* aws_kms: Rename various policy manipulation options to reduce confusion
AWS KMS now has the concept of issuing a 'grant', which is independent
of the policy attached to a key. Rename the following options to make
it clearer that the operate on the CMK Policy *not* on CMK Grants
* aws_kms: don't just rename grant_types/mode, deprecate them too.
* Make win_domain_user idempotent for passwordchanges
* Add changelog fragment
* Use test-credentials function from win_user.
* Split domain from username
* Update win_domain_user.ps1
* Fix ci
* Update win_domain_user.ps1
Fix ci
* Implement review
* Logic cleanup and remove securestring
* Fix typo
* fix syntax
fix syntax
* Use AD object instead of user input as requested by review
* migrate to Ansible.AccessToken
* Add support for passing networks as dicts
* Add function to compare a list of different objects
* Handle comparing falsy values to missing values
* Pass docker versions to Service
* Move can_update_networks to Service class
* Pass Networks in TaskTemplate when supported
* Remove weird __str__
* Add networks integration tests
* Add unit tests
* Add example
* Add changelog fragment
* Make sure that network options are clean
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Set networks elements as raw in arg spec
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fix wrong variable naming
* Check for network options that are not valid
* Only check for None options
* Validate that aliases is a list
* Addition of entrust provider to openssl_certificate module
* Fix native return values of error messages and JSON response.
* Documentation and syntax fixes per ansibot.
* Refactored structure of for loop due to ansible test failures in python 2.6
* Remove OCSP functionality for inclusion in possible seperate future pull request.
* Remove reissue support.
* Indicate the entrust parameters are specific to entrust.
* Comment fixes to make it clear module_utils request is used.
* Fixes to not_after documentation
* Response to pull request comments and cleanup of error handling for bad connections to properly use the 'six' HttpError for compatibility with both Python 2/3 underlying url libraries.
* pep8/pycodestyle fixes.
* Added code fragment and response to comments.
* Update license to simplified BSD
* Fixed botmeta typo
* Include license text in api.yml
* Remove unsupported certificate types, and always submit an explicit organization to match organization in CSR
* Fix documentation misquote, add expired to a comment, and fix path check timing.
* Update changelogs/fragments/59272-support-for-entrust-provider-in-openssl_certificate_module.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Add cryptography backend for get_certificate.
* Add changelog.
* Use short names (if possible).
* Adjust version (to behave as pyOpenSSL).
* Work around bugs (needed for cryptography 1.2.3).
* Don't run cryptography backend tests for CentOS 6.
* Bump cryptography requirement to 1.6 or newer.
Otherwise, signature_algorithm_oid isn't there, either.
* Simplify requirement text.
* CentOS 6 has cryptography 1.9, so we still need to block.
* Add auto-detect test.
* Improve YAML.
* fix: docker_swarm_service does not publish both tcp and udp ports for same published port
* fix the linting problems and add the changelog fragment.
* add test
* modify test to ensure result rather than return value
* Mark logout as changed when docker logout does not return 'Not logged in to '.
* Add changelog.
* Improve logout detection.
* Also return output of 'docker logout'.
* ansible-galaxy tidy up arg parse with better validation
* Add support back in for -v before sub aprser
* Added deprecation warning for manually parsed verbosity
* Adding waiter to cluster remove process
* blank line contains whitespace
* update aws_eks integration test
* Refactor aws_eks test suite to use pip
* update version testing
* missing parens...
* add changelog fragment
* Add waiter to module_utils, fix exception handling.
* Correct EKS waiter checks
* various mod_args fixes
* filter task keywords when parsing actions from task_ds- prevents repeatedly banging on the pluginloader for things we know aren't modules/actions
* clean up module/action error messaging. Death to `no action in task!`- actually list the candidate modules/actions from the task if present.
* remove shadowed_module test
* previous discussion was that this behavior isn't worth the complexity or performance costs in mod_args
* fix/add test, remove module shadow logic
* address review feedback
- Split the key validation to separate private and public.
- In case public key does not exist, recreate it.
- Validate comment of the key.
- In case comment changed, update the private and public keys.
* Improve link handling.
* Also fetch alternate certificate chains.
* Add retrieve_all_alternates option.
* Simplify code.
* Forgot when condition.
* Add tests for retrieve_all_alternates.
* Fixes.
* Moved utility function for link parsing to module_utils.
* Fix grammar.
* Ansible.AccessToken - Added shared util for managing a Windows access token
* Fix tests when running in CI
* More fixes for older servers
* More fixes for Server 2008
If a service is in the 'deactivating' state running systemctl stop foo,
would wait for the foo service to actually stop before it exits. The
module didn't behave like that and it considered the deactivating state
as if the service wasn't running. This change will align the module with
the systemctl behaviour.
* Added several unit tests
* Added documentation for new syspurpose option and suboptions
* Simplified specification of module arguments
* Added new changelog file with fragments
* add npipe support to docker_swarm_service
* add changelog fragment
* tweak changelog fragment formatting
* Update lib/ansible/modules/cloud/docker/docker_swarm_service.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Removed extraneous type check from nagios module, in order to allow python 3.x
* Removed now useless import types
* Added changelog fragment
* Update changelog.
* Rebased and removed check due to module adding earlier guardrails
* Updated changelog to mention earlier fix adding now completely removed guardrails
* Remove superfluous type checks. Fix docs type.
* Update ignore.txt.
* Better cidr_ipv6 validation in ec2_group.py
* Improve warning/error handling, add changelog
* Update unit test for ipv6 validation
* Fix logic that was causing non /128 cidrs with host bits to not be handled
Check if dvswitch object is not None before accessing it's
properties such as UUID. This can be due to two reason
1. Permission issues
2. There is no association between given distributed virtual portgroup
distributed virtual switch
Fixes: #59952
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* [WIP][docker_container] Adding support for `mounts` option
Fixes#42054
* Adjusting to current standards.
* Add changelog.
* Adjust types.
* Cleanup.
* Add idempotency checks for mounts.
* Improve diff for mounts.
* Linting.
* Python 2.6 compatibility.
* Fix error message formatting.
* Move mounts and volumes tests into own file.
* Add set of mount tests.
* Golang's omitempty for bool omits false values.
* Simplify sanity checks. Correct order of volume_options sanitization and usage.
* Fix key.
* Fix check.
* Add tests where both volumes and mounts show up.
* Add collision test.
Only error out if the gid exists with a different group name as
otherwise it will error out if the group with this gid already
exists, like on a rerun of the playbook. This fixes a regression
introduced by 4898b0a4a2.
This commit allows users to access a vCenter or a ESXi through a
HTTP CONNECT based proxy.
To do so, the users have to set the `proxy_host` and `proxy_port`
variables.
The can also use the `VMWARE_PROXY_HOST` and `VMWARE_PROXY_PORT`
environment variables.
This feature depends on pyvmomi > v6.7.1.2018.12.
Fixes: #42221
Co-Author: Abhijeet Kasurde <akasurde@redhat.com>
Co-Author: Gonéri Le Bouder <goneri@redhat.com>
Refactor vmware_cluster into several modules (vmware_cluster, vmware_cluster_drs, vmware_cluster_ha and vmware_cluster_vsan) as discussed in #58023.
vmware_cluster lacks a lot of configuration options for DRS, HA and vSAN. Implementing them
all in vmware_cluster would make the module hard to maintain. Therefore, splitting it into several
modules and implementing the missing configuration options in them seems a good idea to me.
This is step one, refactoring vmware_cluster into several modules. Step two, implementing more
configuration options for DRS, HA and vSAN, will follow.
If the 'local' parameter of the 'user' Ansible module is enabled, and
the user has been found in the local user database, don't emit
a warning, because this is an expected outcome.
Add changelog and integration tests
Co-authored-by: drybed <drybjed@gmail.com>
* Fix py3 decoding issues in cyberarkpassword.py
* Use to_native instead of forced utf-8 decoding
* Use to_bytes to avoid trouble with Popen
* Create 59500-cyberarkpassword-fix-py3-decoding.yaml
* Fixed the redhat_subscription module:
- Option 'pool_ids' works in Python3 now
- It tries to attach only pools IDs that are available
- Optimization of code: do not call list --available, when
no pool is requested
- Simplified configure() method
- Small changes to generate same commands on Python2 and Python3.
Order of arguments/options and pool IDs have to be same to
be able to run unit test using Python2 and Python3.
- Added fragments file for redhat_subscribtion module
* change variable name from isinstance to is_instance (prevent overriding builtin function)
* Added support for:
- Filtering existing Elastic IPs based on a tag name or it's value (when reuse_existing_ip_allowed is true)
- Allocating new Elastic IPs from a given IPv4 pool (BYOIP support)
* yamllint corrections
* added examples for:
- tag_name,
- tag_value
- public_ipv4_pool
* remove aliases
* Added changelog fragment
* added integration tests for ec2_eip module
* removed space to trigger rebuild
* Implements etc_hosts for docker_image module
Allows custom hosts on docker_image module.
The of this option made impossible to use docker_image module to build
images that required a custom hostname in /etc/hosts. For running
containers this option was already present.
While the python-docker API uses extra_hosts term, our existing module
already uses etc_hosts argument, so it sounds better to have some
consistency between docker_container and docker_image.
Fixes: #59233
* Update test/integration/targets/docker_image/files/EtcHostsDockerfile
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update lib/ansible/modules/cloud/docker/docker_image.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/docker_image_etc_hosts.yml
Co-Authored-By: Felix Fontein <felix@fontein.de>
Previously if `sysctl_set=no` (which is the default) this module only
checked for changes in the sysctl.conf file to decide whether it should
reload it or not. This means that if the values in the conf file are the
same as they are set with the module, but the current values on the
system are different, that this module wouldn't apply the changes on the
system and thus the value set with the module wouldn't be applied on the
OS. This isn't obvious and it doesn't make sense that the module works
like that by default, especially because there is a separate option
`reload`. Now sysctl will also check if the current value differs on the
system and if it does, it will reload the file again.
Commit b7724fdf85
appears to have caused a regression, where `ip4`, `gw4`, `ip6`, `gw6`
were converted to `ipv4.address`, `ipv4.gateway` etc.
This causes bootproto (or `ipv4.method`) to remain `dhcp`, as noted in https://github.com/ansible/ansible/issues/36615
This commit only reverts the key-value pairs to the original names,
which is in line with both expectation (manual ip addr == no dhcp) and
the language used in the playbook, which is, for example, "ip4" not
"ipv4.address"
Co-authored-by: Stuart Pollock <spollock@pivotal.io>
Co-authored-by: Tyler Ramer <tramer@pivotal.io>
vmware_guest accepts 0MB as valid value for memory reservation in
virtual machine hardware configuration. This fixes the regression
introduced via 193f69064f.
Fixes: #59190
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Print warning when both an option and its alias is specified.
* Improve output.
* Put warnings into self._warnings directly, resp. use self.warn() when handling subspecs.
* Add changelog.
* Add unit test.