link handling.
* Also fetch alternate certificate chains.
* Add retrieve_all_alternates option.
* Simplify code.
* Forgot when condition.
* Add tests for retrieve_all_alternates.
* Fixes.
* Moved utility function for link parsing to module_utils.
* Fix grammar.
* Ansible.AccessToken - Added shared util for managing a Windows access token
* Fix tests when running in CI
* More fixes for older servers
* More fixes for Server 2008
If a service is in the 'deactivating' state running systemctl stop foo,
would wait for the foo service to actually stop before it exits. The
module didn't behave like that and it considered the deactivating state
as if the service wasn't running. This change will align the module with
the systemctl behaviour.
* Added several unit tests
* Added documentation for new syspurpose option and suboptions
* Simplified specification of module arguments
* Added new changelog file with fragments
* add npipe support to docker_swarm_service
* add changelog fragment
* tweak changelog fragment formatting
* Update lib/ansible/modules/cloud/docker/docker_swarm_service.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Removed extraneous type check from nagios module, in order to allow python 3.x
* Removed now useless import types
* Added changelog fragment
* Update changelog.
* Rebased and removed check due to module adding earlier guardrails
* Updated changelog to mention earlier fix adding now completely removed guardrails
* Remove superfluous type checks. Fix docs type.
* Update ignore.txt.
* Better cidr_ipv6 validation in ec2_group.py
* Improve warning/error handling, add changelog
* Update unit test for ipv6 validation
* Fix logic that was causing non /128 cidrs with host bits to not be handled
Check if dvswitch object is not None before accessing it's
properties such as UUID. This can be due to two reason
1. Permission issues
2. There is no association between given distributed virtual portgroup
distributed virtual switch
Fixes: #59952
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* [WIP][docker_container] Adding support for `mounts` option
Fixes#42054
* Adjusting to current standards.
* Add changelog.
* Adjust types.
* Cleanup.
* Add idempotency checks for mounts.
* Improve diff for mounts.
* Linting.
* Python 2.6 compatibility.
* Fix error message formatting.
* Move mounts and volumes tests into own file.
* Add set of mount tests.
* Golang's omitempty for bool omits false values.
* Simplify sanity checks. Correct order of volume_options sanitization and usage.
* Fix key.
* Fix check.
* Add tests where both volumes and mounts show up.
* Add collision test.
Only error out if the gid exists with a different group name as
otherwise it will error out if the group with this gid already
exists, like on a rerun of the playbook. This fixes a regression
introduced by 4898b0a4a2.
This commit allows users to access a vCenter or a ESXi through a
HTTP CONNECT based proxy.
To do so, the users have to set the `proxy_host` and `proxy_port`
variables.
The can also use the `VMWARE_PROXY_HOST` and `VMWARE_PROXY_PORT`
environment variables.
This feature depends on pyvmomi > v6.7.1.2018.12.
Fixes: #42221
Co-Author: Abhijeet Kasurde <akasurde@redhat.com>
Co-Author: Gonéri Le Bouder <goneri@redhat.com>
Refactor vmware_cluster into several modules (vmware_cluster, vmware_cluster_drs, vmware_cluster_ha and vmware_cluster_vsan) as discussed in #58023.
vmware_cluster lacks a lot of configuration options for DRS, HA and vSAN. Implementing them
all in vmware_cluster would make the module hard to maintain. Therefore, splitting it into several
modules and implementing the missing configuration options in them seems a good idea to me.
This is step one, refactoring vmware_cluster into several modules. Step two, implementing more
configuration options for DRS, HA and vSAN, will follow.
If the 'local' parameter of the 'user' Ansible module is enabled, and
the user has been found in the local user database, don't emit
a warning, because this is an expected outcome.
Add changelog and integration tests
Co-authored-by: drybed <drybjed@gmail.com>
* Fix py3 decoding issues in cyberarkpassword.py
* Use to_native instead of forced utf-8 decoding
* Use to_bytes to avoid trouble with Popen
* Create 59500-cyberarkpassword-fix-py3-decoding.yaml
* Fixed the redhat_subscription module:
- Option 'pool_ids' works in Python3 now
- It tries to attach only pools IDs that are available
- Optimization of code: do not call list --available, when
no pool is requested
- Simplified configure() method
- Small changes to generate same commands on Python2 and Python3.
Order of arguments/options and pool IDs have to be same to
be able to run unit test using Python2 and Python3.
- Added fragments file for redhat_subscribtion module
* change variable name from isinstance to is_instance (prevent overriding builtin function)
* Added support for:
- Filtering existing Elastic IPs based on a tag name or it's value (when reuse_existing_ip_allowed is true)
- Allocating new Elastic IPs from a given IPv4 pool (BYOIP support)
* yamllint corrections
* added examples for:
- tag_name,
- tag_value
- public_ipv4_pool
* remove aliases
* Added changelog fragment
* added integration tests for ec2_eip module
* removed space to trigger rebuild
* Implements etc_hosts for docker_image module
Allows custom hosts on docker_image module.
The of this option made impossible to use docker_image module to build
images that required a custom hostname in /etc/hosts. For running
containers this option was already present.
While the python-docker API uses extra_hosts term, our existing module
already uses etc_hosts argument, so it sounds better to have some
consistency between docker_container and docker_image.
Fixes: #59233
* Update test/integration/targets/docker_image/files/EtcHostsDockerfile
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update lib/ansible/modules/cloud/docker/docker_image.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/docker_image_etc_hosts.yml
Co-Authored-By: Felix Fontein <felix@fontein.de>
Previously if `sysctl_set=no` (which is the default) this module only
checked for changes in the sysctl.conf file to decide whether it should
reload it or not. This means that if the values in the conf file are the
same as they are set with the module, but the current values on the
system are different, that this module wouldn't apply the changes on the
system and thus the value set with the module wouldn't be applied on the
OS. This isn't obvious and it doesn't make sense that the module works
like that by default, especially because there is a separate option
`reload`. Now sysctl will also check if the current value differs on the
system and if it does, it will reload the file again.
Commit b7724fdf85
appears to have caused a regression, where `ip4`, `gw4`, `ip6`, `gw6`
were converted to `ipv4.address`, `ipv4.gateway` etc.
This causes bootproto (or `ipv4.method`) to remain `dhcp`, as noted in https://github.com/ansible/ansible/issues/36615
This commit only reverts the key-value pairs to the original names,
which is in line with both expectation (manual ip addr == no dhcp) and
the language used in the playbook, which is, for example, "ip4" not
"ipv4.address"
Co-authored-by: Stuart Pollock <spollock@pivotal.io>
Co-authored-by: Tyler Ramer <tramer@pivotal.io>
vmware_guest accepts 0MB as valid value for memory reservation in
virtual machine hardware configuration. This fixes the regression
introduced via 193f69064f.
Fixes: #59190
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Print warning when both an option and its alias is specified.
* Improve output.
* Put warnings into self._warnings directly, resp. use self.warn() when handling subspecs.
* Add changelog.
* Add unit test.
* Added support to create/delete mulitiple databases in MySQL
Fixes: #58370
* Added additional tests cases and fixed documentation changes
* Code refactoring and added tests for better test coverage
- Removed db_exists usage from most of the code. Used existence_list
and non_existence_list instead
- Added additional tests to cover all scenarios w.r.t creation and deletion
on multiple databases
- Added tests for dump operations
* Minor fix
* Minor fix - create check mode test
* Added dump tests for better dump tests coverage
* Removed minor database connection details
* fixed error
* Added test case for import operations
* Code refactoring and review fixes
- Added dump all test case
* Fixed review comments
* Minor review comment fixes
* Altered db_create return value
* Removed db_list and altered "does exist" to just "exist"
* Kept db and db_list in module.exit_json
* Refactored tests
- Added removal of dump2 file
* Moved import tests to state_dump_import file
* Removed import tests from multi_db_create_delete
* Updated porting guide, added RETURN block
* Minor identation fix
* Added validation to check if databases are dumped
* Create a user home directory if it has parents that do not exist
The useradd command line tool does not create parent directories. Check if the specified home path has parents that do not exist. If so, create them prior to running useradd, then set the proper permission on the created directory.
Add tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Use dict for default user group in tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Fix tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* The description has been replaced with proxy_password and proxy_username.
* Rename 59068-fix doc for yum_repository.py to 59068-fix_doc_for_yum_repository.yml
* cosmetic: Remove useless call to ec2_argument_spec()
* aws_s3: Improve ETag handling
* Extract ETag calculation into a utility function for reuse by
aws_s3_sync.
* Reduce code duplication in put/get by restructuring the logic
* Only calculate ETag when overwrite == different
* Fail gracefully when overwrite == different and MD5 isn't available
(e.g. due to FIPS-140-2).
* aws_s3: clean up integration tests
Clean up tests, add tests for overwrite settings in both directions.
* ansible-galaxy: add collection init sub command
* Fix changelog and other sanity issues
* Slim down skeleton structure, fix encoding issue on template
* Fix doc generation code to include sub commands
* Added build step
* Tidy up the build action
* Fixed up doc changes and slight testing tweaks
* Re-organise tests to use pytest
* Added publish step and fixed up issues after working with Galaxy
* Unit test improvments
* Fix unit test on 3.5
* Add remaining build tests
* Test fixes, make the integration tests clearer to debug on failures
* Removed unicode name tests until I've got further clarification
* Added publish unit tests
* Change expected length value
* Added collection install steps, tests forthcoming
* Added unit tests for collection install entrypoint
* Added some more tests for collection install
* follow proper encoding rules and added more tests
* Add remaining tests
* tidied up tests and code based on review
* exclude pre-release versions from galaxy API
* Handles:
PSAvoidTrailingWhitespace
PSAvoidGlobalVars
PSAvoidAssignmentToAutomaticVariable
PSAvoidUsingCmdletAliases
PSAvoidUsingWriteHost
PSUseDeclaredVarsMoreThanAssignments
PSUsePSCredentialType
PSAvoidUsingPositionalParameters
PSAvoidUsingEmptyCatchBlock
PSAvoidUsingWMICmdlet
Replaced Write-Host with Write-Output
Added smart reboot check for win_domain feature installation
Modify the Creation of the pagefileto fit to CIM
Changelog fragment addition
Ignore.txt without fixes
* Changes after community reviews
* Change Out-Null to '> $null'
* Fixes after jborean93 comments
* Test
* Revert "Test"
This reverts commit 35c5c0648fa9d2868a18094d84954e53ffa28880.
* Removed all > $null since they broke the module since the output got dumped
* run test again
* Revert "run test again"
This reverts commit 80eaf07143f9d8cb0116cbbc68a6a69c0ace840c.
* Changes after community review
* ignore PSUseDeclaredVarsMoreThanAssignments that are on a diffrent PR
* CI failed on extra line in ignore.txt
* Review changes
* PSlint errors
* Trail space
* send to null breaks the tests for Set-Workgroup
* Lint stuff
* win_domain_user issue of indent.
* Update win_domain_user.ps1
* Update win_domain_membership.ps1
* Fix redirect to null
* lint space issue
* removed return from set-workgroup
* removed send to null
* Add purge_tags to s3_bucket to allow preservation of existing tags
Adding `purge_tags` with default `True` to maintain existing behaviour
allows users to set it to `False` to preserve existing tags
Fixes#29366
* s3_bucket: Add further tests and improve tag handling further
Additional tests for purge_tags: False suggested some incorrect
logic and thus further improvements
Increase wait timeout on bucket deletion as it wasn't always completing
in the default 100 seconds
* win_domain_user - MAke the query user try catch block more accurate for missing identity
* change to minor_changes
* Update win_domain_user-make-query-try-catch-accurate.yml
* Update win_domain_user-make-query-try-catch-accurate.yml
* Correct get_option function name and change flags to become_flags
* Remove the '--' from the returned command
* add changelog fragment
* change changelog fragment description
* move the -q argument to machinectl before the shell argument to resolve issues with machinectl v230 (see #56571)
os_quota checks the current quotas for compute, network and volume
services and fails when no volume service is found in the catalog.
Since openstack test deployments without volume services are common,
os_quota shouldn't fail if such service is missing.
This was originally fixed in d31a09ceb7
and later adapted to catch exceptions raised by shade. Since then, this
module moved to using openstacksdk, which doesn't catch the exception
raised by keystoneauth1.
Fixes#41240
In rabbitmq_binding.py the SSL parameters ca_cert, client_cert, client_key were only passed to requests for post requests.
This change updates the DELETE and GET requests to include these parameters as well.
* Fix onepassword lookup plugin crashing on fields with no 'name' or 't' property.
* Fix onepassword_facts module crashing on fields with no 'name' or 't' property.
* Add unit test for onepassword lookup plugin failing on entries without a name.
* Add changelog fragment for onepassword lookup plugin and onepassword_facts module fixes on fields without a name.
* Fix notifying handlers by using an exact match rather than a string subset if listen is text rather than a list
* Enforce better type checking for listeners
* Share code for validating handler listeners
* Add test for handlers without names
* Add test for templating in handlers
* Add test for include_role
* Add a couple notes about 'listen' for handlers
* changelog
* Add a test for handlers without names
* Test templating in handlers
* changelog
* Add some tests for include_role
* Add a couple notes about 'listen' for handlers
* make more sense
* move local function into a class method
* Lookup secret id by name if not set
* Lookup config id by name if not set
* Add changelog fragment
* Remove usage of secret/config_id in examples
* Python 2.6 compat
* Extend secrets and configs tests
Module tracebacks may be reported on stdout instead of stderr when
using some connection plugins. For example, the ssh connection plugin
will report tracebacks on stdout due to use of the -tt option.
This change results in tracebacks being recognized on both stdout
and stderr, instead of the previous behavior of just stderr.
ci_complete
When provided with a wrong password `rabbitmqctl
authenticate_user` returns a non-zero exit code
(65). This seems to be unexpected by the module and
it fails when `update_password` is set to 'always'.
To mitigate this behavior we augment the `_exec`
method by adding a `check_rc` flag (which defaults
to `True`, hence it's backward-compatible) and
override it when we need it (in `check_password`
method to address #56164).
* win_pagefile - Fix idempotency when same settings as current
* Fix tests and code
* Fix problem with system managed
* Fix again systemmanaged detection
* Change check of systemmanged in creation
* Fix readability and wrong flag for test
* openssh_keypair: bugfix make regenerating keypairs via force possible / add invalid file handling
* openssh_keypair: change permissions of read-only file instead of deleting it for regeneration; add changelog fragment
* address review feedbak, refactor
* add integration tests for bigfixes
* linter: fix indent
* fixup integration tests: use force when regenerating an invalid file
* linter: fix indent
* openssh_keypair: address review feedback
* openssh_keypair: fixup, remove backtick
* openssh_keypair: address review feedback
* Only pass 'y' into stdin of ssh-keygen when file exists.
* Allow multiple databases(not all) to be dumped from mysql
Fixes: #56059
* Altered fail message to provide atleast one database name
* Minor grammatical fix
* Fix failing SAN comparison for older cryptography versions due to not implemented __hashh__ functions.
* Fix SAN comparison: IPv6 addresses need to be normalized before comparing strings.
* Add changelog.
* Fix comment.
* Improve error for docker modules when docker-py can't be imported.
* Add changelog.
* Mention platform and Python interpreter in more cases.
* Clarify wording.
* Adjust tests.
* Adjust hostname classes based on output from distro
Corrects the following:
- OpenSUSE Leap
- ArchARM
- Oracle Linux
* Add CoreOS and Clear Linux distributions
Python 3 only allows strings through the config parser. This is fine for
the URL, Username, and Password since these values are required. The CA
File is optional so an empty string is used in leiu of None in the
config dictionary.
* Implement display_ok_hosts and display_skipped_hosts like default callback
* Implement show_custom_stats and display_failed_stderr like default callback
* Fix pep8
* Clarify conditional
* Changelog fragment
* Import from defaults.py per feedback
* Improve general error behavior if a Docker error is not caught.
* Don't die when network doesn't exist.
* Add changelog.
* Make API version always available. Also catch errors when retrieving version.
* Fix error message.
* Adjust fallback error messages.
* ssh: Ensure debug messages are properly converted to text. Fixes#57843
* surrogate_then_replace is default, be less explicit
* We only needed to_text for display, not exceptions
* Change expected config source
* make it conditional
* rename property
* Add changelog fragment
* make it string
* Update changelogs/fragments/57969-docker_container-change-expected-config-source.yml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Initial proposal for new parameter option for response format
- output_version parameter dictates the response key case
- new is snake_case, old is camelCase
- If new, conversion is done at the end of module execution
- This is purely a proposal and not a final draft
* Add support for ANSIBLE_MERAKI_FORMAT env var
- If env var is set to 'camelcase' it will output camelcase
- Otherwise, will default to snakecase
- Added note to documentation fragment
- As of now, all module documentation needs to be updated
* Fix pep8 errors and remove output_version args
* Restructure check in exit_json so it actually works
* Add changelog fragment
* Change output_format to a parameter with env var fallback
- ANSIBLE_MERAKI_FORMAT is the valid env var
- Added documentation
* Convert to camel_dict_to_snake_dict() which is from Ansible
- Fixed integration tests
* Fix yaml lint error
* exit_json camel_case conversion handles no data
- exit_json would fail if data wasn't provided
- Updated 3 integration tests for new naming convention
* convert_camel_to_snake() handles lists and dicts
- The native Ansible method doesn't handle first level lists
- convert_camel_to_snake() acts simply as a wrapper for the method
- There maybe a situation where nested lists are a problem, must test
- Fixed integration tests in some modules
* A few integration test fixes
* Convert response documentation to snake case
* assign a sane default to yum/dnf lock_timeout, in line with cli
Fixes#57189
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix typo in changelog snippet
Signed-off-by: Adam Miller <admiller@redhat.com>
* Updated testcase
* Added check mode support
* Added check for mutual exclusive for Name and UUID
Fixes: #57580
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
To get all instances gcp_compute made a call to the Google API for each
zone separately. Because of this if all zones needed to be queried
fetching hosts lasted 30+ seconds. Now the module will use a single
query that will return all the instances, so the execution should last
just a few seconds.
This commit also suppresses a warning from the google-auth library about
using user credentials because if an Ansible user wants to use user
credentials, there is no need to warn him about it.
* update vxlan
* add a changelog fragment for the PR 57264
* Update 57264-update-vxlan-to-fix-bugs.yml
update for change request
* Update ce_vxlan_vap.py
remove commented codes.
* Improve change reporting for meraki_ssid
- Documentation is more clear about dependencies
- Not all change reports are accurate without new algorithm
- Improved integration tests
* Rename changelog fragment
* Enable all tests in integration tests
- Fix type merging
* Add more integration tests for code coverage
* Update URL creation
* Add support for check mode
* Add diff support
- diff support is based on "have" and "want" data structures.
- Review needs to be done on the diffs for accuracy and usefulness.
- Changed change mode changed responses to be accurate.
* Remove config template based integration tests
* set ovirt disk active default value to True
* disk default activate only when creating
* correct comment syntax
* add changelog
* ovirt disk activate update docs
* Remove usage of global var log_path
* Add changelog and edit ignore.txt
* win_pagefile: not using testPath
* Revert "win_pagefile: not using testPath"
This reverts commit c8bc10234048257414454905e1c860a8f57a3b3f.
* PSLint error
* Update win_domain_membership.ps1
* Update win_domain_controller.ps1
* "setup.ps1" - Change $env:COMPUTERNAME to [System.Net.Dns]::GetHostName(), to support non NETBIOS compliant hostnames
* Change method to base on WMI
* changed ansible_domain to use WMI
* Fixed per review
* Fixed dot stuff
* Revert "Fixed dot stuff"
This reverts commit a1d5be00f1.
* dot stuff
* dot stuff 2.0
* Update setup.ps1
* Wrap this up to go
Folder creation API is only supported by vCenter, specifying
Standalone ESXi system will raise error.
This fix adds an user warning for suggesting this restriction.
Fixes: #49938
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* postgresql_idx: self.__exec_sql -> module_utils.postgres.exec_sql
* postgresql_idx: exec_sql, added a changelog fragment
* postgresql_idx: exec_sql, fix the changelog fragment
* postgresql modules: use postgres.exec_sql instead of __exec_sql methods
* postgresql modules: use exec_sql, added changelog fragment
* Update changelogs/fragments/57674-postgres_modules_use_exec_sql_instead_of_methods.yml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* win_domain_group_membership - Fix missing @extra_vars on Get-ADObject to support dirrent domain and credentials for retrival
* win_domain_group_membership - Fix missing extra_vars on Get-ADObject
* Merge authentication options back into a single field to prevent losing options beyond the first
* Add integration test and changelog
* Fix multiple options for local type connections. Also fix sorting errors between local type connections that lack a src
* Build again because of github problems?
* Add spaces before comments
The extant documentation says that the fingerprint return value is a
single string, but it is currently being returned as a split list.
Convert the returned value to a string as documented, and add some
basic test-case coverage for the return values.
PR #55396
Make Git module support `--valid-pgpkeys` option, which allows
configuring a list of valid PGP fingerprints which are compared with the
used PGP fingerprint if verify_commit is true. This requires
verify_commit to be set to 'yes'.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
* Add support for check mode.
* Add diff support
- Need to analyze diff for accuracy
- Updated check mode changed value
* Improve test coverage
* Remove a duplicate integration test
* Add support for check mode
* Add changelog fragment
* Add diff support
- Fix a few changed status
- Removed auth_key check since that's done in module_utils now
* win_chocolatey - honour version when bootstrapping chocolatey
* skip upgrade all step
* Fix install latest step
* Remove test changes now that Chocolatey is released
* tweak the package version detection
* Fix order for warning on templated conditionals
Fix bare variable warnings when the variable is a boolean
* changelog
* Add tests for cases that should and should not give warnings
If the behavior may change when the default behavior for CONDITIONAL_BARE_VARS becomes False there should be a warning. Boolean type conditionals will not change in behavior so don't warn.
* oops, forgot to add files
* typo
* Allow syslog_json callback options to be set in an Ansible configuration file.
The syslog_json documentation says that it supports options via an Ansible
configuration file. In fact, they can only be specified via environment
variables.
I've updated the module to use the standard "get_options" handling which means
that it can now support options via environment variables *or* the
configuration file.
Options can be set in the configuration file as follows:
```
callback_whitelist = syslog_json
[callback_syslog_json]
syslog_server = localhost
syslog_port = 514
syslog_facility = user
```
* Use the original, documented, names for the modules options.
In the documentation text change syslog_server to server, syslog_port to port
and syslog_facility to facility.
* Add an item to the changelog.
* Update 57232-syslog-json-configuration-options.yml
Fix a YAML syntax error / typo.
* Adding integration test for 127.0.0.1/32 and ::1/128.
* Making sure file is not corrupted when render fails
* Fixes#56430
* Adding changelog for MR 57147/Issue 56430
* Add support for check mode
* Check mode returns proper changed status
- Added is_template_valid()
- Restructured check_mode so it will always return data
- Check mode should show proper changed status
- Code is untested and integration tests need to be expanded
* Fix deleting networks
- Add integration tests for deleting networks
- Refine tests based on changed/unchanged
* Remove one task from integration test
* Add support for disableRemoteStatusPage
- New feature in the Meraki API
- Yes, it's a double negative, I may fix at some point
* Remove double negative
- All disables became enable and logic is reversed
- This isn't yet tested
* Switching computers!!!
* Apply changes to make the logic work, even reversed
* Attempt to fix some formatting errors
* Add documentation fragment
* Fix whitespace
* Add disable_my_meraki back, with deprecation notice
* Edit changelog notice
* Update deprecation version
* Update example to be a block and change deprecation message.
* Remove duplicate delegate_to
* Change deprecation notice.
* Rewrite idempotency check
- Check now operates recursively and works on multiple types
- Order of lists matter
* Remove blank line for lint
* Fixed idempotency checks in meraki_ssid
- New sanitize() method for finding keys unique in compared dicts
- Fixed bug in meraki_ssid where SSID specified by number breaks
- This will require a backport
- Converted ignored_keys from tuple to list
* Made changes required for idempotency
* Add changelog fragment
* Add unidirectional option for testing
* Disable option 1 check
* General fixes for is_update_required testing
- Added commented out debug statements in method
- Fixed ignored_keys modifications
* Remove old commented algorithm
Add check for all policy fields (name, apply_to, pattern, tags,
priority) to have correct changed state. Previosly changed state was
based on policy name only.
* Add support for rabbitmq 3.7
* Fix exec args for rabbitmqctl status
* Add changelog and fix description for Ansible 2.9
* Return results even when the cache is disabled
By default the cache is disabled and so the results of the API call
are not placed in there for the return statement to fetch.
* Always update self._cache to return