* clear configuration candidate when return to user-view.
* add a changelog fragment for the pr.
* Update 63513-ce_action_wait_prompt_trigger_time_out.yaml
* Update 63513-ce_action_wait_prompt_trigger_time_out.yaml
* postgresql_privs: add support a type parameter option for types
* postgresql_privs: add support a type parameter option for types, add changelog fragment
* postgresql_privs: add support a type parameter option for types, add schema handling
* postgresql_privs: add support a type parameter option for types, fix typo
* postgresql_privs: add support a type parameter option for types, add comment
* Deprecate openssl_csr's version.
* Add changelog.
* Change PR so that version will no longer accept values != 1 from 2.14 on.
* Make sure it is a string.
* Add support for format option.
* Improve private key format detection.
* Fix raw format handling.
* Improve error handling.
* Improve raw key handling.
* Add failed raw test.
* Improve raw key loading.
* Simplify tests.
* Add raw format tests.
* Fail if format != 'auto_ignore' is specified for pyopenssl backend.
* Fix quoting.
* Bump version.
* Allow to convert private keys between different formats.
* Improve description.
* Add extra args and executable name to podman connection plugin
Like there is for docker plugin, add extra arguments for command
line of podman. Also add configurable executable and checking if
this executable exists on host. Fail module if executable is not
in PATH.
* Update changelogs/fragments/63166-add-extra-args-executalbe-podman-connection.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Handle galaxy v2/v3 API diffs for artifact publish response
For publishing a collection artifact
(POST /v3/collections/artifacts/), the response
format is different between v2 and v3.
For v2 galaxy, the 'task' url returned is
a full url with scheme:
{"task": "https://galaxy-dev.ansible.com/api/v2/collection-imports/35573/"}
For v3 galaxy, the task url is relative:
{"task": "/api/automation-hub/v3/imports/collections/838d1308-a8f4-402c-95cb-7823f3806cd8/"}
So check which API we are using and update the task url approriately.
* Use full url for all wait_for_import messages
Update unit tests to parameterize the expected
responses and urls.
* update explanatory comment
* Rename n_url to full_url.
* Fix issue with overwrite of the complete path
* Fixes overwrite of the complete path in case there's extra path stored
in self.api_sever
* Normalizes the input to the wait_import_task function so it receives
the same value on both v2 and v3
Builds on #63523
* Update unittests for new call signature
* Add changelog for ansible-galaxy publish API fixes.
The commit 4e895c1 aimed to ensure that TXT record values were sanely
quoted. Sadly it failed to take the scenario of non-existing values
into account. While record values are required for record creation
they are not required for record deletion.
This change rectifies that oversight, saving Ansible from
unsuccessfully trying to operate on NoneType objects.
Resolves#63364
* Get no_log parameters from subspec
* Add changelog and unit tests
* Handle list of dicts in suboptions
Add fancy error message (this will probably haunt me)
* Update unit tests to test for list of dicts in suboptions
* Add integration tests
* Validate parameters in dict and list
In case it comes in as a string
* Make changes based on feedback, fix tests
* Simplify validators since we only need to validate dicts
Add test for suboptions passed in as strings to ensure they get validated properly and turned into a dictionary.
ci_complete
* Add a few more integration tests
* clean "changed" after it has been processed
without this change, a loop of `debug` tasks with `changed_when`
causes the "changed" status to get lost before output
* runme.sh tests for debug loop status
* fix default collection resolution in adhoc
* if an adhoc command is run with a playbook-dir under a configured collection, default collection resolution is used to resolve unqualified module/action names
* Set ANSIBLE_PLAYBOOK_DIR in integration tests.
* Fix config conflict in ansible integration test.
* add adhoc default collection test
* text-ify warning string
* mysql_replication: add connection_name param for MariaDB multi source support
* mysql_replication: add connection_name param for MariaDB multi source support, add changelog
* add ANSIBLE_PLAYBOOK_DIR envvar support
* allows `ANSIBLE_PLAYBOOK_DIR` envvar as a fallback on CLI types that support `--playbook-dir`. This should have been implemented with #59464, but was missed due to an oversight.
* added basic integration test
* make first-class PLAYBOOK_DIR config entry
* update changelog
Newer versions of ssh-keygen create PEM keys that are not recognized by Paramiko.
Now ansible-test compensates for this by updating they keys it generates so Paramiko will recognize them.
Previously the temporary directory used to run integration tests resided under the user's home directory. This prevented ansible-playbook from detecting the default collection when running tests.
Now the temporary directory is created within the collection to facilitate default collection detection.
This change effectively filters out any network interfaces which were
not explicitly configured for the guest. This fixes some unexpected behaviour where a machine with multiple IP addresses (for example, when Docker is installed, an internal IPv4 interface is added to
communicate with the container) would show one of the internal
addresses in the 'ipv4' field, but then no other information about the
corresponding hardware interface.
This fixes test errors related to failures copying temporary test results files from a remote system back to the local system.
It also speeds up processing of test results and reduces network utilization by avoiding the temporary files.
* Specifying IP addresses needs API version 1.22 or newer.
* Simplify code.
* Use IPAMConfig.IPv*Address instead of IPAddress and GlobalIPv6Address.
* Add changelog.
* Fix syntax errors.
* Add integration test.
* Don't rely on netaddr.
* Normalize IPv6 addresses before comparison.
* Install netaddr, and use it.
Using a regular recursive resolver to lookup the zone name might not
work when the zone in question belong to a private/internal
domain. The authoritative server being used on the other hand will
definitely know about the zone(s) it's serving.
This approach is also consistent with the nsupdate module already
querying the specified authoritative server for TTL values.
The reason for the implementation having to loop until finding a
direct match is to account for different SOA responses triggered by
CNAMEs and DNAMEs. The previously used `dns.resolver.zone_for_name()`
function does the same.
Resolves#62052
* support creating an image from a volume
* leave filename/volume optional
* enforce volume/filename mutual exclusivity
* bump version_added to 2.10 for volume option
* add changelog fragment
Running from an installed version of ansible-test now results in tests using a dedicated directory for PYTHONPATH instead of using the site-packages directory where ansible is installed.
This provides consistency with tests running from source, which already used a dedicated directory.
Resolves https://github.com/ansible/ansible/issues/62716
* fix get_nc_next.
* add a changelog fragment.
* upadte for changelgo fragment.
* merge two prs, one depens another.
* merge two prs, one depens another.
* update changelog.
* iam_role: Add support for managing MaxSessionDuration
* iam_role: Add support for deleting the IAM Instance Profiles we created
* iam_role: migrate all boto failures to fail_json_aws for consistency
* iam_role: test validity of path so we can throw a more understandable error
* iam_role: (integration tests) Split iam_role integration tests from sts_assume_role tests
- Make the iam_role tests more comprehensive
- Add tests for iam_role_info
* iam_role: (integration tests) Make some of our pauses optional
If the tests appear to be flakey we may need to enable standard_pauses
Improve tests
- add more unit test cases
- add specific integration test with more cases
Testing shows no major downside to calling .strip() twice in a comprehension vs. using a regular for loop and only calling .strip() once. Going with the comprehension for ease of maintenance and because comprehensions are optimized in CPython.
when creating or deleting an object (e.g. via an API), before/after can
be `None` (or at least represented as such by the used library). to
avoid modules havig to do
diff={'before': before or '', 'after': after or ''}
let's just convert `None` to an empty string that can be diffed properly
* Add a representer for AnsibleUnsafeBytes
* changelog
* Add unit tests
Remove native string test until we have time to evaluate how this the function should work
Add non-ASCII characters to test cases
* Compare to the string on Python 2
Add a comment in the test about this behavior
* Ensure k8s apply works with check mode
Update the new predicted object with fields from the previous object
before applying in check mode
Don't log output of `file` with `state: absent` on huge virtualenvs!
Fixes#60510
* Use openshift client fix to improve apply for check mode
Use new apply_object method to get a better approximation
of the expected object in check mode.
Requires released upgrade to openshift
* Add changelog fragment for k8s apply check mode fix
* Update changelogs/fragments/60510-k8s-apply-check-mode.yml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fix plugin names for collection plugins.
Add an integration test to verify plugin __name__ is correct for collection plugins.
* Fix collection loader PEP 302 compliance.
The `find_module` function now returns `None` if the module cannot be found. Previously it would return `self` for modules which did not exist.
Returning a loader from `find_module` which cannot find the module will result in import errors on Python 2.x when using implicit relative imports.
* add changelog
* sanity/units/merge fixes
In some remote environments, the `crontab` executable is
overloaded with a custom executable, which typically does
some pre/post processing before forwarding to crontab.
Instead of using the hardcoded `/usr/bin/crontab`, this uses
the `get_bin_path` utility to locate the default crontab executable.
* ce_bgp_neighbor_af: fix a typo in module's parameter
* ce_bgp_neighbor_af: fix a typo in module's parameter, add version_added and changelog
* ce_bgp_neighbor_af: fix a typo in module's parameter, add aliase
* Support large folder size comparisons for win_find
Changed [int] to [int64] to support larger folders. Otherwise module fails as soon as a large folder is encountered.
* Create 58466-FIX_win_find-Bug-Get-FileStat_fails_on_large_files.yml
The documentation links are now displayed when running from an install.
Previously the links were only displayed when running from source.
This was due to ansible-test checking for the presence of documentation files locally, which are only present when running from source.
The check is no longer necessary since there is a sanity test in place to enforce the presence of documentation for all sanity tests.
Following module used internal results key as part of return json, this commit
changes this to appropriate values -
* vmware_datastore_maintenancemode.py
* vmware_host_kernel_manager.py
* vmware_host_ntp.py
* vmware_host_service_manager.py
* vmware_tag.py
Fixes: #62083
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* ansible-galaxy - add config to control the display wheel
* Fix changelog and make test more stable
* Don't use display thread at all if progress wheel isn't being shown
The default behavior of the ansible-test vcenter plugin is to use the govcsim container to run tests.
However, unless the govcsim mode was specified using the VMWARE_TEST_PLATFORM environment variable, the filter code would skip the tests unless the tests ran on Shippable or the user had an ansible-core-ci key.
Now the filter correctly recognizes that govcsim is the default.
* Fix location of unit test requirements.
* Preserve ansible-test unit test requirements.
* Remove redundant unit test requirements.
* Fix location of network test requirements.
* Preserve ansible-test network test requirements.
* Remove redundant network test requirements.
* Add missing ordereddict requirements.
* Load collection requirements correctly.
* Add changelog fragment.
* luks_device.py: allow the user create LUKS based on specific versions
- Allow user pass an option 'type' that explicits define the version of LUKS
container that will be created. It should be 'luks1' or 'luks2' format.
- If 'label' option is defined the 'type' option will be 'luks2' independently
of the option 'type' informed by user. (labels NEED luks2 format)
Fixes: #58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* added the changelog fragment
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* luks_device.py: make it fail in certain conditions
- Not allow user especify luks1 type and label at the same playbook
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* Pika v1.0.0 and above were causing issues for publish_message. Updated
to ensure publish_message works with pika 0.13.1 and 1.0.0 and above.
* Adding changelog fragment for rabbitmq_publish fix.
* Updating return value.
* In pika v1.0.0 BlockingChannel.is_closing was removed. Updating
plugin accordingly.
Ref: https://github.com/pika/pika/pull/1034
* Adding change fragment for is_closing bug.
* Updated change fragment description.
Use hostnamectl command to get current hostname for host while using
systemd strategy.
Fixes: #59438
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Creating a virtual environment using `venv` when running in a virtual environment created by `virtualenv` results in a copy of the original virtual environment instead of creation of a new one.
To work around this, `ansible-test` now identifies when it is running in a `virtualenv` created virtual environment and uses the real Python interpreter to create the `venv` virtual environment.
* AWS ec2_vpc_net: Enable ipv6 CIDR assignment
Enable IPv6 CIDRs in ec2_vpc_net, and fix ec2_vpc_subnet tests that
were depending on the aws cli for CIDR assignment.
Related to: #27800
The `test/results/` directory for Ansible test output was already ignored when not using git.
When Ansible Collections were switched to `tests/output/` the ignore entry was previously overlooked.
* Fix ansible-doc traceback for removed modules.
This avoids tracebacks with errors like the following when a module has been removed:
module module_name missing documentation (or could not parse documentation): 'NoneType' object does not support item assignment
* Fix ansible-doc sanity test warning handling.
Warnings about removed modules/plugins on stderr are now properly ignored.
Previously an ansible-doc error could result in unrelated errors going undetected because tests were stopped early and the underlying error was ignored.
* Fix ansible-test venv activation.
When using the ansible-test --venv option, an execv wrapper for each python interpreter is now used instead of a symbolic link.
* Fix ansible-test execv wrapper generation.
Use the currently running Python interpreter for the shebang in the execv wrapper instead of the selected interpreter.
This allows the wrapper to work when the selected interpreter is a script instead of a binary.
* Fix ansible-test sanity requirements install.
When running sanity tests on multiple Python versions, install requirements for all versions used instead of only the default version.
* Fix ansible-test --venv when installed.
When running ansible-test from an install, the --venv delegation option needs to make sure the ansible-test code is available in the created virtual environment.
Exposing system site packages does not work because the virtual environment may be for a different Python version than the one on which ansible-test is installed.
* Allow the use of _paramiko_conn even if the connection hasn't been started.
I'm not sure what the benefit is of Noneing paramiko_conn on close, but will keep for now
* Fix test
* Try to fix up net_put & net_get
* Add changelog
Python < 2.7.9 does not have the ssl.SSLContext attribute.
ssl.SSLContext is only required when we want to validate the SSL
connection. If `validate_certs` is false, we don't initialize the
`ssl_context` variable.
Add unit-test coverage and a little refactoring:
- avoid the use of `mocker`, when we can push `monkeypatch` which is
`pytest`'s default.
- use `mock.Mocker()` when possible
closes: #57072
* module_utils/ec2: (unit tests) Move unit tests for module_utils/ec2.py into test/units/module_utils
- compare_policies was refactored from s3_bucket
- "ec2_utils" doesn't seem to have ever existed
* module_utils/ec2: (unit tests) Add unit test for comparing quoted and unquoted bools and numbers within policies
As per https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
"Values are enclosed in quotation marks. Quotation marks are optional for numeric
and Boolean values."
* module_utils/ec2: Explicitly convert bools and ints to strings when comparing policies
See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
* Fixes to ecs_certificate cert chain for #61738
* Added changelog fragment
* Fixes to ecs_certificate for cleaner join, and better integration test
* Fix integration test formatting
* End cert chain with a \n
* Update changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update main.yml
* compare list of dicts
* update example for dhcp_server_opts to include ip_version which is automatically added by openstack
* add note about dhcp_server_opts
* add changelog fragment
* fix forgotten exception+pass
* no need to excplicitly check for None
* fix oops
* fix import error
* missed missing_required_lib
* changelog fragment formatting and grammar fixes
* update requirements in documentation and fix spelling
* Update AWS hacking policy to enable ASG Tagging management
* aws_asg: Add tests for ASG Tagging (including idempotency)
* aws_asg: ignore sort order when comparing tags on the ASG (fix idempotency)
* ec2_asg: (integration tests) test for idempotency when managing metrics collection
* ec2_asg: sort list of enabled metrics to ensure clean comparisons.
* Fix ansible-connection persist after playbook run issue
* PR https://github.com/ansible/ansible/pull/59153 to add support
for delaying the ansible-connection added an old issue of
ansible-connection persisting even after playbook run is finished
till either command timeout or connect timeout is triggered.
ansible-connection persist after playbook execution is done
and also delays the connection initilization untill a method
in invoked from module side on the connection object.
* Add chanegelog
* fix erroneous failures in docker_compose due to deprecation warnings from docker (#60961)
* Update error handling to work with new method of capturing output
Co-Authored-By: Felix Fontein <felix@fontein.de>
* update error handling
* fix syntax error
* fix indentation
* fix indentation (again)
* remove erroneous line
On OpenBSD, 13 asterisk characters as a password hash, marks the
account as disabled. Otherwise daily(8) script which executes
security(8) will email operator about not properly locked accounts.
Before the diff, we see following warning:
> [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
After the diff, warning is gone.
* luks_device.py: Allow manipulate LUKS containers with label or UUID
- Allow create a LUKS2 container format with label support
- Allow manipulate (open, close, modify) an LUKS container based on
both label (LUKS2 format) or UUID instead of using devices only.
Fixes: #58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* test_luks_device.py: organizing tests to support labels
- Add label on some tests and fix errors reported by Shippable
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* luks_device.py: adjusting versions and messages
- Modifying version_added from 2.9 to 2.10
- Fixing some messages
- Created a changelog fragment
- Moving blkid from scope
Fixes#58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* Update DevOps AWS policy
- Fix typos in permission names
- While AWS claims you can use 'arn:aws:codecommit:*' it errors unless you use '*'
* aws_codecommit: (integration tests) Migrate to module_defaults
* aws_codecommit: (integration tests) Fix integration tests
* aws_codecommit: (integration tests) Add tests for updating the description
* aws_codecommit: Add support for updating the description and rename "comment" option to "description"
* Cleanups and version bumping for 2.10
* Fix changelog url now that stable has been branched
* Fix the lenth of the porting guide title now that the version is two digits
The `git submodule status` command is relative to the current git repository by default.
When running from a repository subdirectory paths can be returned above the current directory.
Specifying the current directory with `git submodule status` avoids listing submodules above that directory.
This will fix issues when testing a collection that is rooted below the repository root when that repository uses submodules.
* default collection support
* playbooks run from inside a registered collection will set that collection as the first item in the search order (as will all non-collection roles)
* this allows easy migration of runme.sh style playbook/role integration tests to collections without the playbooks/roles needing to know the name of their enclosing collection
* disable default collection test under Windows
* enable collection search for role dependencies
* unqualified role deps in collection-hosted roles will first search the containing collection
* if the calling role has specified a collections search list in metadata, it will be appended to the search order for unqualified role deps
* disable cycle detection unit test
* failing on 3.7+, needs proper cycle detection
* see #61527
* play, block, task: New attribute forks
With this it is possible to limit the number of concurrent task runs.
forks can now be used in play, block and task. If forks is set in different
levels in the chain, then the smallest value will be used for the task.
The attribute has been added to the Base class as a list to easily provide
all the values that have been set in the different levels of the chain.
A warning has been added because of the conflict with run_once. forks will
be ignored in this case.
The forks limitation in StrategyBase._queue_task is not used for the free
strategy.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Handle forks in free strategy
The forks attribute for the free strategy is handled in run in the free
StrategyModule. This is dony by counting the amount of tasks where the uuid
is the same as the current task, that should be queued next. If this amount
is bigger or equal to the forks attribute from the chain (task, block,
play), then it will be skipped to the next host. Like it is also done with
blocked_hosts.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Test cases for forks with linear and free strategy
With ansible_python_interpreter defined in inventory file using
ansible_playbook_python.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Changing forks keyword to throttle and adding some more docs
* default collection support
* playbooks run from inside a registered collection will set that collection as the first item in the search order (as will all non-collection roles)
* this allows easy migration of runme.sh style playbook/role integration tests to collections without the playbooks/roles needing to know the name of their enclosing collection
* ignore bogus sanity error
* filed #61460
* fixed task unit test failure
* don't append an empty collections list to the ds
* ignore leftover local_action in mod_args ds action parsing
* fix async_extra_data test to not require ssh and bogus locale
* disable default collection test under Windows
* ensure collection location FS code is always bytes
* add changelog
* Fix TypeError in ec2_group.py for Python3 when sorting dictionary list
* Using json.loads() and dumps() to replace sorting
* Bug fixes for ec2_group.py
* Dictionaries cannot be compared/sorted in Python3
* Diff will occur when the IpPermissions have the same IpRanges but have different ordering
* 'before' will be sorted by 'Type' with high priority than 'IP', but 'boto3.describe_security_groups()' function cannot get 'Type' from Amazon
* Add some basic diff mode testing to exercise the rule-sorting code
* Change collection PS util import pattern
* Add changes for py2 compat
* fix up regex and doc errors
* fix up import analysis
* Sanity fix for 2.6 CI workers
* Get collection util path for coverage collection
* Rename OneView _facts modules -> _info
* Adjust PR #.
* Forgot to update test names.
* Remove superfluous blank line.
* Some more things from review.
* Initial commit for rate limiting
- Detects if error code is 429
- Pauses for random time between .5 and 5 seconds before retrying
- If it fails 10 times, give up and tell user
* Redo structure of request() to support rate limiting
* Hold down timer is now a sliding scale
- 3 * number of retries
- Fails after the 30 second wait
* Whitespace fixes
* Redo implementation using decorators
- Errors aren't tested but code works for regular calls
* Unit tests work for error handling
* Add integration tests for successful retries
* Add condition for 502 errors and retry
* Move _error_report out of the class
* PEP8 fixes
* Add changelog entry
* Template value of debugger and then check for validity
* Removed if/else and forcing failure on undefined as per comments
* Added changelog
* changed colon to brackets so it appears as a string
* aws_kms: (integration tests) Test updating a key by ID rather than just my alias
* aws_kms: (integration tests) Test deletion of non-existent and keys that are already marked for deletion
* aws_kms: Ensure we can perform actions on a specific key_id rather than just aliases
In the process switch over to using get_key_details rather than listing all keys.
* aws_kms: When updating keys use the ARN rather than just the ID.
This is important when working with cross-account trusts.
* Handle multiple Content-Type headers correctly
Avoids situations where mulitple Content-Type headers including charset information can result in errors like
```
LookupError: unknown encoding: UTF-8, text/html
```
* Account for multiple conflicting values for content-type and charset
* Add changelog fragment
* Renaming `onepassword_facts` to `onepassword_info`.
* Update module examples.
* Add changelog fragment.
* Add module rename to the 2.9 porting guide.
* Document the parameter types in the module docs.
* Fix incorrect parameter name.
* Update docs/docsite/rst/porting_guides/porting_guide_2.9.rst
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Remove `onepassword_facts` as it has been renamed to `onepassword_info` including fixes for the sanity tests.
* Add support for SubjectKeyIdentifier and AuthorityKeyIdentifier to _info modules.
* Adding SubjectKeyIdentifier and AuthorityKeyIdentifier support to openssl_certificate and openssl_csr.
* Fix type of authority_cert_issuer.
* Add basic tests.
* Add changelog.
* Added proper tests for _info modules.
* Fix docs bug.
* Make sure new features are only used when cryptography backend for openssl_csr is available.
* Work around jinja2 being too old on some CI hosts.
* Add tests for openssl_csr.
* Add openssl_certificate tests.
* Fix idempotence test.
* Move one level up.
* Add ownca_create_authority_key_identifier option.
* Add ownca_create_authority_key_identifier option.
* Add idempotency check.
* Apparently the function call expected different args for cryptography < 2.7.
* Fix copy'n'paste errors and typos.
* string -> general name.
* Add disclaimer.
* Implement always_create / create_if_not_provided / never_create for openssl_certificate.
* Update changelog and porting guide.
* Add comments for defaults.
* aws_kms: (integration tests) Use module_defaults to reduce the copy and paste
* aws_kms: (integration tests) make sure policy option functions.
* aws_kms: (integration tests) Move iam_role creation to start of playbook.
iam_roles aren't fully created when iam_role completes, there's a delay on the Amazon side before they're fully recognised.
* aws_kms: Update policy on existing keys (when passed)
* iam_password_policy: (integration tests) Use module defaults for AWS connection details
* iam_password_policy: (integration tests) Ensure the policy is removed when tests fail
* iam_password_policy: (integration tests) Add regression test for #59102
* iam_password_policy: Only return changed when the policy changes.
* iam_password_policy: PasswordReusePrevention must be omitted to remove/set to 0
* #60930 add changelog
* Update hacking AWS security policy to allow testing of Password Policy Management
* Rename hcloud_datacenter_facts to hcloud_datacenter_info
* Rename hcloud_location_facts to hcloud_location_info
* Rename hcloud_image_facts to hcloud_image_info
* Rename hcloud_floating_ip_facts to hcloud_floating_ip_info
* Rename hcloud_server_type_facts to hcloud_server_type_info
* Rename hcloud_server_facts to hcloud_server_info
* Rename hcloud_ssh_key_facts to hcloud_ssh_key_info
* Rename hcloud_volume_facts to hcloud_volume_info
* Fix typo in hcloud_image_info
* Add to porting guide and add changelog fragment
* Reword porting guide
* add subdir support to collection loading
* collections may now load plugins from subdirs under a plugin type or roles dir, eg `ns.coll.subdir1.subdir2.myrole`->ns.coll's roles/subdir1/subdir2/myrole, `ns.coll.subdir1.mymodule`->ns.coll's plugins/modules/subdir1/mymodule.py
* centralize parsing/validation in AnsibleCollectionRef class
* fix issues loading Jinja2 plugins from multiple sources
* resolves#59462, #59890,
* sanity test fixes
* string fixes
* add changelog entry
* Warn when transforming constructed groups
The `keyed_groups` field has used sanitization since 2.6, but `groups` only started doing so in 2.8.
This adds a warning for the change in behavior.
* changelog
Preserve tag key case by only calling camel_dict_to_snake_dict once,
before the tags are added.
Don't call assert_policy_shape as it seems to fail
Use aws_caller_info in the test suite now that it exists rather
than running `aws sts get_caller_identity`
Ensure that calls using `grant_types` can also use key aliases
* aws_kms: Rename various policy manipulation options to reduce confusion
AWS KMS now has the concept of issuing a 'grant', which is independent
of the policy attached to a key. Rename the following options to make
it clearer that the operate on the CMK Policy *not* on CMK Grants
* aws_kms: don't just rename grant_types/mode, deprecate them too.
* Make win_domain_user idempotent for passwordchanges
* Add changelog fragment
* Use test-credentials function from win_user.
* Split domain from username
* Update win_domain_user.ps1
* Fix ci
* Update win_domain_user.ps1
Fix ci
* Implement review
* Logic cleanup and remove securestring
* Fix typo
* fix syntax
fix syntax
* Use AD object instead of user input as requested by review
* migrate to Ansible.AccessToken
* Add support for passing networks as dicts
* Add function to compare a list of different objects
* Handle comparing falsy values to missing values
* Pass docker versions to Service
* Move can_update_networks to Service class
* Pass Networks in TaskTemplate when supported
* Remove weird __str__
* Add networks integration tests
* Add unit tests
* Add example
* Add changelog fragment
* Make sure that network options are clean
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Set networks elements as raw in arg spec
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fix wrong variable naming
* Check for network options that are not valid
* Only check for None options
* Validate that aliases is a list
* Addition of entrust provider to openssl_certificate module
* Fix native return values of error messages and JSON response.
* Documentation and syntax fixes per ansibot.
* Refactored structure of for loop due to ansible test failures in python 2.6
* Remove OCSP functionality for inclusion in possible seperate future pull request.
* Remove reissue support.
* Indicate the entrust parameters are specific to entrust.
* Comment fixes to make it clear module_utils request is used.
* Fixes to not_after documentation
* Response to pull request comments and cleanup of error handling for bad connections to properly use the 'six' HttpError for compatibility with both Python 2/3 underlying url libraries.
* pep8/pycodestyle fixes.
* Added code fragment and response to comments.
* Update license to simplified BSD
* Fixed botmeta typo
* Include license text in api.yml
* Remove unsupported certificate types, and always submit an explicit organization to match organization in CSR
* Fix documentation misquote, add expired to a comment, and fix path check timing.
* Update changelogs/fragments/59272-support-for-entrust-provider-in-openssl_certificate_module.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Add cryptography backend for get_certificate.
* Add changelog.
* Use short names (if possible).
* Adjust version (to behave as pyOpenSSL).
* Work around bugs (needed for cryptography 1.2.3).
* Don't run cryptography backend tests for CentOS 6.
* Bump cryptography requirement to 1.6 or newer.
Otherwise, signature_algorithm_oid isn't there, either.
* Simplify requirement text.
* CentOS 6 has cryptography 1.9, so we still need to block.
* Add auto-detect test.
* Improve YAML.
* fix: docker_swarm_service does not publish both tcp and udp ports for same published port
* fix the linting problems and add the changelog fragment.
* add test
* modify test to ensure result rather than return value
* Mark logout as changed when docker logout does not return 'Not logged in to '.
* Add changelog.
* Improve logout detection.
* Also return output of 'docker logout'.
* ansible-galaxy tidy up arg parse with better validation
* Add support back in for -v before sub aprser
* Added deprecation warning for manually parsed verbosity
* Adding waiter to cluster remove process
* blank line contains whitespace
* update aws_eks integration test
* Refactor aws_eks test suite to use pip
* update version testing
* missing parens...
* add changelog fragment
* Add waiter to module_utils, fix exception handling.
* Correct EKS waiter checks
* various mod_args fixes
* filter task keywords when parsing actions from task_ds- prevents repeatedly banging on the pluginloader for things we know aren't modules/actions
* clean up module/action error messaging. Death to `no action in task!`- actually list the candidate modules/actions from the task if present.
* remove shadowed_module test
* previous discussion was that this behavior isn't worth the complexity or performance costs in mod_args
* fix/add test, remove module shadow logic
* address review feedback
- Split the key validation to separate private and public.
- In case public key does not exist, recreate it.
- Validate comment of the key.
- In case comment changed, update the private and public keys.
* Improve link handling.
* Also fetch alternate certificate chains.
* Add retrieve_all_alternates option.
* Simplify code.
* Forgot when condition.
* Add tests for retrieve_all_alternates.
* Fixes.
* Moved utility function for link parsing to module_utils.
* Fix grammar.
* Ansible.AccessToken - Added shared util for managing a Windows access token
* Fix tests when running in CI
* More fixes for older servers
* More fixes for Server 2008
If a service is in the 'deactivating' state running systemctl stop foo,
would wait for the foo service to actually stop before it exits. The
module didn't behave like that and it considered the deactivating state
as if the service wasn't running. This change will align the module with
the systemctl behaviour.
* Added several unit tests
* Added documentation for new syspurpose option and suboptions
* Simplified specification of module arguments
* Added new changelog file with fragments
* add npipe support to docker_swarm_service
* add changelog fragment
* tweak changelog fragment formatting
* Update lib/ansible/modules/cloud/docker/docker_swarm_service.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Removed extraneous type check from nagios module, in order to allow python 3.x
* Removed now useless import types
* Added changelog fragment
* Update changelog.
* Rebased and removed check due to module adding earlier guardrails
* Updated changelog to mention earlier fix adding now completely removed guardrails
* Remove superfluous type checks. Fix docs type.
* Update ignore.txt.
* Better cidr_ipv6 validation in ec2_group.py
* Improve warning/error handling, add changelog
* Update unit test for ipv6 validation
* Fix logic that was causing non /128 cidrs with host bits to not be handled
Check if dvswitch object is not None before accessing it's
properties such as UUID. This can be due to two reason
1. Permission issues
2. There is no association between given distributed virtual portgroup
distributed virtual switch
Fixes: #59952
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* [WIP][docker_container] Adding support for `mounts` option
Fixes#42054
* Adjusting to current standards.
* Add changelog.
* Adjust types.
* Cleanup.
* Add idempotency checks for mounts.
* Improve diff for mounts.
* Linting.
* Python 2.6 compatibility.
* Fix error message formatting.
* Move mounts and volumes tests into own file.
* Add set of mount tests.
* Golang's omitempty for bool omits false values.
* Simplify sanity checks. Correct order of volume_options sanitization and usage.
* Fix key.
* Fix check.
* Add tests where both volumes and mounts show up.
* Add collision test.
Only error out if the gid exists with a different group name as
otherwise it will error out if the group with this gid already
exists, like on a rerun of the playbook. This fixes a regression
introduced by 4898b0a4a2.
This commit allows users to access a vCenter or a ESXi through a
HTTP CONNECT based proxy.
To do so, the users have to set the `proxy_host` and `proxy_port`
variables.
The can also use the `VMWARE_PROXY_HOST` and `VMWARE_PROXY_PORT`
environment variables.
This feature depends on pyvmomi > v6.7.1.2018.12.
Fixes: #42221
Co-Author: Abhijeet Kasurde <akasurde@redhat.com>
Co-Author: Gonéri Le Bouder <goneri@redhat.com>
Refactor vmware_cluster into several modules (vmware_cluster, vmware_cluster_drs, vmware_cluster_ha and vmware_cluster_vsan) as discussed in #58023.
vmware_cluster lacks a lot of configuration options for DRS, HA and vSAN. Implementing them
all in vmware_cluster would make the module hard to maintain. Therefore, splitting it into several
modules and implementing the missing configuration options in them seems a good idea to me.
This is step one, refactoring vmware_cluster into several modules. Step two, implementing more
configuration options for DRS, HA and vSAN, will follow.
If the 'local' parameter of the 'user' Ansible module is enabled, and
the user has been found in the local user database, don't emit
a warning, because this is an expected outcome.
Add changelog and integration tests
Co-authored-by: drybed <drybjed@gmail.com>
* Fix py3 decoding issues in cyberarkpassword.py
* Use to_native instead of forced utf-8 decoding
* Use to_bytes to avoid trouble with Popen
* Create 59500-cyberarkpassword-fix-py3-decoding.yaml
* Fixed the redhat_subscription module:
- Option 'pool_ids' works in Python3 now
- It tries to attach only pools IDs that are available
- Optimization of code: do not call list --available, when
no pool is requested
- Simplified configure() method
- Small changes to generate same commands on Python2 and Python3.
Order of arguments/options and pool IDs have to be same to
be able to run unit test using Python2 and Python3.
- Added fragments file for redhat_subscribtion module
* change variable name from isinstance to is_instance (prevent overriding builtin function)
* Added support for:
- Filtering existing Elastic IPs based on a tag name or it's value (when reuse_existing_ip_allowed is true)
- Allocating new Elastic IPs from a given IPv4 pool (BYOIP support)
* yamllint corrections
* added examples for:
- tag_name,
- tag_value
- public_ipv4_pool
* remove aliases
* Added changelog fragment
* added integration tests for ec2_eip module
* removed space to trigger rebuild
* Implements etc_hosts for docker_image module
Allows custom hosts on docker_image module.
The of this option made impossible to use docker_image module to build
images that required a custom hostname in /etc/hosts. For running
containers this option was already present.
While the python-docker API uses extra_hosts term, our existing module
already uses etc_hosts argument, so it sounds better to have some
consistency between docker_container and docker_image.
Fixes: #59233
* Update test/integration/targets/docker_image/files/EtcHostsDockerfile
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update lib/ansible/modules/cloud/docker/docker_image.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/docker_image_etc_hosts.yml
Co-Authored-By: Felix Fontein <felix@fontein.de>
Previously if `sysctl_set=no` (which is the default) this module only
checked for changes in the sysctl.conf file to decide whether it should
reload it or not. This means that if the values in the conf file are the
same as they are set with the module, but the current values on the
system are different, that this module wouldn't apply the changes on the
system and thus the value set with the module wouldn't be applied on the
OS. This isn't obvious and it doesn't make sense that the module works
like that by default, especially because there is a separate option
`reload`. Now sysctl will also check if the current value differs on the
system and if it does, it will reload the file again.
Commit b7724fdf85
appears to have caused a regression, where `ip4`, `gw4`, `ip6`, `gw6`
were converted to `ipv4.address`, `ipv4.gateway` etc.
This causes bootproto (or `ipv4.method`) to remain `dhcp`, as noted in https://github.com/ansible/ansible/issues/36615
This commit only reverts the key-value pairs to the original names,
which is in line with both expectation (manual ip addr == no dhcp) and
the language used in the playbook, which is, for example, "ip4" not
"ipv4.address"
Co-authored-by: Stuart Pollock <spollock@pivotal.io>
Co-authored-by: Tyler Ramer <tramer@pivotal.io>
vmware_guest accepts 0MB as valid value for memory reservation in
virtual machine hardware configuration. This fixes the regression
introduced via 193f69064f.
Fixes: #59190
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Print warning when both an option and its alias is specified.
* Improve output.
* Put warnings into self._warnings directly, resp. use self.warn() when handling subspecs.
* Add changelog.
* Add unit test.
* Added support to create/delete mulitiple databases in MySQL
Fixes: #58370
* Added additional tests cases and fixed documentation changes
* Code refactoring and added tests for better test coverage
- Removed db_exists usage from most of the code. Used existence_list
and non_existence_list instead
- Added additional tests to cover all scenarios w.r.t creation and deletion
on multiple databases
- Added tests for dump operations
* Minor fix
* Minor fix - create check mode test
* Added dump tests for better dump tests coverage
* Removed minor database connection details
* fixed error
* Added test case for import operations
* Code refactoring and review fixes
- Added dump all test case
* Fixed review comments
* Minor review comment fixes
* Altered db_create return value
* Removed db_list and altered "does exist" to just "exist"
* Kept db and db_list in module.exit_json
* Refactored tests
- Added removal of dump2 file
* Moved import tests to state_dump_import file
* Removed import tests from multi_db_create_delete
* Updated porting guide, added RETURN block
* Minor identation fix
* Added validation to check if databases are dumped
* Create a user home directory if it has parents that do not exist
The useradd command line tool does not create parent directories. Check if the specified home path has parents that do not exist. If so, create them prior to running useradd, then set the proper permission on the created directory.
Add tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Use dict for default user group in tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Fix tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* The description has been replaced with proxy_password and proxy_username.
* Rename 59068-fix doc for yum_repository.py to 59068-fix_doc_for_yum_repository.yml
* cosmetic: Remove useless call to ec2_argument_spec()
* aws_s3: Improve ETag handling
* Extract ETag calculation into a utility function for reuse by
aws_s3_sync.
* Reduce code duplication in put/get by restructuring the logic
* Only calculate ETag when overwrite == different
* Fail gracefully when overwrite == different and MD5 isn't available
(e.g. due to FIPS-140-2).
* aws_s3: clean up integration tests
Clean up tests, add tests for overwrite settings in both directions.
* ansible-galaxy: add collection init sub command
* Fix changelog and other sanity issues
* Slim down skeleton structure, fix encoding issue on template
* Fix doc generation code to include sub commands
* Added build step
* Tidy up the build action
* Fixed up doc changes and slight testing tweaks
* Re-organise tests to use pytest
* Added publish step and fixed up issues after working with Galaxy
* Unit test improvments
* Fix unit test on 3.5
* Add remaining build tests
* Test fixes, make the integration tests clearer to debug on failures
* Removed unicode name tests until I've got further clarification
* Added publish unit tests
* Change expected length value
* Added collection install steps, tests forthcoming
* Added unit tests for collection install entrypoint
* Added some more tests for collection install
* follow proper encoding rules and added more tests
* Add remaining tests
* tidied up tests and code based on review
* exclude pre-release versions from galaxy API
* Handles:
PSAvoidTrailingWhitespace
PSAvoidGlobalVars
PSAvoidAssignmentToAutomaticVariable
PSAvoidUsingCmdletAliases
PSAvoidUsingWriteHost
PSUseDeclaredVarsMoreThanAssignments
PSUsePSCredentialType
PSAvoidUsingPositionalParameters
PSAvoidUsingEmptyCatchBlock
PSAvoidUsingWMICmdlet
Replaced Write-Host with Write-Output
Added smart reboot check for win_domain feature installation
Modify the Creation of the pagefileto fit to CIM
Changelog fragment addition
Ignore.txt without fixes
* Changes after community reviews
* Change Out-Null to '> $null'
* Fixes after jborean93 comments
* Test
* Revert "Test"
This reverts commit 35c5c0648fa9d2868a18094d84954e53ffa28880.
* Removed all > $null since they broke the module since the output got dumped
* run test again
* Revert "run test again"
This reverts commit 80eaf07143f9d8cb0116cbbc68a6a69c0ace840c.
* Changes after community review
* ignore PSUseDeclaredVarsMoreThanAssignments that are on a diffrent PR
* CI failed on extra line in ignore.txt
* Review changes
* PSlint errors
* Trail space
* send to null breaks the tests for Set-Workgroup
* Lint stuff
* win_domain_user issue of indent.
* Update win_domain_user.ps1
* Update win_domain_membership.ps1
* Fix redirect to null
* lint space issue
* removed return from set-workgroup
* removed send to null
* Add purge_tags to s3_bucket to allow preservation of existing tags
Adding `purge_tags` with default `True` to maintain existing behaviour
allows users to set it to `False` to preserve existing tags
Fixes#29366
* s3_bucket: Add further tests and improve tag handling further
Additional tests for purge_tags: False suggested some incorrect
logic and thus further improvements
Increase wait timeout on bucket deletion as it wasn't always completing
in the default 100 seconds
* win_domain_user - MAke the query user try catch block more accurate for missing identity
* change to minor_changes
* Update win_domain_user-make-query-try-catch-accurate.yml
* Update win_domain_user-make-query-try-catch-accurate.yml
* Correct get_option function name and change flags to become_flags
* Remove the '--' from the returned command
* add changelog fragment
* change changelog fragment description
* move the -q argument to machinectl before the shell argument to resolve issues with machinectl v230 (see #56571)
os_quota checks the current quotas for compute, network and volume
services and fails when no volume service is found in the catalog.
Since openstack test deployments without volume services are common,
os_quota shouldn't fail if such service is missing.
This was originally fixed in d31a09ceb7
and later adapted to catch exceptions raised by shade. Since then, this
module moved to using openstacksdk, which doesn't catch the exception
raised by keystoneauth1.
Fixes#41240
In rabbitmq_binding.py the SSL parameters ca_cert, client_cert, client_key were only passed to requests for post requests.
This change updates the DELETE and GET requests to include these parameters as well.
* Fix onepassword lookup plugin crashing on fields with no 'name' or 't' property.
* Fix onepassword_facts module crashing on fields with no 'name' or 't' property.
* Add unit test for onepassword lookup plugin failing on entries without a name.
* Add changelog fragment for onepassword lookup plugin and onepassword_facts module fixes on fields without a name.
* Fix notifying handlers by using an exact match rather than a string subset if listen is text rather than a list
* Enforce better type checking for listeners
* Share code for validating handler listeners
* Add test for handlers without names
* Add test for templating in handlers
* Add test for include_role
* Add a couple notes about 'listen' for handlers
* changelog
* Add a test for handlers without names
* Test templating in handlers
* changelog
* Add some tests for include_role
* Add a couple notes about 'listen' for handlers
* make more sense
* move local function into a class method
* Lookup secret id by name if not set
* Lookup config id by name if not set
* Add changelog fragment
* Remove usage of secret/config_id in examples
* Python 2.6 compat
* Extend secrets and configs tests
Module tracebacks may be reported on stdout instead of stderr when
using some connection plugins. For example, the ssh connection plugin
will report tracebacks on stdout due to use of the -tt option.
This change results in tracebacks being recognized on both stdout
and stderr, instead of the previous behavior of just stderr.
ci_complete
When provided with a wrong password `rabbitmqctl
authenticate_user` returns a non-zero exit code
(65). This seems to be unexpected by the module and
it fails when `update_password` is set to 'always'.
To mitigate this behavior we augment the `_exec`
method by adding a `check_rc` flag (which defaults
to `True`, hence it's backward-compatible) and
override it when we need it (in `check_password`
method to address #56164).
* win_pagefile - Fix idempotency when same settings as current
* Fix tests and code
* Fix problem with system managed
* Fix again systemmanaged detection
* Change check of systemmanged in creation
* Fix readability and wrong flag for test
* openssh_keypair: bugfix make regenerating keypairs via force possible / add invalid file handling
* openssh_keypair: change permissions of read-only file instead of deleting it for regeneration; add changelog fragment
* address review feedbak, refactor
* add integration tests for bigfixes
* linter: fix indent
* fixup integration tests: use force when regenerating an invalid file
* linter: fix indent
* openssh_keypair: address review feedback
* openssh_keypair: fixup, remove backtick
* openssh_keypair: address review feedback
* Only pass 'y' into stdin of ssh-keygen when file exists.
* Allow multiple databases(not all) to be dumped from mysql
Fixes: #56059
* Altered fail message to provide atleast one database name
* Minor grammatical fix
* Fix failing SAN comparison for older cryptography versions due to not implemented __hashh__ functions.
* Fix SAN comparison: IPv6 addresses need to be normalized before comparing strings.
* Add changelog.
* Fix comment.
* Improve error for docker modules when docker-py can't be imported.
* Add changelog.
* Mention platform and Python interpreter in more cases.
* Clarify wording.
* Adjust tests.
* Adjust hostname classes based on output from distro
Corrects the following:
- OpenSUSE Leap
- ArchARM
- Oracle Linux
* Add CoreOS and Clear Linux distributions
Python 3 only allows strings through the config parser. This is fine for
the URL, Username, and Password since these values are required. The CA
File is optional so an empty string is used in leiu of None in the
config dictionary.
* Implement display_ok_hosts and display_skipped_hosts like default callback
* Implement show_custom_stats and display_failed_stderr like default callback
* Fix pep8
* Clarify conditional
* Changelog fragment
* Import from defaults.py per feedback
* Improve general error behavior if a Docker error is not caught.
* Don't die when network doesn't exist.
* Add changelog.
* Make API version always available. Also catch errors when retrieving version.
* Fix error message.
* Adjust fallback error messages.
* ssh: Ensure debug messages are properly converted to text. Fixes#57843
* surrogate_then_replace is default, be less explicit
* We only needed to_text for display, not exceptions
* Change expected config source
* make it conditional
* rename property
* Add changelog fragment
* make it string
* Update changelogs/fragments/57969-docker_container-change-expected-config-source.yml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Initial proposal for new parameter option for response format
- output_version parameter dictates the response key case
- new is snake_case, old is camelCase
- If new, conversion is done at the end of module execution
- This is purely a proposal and not a final draft
* Add support for ANSIBLE_MERAKI_FORMAT env var
- If env var is set to 'camelcase' it will output camelcase
- Otherwise, will default to snakecase
- Added note to documentation fragment
- As of now, all module documentation needs to be updated
* Fix pep8 errors and remove output_version args
* Restructure check in exit_json so it actually works
* Add changelog fragment
* Change output_format to a parameter with env var fallback
- ANSIBLE_MERAKI_FORMAT is the valid env var
- Added documentation
* Convert to camel_dict_to_snake_dict() which is from Ansible
- Fixed integration tests
* Fix yaml lint error
* exit_json camel_case conversion handles no data
- exit_json would fail if data wasn't provided
- Updated 3 integration tests for new naming convention
* convert_camel_to_snake() handles lists and dicts
- The native Ansible method doesn't handle first level lists
- convert_camel_to_snake() acts simply as a wrapper for the method
- There maybe a situation where nested lists are a problem, must test
- Fixed integration tests in some modules
* A few integration test fixes
* Convert response documentation to snake case
* assign a sane default to yum/dnf lock_timeout, in line with cli
Fixes#57189
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix typo in changelog snippet
Signed-off-by: Adam Miller <admiller@redhat.com>
* Updated testcase
* Added check mode support
* Added check for mutual exclusive for Name and UUID
Fixes: #57580
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
To get all instances gcp_compute made a call to the Google API for each
zone separately. Because of this if all zones needed to be queried
fetching hosts lasted 30+ seconds. Now the module will use a single
query that will return all the instances, so the execution should last
just a few seconds.
This commit also suppresses a warning from the google-auth library about
using user credentials because if an Ansible user wants to use user
credentials, there is no need to warn him about it.
* update vxlan
* add a changelog fragment for the PR 57264
* Update 57264-update-vxlan-to-fix-bugs.yml
update for change request
* Update ce_vxlan_vap.py
remove commented codes.
* Improve change reporting for meraki_ssid
- Documentation is more clear about dependencies
- Not all change reports are accurate without new algorithm
- Improved integration tests
* Rename changelog fragment
* Enable all tests in integration tests
- Fix type merging
* Add more integration tests for code coverage
* Update URL creation
* Add support for check mode
* Add diff support
- diff support is based on "have" and "want" data structures.
- Review needs to be done on the diffs for accuracy and usefulness.
- Changed change mode changed responses to be accurate.
* Remove config template based integration tests
* set ovirt disk active default value to True
* disk default activate only when creating
* correct comment syntax
* add changelog
* ovirt disk activate update docs
* Remove usage of global var log_path
* Add changelog and edit ignore.txt
* win_pagefile: not using testPath
* Revert "win_pagefile: not using testPath"
This reverts commit c8bc10234048257414454905e1c860a8f57a3b3f.
* PSLint error
* Update win_domain_membership.ps1
* Update win_domain_controller.ps1
* "setup.ps1" - Change $env:COMPUTERNAME to [System.Net.Dns]::GetHostName(), to support non NETBIOS compliant hostnames
* Change method to base on WMI
* changed ansible_domain to use WMI
* Fixed per review
* Fixed dot stuff
* Revert "Fixed dot stuff"
This reverts commit a1d5be00f1.
* dot stuff
* dot stuff 2.0
* Update setup.ps1
* Wrap this up to go
Folder creation API is only supported by vCenter, specifying
Standalone ESXi system will raise error.
This fix adds an user warning for suggesting this restriction.
Fixes: #49938
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* postgresql_idx: self.__exec_sql -> module_utils.postgres.exec_sql
* postgresql_idx: exec_sql, added a changelog fragment
* postgresql_idx: exec_sql, fix the changelog fragment
* postgresql modules: use postgres.exec_sql instead of __exec_sql methods
* postgresql modules: use exec_sql, added changelog fragment
* Update changelogs/fragments/57674-postgres_modules_use_exec_sql_instead_of_methods.yml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* win_domain_group_membership - Fix missing @extra_vars on Get-ADObject to support dirrent domain and credentials for retrival
* win_domain_group_membership - Fix missing extra_vars on Get-ADObject
* Merge authentication options back into a single field to prevent losing options beyond the first
* Add integration test and changelog
* Fix multiple options for local type connections. Also fix sorting errors between local type connections that lack a src
* Build again because of github problems?
* Add spaces before comments
The extant documentation says that the fingerprint return value is a
single string, but it is currently being returned as a split list.
Convert the returned value to a string as documented, and add some
basic test-case coverage for the return values.
PR #55396
Make Git module support `--valid-pgpkeys` option, which allows
configuring a list of valid PGP fingerprints which are compared with the
used PGP fingerprint if verify_commit is true. This requires
verify_commit to be set to 'yes'.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
* Add support for check mode.
* Add diff support
- Need to analyze diff for accuracy
- Updated check mode changed value
* Improve test coverage
* Remove a duplicate integration test
* Add support for check mode
* Add changelog fragment
* Add diff support
- Fix a few changed status
- Removed auth_key check since that's done in module_utils now
* win_chocolatey - honour version when bootstrapping chocolatey
* skip upgrade all step
* Fix install latest step
* Remove test changes now that Chocolatey is released
* tweak the package version detection
* Fix order for warning on templated conditionals
Fix bare variable warnings when the variable is a boolean
* changelog
* Add tests for cases that should and should not give warnings
If the behavior may change when the default behavior for CONDITIONAL_BARE_VARS becomes False there should be a warning. Boolean type conditionals will not change in behavior so don't warn.
* oops, forgot to add files
* typo
* Allow syslog_json callback options to be set in an Ansible configuration file.
The syslog_json documentation says that it supports options via an Ansible
configuration file. In fact, they can only be specified via environment
variables.
I've updated the module to use the standard "get_options" handling which means
that it can now support options via environment variables *or* the
configuration file.
Options can be set in the configuration file as follows:
```
callback_whitelist = syslog_json
[callback_syslog_json]
syslog_server = localhost
syslog_port = 514
syslog_facility = user
```
* Use the original, documented, names for the modules options.
In the documentation text change syslog_server to server, syslog_port to port
and syslog_facility to facility.
* Add an item to the changelog.
* Update 57232-syslog-json-configuration-options.yml
Fix a YAML syntax error / typo.
* Adding integration test for 127.0.0.1/32 and ::1/128.
* Making sure file is not corrupted when render fails
* Fixes#56430
* Adding changelog for MR 57147/Issue 56430
* Add support for check mode
* Check mode returns proper changed status
- Added is_template_valid()
- Restructured check_mode so it will always return data
- Check mode should show proper changed status
- Code is untested and integration tests need to be expanded
* Fix deleting networks
- Add integration tests for deleting networks
- Refine tests based on changed/unchanged
* Remove one task from integration test
* Add support for disableRemoteStatusPage
- New feature in the Meraki API
- Yes, it's a double negative, I may fix at some point
* Remove double negative
- All disables became enable and logic is reversed
- This isn't yet tested
* Switching computers!!!
* Apply changes to make the logic work, even reversed
* Attempt to fix some formatting errors
* Add documentation fragment
* Fix whitespace
* Add disable_my_meraki back, with deprecation notice
* Edit changelog notice
* Update deprecation version
* Update example to be a block and change deprecation message.
* Remove duplicate delegate_to
* Change deprecation notice.
* Rewrite idempotency check
- Check now operates recursively and works on multiple types
- Order of lists matter
* Remove blank line for lint
* Fixed idempotency checks in meraki_ssid
- New sanitize() method for finding keys unique in compared dicts
- Fixed bug in meraki_ssid where SSID specified by number breaks
- This will require a backport
- Converted ignored_keys from tuple to list
* Made changes required for idempotency
* Add changelog fragment
* Add unidirectional option for testing
* Disable option 1 check
* General fixes for is_update_required testing
- Added commented out debug statements in method
- Fixed ignored_keys modifications
* Remove old commented algorithm
Add check for all policy fields (name, apply_to, pattern, tags,
priority) to have correct changed state. Previosly changed state was
based on policy name only.
* Add support for rabbitmq 3.7
* Fix exec args for rabbitmqctl status
* Add changelog and fix description for Ansible 2.9
* Return results even when the cache is disabled
By default the cache is disabled and so the results of the API call
are not placed in there for the return statement to fetch.
* Always update self._cache to return
* route53_facts: add check mode support
* route53_facts: add changelog fragment mentioning check mode support
* route53_facts: alter changelog fragment type from `minor_changes` to `bugfixes`
* Update changelogs/fragments/56900-route53-facts-check-mode.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* [docker_network] Fix idempotency when using aux_addresses in ipam_config
Mismatch between keys returned by Docker API (AuxilliaryAddresses) vs
expected by Ansible module (aux_addresses) resulted in tasks always
have status 'changed'. The existing code normalizing one set of
keys to another missed this special case where converting
CamelCase to lowercase is not sufficent.
Please see
https://github.com/moby/moby/blob/master/api/types/network/network.go
for reference.
* Correct keywords formatting in changelog file
Co-Authored-By: Felix Fontein <felix@fontein.de>
According to the OpenStack Networking API
the attribute binding:vnic_type of a port is optional.
This change enables the os_port module to handle
binding:vnic_type as optional.
Until now, the module was only able to interact with vcenter. This
commit adds the ability to directly target an ESXi without the
`esxi_hostname` parameter.
- Also return url and update docs for other values to indicate they are only returned on success.
- Add integration tests
- Use info variable for common return values
- Use -1 as default status rather than None. This is lines up with with existing code in urls.py
- Add unit tests to ensure status and url are returned on failure
* Make datacenter as alias and optional
* Add folder param to place datastore cluster in specific folder
* Updated examples
* Updated tests
Fixes: #48010
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add a new "log_folder" option to the log_plays callback plugin.
A a new option for the log_plays callback plugin which allows the user to
control where the callback where creates log files.
The option can be set via the ANSIBLE_LOG_FOLDER environment variable or in the
Ansible configuration file, e.g.:
[callback_log_plays]
log_folder = /path/to/my/log/folder
Ensure `wait_condition`s with `Status: Unknown` actually
complete
Return k8s object after wait rather than k8s object before
wait when object is patched.
* [docker] images: add support for lookup by sha256 digest
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [tests] docker image by digest: work on a minimal test case
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docker] group branch conditions per lookup
Co-Authored-By: Felix Fontein <felix@fontein.de>
* [misc] add a news fragment for the added digest lookup for docker images
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* Allow python_requirements_facts to cope with packages with dashes
```
python_requirements_facts:
dependencies:
- kubernetes-validate
```
should work as expected
* Ensure tests run for python_requirements_facts
* Unchanged requests now return the original data
* Add changelog fragment
* Add integration tests for returned data for meraki_network
* Add integration tests for returned data
* Improve idempoetent output
- Make MX l3 rules always show default rule
- Add integration tests
* Add integration tests for returned data on meraki_network
* Improved idempotency in a few modules and improved tests
* Rewrite much of the execution of meraki_switchport
- Previous versions had problems with idempotency and allowed_vlans
* Modified payload creation
- Parameter map is used
- propsed is created using .copy()
- Much cleaner this way
* Add whitespace for lint
* Add bugfix snippet for changelog
*`vsphere_copy` was only able to interact with a vCenter instance. This
patch change that.
* In addition, it also makes use of the `vmware_argument_spec`.
Co-Authored-By: Abhijeet Kasurde <akasurde@redhat.com>
* fix module defaults
- corrected precedence (specific module > group)
- made into reusable function
- use from gather_facts/service/package to match 'actual module used'
The networking API v2 specification, which is implemented
by openstack neutron, features an optional MTU parameter that
allows operators to specify the value for the maximum
transmission unit value.
All vmware_guest_* module support for use_instance_uuid from Ansible 2.8,
somehow vmware_guest_disk missed from this change.
This fix adds support for use_instance_uuid in vmware_guest_disk.
Fixes: #56021
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
As described in #53385 (and #31759), the docker connection driver did
not support privilege escalation. This commit is a shameless
cut-and-paste of the privilege escalation support from the `local`
connection plugin into the `docker` plugin.
Closes: #53385
* sysctl will now return an error if the value is invalid
sysctl can fail to set a value even if it returns an exit status 0. More
details: https://bugzilla.redhat.com/show_bug.cgi?id=1264080. Because of
this in case of an invalid value or a read-only file system, sysctl
module would return OK, even though it didn't set anything. To be sure
that sysctl correctly applied the changes we also need to check the
output of stderr.
* Run sysctl with LANG=C
Because we are parsing sysctl stderr we need to make sure that errors
are persistent across different system language settings.
* Add changelog fragment for sysctl
* remove deprecated get_md5 from stat
fixes#55309
* removed get_md5 from tests involving stat
* keep get_md5 but hide it
* rst it
* ammended comment
* ws
* added ignore for hidden md5
* Make ansible adhoc work with include_role
Fix logic condition so that include_role works
without
```
ERROR! 'async_val' is not a valid attribute for a IncludeRole
The error appears to be in 'None': line 0, column 0, but may
be elsewhere in the file depending on the exact syntax problem.
(could not open file to display line)
```
* Add include_role test for adhoc
* XenServer: Minor changes and fixes in xenserver_guest
- xenserver_guest module: ignore wait_for_ip_address when
state=absent (fixes#55348). Module docs are updated to reflect this.
- xenserver_guest module: show proper error message when maximum number
of network interfaces is reached and multiple network interfaces are
added at once (fix for changes introduced in #54697).
- xenserver_guest module: fixed a bug in reconfigure() where VM would
be powered off even though check mode is used when reconfiguration
needs VM to be powered off.
* Added changelog fragment
mem_reservation and memory_reservation has redundant implementation.
Combining them together.
Fixes: #54335
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* remove external grep call and parse with python
* use function for repeated code
* use module.get_bin_path() for iscsiutil on HPUX
* some code opt for HPUX
* clean up non-module code, module being defined is a requirement for this code
* import get_bin_path() directly and use without module prefix
* Add integration tests for AIX and HP-UX
* add changelog fragment
* Apply suggestions from code review
Co-Authored-By: mator <matorola@gmail.com>
* Apply suggestions from code review #2
Co-Authored-By: Sam Doran <sdoran@redhat.com>
* Remove strict requirement on executable to exist for get_bin_path() as
it will allow facts gathering to continue without an error. Almost all
other files under facts do not have "required=True" (except 2 files,
which should be probably fixed). And check return value for
get_bin_path() , before run attempt.
* add check for AIX lsattr run_command return code
When `vmware_datastore_facts` does not fine any datastore, it raises an error.
This is not consistent with the other _facts modules. It should just return
an empty list instead.
* Fix loading namespaced doc_fragments
The syntax for specifying a different fragment name was already
using '.' as a separator, so the code needed to be tweaked to
avoid choking on names like `testns.testcoll.fragname` and
`testns.testcoll.fragname.altvar`.
`get_plugin_class()` returns 'docfragment' for the fragment loader;
mangling `subdir` provides consistent alignment with the normal plugin
directory names and avoids needing special handling of plugin types
with 'module' in the name.
* Add changelog entry
* add multi-node manipulation, delete on xpath match only and count capability to win_xml
* fix pep8 and yamllint errors identified by ci tests
* fixed bugs when handling multiple elements, multiple attribute nodes and handling for attribute nodes when using xpaths that only select attributes like //@lang. Added more tests and tweaked documentation.
* fixed line-too-long error
* fixed trailing space errors
* trailing whitespace expunged
* bump version_added to 2.9 for new changes
* fix PSAvoidUsingPositionalParameters sanity check failure
* refix sanity check as it broke the msg return value
* Check variables are defined before using combine filter
* Add tests for the combine filter
* Remove dependencies that should already be installed
* relocate the function to recursively check for undefined vars
add another test
* changelog
* Support using importlib on py>=3 to avoid imp deprecation
* Add changelog fragment
* importlib coverage for py3
* Ansiballz execute should use importlib too
* recursive module_utils finder should utilize importlib too
* don't be dumb
* Fix up units
* Clean up tests
* Prefer importlib.util in plugin loader when available
* insert the module into sys.modules
* 3 before 2 for consistency
* ci_complete
* Address importlib.util.find_spec returning None
* prevents accidental templating on intra-action postprocessing of an untrusted module result
* makes the view of a module result within an action consistent with the way it would be stored for future use (eg facts, register)
* Make module not get all nets every time it's executed with net_id
* Add changelog fragment
* Update changelogs/fragments/meraki_static_route_api_calls.yml
Co-Authored-By: kbreit <kevin.breit@kevinbreit.net>
* Start of migration to argparse
* various fixes and improvements
* Linting fixes
* Test fixes
* Fix vault_password_files
* Add PrependAction for argparse
* A bunch of additional tweak/fixes
* Fix ansible-config tests
* Fix man page generation
* linting fix
* More adhoc pattern fixes
* Add changelog fragment
* Add support for argcomplete
* Enable argcomplete global completion
* Rename PrependAction to PrependListAction to better describe what it does
* Add documentation for installing and configuring argcomplete
* Address rebase issues
* Fix display encoding for vault
* Fix line length
* Address rebase issues
* Handle rebase issues
* Use mutually exclusive group instead of handling manually
* Fix rebase issues
* Address rebase issue
* Update version added for argcomplete support
* -e must be given a value
* ci_complete
-Add: Test cases for ansible_parent_role_names and ansible_parent_role_paths
-Add: ansible_parent_role_names/paths variables for when a role is being included by another role.
Ensure inventory plugin loading rel to play
fixes#51033
* clarify paths
* now adding dirs funciton in loader
* better warnings
* each cli should handle adding dirs depending on context
* Solaris WWN parsing cosmetic fix (commit 924f5b5467)
* simplify module.run_command by removing use_unsafe_shell and remove calling of external grep
* add changelog fragment
* Use module_utils.compat.ipaddress where possible.
* Simplify reverse pointer computation.
* Use dummy for unused variables.
* Remove from ignore list.
* Adjust fix.
* Fix text handling for Python 2.
* Add changelog.
Check return value of FindByInventoryPath API which is used for
finding desired folder to deploy OVF.
Fixes: #54823
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* General test improvements.
* Adjust tests to older docker-py versions.
* docker_swarm_server_info: work around problems with older docker-py versions
* Bump minimal docker-py version for options network_filters and disk_usage.
* More general test improvements.
* Correct usage of docker_image.
* Put files into output directory.
* Speed up test.
* Remove old check.
* Version in deprecate calls should be a string. Fixes#55312. Fixes#55313. Fixes#55314. Fixes#55315. Fixes#55316. Fixes#55317.
* Add changelog fragment
* Add test for generating a CSR with everything, and testing idempotency.
* Proper SAN normalization before comparison.
* Fix check in cryptography backend.
* Convert SANs to text. Update comments.
* Add changelog.
* Warn when log_options values are not strings.
* Add changelog.
* Improve message.
* Improve formatting and formulation of other messages.
* Add test for warning.
* Trying double escaping.
After branch, we do the following tasks:
* Remove all old changelog fragments. The devel tree starts fresh.
* Remove all old generated changelog info (CHANGELOG-v2.8.rst and .changes.yaml)
* Set the new codename and version in release.py
* become mixin is no more
since sudo/su keywords are removed in 2.9 .. no need to keep this code around
* also don't need test for code that is removed
* made preprocess_data on base noop
its not used by anything anymore, but kept for backwards compat since other methods of same name are used
* Extend git commit c65909d6db "Add network fact to obtain FC WWN initiator ports"
adding support of enumerating AIX device WWN ports
$ lsdev -Cc adapter -l fcs*
fcs0 Defined 00-00 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
fcs1 Defined 00-01 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
fcs2 Available 04-00 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
fcs3 Available 04-01 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
$ lscfg -vpl fcs3 | grep 'Network Address'
Network Address.............10000090FA551509
* no self in this code
* Two fixes:
- fix run_command execution, passing 'use_unsafe_shell=True' since we have a pipe in it ( | grep )
if we don't set unsafe shell, it will return error on execution.
- strip new line characters at the end of WWNs.
* fix pep8 , E225 missing whitespace around operator
* use module.get_bin_path() instead of hardcoded values
* move module.get_bin_path() out of for loop
* use python string parsing instead of calling external grep
* use in operator instead of find() for simplicity and readability
* add changelog fragment
* Added idempotency logic to openssl_pkcs12
Also decoupled the 'parse' and 'generate' function from the file write
as they are now used in different places that do not need the file to be
written to disk.
* Added idempotency tests for openssl_pkcs12
Also adds a new test for pkcs12 files with multiple certificates
* Regenerate if parsed file is invalid
* pkcs12_other_certificates check was wrong
* Updated ca_certificates to other_certificates
ca_certificates is left as an alias to other_certificates;
friendlyname depends on private key, so it will be ignored while
checking for idempotency if the pkey is not set;
idempotency check only checks for correct certs in the stack
* use different keys for different certs
* Added other_certificates in module docs
* Added changelog and porting guide
* removed unrelated porting guide entry
* renamed ca_cert* occurrence with other_cert
* facts: correctly detect xen paravirt vs hvm cpuinfo
Fixes#49039
Signed-off-by: Adam Miller <admiller@redhat.com>
* provide default val if we IndexError
Signed-off-by: Adam Miller <admiller@redhat.com>
This reverts commit 85d836171b.
As discussed in WWG IRC meeting, we don't want Get-ADObject to be a dependency of win_domain_membership, and we need to be able to authenticate to the DC in some configs. We can revisit this change a different way for 2.9.
* Force pkg_mgr yum for rhel < 8, dnf for rhel > 8
This solves the scenario in which someone using RHEL or a clone
decides to install dnf, which can break their system in certain ways
under certain scenarios (a dnf bug that's been resolved upstream but
left user systems broken happened recently). Currently Red Hat
provides dnf to RHEL7 in an optional Tech Preview Channel under the
YUM4 branding, as does the CentOS Content Management SIG. There may
be others in the ecosystem I'm not familiar with.
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog
Signed-off-by: Adam Miller <admiller@redhat.com>
* Use six from ansible.module_utils for inventory scripts
Remove skips from sanity test
* Change all imports of ConfigParser to use module_utils.six.moves
* Remove commented out lines
* Fix six imports
* mysql_user: fix MySQL/MariaDB version check
To handle properly user management, version check needed refacto, as well as the query used to get existing password hash
* mysql_user: break long query in multiple lines
* mysql_user: fix query fetch existing password hash
* mysql_user: MariaDB version check 100.2 != 10.2
* mysql_user: fix existing password fetch
In some cases, both columns (Password and authentication_string) may exist and be populated.
In other cases one exist, but not the second.
This fix should handle properly all situations
* mysql_user: break long queries
* mysql_user: refactor duplicated code
* mysql_user: handle updates from root with empty passwd to new passwd
* mysql_user: GC debug statement and readd trailing new line
* mysql_user: fix pep8 under indentation
* mysql_user: fix privileges management
https://github.com/ansible/ansible/pull/45355#issuecomment-428200244
* mysql_user: raise exception if exception caught doesn't match the one that is managed
* mysql_user: improve plugins output (add msg field with explicit informations)
* mysql_user: fix old / new password hash comparison
* mysql_user: fix reference to old MySQLdb lib
* mysql_user: fix cursor when root password is left empty (mysql DB invisible)
* mysql_user: add changelog
* ALL privileges comparison
* fixed blank line
* added mysql 8 fixes
* fixed version compatibility
* mysql_user: fix MySQL/MariaDB version check
To handle properly user management, version check needed refacto, as well as the query used to get existing password hash
* mysql_user: break long query in multiple lines
* mysql_user: fix query fetch existing password hash
* mysql_user: MariaDB version check 100.2 != 10.2
* mysql_user: fix existing password fetch
In some cases, both columns (Password and authentication_string) may exist and be populated.
In other cases one exist, but not the second.
This fix should handle properly all situations
* mysql_user: break long queries
* mysql_user: refactor duplicated code
* mysql_user: handle updates from root with empty passwd to new passwd
* mysql_user: GC debug statement and readd trailing new line
* mysql_user: fix pep8 under indentation
* mysql_user: fix privileges management
https://github.com/ansible/ansible/pull/45355#issuecomment-428200244
* mysql_user: raise exception if exception caught doesn't match the one that is managed
* mysql_user: improve plugins output (add msg field with explicit informations)
* mysql_user: fix old / new password hash comparison
* mysql_user: fix reference to old MySQLdb lib
* mysql_user: fix cursor when root password is left empty (mysql DB invisible)
* mysql_user: add contrib
* Rename changelogs/fragments/45355-mysql_user-fix-versions-compatibilities to add YML extension
- Fixed issue #25017,#37567
- Add example for prompt on launch
- Add integration test for prompt on launch
Signed-off-by: Hideki Saito <saito@fgrep.org>
* updated tests and changelog for 54516
* Handle errors if PG does not support partitioning.
* Check for PG > 10 in tasks
* Show changes for partitioned tables in ansible
* Added documentation in the tests
* Update test/integration/targets/postgresql/tasks/postgresql_privs.yml
Co-Authored-By: raymondroelands <raymondroelands@users.noreply.github.com>
* Update test/integration/targets/postgresql/tasks/postgresql_privs.yml
Co-Authored-By: raymondroelands <raymondroelands@users.noreply.github.com>
* Added check for 0 tables after revoking rights
* Added test and moved tests
Added check mode test and moved test right after the change.
* Rebased postgresql_privs.py
* Correct behavior so that direction isn't required for default.
* Add more tests.
* 'disabled' values cannot be changed.
* Include 'not specified' in messages.
* fix missing attribs with dirct module execution
* also make remote tmp handling smarter
update tests
* set default if attrib does not exist
* add simple test
* Remove default use of paramiko connection plugin on macOS
This fix was originally to work around a bug that caused a kernel panic on macOS
that has since been fixed.
* Remove paramiko from requirements.txt
* Move paramiko checking to common place
* Drop the warnings obfiscation code
* Update pip installation instructions to reflect upstream instructions
* Fix tests on CentOS 6 (Python 2.6) that now show Python deprecation warnings
* Add changelog fragment
The controller's fixup_perms2 uses filesystem acls to make the temporary
file for copy readable by an unprivileged become user. On Python3, the
acls are then copied to the destination filename so we have to remove
them from there.
We can't remove them prior to the copy because we may not have
permission to read the file if the acls are not present. We can't
remove them in atomic_move() because the move function shouldn't know
anything about controller features. We may want to generalize this into
a helper function, though.
Fixes#44412
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
* Return UnlockKey
* Add changelog fragment
* Add method to check if a parameter exists in diffs
* Add method to get swarm unlock key
* Add option unlock_key
* Only return unlock key when created or changed
* Rename difference check
* Extend unlock key example
* Assert that unlock_key is a string
* Fix docker_swarm_info authors
* Don’t silence APIErrors
* Test unlock_key on unlocked swarm
* Catch APIError when retrieving unlock key
* Better return value description
* Lint
* Fix UnlockKey return value documentation
Co-Authored-By: hannseman <hannes@5monkeys.se>
* Get unlock key safely
Co-Authored-By: hannseman <hannes@5monkeys.se>
* Return None on empty UnlockKey
* Assert swarm_unlock_key is undefined if unqueried
* Add documentation about swarm_info unlock_key
* Add change log fragment for unlock_key option
* Revert "Add change log fragment for unlock_key option"
This reverts commit e3cb2325b5.
* Use generator expression instead
* Restart docker more decisively
* Use systemctl kill
Co-Authored-By: hannseman <hannes@5monkeys.se>
* Try to restart docker daemon
* cloudstack: remove choice list for hypervisor param
* cloudstack: streamline network_type with returned value by the API
* cloudstack: remove E326
* add changelog fragment
* win_nssm: rename cmdlets to use approved verbs, rename service name parameters
* win_nssm: improve code style and cmdlets ordering
* win_nssm: always escape all command line parameters with Argv-ToString
fix error when the service name contains quotes
* win_nssm: use Fail-Json instead of exceptions and remove global try/catch
* win_nssm: small refactoring, inline some functions
* win_nssm: refactoring - add a generic cmdlet to idempotently set any nssm service parameter
* win_nssm: refactoring - inline some functions
To make the code more malleable for future changes
* win_nssm: change application, stdout_file and stderr_file options type to path
* win_nssm: deprecates app_parameters, rename app_parameters_free_form to arguments, and add support for list of parameters
* win_nssm: add support of check mode
* win_nssm: add working_directory option
* win_nssm: add display_name and description options
* win_nssm: minor changes
* win_nssm: remove some sanity exclusions
* win_nssm: avoid using aliases and minor style fixes
* win_nssm: doc and ui improvements
* win_nssm: remove sanity exclusions
* win_nssm: minor revision
* win_nssm: deprecates dependencies, start_mode, user and password parameters and some choices of state in favor of win_service
* win_nssm: fix style
* win_nssm: add executable option to specify the location of the NSSM utility
* win_nssm: add missing parameter types
* win_nssm: add diff mode support
* win_nssm: avoid displaying depreciation warning if default value is assigned
* win_nssm: fix variable scope
* win_nssm: use the explicit -LiteralPath parameter name instead of -Path
* win_nssm: fix documentation
* win_nssm: add porting guide entries
* win_nssm: add changelog fragment
* Add support for notes
* Add test for notes
* Device notes changes
- Renamed from notes to note
- Modified tests to work
* Comment device test since it only works once
* Remove assertion stanza and move assertion to existing one
* Add version_added to note documentation
* Converted from tabs to spaces
* Added changelog fragment
* Remove changelog file since it's a feature
* Add changelog fragment
* basic plugin loading working (with many hacks)
* task collections working
* play/block-level collection module/action working
* implement PEP302 loader
* implicit package support (no need for __init.py__ in collections)
* provides future options for secure loading of content that shouldn't execute inside controller (eg, actively ignore __init__.py on content/module paths)
* provide hook for synthetic collection setup (eg ansible.core pseudo-collection for specifying built-in plugins without legacy path, etc)
* synthetic package support
* ansible.core.plugins mapping works, others don't
* synthetic collections working for modules/actions
* fix direct-load legacy
* change base package name to ansible_collections
* note
* collection role loading
* expand paths from installed content root vars
* feature complete?
* rename ansible.core to ansible.builtin
* and various sanity fixes
* sanity tweaks
* unittest fixes
* less grabby error handler on has_plugin
* probably need to replace with a or harden callers
* fix win_ping test
* disable module test with explicit file extension; might be able to support in some scenarios, but can't see any other tests that verify that behavior...
* fix unicode conversion issues on py2
* attempt to keep things working-ish on py2.6
* python2.6 test fun round 2
* rename dirs/configs to "collections"
* add wrapper dir for content-adjacent
* fix pythoncheck to use localhost
* unicode tweaks, native/bytes string prefixing
* rename COLLECTION_PATHS to COLLECTIONS_PATHS
* switch to pathspec
* path handling cleanup
* change expensive `all` back to or chain
* unused import cleanup
* quotes tweak
* use wrapped iter/len in Jinja proxy
* var name expansion
* comment seemingly overcomplicated playbook_paths resolution
* drop unnecessary conditional nesting
* eliminate extraneous local
* zap superfluous validation function
* use slice for rolespec NS assembly
* misc naming/unicode fixes
* collection callback loader asks if valid FQ name instead of just '.'
* switch collection role resolution behavior to be internally `text` as much as possible
* misc fixmes
* to_native in exception constructor
* (slightly) detangle tuple accumulation mess in module_utils __init__ walker
* more misc fixmes
* tighten up action dispatch, add unqualified action test
* rename Collection mixin to CollectionSearch
* (attempt to) avoid potential confusion/conflict with builtin collections, etc
* stale fixmes
* tighten up pluginloader collections determination
* sanity test fixes
* ditch regex escape
* clarify comment
* update default collections paths config entry
* use PATH format instead of list
* skip integration tests on Python 2.6
ci_complete
* Add a force_replace_host flag to win_domain_membership
Satisfies https://github.com/ansible/ansible/issues/53539
* Rework backticks
* Bump version_added
* Check for existence of current hostname as well; use LDAPFilter during search
* Rename $force_replace_host to $allow_existing_computer_account
* Added docs, porting guide and minor nit in code
* Catch all request timeouts for winrm connection
The current implementation only catches 'ConnectTimeout' exceptions.
Instead we should catch 'Timout' which also catches ReadTimeout
exceptions.
Improves on: #51744
Co-Authored-By: westphahl <westphahl@gmail.com>
* Changelog for winrm error handling improvement
* Use locking for concurrent file access
This implements locking to be used for modules that are used for
concurrent file access, like lineinfile or known_hosts.
* Reinstate lock_timeout
This commit includes:
- New file locking infrastructure for modules
- Enable timeout tests
- Madifications to support concurrency with lineinfile
* Rebase, update changelog and tests
We need to specify ansible_python_interpreter to avoid running interpreter discovery and selecting the incorrect interpreter.
Remove the import of lock in known_hosts since it is not used.
* adding (optionally) image information to inventory var
* add boot image mapping to gcp_compute instance data for all disk
image data in the configured zones
Signed-off-by: Adam Miller <admiller@redhat.com>
* start fixing gcp inv plugin
* minor fixes
* added clog
* ajust comments
* link indv zone/project
* separate specific zone/project from other params
* restoring zones query per project
* also work when zones given
* fixed scopes, removed incorrect docs as not option
* Added support for types parameter
- Parameter is used to specify multiple network types
* Fix documentation
* Apply suggestions from code review
Co-Authored-By: kbreit <kevin.breit@kevinbreit.net>
* Reworked type parameter to be a list so types isn't needed
* Re-add tags documentation
* Fix documentation around compatibility
* Convert tags to list from string
* Add changelog fragment
When using before and after in combination, the opposite behavior was induced. This PR makes the the replacement happen between the specified patterns as intended.
* Added integration tests
* Add changelog, porting guide entry, and minor doc fixes
* Removed required_together, updated tests
Since required_together: privatekey_path -> friendly_name, is not always
required it has been removed.
Updated openssl_pkcs12 integration tests to be in line with other
openssl_* modules, and added a test for export with no privatekey_path.
* linter fixes
* Removed cryptography from tests
* Added changelog fragment
* Removed non-necessary select_crypto_backend
* fix AWS plugin credential precedence for environment variables
* Allow aliases in direct plugins options
Consolidate precedence fix just in the doc fragment using aliases for mismatched options
* Access options with the option name rather than alias
* fix indentation
* update unit tests
* Improve readability
* Adding networks_cli_compatible option.
* Move network tests into own test file.
* Extend tests (for networks_cli_compatible=no).
* Adding tests for networks_cli_compatible=yes.
* There seems to be no way to create a container without at least one network attached.
* Integrate networks / purge_networks with comparisons.
* Speed up tests.
* Removing double dot.
* Add changelog.
* Use comparisons value only if the networks option has been specified. purge_networks on the other hand also removes networks if it has not been specified.
* Add write helper.
* Adjust modules (except openssl_certificate).
* Adding tests for mode (with openssl_privatekey).
* Add openssl_certificate support.
* Never, ever remove the output file before actually trying to generate new content for it.
Removal is only allowed when state=absent, or when the object has been regenerated and the result needs to be written to that place.
* Add changelog.
* Extend test.
* New cryptography backend for openssl_certificate
load_* functions in module_utils/crypto.py now have a backend paramter
which when set to 'cryptography' will return cryptography objects so
they can be used for both pyopenssl and cryptography backends.
Added a select_message_digest function too returning a cryptography
digest hash from `cryptography.hazmat.primitives.hashes`
Added new classes for Cryptography backend
* Run test with various backends.
* Prefixing tests.
* Make sure we have the correct backend available.
* Linting (flake8).
* Moved cryptography import to separate try/except
* Make sure certificate is actually valid at some time in the past.
* Improve error handling.
* Trying to fix validation for cryptography backend.
* Fixed issue with keyUsage test in assertonly
* Fixed CI/Lint issues
* Fix private key problem for OwnCA.
* Cryptography backend doesn't support v2 certs.
* issue an expired cert with command when using cryptography backend
* Added warning when backend is auto and v2 cert is requested
* Bumped min cryptography version to 1.6
* Correctly check for failure when backend is cryptography and cert is v2
* Use self.backend where possible
* Use secp521r1 EC when testing on CentOS6
* Fixed pylint issue
* AcmeCertificate support for both backends
* Review fixes
* Fixed missing '(' when raising error
* Fixed date_fmt loop
* Updated docs and requirements with cryptography
* Add openssl_certificate to changelog.
Fixes#40060
* Fix coding style errors
* Use CONNECTION LIMIT (no underscore)
* From review done by amenonsen and bcoca - Set default at None, make the change detection less confusing
* Added EXAMPLE on how to apply a database specific connection limit
* Added some basic tests for conn_limit applied to a database
* Check that conn_limit has actually been set / updated to 200
* Add changelog fragment regarding postgresql_db conn_limit parameter
* cs_volume: add volumes extraction and upload features
* cs_volume: Update doc, remove deprecated code
* cs_volume: Add unit tests for extract and upload features
* Fixes flatpak module to work with flatpak >=1.2.0, fixes#51481
This keeps backwards-compatibility for flatpak versions before 1.2.0
* Fixes typeo
Co-Authored-By: oolongbrothers <oolongbrothers@zeibar.net>
* #50877:
* add support to postgresql_privs to use "FOR { ROLE | USER } target_role"
in "ALTER DEFAULT PRIVILEGES"
* fix sanity errors
* #50877: fix documentation and add a check for correct usage
of target_roles
* #50877: fix missing absent option for default privs with target_role
* #50877: add clear description, when target_roles can be used
* #50877: fix conflicts, formatting, and add a changelog fragment
* #50877: fix sanity error E335
* #50877: swap conditions and fix error to warning msg
* #50877: add tests for default privileges
* #50877: fix tests for default privileges
* #50877: fix tests for default privileges on centos 6
The output of pw.getpwnam() does not distinbuish between local and remote accounts. It will return a result if an account exists locally or in the directory. When local is set to True in the task parameters, look through the local password database explicitly.
* Ensure luseradd is present for tests
* Add docs and warnings about local mode
* Allow parent groups to be variables or literal, requires {{ }}
* Check strict before failing on templating errors
* Don't add a group if an invalid parent group was provided
* avoid using Postgres formatting function
* add tests for ALL FUNCTIONS IN SCHEMA
* documentation and changelog
* requested changes in tests
* fixed changelog
* Add source option.
* Split force parameter into force_source, force_absent and force_tag.
* Move all build-related options into a suboption called build.
* Add changelog.
In pyyaml versions before 5.1 the default_flow_style for yaml.dump
was None. Starting with 5.1 it is now False. This change explicitly
sets the value to None to maintain the original to_yaml behavior.
The change to pyyaml was made in the following commit:
507a464ce6
When user specifies the JUMP value to 'tee', gateway is required.
This fix adds new parameter 'gateway' to support this functionality.
Fixes: #53170
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Adding support for IP identifiers according to https://tools.ietf.org/html/draft-ietf-acme-ip-05.
* Add changelog.
* Make sure that the authorizations return value is unchanged for CSRs with DNS-only SANs.
* Remove unneeded import.
* type -> identifier_type
* Python 2.6 compatibility.
* Fix unit tests.
* Add IP address normalization.
* Extend tests.
* Move data into fixtures.
* Adjust BOTMETA.
function changed to do in place replacement, should be less expensive even with copy as it avoids 'sub copies', can compose with module_args_copy to create replacement for old behavior
attempt to fix#52910
* handle lists and subdicts correctly
* added missing exception case, which was not noticed since 'cleaning' was not working
* added comments to clarify exceptions
* create overridable sanitation function
* now used in aws, gce and azure plugins
* added new option to these plugins to work in conjunction with general toggle to make it easier
to emulate inventory script behavior.
* Don't raise AnsibleConnectionFailure if the ssh_process has already died. Fixes#53487
* Better support for file not found messages
* Add changelog fragment
* changelog
* combine provided variables and host vars inside of constructing groups to take into account composed variables
let composed variables "win"
* fix whitespace
* Allow user to control hash behavior
* Remove dependency to psycopg2 with dump/restore
'dump' and 'restore' state only need pg_dump and pg_restore. These tools
don't use psycopg2 so this change tries to avoid the use of it in these
cases.
The db_exists test was replaced with an error detection when piping to
compression program, using a FIFO file. This effectively reverts #39483,
that was a fix for #39412.
* Fix typo
* Add changelog fragment
* Add note for dump and restore not requiring psycopg2
* Fix YAML syntax
* Update lib/ansible/modules/database/postgresql/postgresql_db.py
Co-Authored-By: Glandos <bugs-github@antipoul.fr>
* Output warnings from docker daemon on container create and update.
* Accept warning for blkio_weight instead of idempotency.
* Value quoting.
* Avoid loop variable conflict.
* Add changelog.
* Make one test case faster.
* Add 'Docker warning: ' prefix.
* Add a generalized warning reporting function.
* Add rollback_config
* Add change log fragment
* Fix broken test
* Actually fix broken tests
* Add rollback_config example
* Default rollback_config as None
* Abort early if rollback_config does not exist
* Add mount options
* Remove mount readonly default
* Fix driver_config test
* Add documentation
* Add changelog fragment
* Properly indent tmpfs_ options
* Use correct service suffix for mount tests
* Check for None value on tmpfs usage check
* Document change of mounts.readonly return key
* Use correct change log type
* Really use correct change log type
* Revert changing mount.readonly to read_only
* Raise OpenSSLBadPassphraseError if passphrase is wrong.
* Improve handling of passphrase errors.
Current behavior for modules is: if passphrase is wrong (or wrongly specified), fail.
Current behavior for openssl_privatekey is: if passphrase is worng (or wrongly specified), regenerate.
* Add changelog.
* Add tests.
* Adjustments for some versions of PyOpenSSL.
* Update lib/ansible/modules/crypto/openssl_certificate.py
Improve text.
Co-Authored-By: felixfontein <felix@fontein.de>
Fixes a bug where parse_distribution_file_ClearLinux() was called on CoreOS (and probably many other distros) and it returned True since it successfully parses the distribution file. Since this file exists on many Linux distributions and they are a very similar format, add an additional check to make sure it is Clear Linux.
Change the order in which distribution files are processed so NA is last. This prevents a match on CoreOS hosts since they also have /etc/os-release and the called matching function for NA is very general and will match CoreOS.
* Add changelog
* Add unit tests
Only add tests for Clear Linux parsing since that was the cause of this issue.
* Support FOREIGN DATA WRAPPER and FOREIGN SERVER in postgresql_privs module
* Added available from note to fdw and fs object types
* Integration tests, examples in documentation
* Complete integration tests
* [docker_image] fix the changed state for tagging and pushing
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docker_image] add tests for (force) tagging and force pushing
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docker_image] add a news fragment for the fixed force tag/push behavior
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* Fix for "AttributeError: 'module' object has no attribute 'cursors'" (#49191) (#1)
* Fix for "AttributeError: 'module' object has no attribute 'cursors'" (#49191)
* Adding changelog fragment for issue #49191 and the following PR.
* Update lib/ansible/module_utils/mysql.py
Co-Authored-By: timorunge <timorunge@users.noreply.github.com>
* Fixed crash with hidden files
added "-force" parameter on "Get-Item" cmdlet. this is needed to get file info if the file is "hidden"
without this option modules like win_file, win_template, win_copy crashes on hidden files. this is because with "test-path" it sees that the file exists, but "get-item" can't get the file info.
for more information on "-force option": https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-item
* Add changelog and integration tests
* fix tests for older Windows versions
* Add dnsrecord_show method for supporting base domain record
* Replace dnsrecord_show with conditional in dnsrecord_find
* Added changelog entry for MX and SRV
Signed-off-by: synical <sjohnsondot@gmail.com>
* Add support for Windows hosts in the SSH connection plugin
* fix Python 2.6 unit test and sanity issues
* fix up connection tests in CI, disable SCP for now
* ensure we don't pollute the existing environment during the test
* Add connection_windows_ssh to classifier
* use test dir for inventory file
* Required powershell as default shell and fix tests
* Remove exlicit become_methods on connection
* clarify console encoding comment
* ignore recent SCP errors in integration tests
* Add cmd shell type and added more tests
* Fix some doc issues
* revises windows faq
* add anchors for windows links
* revises windows setup page
* Update changelogs/fragments/windows-ssh.yaml
Co-Authored-By: jborean93 <jborean93@gmail.com>
* Document and validate mode choices
* Update examples
* Test cpu float values
* Test correct option
* Fix module return sample
* Add secrets and user to module return value
* Order options alphabetically
* Add changelog
* yaml indentation
* Revert "Order options alphabetically"
This reverts commit 51dabccda7.
* Be consistent with choices type
* win_domain: fix issue when running without credential delegation
* Add check for reboot is required to complete role e install
* Fix changelog sanity issue
* removed meta file accidentally committed
* Fix version checks in tests
* Set minimum version to 2.0.2
* Networks can only be updated >= docker-py 2.7
* Constraints require docker-py 2.4.0
* Healthchecks require docker-py 2.6.0
* Properly run tests different docker_py_versions
* Add changelog fragment
* Specify lowest version on placement.constraints
* Fix running new tests on older docker-py
* Handle different hosts formats returned by docker
* FIx test naming
* Quote str options
* secrets options require docker-py 2.4.0
* Replace InventoryFileCacheModule with a better developer-interface
Use new interface for inventory plugins with backwards compatibility
Auto-update the backing cache-plugin if the cache has changed after parsing the inventory plugin
* Update CacheModules to use the config system and add a deprecation warning if they are being imported directly rather than using cache_loader
* Fix foreman inventory caching
* Add tests
* Add integration test to check that fact caching works normally with cache plugins using ansible.constants and inventory caching provides a helpful error for non-compatible cache plugins
* Add some developer documentation for inventory and cache plugins
* Add user documentation for inventory caching
* Add deprecation docs
* Apply suggestions from docs review
* Add changelog
* made adding package managers easier
added portage support
* moar pkg mgrs and moar info
- added 'pkg' pkg manager (freebsd)
- added pip
- more apt info
* updated clgo
* Updates from feedback
Co-Authored-By: bcoca <bcoca@users.noreply.github.com>
* incorporated more feedback and added docstrings
* moar from feedback
- made manager list dynamic and names based on class
- better not found msg
- made abstract metaclass again
- test is now init exception
- module to global
- better dedupe comments
* more targetted errors/warnings
* added strategy, reordered to conserve priority
* rpm > apt
* move break to top
* fix trate
* piping it
* lines and meta
* refactored common functions
- moved pip into it's own module
- cleaned up base clases
- ensure 'lower' match in package_facts
* missing license
* avoid facts
* update clog
* addressed feedback
* fix clog
* cleanup
* upd
* removed pip as that was removed
* renamed cpan
* added a single line since 2 lines are needed to be
readabnle instead of just 1 line, it is a huge problem otherwise
* fix internal ref
* not intended in this round
* updated as per fb
* make add_group return proper name
* ensure central transform/check
* added 'silent' option to avoid spamming current users
those already using the plugins were used to the transformations, so no need to alert them
* centralized valid var names
* dont display dupes
* comment on regex
* added regex tests
ini and script will now warn about deprecation
* more complete errormsg
* Do not return 'instances' when wait is false
* Added integration tests for wait: false
* Added changelog fragment
* Fix test suite to work with ec2_instance
* Additional permissions
* Enforce boto3 version
* Fix broken tests
* Improve error messages
* fix linter issues
* adds fargate launch_type to ecs_task module
* White space changes
* fix documentation for running ecs task on fargate
* remove extraneous example from ecs_task
* White space changes
* Adds changelog fragment
* Pluralize minor_changes in changelog fragment
* Add Stop and Start task permissions
* set valid_until equal to current time + spot_wait_timeout
* Add checksum check for downloaded file.
* refactoring
* fix typo
* add fixes
* mart try,catch handling
* revert lib/ansible/modules/cloud/amazon/ec2.py from upstream
* refactoring
* remove empty lines
* add checksum verification for existing file
* fix current file check
* refactoring destination file check
* add handling exceptions
* refactoring
* Added download file hash data from url
* fix string aligning
* fix bug with uri
* Added get hash from multy-string file
* Added URI support for checksum file location
* refactoing
* Remove any non-alphanumeric characters for hash from url
* fix discussions; add support for PS3
* refactoring
* add size return value
* checkout from upstream for lib/ansible/modules/cloud/amazon/ec2.py
* add Ansible.ModuleUtils.Legacy support; refactoring
* Copyright added
* Checking files size before and after downloading added.
* remove unused code
* Corrected regexp for dotted slashed file name prefix in hash-file
* hotfix typo error; add int tests
* remove legacy module support; split checksum to checksum, checksum_algorithm, checksum_url
* changed default hash algorithm
* Fixed case for ContentLength = -1
* Old comment removed
* fix typo
* Remove file size check before downloading
* add alias to ; fix tests
* adjust tests; fix lint warnings from PSScritpAnalyzer
* workaround for bug in win_chocolatey module on win2008
* remove win_get_url.ps1 from /test/sanity/pslint/ignore.txt
* add checksum_algorithm as retuen value
* first normalise before return Result
* resolve discussions
Signed-off-by: Viktor Utkin <viktor.utkin7@yandex.ru>
* fix discussions
fix http tests as discussed
* fix last discussions
* Reduce code duplication and add idempotency check
* fix sanity issue and remove testing code
* move back to using tmp file for checksum comparison
* Decreasing docker_swarm requirements.
* Fixing docker-py / docker API version requirements, and some comments.
* Add changelog.
* Only send parameters specified by user to docker daemon.
* Extend labels test: not specifying == keep labels.
* Bump minimally required docker-py version for docker_node and docker_node_facts to 2.4.0.
* Prevent crashing when publish or healthcheck is not provided.
* Similarly to docker_swarm tests, only execute docker_node tests on real VMs and restart docker daemon when tests are done.
* replace uses of sort_json_policy_dict with compare_policies which is compatible with Python 3 and remove sort_json_policy_dict from the AWS guidelines since it only works on Python 2
* Sort any lists containing only strings
* Sort the original policy too
* Look in /lib/molly-guard for shutdown command
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add parameter for extra_search_paths
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Change option to search_paths
- Update docs
- Make the parameter replace the default values
- Add some sanity checking on the data type
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Correct parameter in tests, change conditional for molly-guard tasks
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Address feedback
* Simplify field validation
Needed the try except in case a non-iterable type is put in the search_paths field
* adding quiet option to assert (ansible#27124)
* adding doc for quiet to assert.py
* fixing PEP8 failure
* improving example
* improving docs
* adding changelog fragment
* adding . at end of descriptions
* removing trailing blank line
* adding integration test for assert
* fixing CI complaints
* disabling gather_facts in quiet.yml test
* rerunning to capture skip
* cleaning up python 2 vs 3
* following rebase
* fixing CI complaints
* fixing CI complaints
* fixing CI complaints
* fixing CI complaints
* fixing CI complaints
* Change the retry_files_enabled to False and modify the comments to reflect that
this has been disabled.
* Change the default action of retry_files_enabled to False
* Update porting guide to reflect change in default state of retry_files_enabled variable
* Change log documenting a change in default behaviour of retry_files_enabled
* Revert config change to comment out the retry_files_enabled line to let the user decided what is best.
Comment above still states how to change.
* postgresql_privs change fail to warn if role does not exists
* postgresql_privs change fail to warn if role does not exists: fix sanity
* postgresql_privs change fail to warn if role does not exists: add changelog fragment
* postgresql_privs change fail to warn if role does not exists: fixes
* postgresql_privs change fail to warn if role does not exists: added fail_on_role param
* Revert "use list instead of tuple and remove md5 on ValueError (#51357)" c459f040da.
* Modify the correct variable when determining available hashing algorithms
* Python interpreter discovery
* No longer blindly default to only `/usr/bin/python`
* `ansible_python_interpreter` defaults to `auto_legacy`, which will discover the platform Python interpreter on some platforms (but still favor `/usr/bin/python` if present for backward compatibility). Use `auto` to always use the discovered interpreter, append `_silent` to either value to suppress warnings.
* includes new doc utility method `get_versioned_doclink` to generate a major.minor versioned doclink against docs.ansible.com (or some other config-overridden URL)
* docs revisions for python interpreter discovery
(cherry picked from commit 5b53c0012ab7212304c28fdd24cb33fd8ff755c2)
* verify output on some distros, cleanup
* Ensure play order is obeyed
it was being ignored depending on other options
also added tests for each order (except shuffle) both serial and not
fixes#49846
All openSUSE distributions changed to the way they are returned from distro.id().
This patches fix the openSUSE Leap and SLES distro names, and adds one entry for Tumbleweed.
These descriptions are capitilized, as expected by Ansible's hostname module.
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
* add boto3_tag_list_to_ansible_dict to ec2_vpc_peering_facts.py
* Add parameter checking to ec2_vpc_peer and give helpful error message
* Fixed modules --> module typo in ec2_vpc_peer
* Added required_if logic and fixed incorrect boolean check for absent peering connection
* Changed error message to one of the following is
* Added changelog fragments for ec2_vpc_peer changes
* Changed changelog fragment as per request
* Support UpdateService forceNewDeployment in ecs_service module
* Fixes for review
* Add force_new_deployment option to ecs_service.py
cherrypicks changes from via/ansible
Adds tests for pull request #42518
fixes backwards compatability with boto<1.8.4
* WIP commit so I don't have to stash
* WIP commit for healthcheck grace period
* WIP commit; ecs_module handles service registries
* Fix bad check for desired_count
* Add scheduling strategy test, comment out service registry test
* Fix names in ecs_cluster role main task.
* move full test run back to the end
* Change botocore version for full test to support scheduling strategy
* fix bug with desired_count==0 in amazon/ecs_service
* Fix changed checking for scheduling strategy DAEMON in ecs_service
* Pass testS
* Fix some unhelpful comments
* Add changelog for ecs_service
* Add diff support to docker_swarm.
* Add changelog.
* Using diff mode for docker_swarm tests. This improves debugging, since the the module now outputs more information on *why* it did certain actions.
* Improve idempotency checking: only consider parameters which are part of the generated spec.
* Properly handle rotate_worker_token and rotate_manager_token.
* patch state 'planned' outputs and perform minor refactor
* reconcile with pep8 and pylint
* remove a space...
* update changed to only flip when >0 added, changed, or destroyed is detected
* add state dependecy to conditional change check
* fix typo
* reconcile with pep8[E317]
* add a changelog fragment
* Revert "Clear failed state in always only if we did rescue (#52829)"
This reverts commit f135960fc2.
* Add tests for failed scenario
* Set failed task with EXPECTED FAILURE
Leave it up to the module to return the state in the results.
I went through all the modules in files/ and only found one case where the module needed to return this. No other modules return paths that do not exists.
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Allow configuration templates when using net_id...for reals
- Didn't work before, I had bad code. I'm sorry.
- Cleaned up code and simplified functions
- Added integration tests to test for net_id actions
* Add changelog
* Add module name to changelog
* Fix indentation
* Add new module property to Windows modules
* Add brief pause to file tests to ensure the stat times are not equal, which was happening sometimes.
* Raise TypeError on error rather than fail_json()
* Rework error message to be less verbose
* Add porting guide entry
* #49664 Added npm ci command
* Update lib/ansible/modules/packaging/language/npm.py
Sure
Co-Authored-By: Bramzor <bramverdonck@telenet.be>
* Moved ci_install so it would work for specific packages
Would this work?
* Reverted last commit
npm ci will remove node_modules so cannot be used it to install a specific module.
* Update lib/ansible/modules/packaging/language/npm.py
Co-Authored-By: Bramzor <bramverdonck@telenet.be>
* Update lib/ansible/modules/packaging/language/npm.py
Co-Authored-By: Bramzor <bramverdonck@telenet.be>
* Update lib/ansible/modules/packaging/language/npm.py
Co-Authored-By: Bramzor <bramverdonck@telenet.be>
When no repos are defined, the `repo` variable is undefined. Therefore
append it only to the result if a repo was found. Otherwise Ansible will
fail with an UnboundLocalError.
* Filter DNSimple request by record name.
The request was not filtered and DNSimple returns only the first 100
records so if the number of records is larger the check could fail.
This patch fixes the issue and also makes the check to perform better.
* Add changelog fragment.
* Added product to the dict choices.
Following issue 48594 where product is not a recognised choice: https://github.com/ansible/ansible/issues/48594
* fixed doc
added - product to the doc
* split line 549
to correct ci test splitting line 549
* Create 49776-product_fix_katello_foreman_module.yaml
changelog fragment creation
* Don’t remove service when networks change
* Add changelog fragment
* Some more network integration tests
* Add hannseman as author
* Remove return on self.client.fail
* Facts parsing for cmdline can now handle multiple values for a single key.
* Unit tests for cmdline fact parsing
* Review comments
Fixes: #22766
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Fix bug when specifying SSID by number
- Migrated integration test to blocks with always
- Minor URL fixes
(cherry picked from commit ed79c294f2e3f82d4828226004c055dcd7ce9f63)
* Create changelog file
* Add new line
According to the OpenStack Networking API
the attribute provider:segmentation_id of a network has to be
an integer.
Even if neutron accepts provider:segmentation_id to be a
string, other implementations may not.
* Performance fixes for net and org lookups
- Both methods had duplicate lookups
- This should significantly improve performance
- Currently untested
* Add ChangeLog file
* Change from bugfix to bugfixes and change indent
* First pass at allowing unix socket with urls/uri. See #42341
* Only insert handler as needed
* Fix and add tests
* Add HTTPS functionality for unix sockets
* Additional test fixes
* Create context manager for monkey patching HTTPConnection.connect, de-dupe code, raise better errors
* doc
* Add a few more tests
* Fix __call__
* Remove unused import
* Patch HTTPConnection.connect with the functionality we want, instead of duplicating code and disabling
* Fix var name
* Remove unused var
* Add changelog fragment
* Update uri docs
* Fix rebase indentation issue
* Work around problem with Docker daemon that sometimes won't find image if prefixed with docker.io repo name.
* When tring library/xxx, docker-py also doesn't sometimes find the image.
* Add changelog.
* Fixing unexpected keyword argument 'cursorclass' error after migration from MySQLdb to PyMySQL
* Adoptions for mysql.py as suggested by felixfontein.
* Adding changelog fragment.
Previously the yum module would provide a `changes` dict when
executed in check mode but omit it when not in check mode in favor
of the `results` data which is raw output from the yum command. This
pull request makes that output uniform.
Fixes#51724
Signed-off-by: Adam Miller <admiller@redhat.com>
* Raise AnsibleConnectionError on winrm con errors
Currently all uncaught exceptions of the requests library that is used
in winrm will lead to an "Unexpected failure during module execution".
Instead of letting all exceptions bubble up we catch the connection
related errors (inkl. timeouts) and re-raise them as
AnsibleConnectionError so Ansible will mark the host as unreachable and
exit with the correct return code.
This is especially important for Zuul (https://zuul-ci.org) to
distinguish between failures and connection/host related errors.
* Update lib/ansible/plugins/connection/winrm.py
Co-Authored-By: westphahl <westphahl@gmail.com>
* Add changelog fragment
* identity: Add GSSAPI suport for FreeIPA authentication
This enables the usage of GSSAPI for authentication, instead of having
to pass the username and password as part of the playbook run.
If there is GSSAPI support, this makes the password optional, and will
be able to use the KRB5_CLIENT_KTNAME or the KRB5CCNAME environment
variables; which are standard when using kerberos authentication.
Note that this depends on the urllib_gssapi library, and will only
enable this if that library is available.
* identity: Add documentation for GSSAPI authentication for FreeIPA
This documentation describes how to use GSSAPI authentication with the
IPA identity modules.
* identity: Add changelog for GSSAPI support for IPA
This adds the changelog entry for the GSSAPI authentication feature for
the IPA identity module.
* Allow creation and deletion of keys (deletion just schedules for
deletion, recreating an old key is just cancelling its deletion)
* Allow grants to be set, thus enabling encryption contexts to be
used with keys
* Allow tags to be added and modified
* Add testing for KMS module
* Tidy up aws_kms module to latest standards
There are other chat systems with hook implementations more or less
compatible with Slack, such as Rocket.Chat. The latter requires the
Content-Type header to be set to "application/json" (the body is JSON).
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
* [WIP] become plugins
Move from hardcoded method to plugins for ease of use, expansion and overrides
- load into connection as it is going to be the main consumer
- play_context will also use to keep backwards compat API
- ensure shell is used to construct commands when needed
- migrate settings remove from base config in favor of plugin specific configs
- cleanup ansible-doc
- add become plugin docs
- remove deprecated sudo/su code and keywords
- adjust become options for cli
- set plugin options from context
- ensure config defs are avaialbe before instance
- refactored getting the shell plugin, fixed tests
- changed into regex as they were string matching, which does not work with random string generation
- explicitly set flags for play context tests
- moved plugin loading up front
- now loads for basedir also
- allow pyc/o for non m modules
- fixes to tests and some plugins
- migrate to play objects fro play_context
- simiplify gathering
- added utf8 headers
- moved option setting
- add fail msg to dzdo
- use tuple for multiple options on fail/missing
- fix relative plugin paths
- shift from play context to play
- all tasks already inherit this from play directly
- remove obsolete 'set play'
- correct environment handling
- add wrap_exe option to pfexec
- fix runas to noop
- fixed setting play context
- added password configs
- removed required false
- remove from doc building till they are ready
future development:
- deal with 'enable' and 'runas' which are not 'command wrappers' but 'state flags' and currently hardcoded in diff subsystems
* cleanup
remove callers to removed func
removed --sudo cli doc refs
remove runas become_exe
ensure keyerorr on plugin
also fix backwards compat, missing method is attributeerror, not ansible error
get remote_user consistently
ignore missing system_tmpdirs on plugin load
correct config precedence
add deprecation
fix networking imports
backwards compat for plugins using BECOME_METHODS
* Port become_plugins to context.CLIARGS
This is a work in progress:
* Stop passing options around everywhere as we can use context.CLIARGS
instead
* Refactor make_become_commands as asked for by alikins
* Typo in comment fix
* Stop loading values from the cli in more than one place
Both play and play_context were saving default values from the cli
arguments directly. This changes things so that the default values are
loaded into the play and then play_context takes them from there.
* Rename BECOME_PLUGIN_PATH to DEFAULT_BECOME_PLUGIN_PATH
As alikins said, all other plugin paths are named
DEFAULT_plugintype_PLUGIN_PATH. If we're going to rename these, that
should be done all at one time rather than piecemeal.
* One to throw away
This is a set of hacks to get setting FieldAttribute defaults to command
line args to work. It's not fully done yet.
After talking it over with sivel and jimi-c this should be done by
fixing FieldAttributeBase and _get_parent_attribute() calls to do the
right thing when there is a non-None default.
What we want to be able to do ideally is something like this:
class Base(FieldAttributeBase):
_check_mode = FieldAttribute([..] default=lambda: context.CLIARGS['check'])
class Play(Base):
# lambda so that we have a chance to parse the command line args
# before we get here. In the future we might be able to restructure
# this so that the cli parsing code runs before these classes are
# defined.
class Task(Base):
pass
And still have a playbook like this function:
---
- hosts:
tasks:
- command: whoami
check_mode: True
(The check_mode test that is added as a separate commit in this PR will
let you test variations on this case).
There's a few separate reasons that the code doesn't let us do this or
a non-ugly workaround for this as written right now. The fix that
jimi-c, sivel, and I talked about may let us do this or it may still
require a workaround (but less ugly) (having one class that has the
FieldAttributes with default values and one class that inherits from
that but just overrides the FieldAttributes which now have defaults)
* Revert "One to throw away"
This reverts commit 23aa883cbed11429ef1be2a2d0ed18f83a3b8064.
* Set FieldAttr defaults directly from CLIARGS
* Remove dead code
* Move timeout directly to PlayContext, it's never needed on Play
* just for backwards compat, add a static version of BECOME_METHODS to constants
* Make the become attr on the connection public, since it's used outside of the connection
* Logic fix
* Nuke connection testing if it supports specific become methods
* Remove unused vars
* Address rebase issues
* Fix path encoding issue
* Remove unused import
* Various cleanups
* Restore network_cli check in _low_level_execute_command
* type improvements for cliargs_deferred_get and swap shallowcopy to default to False
* minor cleanups
* Allow the su plugin to work, since it doesn't define a prompt the same way
* Fix up ksu become plugin
* Only set prompt if build_become_command was called
* Add helper to assist connection plugins in knowing they need to wait for a prompt
* Fix tests and code expectations
* Doc updates
* Various additional minor cleanups
* Make doas functional
* Don't change connection signature, load become plugin from TaskExecutor
* Remove unused imports
* Add comment about setting the become plugin on the playcontext
* Fix up tests for recent changes
* Support 'Password:' natively for the doas plugin
* Make default prompts raw
* wording cleanups. ci_complete
* Remove unrelated changes
* Address spelling mistake
* Restore removed test, and udpate to use new functionality
* Add changelog fragment
* Don't hard fail in set_attributes_from_cli on missing CLI keys
* Remove unrelated change to loader
* Remove internal deprecated FieldAttributes now
* Emit deprecation warnings now
* standardize user/password connection vars
* docs: use ansible_user and ansible_password
* docs: var precedence for connection vars
* docs: ansible_become_pass -> ansible_become_password etc
* Enable 'changed' var with ufw check mode
* Fix from comment of the PR + Unit Test
* Fix on ufw module after the second review
- delete rules change works in check mode
- simplify execute def & use it on every call process
- improved regexp
- rename vars defaults to current_default_values
* Add ignore error to execute() and use it in get_current_rules()
* Update after third code review (introduce change in changed status)
* Adjust tests and fix some problems (#1)
* 'active' also appears in 'inactive'.
* 'reject' is also a valid option here.
* For example for reloaded, changed will be set back to False here.
* Improve and adjust tests.
* Fix after merging integration test
* handle "disabled" on default routed
* Add /var/lib/ufw/.. rules files
* add unit test
* Fix pep8 formatting error
* Separate ipv6 and ipv4 rules process from checkmode
* fix non-ascii error on ci
* Some change after review
* Add unit test with sub network mask
* rename is_match function by is_starting
* add changelog fragment
Previously it was assumed that the Amazon system-release
number was the final value of the string. This isn't always
the case. Some releases have the name at the end.
Amazon Linux release 2
Amazon Linux release 2 (Karoo)
Fix by instead looking for a number in the string.
Fixes#48823
Check the path /run/ostree-booted which I'm told by upstream that it
will always be present when a host system is Fedora/RHEL/CentOS
Atomic/CoreOS vs "traditional" distro instance to detect the
non-traditional instance and ensure pkg_mgr selection is correct
Signed-off-by: Adam Miller <admiller@redhat.com>
* use list instead of tuple and remove md5 on ValueError
Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>
* convert algorithms to list and add comment
Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>
* only convert to list if algorithms is not None
Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>
* new fragment for PR 51357
Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>
* fix lint: remove blank line
Fixes: #51534
* set valid_until equal to current time + spot_wait_timeout
* add setting ValidUntil to value
* add changelog fragment
* fix shebang issue
* uri: fix TypeError when file can't be saved
Fix the following exception (and others):
Traceback (most recent call last):
File "/home/lilou/debug_dir/__main__.py", line 604, in <module>
main()
File "/home/lilou/debug_dir/__main__.py", line 554, in main
write_file(module, url, dest, content, resp)
File "/home/lilou/debug_dir/__main__.py", line 320, in write_file
module.fail_json(msg="Destination dir '%s' not writable" % os.path.dirname(dest), **resp)
TypeError: fail_json() got multiple values for keyword argument 'msg'
I would rather remove **resp from returned values but this module is
flagged as stableinterface.
* Static imports are more straight forward and preferred unless dynamic inclusion is required.
Added support for username and password authentication in hashi_vault
lookup plugin.
Fixes: #38878
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add coherency between check and normal mode see issue #24633
* Add changelog fragment for the PR
* Make change following PR comment
* Remove trailing whitespace
* Always check envvars when auth parameter is not provided
This will make it so that all code using the get_api_client
method will make use of the environment variables, instead of
silently ignoring them if default values haven't been set. This
affects at least the k8s lookup plugin.
* Add changelog
* move extravars and option vars loading into VM
also safedir setting, all these are intrinsic to VM
avoid uneeded and inefectual shallow copy
remove setters/getters as VM now does most of the work in init
updated and added tests
* feedback + fixes
* keep extra_vars property for vars_prompt
* pass values not objects
* remove bare var handling in conditionals
this makes top level and multilevel vars (dicts keys) behave the same
it will require adding |bool for 'string comparissons' in indirect templates
- added new tests to ensure uniform handling
- switched to 'is' testing for status
- changed warning to 'conditional' as 'when:' is not only place it gets triggered
* updated to include toggle and deprecation
* fix deprecated
* updated tests to handle toggle
* fixed typo and added note about the future
* aws_ec2 Implement the missing 'region discovery'
fixes#45288
tries to use api as documented (which seems to fail in latest boto3 versions)
and fallback to boto3 'hardcoded' list of regions
* fixes and cleanup, add error for worst case scenario
* fix tests, remove more unused code
* add load_name
* acually load the plugin
* set plugin as required
* reverted test changes, removed options tests
* fixes as per feedback and cleanup
* Add functionality to set hidden properties. Fixes#50299
* Add inject_ovf_env functionality
* Add xml declaration
* Revert "Add functionality to set hidden properties. Fixes#50299"
This reverts commit 4b41bb7520.
* Add changelog fragment
* Minor changes
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* add static facility and apply to register
* added warning
* added test for templated register
* test register 'static' status
* rely on subshell to deal with quote context
* use corrects pb for test
* bring constants back cause new code in devel
* Add tests for check_mode at play and task level
These test inheritance of check_mode from the various levels (command
line, as a play attribute and as a task attribute) so they will be
useful for checking that the change to fieldattribute inheritance with
defaults works
* Add a sentinel object
The Sentinel object can be used in place of None when we need to mark an
entry as being special (usually used to mark something as not having
been set)
* Start of using a Sentinel object instead of None.
* Handle edge cases around use of Sentinel
* _get_parent_attribute needs to deal in Sentinel not None
* No need to special case any_errors_fatal in task.py any longer
* Handle more edge cases around Sentinel
* Use Sentinel instead of None in TaskInclude
* Update code to clarify the vars we are copying are class attrs
* Add changelog fragment
* Use a default of Sentinel for delegate_to, this also allows 'delegate_to: ~' now to unset inherited delegate_to
* Explain Sentinel stripping in _extend_value
* Fix ModuleArgsParser tests to compare with Sentinel
* Fixes for tasks inside of roles inheriting from play
* Remove incorrect note. ci_complete
* Remove commented code
* Catch SSH authentication errors and don't retry multiple times to prevent account lock out
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Subclass AnsibleAuthenticationFailure from AnsibleConnectionFailure
Use comparison rather than range() because it's much more efficient.
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Make paramiko_ssh connection plugin behave the same way
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add changelog
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Move relative time handling to module_utils and rewrite it
* Fix cases with no seconds defined
* fix a small typo along the way
* add relative time handling to the ownca provider in openssl_certificate
* add initial integration test for relative time ownca
* quote the documentation to produce valid yaml
* move timespec conversion and validation to the init function
* fix small edge case in conversion function
* add relative timestamp handling to the selfsigned provider
* add get_relative_time_option
* add relative timestamp handling to valid_in
* pep8 fix indentation
* add quotes in error message
* add changelog fragment
* Update changelogs/fragments/50570-relative_time_crypto.yaml
Co-Authored-By: MarkusTeufelberger <mteufelberger@mgit.at>
* Added support for labels for Docker Network
* Fixed missing comma in Docker Network module
* Specified minimal versions for dependencies and added changelog
* Fixes based on suggestions after code review
* Added integration tests
* Add command option
* Fix test task name
* Changelog fragment
* Fix indendation
* Add version_added
* Better command description
* Test passing command as list
* Handle invalid command types
* Cleaner command type checking
* Check that all items in command list are strings
* Better error about command list items
* Better type checking errors
* Add tests for command type checking
* Update command tests
* Fix messed up rebase
* Fix publish idempotency when mode is None
* Add changelog fragment
* Python 2.6 compat
* Use self.publish
* Check length of publish before comparing content
* Sort publish lists before zipping
* Enable publish tests
* python3 compat
* Don’t sort by mode as it is not safe
* Document publish suboptions and add them to args
* Add type to publish documentation
* Add choices to publish argument_spec suboptions
* Make tcp the default protocol
* Make documentation reflect protocol default
* Simplify setting mode
* Remove redundant string quoting
* Test order of publish
* Add comment about publish change detection
* Revert "Revert "openssl_csr: Allow to use cryptography as backend (#50324)""
This reverts commit bbd2e31e9f.
* Remove more complicated selection copy'n'pasted from openssl_privatekey.
* Add tests for backend selection.
* Add openssl_csr test for arbitrary string commonName.
* Allow to disable commonName -> SAN copying (fixes#36690).
* Increase persistent command_timeout default value
* Increase command_timeout default value from 10 to 30 sec
to reduce frequent timeout issue for network connection
types (netconf/network_cli/httpapi/napalm)
* Fix review comments
* Corner case in which import_role would add another instance of a role with the same signature into roles: when it already existed there.
roles:
- name: a
tasks:
- import_role: name=a
would execute role 'a' 3 times instead of the intended 2 (x2 in roles: phase +1 in tasks:)
* added tests
* Add object_type param to checkpoint_object_facts
* Add changelog fragment
* Fix sanity
* Fix sanity
* Pass type param to payload
Otherwise it does not do what is expected to do
* Add ip-only default to docstring
* Revert "avoid x2 setting of set_fact when 'cacheable' (#50564)"
This reverts commit 207848f354.
* clarify clear_facts with set_fact cacheable
revert previous 'fix' as it will break playbooks by changing precedence
opted to leave current behaviour but document it on both plugins to mitigate confusion
fixes#50556
also fix grammer, add comment, remove unused e
* Bubble up import exception content for k8s module
Signed-off-by: Fabian von Feilitzsch <fabian@fabianism.us>
* Track down other places import exception is reported
* Add changelog fragment
When a user home dir is not created with `useradd`, the home dir will now
be created with umask from /etc/login.defs. Also fixed a bug in which
after a local user is deleted, and the same user exists in the central
user management system, the module would create that user's home.
* check for result['status'] in systemd module
* instead of checking for result['state'], actually check for chroot and warn
* allow systemctl status to work if in a chroot, update warn text
* simply change warning message
* Allow to use cryptography as backend for openssl_csr.
* Use different curve.
* Adding changelog.
Includes changelog fragment for #49416, which didn't include one.
* Describe labels and container_labels correctly
* Clarify reserve_memory and limit_memory docs
* Remove default from container_labels doc
* Remove trailing whitespace
* Document min api version for configs and secrets
* Add changelog fragment
* Specify type on labels and container_labels
* Consolidate required API version descriptions
* Update reserve and limit memory docs
* Use correct power-of-two units
* Remove description about limit_memory minimum 4mb
* docker_swarm_service: use exact name match when finding services
The Docker API's filtering support allows filtering for substring
matches which means that when we filter the list of running services we
may accidentally match a service called "foobar" when looking for a
service named "foo".
Fix this by filtering the list of services returned from the Docker API
so that name matches are exact. It is still worth passing the filter
parameter to the Docker API because it reduces the number of results
passed back which may be important for remote Docker connections.
Closes 50654.
* add changelog fragment for #50654
* Added documentation around using vmware dynamic inventory plugin
* Fixed bug for populating host_ip in hostvars for given inventory host
* VMware: Add properties in vmware_vm_inventory
Fixes: #50249
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fixes issue 50296
* fixes the indentation of the return statement
* Adds a conditional test into `_find_systems_resource()` to check the existence
of the Members of System resource
* updates the error message
* harden the conditional test
* Add a changelog
Provide toggle flag to allow display of unreachable task to stderr
using default callback plugin.
Fixes: #48069
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add auth_timeout parameter when supported
Paramiko 2.2 introduces the auth_timeout parameter. This will set the
parameter to the same value of the timeout parameter to prevent
"Authentication timeout" errors.
* Conditionally add auth_timeout to ssh.connect
Renamed sock_kwarg to ssh_connect_kwargs and conditionally added the
auth_timeout parameter based on the installed paramiko version.
* Add changelog fragment
* Add a porting guide entry for ansible_distribution facts
Switching away from platform.distro() will cause changes sometimes due
to the new code using new sources of information that may be out of sync
with the old ones. Just have to make people aware of that and also what
we are doing to mitigate it when appropriate.
* wordsmithed, added links for new distro backend
* Once cli args are parsed, they're constant. So, save the parsed args
into the global context for everyone else to use them from now on.
* Port cli scripts to use the CLIARGS in the context
* Refactor call to parse cli args into the run() method
* Fix unittests for changes to the internals of CLI arg parsing
* Port callback plugins to use context.CLIARGS
* Got rid of the private self._options attribute
* Use context.CLIARGS in the individual callback plugins instead.
* Also output positional arguments in default and unixy plugins
* Code has been simplified since we're now dealing with a dict rather
than Optparse.Value
Added examples in playbooks_error_handling doc for handlining
multiple conditions in changed_when and failed_when
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fix order of dnf api operations so transactions don't fail
Previously dnf.base.fill_sack() was called before
dnf.base.update_cache() which apparently breaks dnf transaction
logic as per https://bugzilla.redhat.com/show_bug.cgi?id=1658694Fixes#49060
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog and test case
Signed-off-by: Adam Miller <admiller@redhat.com>
* Combine systemd units/unit-files output for service_facts
Fixes#47118
Previously we were only taking the output of `systemd units` which
would leave out information about the service units that were
disabled, static, masked, etc. Now we're aggregating the results so
that anything not active/inactive/dead at least is pulled as fact
data with it's state provided.
Signed-off-by: Adam Miller <admiller@redhat.com>
* provide state and status information about services
Fixes#45730
Signed-off-by: Adam Miller <admiller@redhat.com>
conn_limit type is set to 'int'. This will allow module to compare conn_limit with record value without type casting.
Fixes: #38118
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Without this modprobe always reports changed when modprobe-ing a builtin module.
With this, if a kernel module is a builtin, the modprobe module will:
- succeed (without incorrectly reporting changed) if ``state`` is ``present``;
- fail if ``state`` is ``absent``
The failure will have whatever error message modprobe returns when
attempting to remove a builtin module. For example:
``modprobe: ERROR: Module nfs is builtin.``
* Handle 'latest' version when installing module for first time
Otherwise, a fresh install of a plugin with 'version: latest' gets installed without its dependencies, rendering the plugin effectively useless.
* Add changelog
* Refactor integration test for lvg module to introduce grow/reduce test
* List correctly current PV in lvg module: fix lvg reduce
Previous behaviour was to only take into account PV passed in 'pvs'
argument. This lead to reduce not working as expecting:
* with state=present and list of wanted pvs, lvg found only the pvs to
add or already present and ignored the pv to remove (obviously absent
from the list of given PV)
* with state=absent and a pv to remove, lvg found that the remaining pvs
list is empty (ignoring possible other PV in the vg) and decides to
remove the vg entirely (as supposely no PV are left anymore to store
lvm metadata)
* Add changelog fragment
When the security group the rule belongs to does not exist and
the state is absent, the module is not properly exited, leading
to a playbook execution failure.
Fixes issue #50057
* Added organization in the scm_credential get
* Fallback looking for cred in project org
* Tests project with multi org credential
* Fixed CI issue
* Added changelog fragment
* Change test suite to fit expected behaviour
This reverts some changes from ansible/ansible@723daf3
If a line is found in the file, exactly or via regexp matching, it must
not be added again.
insertafter/insertbefore options are used only when a line is to be
inserted, to specify where it must be added.
* Implement the change in behaviour mentioned in the previous commit
* Fix comment to reflect what the code does
* Set the correct return message.
In these cases, the lines are added, not replaced.
* Add a changelog
* Allow tags to be templated from a variable. Fixes#49825
* Restore _load_tags to ensure we do csv tag splitting
* Add tests for csv tags and templated tags
* evaluate_tags doesn't need to accept strings, because _load_tags handles this
* Windows Privileges - moved util code to it's own C# util
* Rename Enabler class to PrivilegeEnabler to remove ambiguity
* rename Utils to PrivilegeUtil
* fix missing util name changes
* win become: refactor and add support for passwordless become
* make tests more stable
* fix up dep message for Load-CommandUtils
* Add further check for System impersonation token
* re-add support for become with accounts that have no password
* doc fixes and slight code improvements
* fix doc sanity issue
- Require username and password for unregistering and avoid "cannot marshal None unless allow_none is enabled" error when using an activation key and no channels specified.
- Update test fixtures and add changelog
Co-authored-by: WhyIsThisOpen <WhyIsThisOpen@users.noreply.github.com>
* Fix various bugs related in reboot
- Use format strings for consistency and improve debug log messages
- Use local variables instead of class attributes in order to be thread safe
- Run setup module to get distribution and version
- Run find module to get full path of shutdown command
- Use ansible_os_family and ansible_distribution to find commands and args
- Use same command for all Solaris/SunOS distributions
- Move delay calculations to properties
- Reliably check for module run failure
- Fix bug in run_test_command() that accidentally made the method work properly
- Use better exceptions rather than Exception
- Use dict literals rather than constructors
- Correct _check_delay() so it always returns a value, not None
- Don't store and return result in run_test_command() because it's not used anywhere
- add test for post reboot command that fails
- test negative values for delay parameters
fixes to ansible-doc
- change json to always be type dependent
- change changelog generation to loop over the options
- warn about ignoring module path
* ensure idempotency for user set to None
* Update `user` documentation and add changelog fragment
* clarify changelog fragments and parameters documentation
* use restructuredtext syntax in changelog fragment
* Add info about loop based on jinja2 loop var
* ansible_loop
* Update test count
* Add extended loop_control that defines whether ansible_loop should be added
* Extended needs to be defaulted
* Revert "Update test count"
This reverts commit f1e93ee469825f4cdcd90fb28667d29aa088275c.
* Add docs about loop_control.extended
* Add revindex and revindex0
* Document ansible_loop in special vars
* Add changelog fragment
* Add tests, change items to allitems so that dot notation works, fix logic error with previtem
Incorporating the abandoned work from PRs #35288 and #45552. Also adding in
the version checking from `docker_container.py`, which should be abstracted
out to `docker_common.py`.
* fix py3 scope for unique filter errors, enable filters integration tests on rhel8 beta
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog
Signed-off-by: Adam Miller <admiller@redhat.com>