Commit graph

1471 commits

Author SHA1 Message Date
Matthias Fuchs
7871027c9d Share the implementation of hashing for both vars_prompt and password_hash (#21215)
* Share the implementation of hashing for both vars_prompt and password_hash.
* vars_prompt with encrypt does not require passlib for the algorithms
  supported by crypt.
* Additional checks ensure that there is always a result.
  This works around issues in the crypt.crypt python function that returns
  None for algorithms it does not know.
  Some modules (like user module) interprets None as no password at all,
  which is misleading.
* The password_hash filter supports all parameters of passlib.
  This allows users to provide a rounds parameter, fixing #15326.
* password_hash is not restricted to the subset provided by crypt.crypt,
  fixing one half of #17266.
* Updated documentation fixes other half of #17266.
* password_hash does not hard-code the salt-length, which fixes bcrypt
  in connection with passlib.
  bcrypt requires a salt with length 22, which fixes #25347
* Salts are only generated by ansible when using crypt.crypt.
  Otherwise passlib generates them.
* Avoids deprecated functionality of passlib with newer library versions.
* When no rounds are specified for sha256/sha256_crypt and sha512/sha512_crypt
  always uses the default values used by crypt, i.e. 5000 rounds.
  Before when installed passlibs' defaults were used.
  passlib changes its defaults with newer library versions, leading to non
  idempotent behavior.

  NOTE: This will lead to the recalculation of existing hashes generated
        with passlib and without a rounds parameter.
        Yet henceforth the hashes will remain the same.
        No matter the installed passlib version.
        Making these hashes idempotent.

Fixes #15326
Fixes #17266
Fixes #25347 except bcrypt still uses 2a, instead of the suggested 2b.

* random_salt is solely handled by encrypt.py.
  There is no _random_salt function there anymore.
  Also the test moved to test_encrypt.py.
* Uses pytest.skip when passlib is not available, instead of a silent return.
* More checks are executed when passlib is not available.

* Moves tests that require passlib into their own test-function.

* Uses the six library to reraise the exception.

* Fixes integration test.

When no rounds are provided the defaults of crypt are used.
In that case the rounds are not part of the resulting MCF output.
2018-08-27 08:40:41 -07:00
Tim Rupp
24a379f0b7
adds the bigip_cli_script module (#44674)
This module can be used to manage tmsh cli scripts on a BIG-IP
2018-08-24 22:08:37 -07:00
Toshio Kuratomi
8ec973b453 Fix unittests for always adding basic to the AnsiBallZ zips 2018-08-24 15:37:13 -07:00
Tim Rupp
ee1b899b18
Adds AS3 module (#44655)
This adds the as3 module for bigip to ansible.
2018-08-24 15:12:23 -04:00
Tim Rupp
639cfe3b6f
Refactors device group (#44599)
Make module use patterns that other modules use
2018-08-24 13:58:12 -04:00
Michael Price
ad91793428 Resolve issues in NetApp E-Series Host module (#39748)
* Resolve issues in NetApp E-Series Host module

The E-Series host module had some bugs relating to the update/creation
of host definitions when iSCSI initiators when included in the
configuration. This patch resolves this and other minor issues with
correctly detecting updates.

There were also several minor issues found that were causing issues with
truly idepotent updates/changes to the host definition.

This patch also provides some unit tests and integration tests to help
catch future issues in these areas.

fixes #28272

* Improve NetApp E-Series Host module testing

The NetApp E-Series Host module integration test lacked feature test
verification to verify the changes made to the storage array.

The NetApp E-Series rest api was used to verify host create, update, and
remove changes made to the NetApp E-Series storage arrays.
2018-08-24 15:44:59 +01:00
Samer Deeb
a07af2a1f7 issue:43021 add support for onyx version 3.6.6000 and above (#44527)
* issue:43021 add support for onyx version 3.6.6000

Signed-off-by: Samer Deeb <samerd@mellanox.com>

* issue:43021 add support for onyx version 3.6.6000

Signed-off-by: Samer Deeb <samerd@mellanox.com>
2018-08-24 07:59:10 +01:00
Toshio Kuratomi
f46c943d3d Fix another corner case of too many warnings for world readable current working directory
There should be no warning if there is no ansible.cfg file i nthe
current working directory.
2018-08-23 20:23:59 -07:00
Matt Martz
dab975d302
Unit tests for ansible.playbook.become (#38541) 2018-08-23 13:47:20 -05:00
Matt Martz
88509e75ad
Remove bare_deprecated functionality (#44517)
* Remove bare_deprecated functionality

* Change tests due to bare_deprecated removal
2018-08-23 11:31:16 -05:00
jctanner
653d9c0f87 New keyword: ignore_unreachable (#43857) 2018-08-23 11:41:02 -04:00
Sumit Jaiswal
1d2bb34992
Includes support for Reverse-Mapping zone in nios_zone module (#44525)
* support reverse mapping

* support reverse mapping

* support reverse mapping

* fix shippable errors

* fix shippable errors

* fix shippable errors
2018-08-23 03:07:30 +00:00
photoninger
d68c734ae2 Fix for "cannot marshal None unless.." (#33660)
when using only an activation key without any channels.
As already suggested by mattclay in
https://github.com/ansible/ansible/pull/25079

and also patch unit test for rhn_register and
add test case for activationkey only
2018-08-22 12:25:58 -04:00
Tim Rupp
49f34fec13
Correct unit tests and module fixes (#44488)
Cleanup of unit tests. Modules fixes in iapp_template nad profile_dns
to support unit tests.
2018-08-21 22:02:11 -04:00
Jordan Borean
6982dfc756 psrp: Added new Windows connection plugin (#41729)
* psrp: Added new Windows connection plugin

* Tweaks to connection options from review
2018-08-21 16:43:13 -07:00
Tim Rupp
07a011cd6f
Various bigiq fixes (#44487)
Fixes usage of the RestClient class. Documentation fixes. Removal
of dependency code.
2018-08-21 18:40:19 -04:00
Tim Rupp
d39a711aa1
Adds the bigip firewall DoS profile module (#44486)
This module can be used to manage AFM DoS profiles on a BIG-IP
2018-08-21 18:29:34 -04:00
Tim Rupp
d05da83495
Removes dependencies and cleans up code (#44484)
Portions of the f5-sdk were removed as well as the netaddr library
and were replaced with libraries that are part of ansible. Additionally,
deprecated code has been removed.
2018-08-21 18:01:52 -04:00
Tim Rupp
b5e99949e2
Adds the bigip_profile_http module (#44473)
This module can be used to manage HTTP profiles on a BIG-IP.
2018-08-21 14:22:09 -04:00
Lindsay Hill
bec0a1ceb3 nos_facts module and tests (#44094) 2018-08-21 10:03:04 -07:00
Lindsay Hill
b0a25d321d new nos_config module (#44140)
* new nos_config module

* Update cliconf/nos.py to add missing 'end'
2018-08-21 10:02:40 -07:00
Matt Martz
617372f8c0
Mass nuke deprecated items that are easily removed. ci_complete (#44320) 2018-08-20 16:26:10 -05:00
Matt Martz
9b2baebe64
Don't use copy.deepcopy in high workload areas, use naive_deepcopy (#44337)
* Don't use copy.deepcopy in high workload areas, use deepishcopy. ci_complete

* Add tests

* Add changelog fragment

* rename to naive_deepcopy and add extra docs

* Rename to module_response_deepcopy and move to vars/clean
2018-08-20 15:08:29 -05:00
Artem Leshchev
8323f3e3b7 Fix module name in error text at parse_xml filter (#44313)
* Fix module name in error text at parse_xml filter

* Fix test that includes erroneous module name in error text at parse_xml filter
2018-08-20 10:19:16 +05:30
Tim Rupp
359d97f01b
Adds bigip_device_auth module (#44373)
This module can be used to configure auth settings to the mgmt
interface on a BIG-IP.
2018-08-19 17:32:19 -04:00
Tim Rupp
b54f6cd132
Adds bigip_firewall_rule module (#44370)
This module can be used to manage rules in either a firewall policy
or a firewall rule list in AFM, on BIGIP.
2018-08-19 14:36:08 -04:00
Tim Rupp
d8ea154fb8
Adds the firewall-rule-list module for BIGIPs (#44368)
This module allows one to manage rule lists in AFM on a BIGIP.
2018-08-19 11:28:03 -04:00
Tim Rupp
8dd39a031f
Adds module to manage srcaddr persistence profiles (#44364)
This module can manage source address persistence profiles on a BIG-IP
2018-08-19 11:13:01 -04:00
Tim Rupp
3a15b6512c
Adds bigip http compression profile module (#44362)
This module can be used to manage http compression profiles on
a BIG-IP.
2018-08-19 02:46:56 -04:00
Tim Rupp
1148d57012
Adds bigip_firewall_policy module (#44361)
This module is used to manage firewall policy objects on a bigip.
2018-08-19 02:18:15 -04:00
Tim Rupp
e95dbf5f47
Adds oneconnect profile module (#44360)
This module can be used to manage oneconnect profiles on a BIG-IP
2018-08-19 01:55:23 -04:00
Tim Rupp
fae42c83f1
Adds bigip_monitor_dns module (#44359)
This module can be used to manage DNS monitors on a BIG-IP.
2018-08-19 01:35:49 -04:00
Tim Rupp
783b565583
Adds bigip_remote_role module (#44358)
This module can be used to manage remote roles on a BIG-IP used
for remote authentication to management interfaces.
2018-08-19 01:15:04 -04:00
Tim Rupp
0eb284b040
Adds cli alias module for BIG-IP (#44357)
This module allows one to manage CLI aliases in a BIG-IP.
2018-08-19 00:56:02 -04:00
Tim Rupp
41df1e15fe
Adds module for utility license assignment on BIG-IQ (#44356)
This module can be used to distribute utility licenses to BIG-IPs
from a BIG-IQ
2018-08-19 00:34:14 -04:00
Tim Rupp
48e99982ff
Adds bigip_software_image module (#44355)
This module can be used to manage software images on a BIG-IP.
2018-08-19 00:16:48 -04:00
Tim Rupp
c1b2ef2c1a
Adds bigip_tunnel module (#44354)
This module can be used to manage tunnels on a BIG-IP.
2018-08-18 23:58:34 -04:00
Tim Rupp
e204098646
Adds more unit test fixtures (#44353)
Fixtures for new modules
2018-08-18 22:49:43 -04:00
Tim Rupp
ee5b761c21
Adds bigip_device_facts module (#44351)
This is a new module to manage the different facts that can be gathered
from a bigip.
2018-08-18 16:26:58 -04:00
Tim Rupp
47b527224a
Renames the security_port_list module (#44350)
Renames the module by adding a symlink, introducing the new module,
and naming the symlink so that it identifies as deprecated.
2018-08-18 14:44:23 -04:00
Tim Rupp
b65f05f9c0
Renames the security_address_list module (#44348)
Renames module and includes a symlink with the old name so that it
will still work, though will be deprecated too.
2018-08-18 14:29:25 -04:00
Zhikang Zhang
501503f4cb
Allow version specifiers for pip install (#41792)
Allow version specifiers for pip install.
2018-08-17 11:46:53 -04:00
Adam Miller
6d95624c22 Refactor yum and dnf, add feature parity (#43621)
* Refactor yum and dnf, add feature parity

Signed-off-by: Adam Miller <admiller@redhat.com>

* remove unnecessary module_utils, move the classes into the module code

Signed-off-by: Adam Miller <admiller@redhat.com>

* remove yum -> yum4, out of scope

Signed-off-by: Adam Miller <admiller@redhat.com>

* use ABCMeta

Signed-off-by: Adam Miller <admiller@redhat.com>

* re-arrange run() caller vs callee

Signed-off-by: Adam Miller <admiller@redhat.com>

* make sanity checks happy

Signed-off-by: Adam Miller <admiller@redhat.com>

* fix yum unit tests

Signed-off-by: Adam Miller <admiller@redhat.com>

* remove unecessary debug statements, fix typo

Signed-off-by: Adam Miller <admiller@redhat.com>

* fix licensing and attribution in yumdnf module_util

Signed-off-by: Adam Miller <admiller@redhat.com>

* include fix from PR 40737

original commit 5cbda9658a
original Author: Strahinja Kustudic <kustodian@gmail.com>

yum will fail on 'No space left on device', fixes #32791 (#40737)

During the installing of packages if yum runs out of free disk space,
some post install scripts could fail (like e.g. when the kernel
package generates initramfs), but yum would still exit with a status
0.  This is bad, especially for the kernel package, because it makes
it unable to boot.  Because the yum module is usually used for
automation, which means the users cannot read every message yum
prints, it's better that the yum module fails if it detects that
there is no free space on the disk.

Signed-off-by: Adam Miller <admiller@redhat.com>

* Revert "fix licensing and attribution in yumdnf module_util"

This reverts commit 59e11de5a2.

* move fetch_rpm_from_url out of yumdnf module_util

Signed-off-by: Adam Miller <admiller@redhat.com>

* fix the move of fetch_rpm_from_url

Signed-off-by: Adam Miller <admiller@redhat.com>
2018-08-17 11:15:11 -04:00
Lindsay Hill
3960ebb8e8 new voss_facts module (#44234)
@LindsayHill Thank you!
2018-08-16 18:53:35 +05:30
Lance Richardson
dc08b9a738 new module exos_config (#43902)
- support config operations for EXOS-based platforms
- add regex to detect command failure responses
- add exos action plugin for "backup" operation
- add unit tests for exos_command (currently 94% coverage of
  exos_config.py)
2018-08-15 14:56:50 -07:00
Zhikang Zhang
0971a342d8
Solve race condition in password lookup (#42529)
NOTE:
1. use os.open() with os.O_CREAT|os.O_EXCL to check existence
and create a lock file if not exists, it's an atomic operation
2. the fastest process will create the lock file and others will
wait until the lock file is removed
3. after the writer finished writing to the password file, all the reading
operations use built-in open so processes can read the file parallel
2018-08-15 15:10:52 -04:00
Matt Martz
17c89d1ffa
Remove unused rslt_q, rename the one queue to final_q everywhere (#43894)
* Remove unused rslt_q, rename the one queue to final_q everywhere

* Test update
2018-08-13 13:43:28 -05:00
Lindsay Hill
5981a7489b new nos_command module (#43056) 2018-08-10 13:50:02 -07:00
Matt Martz
c1c229c6d4
Remove use of simplejson throughout code base (#43548)
* Remove use of simplejson throughout code base. Fixes #42761

* Address failing tests

* Remove simplejson from contrib and other outlying files

* Add changelog fragment for simplejson removal
2018-08-10 11:13:29 -05:00
Trishna Guha
96346938ee
nxos_vlan refactor to support non structured output (#43805)
* nxos_vlan refactor to support non structured output

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* unittest fix

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* minor fixes

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* use check_rc

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* address review comment

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* remove additional return statement

* address Nate's review

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2018-08-10 21:03:56 +05:30