Commit graph

807 commits

Author SHA1 Message Date
Adrian Likins
934b645191 Support multiple vault passwords (#22756)
Fixes #13243

** Add --vault-id to name/identify multiple vault passwords

Use --vault-id to indicate id and path/type

 --vault-id=prompt  # prompt for default vault id password
 --vault-id=myorg@prompt  # prompt for a vault_id named 'myorg'
 --vault-id=a_password_file  # load ./a_password_file for default id
 --vault-id=myorg@a_password_file # load file for 'myorg' vault id

vault_id's are created implicitly for existing --vault-password-file
and --ask-vault-pass options.

Vault ids are just for UX purposes and bookkeeping. Only the vault
payload and the password bytestring is needed to decrypt a
vault blob.

Replace passing password around everywhere with
a VaultSecrets object.

If we specify a vault_id, mention that in password prompts

Specifying multiple -vault-password-files will
now try each until one works

** Rev vault format in a backwards compatible way

The 1.2 vault format adds the vault_id to the header line
of the vault text. This is backwards compatible with older
versions of ansible. Old versions will just ignore it and
treat it as the default (and only) vault id.

Note: only 2.4+ supports multiple vault passwords, so while
earlier ansible versions can read the vault-1.2 format, it
does not make them magically support multiple vault passwords.

use 1.1 format for 'default' vault_id

Vaulted items that need to include a vault_id will be
written in 1.2 format.

If we set a new DEFAULT_VAULT_IDENTITY, then the default will
use version 1.2

vault will only use a vault_id if one is specified. So if none
is specified and C.DEFAULT_VAULT_IDENTITY is 'default'
we use the old format.

** Changes/refactors needed to implement multiple vault passwords

raise exceptions on decrypt fail, check vault id early

split out parsing the vault plaintext envelope (with the
sha/original plaintext) to _split_plaintext_envelope()

some cli fixups for specifying multiple paths in
the unfrack_paths optparse callback

fix py3 dict.keys() 'dict_keys object is not indexable' error

pluralize cli.options.vault_password_file -> vault_password_files
pluralize cli.options.new_vault_password_file -> new_vault_password_files
pluralize cli.options.vault_id -> cli.options.vault_ids

** Add a config option (vault_id_match) to force vault id matching.

With 'vault_id_match=True' and an ansible
vault that provides a vault_id, then decryption will require
that a matching vault_id is required. (via
--vault-id=my_vault_id@password_file, for ex).

In other words, if the config option is true, then only
the vault secrets with matching vault ids are candidates for
decrypting a vault. If option is false (the default), then
all of the provided vault secrets will be selected.

If a user doesn't want all vault secrets to be tried to
decrypt any vault content, they can enable this option.

Note: The vault id used for the match is not encrypted or
cryptographically signed. It is just a label/id/nickname used
for referencing a specific vault secret.
2017-07-28 15:20:58 -04:00
James Mighion
a328e96455 Adding aireos_config module (#27408)
* Adding aireos_config module.

* Fixing pep8 W291.
2017-07-29 00:36:04 +05:30
Trishna Guha
6d1bd33aa5 fix iosxr_banner (#27378)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-07-28 17:09:04 +05:30
Trishna Guha
a49c419651 fix nxos_vrf_af nxapi & cli (#27307)
* fix nxapi failure #27142

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* fix nxos_vrf_af nxapi and cli

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-07-28 09:02:02 +05:30
David Newswanger
81151ef02c Remove Deprecated Template network modules (#27076)
* removed deprecated networking template modules

* update changelog

* update changelog
2017-07-27 19:40:11 +01:00
saichint
9b9a8749da Add integration tests and fix nxos providers (#26913)
* fix issues with python3.x

* Add integration testa and fix for nxos_evpn_vni

* add nxos_evpn_vni to nxos.yaml

* fix get_vtp_config()

* add new integration tests

* fix rollback

* add integration test files
2017-07-27 09:32:35 -04:00
Matt Davis
3f1ec6b862 add custom module type validation (#27183)
* Module argument_spec now accepts a callable for the type argument, which is passed through and called with the value when appropriate. On validation/conversion failure, the name of the callable (or its type as a fallback) is used in the error message.
* adds basic smoke tests for custom callable validator functionality
2017-07-26 16:12:50 -07:00
Trishna Guha
41ce724801 fix nxos_hsrp (#27306)
* fix nxos_hsrp

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* modify nxos_hsrp test

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-07-26 11:38:55 +05:30
Toshio Kuratomi
802c9efaa3 Disable abstract-class-instantiated for smoketests
These tests are actually checking that the classes will error out if
they are still abstracted and instantiated
2017-07-25 15:58:23 -07:00
Toshio Kuratomi
225fa5d092 Fix undefined variables, basestring usage, and some associated python3 issues 2017-07-25 15:58:23 -07:00
Toshio Kuratomi
9f7b0dfc30 Remove automatic use of system six
* Enable the pylint no-name-in-module check.  Checks that identifiers in
  imports actually exist.  When we do this, we also have to ignore
  _MovedItems used in our bundled six.  This means pylint won't check
  for bad imports below ansible.module_utils.six.moves but that's
  something that pylint punts on with a system copy of six so this is
  still an improvement.
* Remove automatic use of system six.  The exec in the six code which
  tried to use a system library if available destroyed pylint's ability
  to check for imports of identifiers which did not exist (the
  no-name-in-module check).  That test is important enough that we
  should sacrifice the bundling detection in favour of the test.
  Distributions that want to unbundle six can replace the bundled six in
  ansible/module_utils/six/__init__.py to unbundle.  however, be aware
  that six is tricky to unbundle.  They may want to base their efforts
  off the code we were using:

  2fff690caa/lib/ansible/module_utils/six/__init__.py

* Update tests for new location of bundled six Several code-smell tests
  whitelist the bundled six library.  Update the path to the library so
  that they work.

* Also check for basestring in modules as the enabled pylint tests will
  also point out basestring usage for us.
2017-07-25 15:58:23 -07:00
Ricardo Carrillo Cruz
3a3bdde869 Fix multiple code and test issues on iosxr (#27267)
* Fix multiple code and test issues on iosxr

It passes the integration tests now.
Fixes #27123

* Fix pep8 issue

* Fix unit tests
2017-07-25 17:21:53 +02:00
Philippe Dellaert
c00554735f New module: management of the Nuage Networks VSP SDN solution (network/nuage/nuage_vspk) (#24895)
* Nuage module and unit tests with requested changes

* Cleanup of imports

* Adding check on python version

* Adding import try and catch wrappers

* Cleanup of requirements and adding integration tests

* Using pypi package for simulator

* Cleanup of requirements and adding integration tests

* Adding aliases for integration tests

* Adding module to import sanity test skip list

* Revert "Adding module to import sanity test skip list"

This reverts commit eab23af8c5.

* Adding check for importlib and cleanup of requirements
2017-07-25 12:35:03 +01:00
Toshio Kuratomi
47f26ee11c Refactor the tests for _symbolic_mode_to_octal
* Move tests to their own file
* Port to a pytest parametrized test so it's easier to define new tests
* Now that _symbolic_mode_to_octal is a classmethod, we don't have to
  instantiate an AnsibleModule to test it.
* Add tests for #14994, having more than one operator per role and umask
  chmod
2017-07-24 10:08:51 -07:00
Frederic Lepied
7a02f2545a Allow to skip test_aci_rest if no xmljson is installed
There is no such package in Fedora so building the Fedora package fails. See
e970237a2f_ffe3b87d/rpmbuild.log

Introduced by e970237a2f
2017-07-20 19:56:21 -07:00
Nathaniel Case
85e7e342b0 nxos_bgp_af correct parents (#26996)
* move config location

* client-to-client is inverse of BOOL_PARAMS
2017-07-20 13:42:26 -04:00
Gabor Lekeny
7eab802669 SSH fails with '"parsed": false' error message
Fixes: #15436
2017-07-20 08:09:42 -07:00
Pilou
556a1daa33 fix searched paths in DataLoader.path_dwim_relative (avoid AnsibleFileNotFound) (#26729)
* add unit test: nested dynamic includes

* nested dynamic includes: avoid AnsibleFileNotFound error

Error was:
Unable to retrieve file contents
Could not find or access 'include2.yml'

Before 8f758204cf, at the end of
'path_dwim_relative' method, the 'search' variable contained amongst
others paths:
'/tmp/roles/testrole/tasks/tasks/included.yml' and
'/tmp/roles/testrole/tasks/included.yml'.
The commit mentioned before removed the last one despite the method
docstrings specify 'with or without explicitly named dirname subdirs'.

* add integration test: nested includes
2017-07-20 10:26:13 -04:00
Nathaniel Case
56a0b988a9 nxos integration fix part 1 (#27069)
* Assorted Python 3 fixes

* Fix `testcase` definition in integration tests

* Fix nxos_acl_interface

* clean up nxapi after nxos_nxapi
2017-07-19 14:00:05 -04:00
James Mighion
b8337ee9d3 New module aireos_command (#26769)
* Adding ciscowlc_command module and unit tests.

* Adding __init__.py for unit test.

* Fixing PEP8 W503.

* Renaming module from ciscowlc_command to aire_command.

* Renaming aire_command to aireos_command.
2017-07-19 23:14:52 +05:30
Frederic Lepied
65d093d9a7 Skip f5 tests if f5-sdk is not installed (#27035)
Fixes: bug #27034

Introduced by 278fa552f8
2017-07-19 10:09:25 -06:00
Tim Rupp
09e9b4b4ba Adds refactored bigip_monitor_tcp (#26842)
This module needed to be refactored to use the REST API and
coding conventions for newer modules. This patch adds those changes.
This patch also deprecates params in favor of separate modules. These
deprecated params will be removed in 2.5.

Unit tests are provided. Integration tests can be found here

https://github.com/F5Networks/f5-ansible/blob/devel/test/integration/bigip_monitor_tcp.yaml#L23
https://github.com/F5Networks/f5-ansible/tree/devel/test/integration/targets/bigip_monitor_tcp/tasks
2017-07-19 10:07:18 -06:00
Dag Wieers
2b4a8095e9 Simplify XML error-handling and typo (#26929)
This PR fixes:
- A typo in the aci_login function
- Improve (XML) error-handling
- Rename status_code back to status
2017-07-19 08:46:16 +01:00
James Mighion
f682d9bf49 Adding aruba_command module along with unit tests. (#26625)
* Adding aruba_command module along with unit tests.

* Fixing PEP8 E303 too many blank lines.

* Adding default for timeout.

* Removing unused arguments. Moving default for timeout argument. Fixing cliconf to find hostname.

* Fixing PEP8 E302.
2017-07-19 09:49:12 +05:30
Tim Rupp
a236d249ae Adds the bigip_configsync_actions module (#26506)
This module is required as part of HA configuration of a set of
BIG-IPs. It is used to initiate and way for configuration syncing
to happen.

Unit tests are provided. Integration tests can be found here

https://github.com/F5Networks/f5-ansible/blob/devel/test/integration/bigip_configsync_actions.yaml#L23
https://github.com/F5Networks/f5-ansible/tree/devel/test/integration/targets/bigip_configsync_actions/tasks
2017-07-18 18:21:25 +01:00
Tim Rupp
75e609c15e adds the bigip_ucs module (#26663)
This module allows you to load existing UCS files onto a BIG-IP
system

Unit tests are provided. Integration tests can be found here

https://github.com/F5Networks/f5-ansible/blob/devel/test/integration/bigip_ucs.yaml#L23
https://github.com/F5Networks/f5-ansible/tree/devel/test/integration/targets/bigip_ucs/tasks
2017-07-18 18:17:56 +01:00
Tim Rupp
72f41148a0 Adds tcp_echo module for bigip (#26844)
This patch is part a refactor of TCP monitors for BIG-IP. This module
may file in testing without the base tcp module merged because it makes
use of similar fixtures.

Unit tests are provided. Integration tests can be found here

https://github.com/F5Networks/f5-ansible/blob/devel/test/integration/bigip_monitor_tcp_echo.yaml#L23
https://github.com/F5Networks/f5-ansible/tree/devel/test/integration/targets/bigip_monitor_tcp_echo/tasks
2017-07-18 18:04:36 +01:00
Tim Rupp
278fa552f8 Adds half-open tcp monitor module (#26920)
This is necessary as a part of refactoring the tcp monitor module.

Unit tests are provided. Integration tests can be found here

https://github.com/F5Networks/f5-ansible/blob/devel/test/integration/bigip_monitor_tcp_half_open.yaml#L23
https://github.com/F5Networks/f5-ansible/tree/devel/test/integration/targets/bigip_monitor_tcp_half_open/tasks
2017-07-18 17:59:17 +01:00
Abhijeet Kasurde
f7c8e7bdab Update vmware_inventory (#26308)
Fix adds
* Exception handling
* Unit tests

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2017-07-18 07:20:23 -04:00
Guillaume Coré
42ca1ef040 Add unit tests for parted module (#24164)
* Add unit tests for parted module

Test the current expected behavior of the module:
- mock parted() and get_device_info()
- Use some of the examples and test the 'script' passed to parted.
- mock check_parted_label() to return false, as if parted version is > 3.1
- assert get_device_info output is correct

Current implementation of the module runs parted several time while going
through all parameters (flags, name, ...). Between calls it uses get_device_info
to update the dictionary. Use check_mode for some of the tests to force module
to go through all the parameters even is dictionary is not updated.

* test_parted.py: add "name" param into expected results

since 78fff751ab, parse_partition_info
fetch the partition name. This commit adds 'name' key and value into
the expected results.
2017-07-17 21:11:10 -07:00
Ivo van Kreveld
e976f299f8 Divided test methods of TestExtendValue class (#22574)
Divided the two test methods of the TestExtendValue class into multiple test methods so there is a test method for each compare.
2017-07-17 17:47:50 -07:00
Toshio Kuratomi
ff22528b07 Consolidate boolean/mk_boolean conversion functions into a single location
Consolidate the module_utils, constants, and config functions that
convert values into booleans into a single function in module_utils.

Port code to use the module_utils.validate.convert_bool.boolean function
isntead of mk_boolean.
2017-07-17 11:48:05 -07:00
Dag Wieers
e970237a2f New module: access Cisco ACI (network/aci/aci_rest) (#26029)
* aci_rest: New module to access Cisco ACI

This PR includes:
- Relicense as GPLv3+
- Check-mode support
- Cosmetic changes to documentation
- Examples in YAML format
- Removal of incorrect requirements (for this module)
- Do not log passwords
- Implement native fetch_url instead of requests
- Use standard hostname, username and password parameters
- Add alias src for parameter config_file
- Add mutual exclusive content option for inline data (and show some inline examples)
- Add timeout parameter
- Add validate_certs parameter
- Handling ACI result output (identical for JSON as XML input)
- Parse/expose ACI error output to user

* Lower case method, add use_ssl, Use python dicts

This commit includes:
- Use lowercase method names
- Add `use_ssl` parameter (not the `protocol` parameter)
- Use a python dict for the request data (not a JSON string)
- Documentation improvements

* Ensure one of 'content' or 'src' is provided

* Fix issue with totalCount being a string in JSON

This fixes the problem with JSON output where totalCount is a string and
not an integer.

This fixes jedelman8/aci-ansible#7

* Improve code documentation

* Improve error handling and module response

* Small typo

* Improve documentation and examples

* Keep protocol parameter, but deprecate it

* Extrude aci functions from module_utils

* aci_rest: Add unit tests
2017-07-17 16:32:12 +01:00
Nathaniel Case
855544604a Fix nxos_bgp_neighbor_af advertise_map and advertise_map_non_exist (#26721) 2017-07-17 11:15:06 -04:00
Nathaniel Case
61249995a1 Update nxos_interface_ospf & add test (#26644)
* Update nxos_interface_ospf & add test
2017-07-14 12:31:36 -04:00
Peter Sprygada
3bbb32cac5 fixes error when trying to run show start over eapi (#26800) 2017-07-14 15:07:44 +02:00
Pilou
2a92120ffa INI inventory plugin: add documentation about variable types (#25798)
* INI inventory: check variable types
* INI inventory: add doc about variable types

Fixes #25784
2017-07-13 12:04:20 -07:00
Nathaniel Case
5cfdd5df0f nxos_pim_interface (#26367)
* Add unit tests to nxos_pim_interface

* Update tests to match module

* Update nxos_pim_interface

* Address pep8 issues
2017-07-12 15:39:43 -04:00
rahushen
74947168e3 Add nxos_command IT and generalize UT (#26617)
* Add nxos_command IT sanity

* generalize nxos_command UT for different NXOS platforms
2017-07-12 13:19:02 -04:00
Ken Celenza
31b6ac896d Kc update ip filter (#26566)
* add first, last and next usable

* add usable ip filters

* add size usable, range usable and wildcard

* add ip prefix and netmask filter

* add network formatting and check if ip in subnet

* clean up order, add comments

* fix pep8

* update format by index

* clean up and updates from jmcgill298
2017-07-12 17:17:58 +01:00
Ganesh Nalawade
e14e37ee1e Fix junos unit test failures (#26676)
*  Use lxml api's in unit test to parse xml
*  Remove unwanted import in unit test
*  Add ncclient dependency in unit test requirement
2017-07-12 08:36:16 -07:00
Pilou
2d7e00c670 mock_unfrackpath_noop: handle follow parameter (#26662) 2017-07-12 10:13:25 -05:00
Peter Sprygada
0b6f0e6c0d adds more intelligent save logic and diff to network config modules (#26565)
* adds more intelligent save logic and diff to network config modules

* adds sha1 property to NetworkConfig
* adds new argument save_when to argument_spec
* adds new argument diff_against to argument_spec
* adds new argument intended_config to argument_spec
* renames config argument to running_config with alias to config
* deprecates the use of the save argument
* before and after now work with src argument
* misc module clean

Modules updated
* nxos_config
* ios_config
* eos_config

Most notably this makes the save mechanism more intelligent for config
modules for devices that need to copy the ephemeral config to
non-volatile storage.

The diff_against argument allows the playbook task to control what the
device's running-config is diff'ed against. By default it will return
the diff of the startup-config.

* removes ios_config from pep8/legacy_files.txt

* extends the ignore lines argument to the module

* clean up CI errors

* add missing list brackets

* fixes typo

* fixes unit test cases

* remove last line break when returning config contents

* encode config string to bytes before hashing

* fix typo

* addresses feedback in PR

* update unit test cases
2017-07-11 20:34:20 -04:00
mikedlr
07a4079a81 aws.core in new aws dir in module utils - module with AnsibleAWSModule class and fail_json_aws (#25780)
* aws module utils including AnsibleAWSModule
* fail_json_aws method on AnsibleAWSModule to do fail_json nicely with AWS exceptions
* aws module util - feedback - rename to aws/core.py & improve doc strings
2017-07-11 14:01:35 -07:00
Ricardo Carrillo Cruz
b81209c187 Fix multiple EOS EAPI code and test issues (#26651) 2017-07-11 19:28:33 +02:00
Adrian Likins
0fc0b6f059 Mv AnsibleFactCollector back to module_utils (#26150)
It was in lib/ansible/modules/system/setup.py since it
was the only thing using it, but move it back to module_utils
and add a ansible_collector.get_ansible_collector() to build
a facts collector just like the one used by setup.py

mv test_setup.py -> test_ansible_collector.py
All the code it was testing is now in ansible_collector

rm code to create 'ansible_facts' subkey from namespace

Just leave it up to the caller to do, and just return a
flat dictionary from AnsibleFactCollector.collect()
2017-07-11 10:44:22 -04:00
Ganesh Nalawade
be89ef3eb6 junos_linkagg implementation and junos modules refactor (#26587)
* junos_linkagg implementation and junos modules refactor

*  junos_linkagg implementation
*  junos_linkagg integration test
*  net_linkagg integration test for junos
*  decouple `load_config` and `commit` operations,
   to allow single commit (in case on confirm commit) and
   to perform batch commit (multiple `load_config` followed by single
   `commit`)
*  Other related refactor

* Fix CI issues

* Fix unit test failure
2017-07-11 09:52:53 +05:30
James Mighion
58ade65ea6 Adding admin option for iosxr_config (#26509)
* Adding admin option for iosxr_config. Adding unit test for new admin option for iosxr_config. Fixes #24308

* Removing space on empty line.
2017-07-10 10:22:45 -06:00
Ken Evensen
f31d3ddeb7 Pamd Updates (#25817)
* Fix for #25522
Fix for #25855
Fix for #23963

* Minor fix

* Updates per bcoca.  Fix in regex for silvinux.
2017-07-10 11:41:01 -04:00
Trishna Guha
07498ebed3 fix nxos_overlay_global (#26422)
* fix nxos_overlay_global

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* swap check_mode with candidate

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-07-10 18:53:52 +05:30