Commit graph

794 commits

Author SHA1 Message Date
Andrea Tartaglia
36a790dcde New cryptography backend for openssl_certificate (#53924)
* New cryptography backend for openssl_certificate

load_* functions in module_utils/crypto.py now have a backend paramter
which when set to 'cryptography' will return cryptography objects so
they can be used for both pyopenssl and cryptography backends.
Added a select_message_digest function too returning a cryptography
digest hash from `cryptography.hazmat.primitives.hashes`
Added new classes for Cryptography backend

* Run test with various backends.

* Prefixing tests.

* Make sure we have the correct backend available.

* Linting (flake8).

* Moved cryptography import to separate try/except

* Make sure certificate is actually valid at some time in the past.

* Improve error handling.

* Trying to fix validation for cryptography backend.

* Fixed issue with keyUsage test in assertonly

* Fixed CI/Lint issues

* Fix private key problem for OwnCA.

* Cryptography backend doesn't support v2 certs.

* issue an expired cert with command when using cryptography backend

* Added warning when backend is auto and v2 cert is requested

* Bumped min cryptography version to  1.6

* Correctly check for failure when backend is cryptography and cert is v2

* Use self.backend where possible

* Use secp521r1 EC when testing on CentOS6

* Fixed pylint issue

* AcmeCertificate support for both backends

* Review fixes

* Fixed missing '(' when raising error

* Fixed date_fmt loop

* Updated docs and requirements with cryptography

* Add openssl_certificate to changelog.
2019-03-22 13:21:23 +00:00
Christian Rohmann
90c092a104 Allow configuration of connection_limit per postgresql database (postgresql_db) (#40345)
Fixes #40060

* Fix coding style errors
* Use CONNECTION LIMIT (no underscore)
* From review done by amenonsen and bcoca - Set default at None, make the change detection less confusing
* Added EXAMPLE on how to apply a database specific connection limit
* Added some basic tests for conn_limit applied to a database
* Check that conn_limit has actually been set / updated to 200
* Add changelog fragment regarding postgresql_db conn_limit parameter
2019-03-22 18:21:39 +05:30
Felix Fontein
1a94cf140c openssl_publickey: fix handling of OpenSSH private keys with passphrase (#54192)
* Cleanup.
* Make sure that OpenSSH passphrases are handled correctly.
* Add changelog.
2019-03-22 16:15:55 +05:30
David Passante
aa32164d15 cs_volume: add volumes extraction and upload features (#54111)
* cs_volume: add volumes extraction and upload features

* cs_volume: Update doc, remove deprecated code

* cs_volume: Add unit tests for extract and upload features
2019-03-22 07:09:26 +01:00
Alexander Bethke
f9c7ccbb41 Fixes flatpak module to work with flatpak >=1.2.0, fixes #51485 (#51482)
* Fixes flatpak module to work with flatpak >=1.2.0, fixes #51481

This keeps backwards-compatibility for flatpak versions before 1.2.0

* Fixes typeo

Co-Authored-By: oolongbrothers <oolongbrothers@zeibar.net>
2019-03-21 15:57:41 +00:00
tcraxs
bb61d7527f #50877: add support to postgresql_privs to use "FOR { ROLE | USER } target_role" in "ALTER DEFAULT PRIVILEGES" (#51073)
* #50877:
* add support to postgresql_privs to use "FOR { ROLE | USER } target_role"
   in "ALTER DEFAULT PRIVILEGES"

* fix sanity errors

* #50877: fix documentation and add a check for correct usage
of target_roles

*  #50877: fix missing absent option for default privs with target_role

* #50877: add clear description, when target_roles can be used

* #50877: fix conflicts, formatting, and add a changelog fragment

* #50877: fix sanity error E335

* #50877: swap conditions and fix error to warning msg

*  #50877: add tests for default privileges

* #50877: fix tests for default privileges

* #50877: fix tests for default privileges on centos 6
2019-03-21 13:26:44 +00:00
René Moser
f885717f74 fix typo (#54166) 2019-03-21 10:08:54 +01:00
Felix Fontein
8d62794f91 docker: rename docker_*_facts -> docker_*_info (#54124)
* Rename docker_*_facts -> docker_*_info.

* Add changelog.

* Update scenario guide.
2019-03-21 08:37:18 +00:00
René Moser
c5609c51bf
include_tasks: fix traceback if no file specified (#54044) 2019-03-20 19:17:20 +01:00
Martin Krizek
0e28ab4528
Template run_once for handlers (#54030)
Fixes #27237
2019-03-20 14:46:19 +01:00
Brian Coca
d1a688b1d7
dict is dict (#54057) 2019-03-20 09:37:34 -04:00
Felix Fontein
05bca95ab1 ACME: rename acme_account_facts -> acme_account_info (#54082)
* Rename acme_account_facts -> acme_account_info.

* Add changelog fragment.
2019-03-20 13:21:28 +00:00
Hannes Ljungberg
7a3f9456ef docker_swarm_service: Make resolve_image default to false (#54018)
* Make resolve_image default to false

* Check resolve_image versions regularly
2019-03-19 18:58:51 -04:00
Felix Fontein
847a86beef docker_image: allow proxy config (#53905)
* Simplify checks.

* Add use_config_proxy option.

* Add changelog.

* Avoid docker-py crash.
2019-03-19 13:58:16 -04:00
Sorin Sbarnea
014cb73694 Facts: Use vm_stat instead of sysctl for free memory (#52917)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-03-19 08:52:52 +05:30
Jordan Borean
7ab77f6c8a
win_psexec - support paths with a space (#54009) 2019-03-19 12:51:30 +10:00
Jordan Borean
cf24542e9f
win_get_url - fix glob like paths (#54008) 2019-03-19 12:01:35 +10:00
Jordan Borean
eb18df1a0f
win_certificate_store - fix glob like paths (#54007) 2019-03-19 11:49:25 +10:00
Jordan Borean
2f1bc34589
win_copy - fix glob like paths (#54006) 2019-03-19 11:22:17 +10:00
Jordan Borean
8a4079ddbf
win_find - fix glob like paths (#54005) 2019-03-19 10:30:11 +10:00
Jordan Borean
c053bc1fc7
win_file - fix glob like paths (#54003) 2019-03-19 09:20:33 +10:00
Felix Fontein
e00f315358 openssl_privatekey: add backup option (#53593)
* Add backup option to openssl_privatekey.

* Add changelog fragment.

* Make module available in remove().

* Add tests for backup.

* Update lib/ansible/modules/crypto/openssl_privatekey.py

Co-Authored-By: felixfontein <felix@fontein.de>

* Update lib/ansible/modules/crypto/openssl_privatekey.py

Co-Authored-By: felixfontein <felix@fontein.de>

* Update lib/ansible/modules/crypto/openssl_privatekey.py

Co-Authored-By: felixfontein <felix@fontein.de>

* Update lib/ansible/modules/crypto/openssl_privatekey.py
2019-03-18 16:34:47 +00:00
MonsieurBon
eb790cd3c6 Added support for iptables module iprange (#53732) (#53732) 2019-03-18 13:05:04 +00:00
Felix Fontein
50d56ca89d docker_image: stop pulling by default on build (#53911)
* Prepare to change default of build.pull from yes to no in Ansible 2.12.

* Specify build.pull.

* Add changelog.

* Fix bad indent.
2019-03-18 01:34:07 -04:00
David Passante
e62fc508ad cs_network_offering: Add choice list for supported_services in arg_spec (#53901) 2019-03-16 13:43:27 +01:00
Jordan Borean
980ca564ce
windows - Fix module utils with glob paths (#53835)
* windows - Fix module utils with glob paths

* fix link util tests when using DOS 8.3 paths
2019-03-15 19:44:53 +10:00
Jordan Borean
cac3c6efcf
win_chocolatey - Fix incompatibilities with latest Chocolatey release (#53841) 2019-03-15 16:40:30 +10:00
Jordan Borean
d00418c924
win_slurp - fix glob like paths (#53831) 2019-03-15 14:59:01 +10:00
Jordan Borean
d063cefb64
win_owner - fix glob like paths (#53830)
* win_owner - fix glob like paths

* Fix issues on older PS versions
2019-03-15 14:58:15 +10:00
Jordan Borean
3cfa71bff0
win_acl_inheritance - fix glob like paths (#53829) 2019-03-15 14:57:59 +10:00
Jordan Borean
aba6f5f50d
win_acl - fix glob file paths (#53828) 2019-03-15 14:57:41 +10:00
Jordan Borean
4f9de45785
win_tempfile - return absolute path on created temp file (#53827)
* win_tempfile - return absolute path on created temp file

* Fix tests for CI
2019-03-15 14:57:27 +10:00
Sam Doran
1e595493d9
User module - Check local database when local is specified in the task (#51088)
The output of pw.getpwnam() does not distinbuish between local and remote accounts. It will return a result if an account exists locally or in the directory. When local is set to True in the task parameters, look through the local password database explicitly.

* Ensure luseradd is present for tests
* Add docs and warnings about local mode
2019-03-14 22:16:53 -04:00
Sloane Hertel
87ebc56de6 Allow parent groups to be variables or literal (#53649)
* Allow parent groups to be variables or literal, requires {{ }}
* Check strict before failing on templating errors
* Don't add a group if an invalid parent group was provided
2019-03-14 14:22:18 -04:00
Brian Coca
e280f2f7b0
Try to get correct buffer size to avoid races (#53547)
* Try to get correct buffer size to avoid races

  fixes #51393

* fix test, mock buffer function since all is mocked
2019-03-14 11:04:56 -04:00
Matteo Ferrando
86405b8fe4 (postgresql_privs) accept 'ALL_IN_SCHEMA' objs for 'function' type (#35331)
* avoid using Postgres formatting function
* add tests for ALL FUNCTIONS IN SCHEMA
* documentation and changelog
* requested changes in tests
* fixed changelog
2019-03-14 20:21:05 +05:30
Felix Fontein
fbbab7429e docker_*: report more warnings (#53710)
* More warnings.

* Add changelog.

* Improve docstring.
2019-03-14 09:55:16 +00:00
Felix Fontein
35e7fb776a docker_image: improve usage (#52894)
* Add source option.

* Split force parameter into force_source, force_absent and force_tag.

* Move all build-related options into a suboption called build.

* Add changelog.
2019-03-14 09:46:38 +00:00
Matt Clay
f6d12fc918 Fix changelog entries using strings for sections. 2019-03-13 23:43:15 -07:00
Matt Clay
7f0e09aa31
Keep existing to_yaml behavior with pyyaml >= 5.1. (#53772)
In pyyaml versions before 5.1 the default_flow_style for yaml.dump
was None. Starting with 5.1 it is now False. This change explicitly
sets the value to None to maintain the original to_yaml behavior.

The change to pyyaml was made in the following commit:

507a464ce6
2019-03-13 16:43:26 -07:00
Brian Coca
42e6700a71 Undeprecate force handlers (#53705)
* removed deprecation notice, made comment instead

* remove noisy deprecation

* space
2019-03-13 15:45:52 -05:00
David Passante
244a9a83aa cs_iso: fix missing param "is_public" (#53740)
* cs_iso: fix missing param "is_public"

* add changelog fragment
2019-03-13 19:06:44 +01:00
Andrey Klychkov
d30879a0b7 postgresql_db - Handle pg_dump return code (#52985)
Handle return code return by pg_dump command

Fixes: #40424
2019-03-13 18:01:50 +05:30
Abhijeet Kasurde
f0ef4dae05
iptables: Add support for gateway parameter (#53465)
When user specifies the JUMP value to 'tee', gateway is required.
This fix adds new parameter 'gateway' to support this functionality.

Fixes: #53170

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2019-03-13 17:47:44 +05:30
Felix Fontein
c2cb82ec14 ACME: add support for IP identifiers (#53660)
* Adding support for IP identifiers according to https://tools.ietf.org/html/draft-ietf-acme-ip-05.

* Add changelog.

* Make sure that the authorizations return value is unchanged for CSRs with DNS-only SANs.

* Remove unneeded import.

* type -> identifier_type

* Python 2.6 compatibility.

* Fix unit tests.

* Add IP address normalization.

* Extend tests.

* Move data into fixtures.

* Adjust BOTMETA.
2019-03-13 10:16:56 +01:00
Felix Fontein
028facdfed acme_challenge_cert_helper: add support for IP identifiers (#53661)
* Add IP address identifier support to acme_challenge_cert_helper.

* Add changelog.

* type -> identifier_type.
2019-03-13 10:15:57 +01:00
Jason Witkowski
acdb4c3ede Fix min_size reference where type is None (#53669) 2019-03-12 21:31:03 -04:00
Jordan Borean
3d23e47c53
win_reboot - Fix rc validation when using psrp and add extra docs (#53711)
* win_reboot - Fix rc validation when using psrp and add extra docs

* Revert boot time command and fix docs
2019-03-13 10:43:02 +10:00
Brian Coca
b793f08a92
fixes for stripping (#52930)
function changed to do in place replacement, should be less expensive even with copy as it avoids 'sub copies', can compose with module_args_copy to create replacement for old behavior

  attempt to fix #52910

* handle lists and subdicts correctly
* added  missing exception case, which was not noticed since 'cleaning' was not working
* added comments to clarify exceptions
2019-03-12 18:18:38 -04:00
Brian Coca
a8eb25ac14
clear all loader caches with new dir for plugin (#53413)
* clear all loader caches with new dir for plugin

  fixes #17078

* added toggle to revert behaviour
2019-03-12 16:19:56 -04:00