Commit graph

240 commits

Author SHA1 Message Date
Anton Nikulin
9770ac70f9 FTD modules: upsert functionality and bug fixes (#47747)
* FTD modules: bug fixes and upsert functionality

* Fix sanity checks

* Fix unit tests for Python 2.6

* Log status code for login/logout

* Use string formatting in logging
2018-11-16 11:55:36 +05:30
Jack Haden-Enneking
15e77ebfe8 ipaddr filter - return a network address when given an address with /32 subnet (#47539)
* fix #17872

* add changelog fragment and enable unit test
2018-11-08 11:49:42 -05:00
Michael Cassaniti
a2f3f16930 win_updates: Add post search category matching to support product matching (#45708)
* win_update: Add post search category matching to support product matching

* win_updates: Return categories of each update

* win_updates: Documentation fix-up

* win_updates: Adjusted documentation to reflect regex vs sub-string match of post-cat strings

* win_updates: Sped up post-category checking

* win_updates: Updated documentation to suggest querying post-category strings

* win_updates: Simplified saving and checking post-categories

* fixed some issues and added filtered categories to return value

* win_updates: Moved all category matching to occur after initial search

* win_updates: Adjustments to satisfy PowerShell lint checks

* win_updates: Dropped category validation from action plugin

* win_updates: Documentation updates

* win_updates: Fixed plugin unit tests
2018-11-07 19:32:07 +10:00
Ganesh Nalawade
17fea30841
Revert "enhance recv calls in network_cli (#47345)" (#47731)
This reverts commit c649d0ea32.

The change results in deadlock in network_cli while it is
waiting to check the return value of recv_ready() which
was added in this commit to improve performance
2018-10-29 09:50:30 +05:30
f-bor
c649d0ea32 enhance recv calls in network_cli (#47345)
* enhance recv calls in network_cli

* updated network_cli test unit

* enhance recv calls in network_cli

* fix mistake

* better timeout management

* remove exception trigger

* test

* test2

* restore exception and timeout

* ganeshrn's way

* correction

* timeout and exception return
2018-10-26 09:49:17 +05:30
Ganesh Nalawade
335a979f1d
Fix prompt mismatch issue for ios (#47004)
* Fix prompt mismatch issue for ios

Fixes #40884 #44463

*  If the command prompt is matched check if data is
   still pending to be read from buffer.
*  This fix adds a new timer `buffer_read_timeout`
   which will be trigerred after command prompt
   is matched and data is attempted to be read from channel.
   If not data is present of channel the timer will expire
   and response we be returned to calling function.

* Fix unit test failure

* Update to make buffer timeout float

* Update doc and fix review comment

* Fix CI issues

* Update doc

* Fix review comments

* Fix review comments
2018-10-22 21:05:15 +05:30
Matt Clay
37b013aca3
Enable additional pylint rules and resolve issues found. (#47221)
* Resolve unneeded-not.
* Resolve global-at-module-level.
* Resolve useless-import-alias.
* Resolve bad-whitespace.
* Resolve global-variable-not-assigned.
* Resolve logging-not-lazy.
* Resolve comparison-with-itself.
2018-10-18 13:38:08 -07:00
Steve Dodd
ee6ab5d5aa Add support for IOS vlan parsing filter. (#40555)
* Add support for IOS vlan parsing filter.
Example usage below:

{% set parsed_vlans = vlans | vlan_parser %}
switchport trunk allowed vlan {{ parsed_vlans[0] }}
{% for i in range (1, parsed_vlans | count) %}
switchport trunk allowed vlan add {{ parsed_vlans[i] }}

* Update test_network.py

Add import statement for filter

* Fixed PEP8 issues relating to comments

* Fix PEP8 issues related to blank lines

* Removed magic numbers for line lengths. This should generalize support
to other IOS-like NOS that use similar methods for listing vlans. The
default arguments for line lengths will still be specific to Cisco IOS.
The unit tests for line length are still specific to Cisco IOS.
2018-10-17 20:50:28 +05:30
Fran Fitzpatrick
ab8ed2f84d Add unit tests for junos terminal (#47103) 2018-10-16 15:14:38 +05:30
Matt Clay
3033fd96b0
Move unit test compat code out of lib/ansible/. (#46996)
* Move ansible.compat.tests to test/units/compat/.
* Fix unit test references to ansible.compat.tests.
* Move builtins compat to separate file.
* Fix classification of test/units/compat/ dir.
2018-10-12 20:01:14 -07:00
lwm
8d0f823de0 Add a Linode v4 dynamic inventory plugin. (#45902)
* Add a Linode v4 dynamic inventory plugin.

Closes https://github.com/ansible/ansible/issues/44721.

* Use the latest API for accessing host variables.

References:

  * https://github.com/linode/linode_api4-python/issues/141

* Minor docs formating
2018-10-09 12:54:31 +01:00
Brian Coca
d3d812b604 avoid tests when ncclient is not installed 2018-10-01 13:43:26 -04:00
Brian Coca
32ec69d827
allow jinja2 unique filter compat (#45637)
* allow jinja2 unique filter compat
* detect if unique is provided, fallback with warning
* handle j2 specific params
* now all filters using unique must pass environment
* added env to tests

also normalized on how we normally import and use exceptoins
2018-09-25 14:27:02 -04:00
Sam Doran
b60854357b
Unify terms and UI between 1Password lookups and facts module (#45427)
* Unify login behavior between 1Password lookup plugins and module

- Use the same names for all credential aspects
- Only require the minimal amount of information for each
- Add more examples

* Change parameter terms

- use terms in line with 1Password documentation.
- update examples
- update tests

* Improve error messages in lookup plugin

* Unify onepassword_facts with lookup plugins

- use same methods and logic for signing in or reusing existing session
- unify terms with lookup plugins

* Change rc test for determing login

An rc other than 1 can be returned when a current login session does not exist.

* Create AnsibleModuleError class

ansible.errors is not available to modules, so create an AnsibleModuleError class within the module

Do not user os.path.expanduser since this is already done by virtue of the type being "path" in the argument spec.

* Add note about risk with fact caching sensitive data

* Add note on op version that was used for testing
2018-09-21 14:26:05 -04:00
Matt Martz
95e77ac853
Ensure that the src file contents is converted to unicode in diff info (#45744)
* Ensure that the src file contents is converted to unicode in diff info. Fixes #45717

* Fix up and cleanup

* The diff functionality in the callback plugins should have the
  to_text() calls removed since we're now doing it in ActionBase
* catching of UnicodeError and warnings in the callback diff
  functionality from 61d01f549f haven't been
  needed since we switched to to_text so remove them.
* Add a note to ActionBase's diff function giving an example of when the
  diff function will be inaccurate and how to fix it

* Fix callback get_diff() tests

I believe the unittests of callback's get_diff() were wrong.  They were
sending in a list where strings were expected.  Because previous code
was transforming the lists into strings via their repr, the previous
tests did not fail but they would have formatted the test cases output
in an odd way if we had looked at it.
2018-09-20 12:31:48 -05:00
Nathaniel Case
406b59aeba
Move persistent connections to only use registered variables (#45616)
* Try to intuit proper plugins to send to ansible-connection

* Move sub-plugins to init so that vars will be populated in executor

* Fix connection unit tests
2018-09-20 09:56:43 -04:00
Anton Nikulin
b7263eab1d Store Authorization header inside HttpApi connection plugin (#45598) 2018-09-13 19:34:30 +05:30
Jon Dufresne
ef67d4074b Prefer io.BytesIO over six; available on all supported Pythons (#45388)
On all supported Pythons, the io.BytesIO is always a stream
implementation using an in-memory bytes buffer. Makes code slightly more
forward compatible by reducing use of the six module.
2018-09-10 15:19:16 -04:00
Matt Clay
f7979e4938 Skip ipaddr test that fails on Python 3.7+. 2018-09-04 09:23:31 -07:00
Ganesh Nalawade
c0326aea2f
Fix cli_command multiple prompt issue (#44922)
* Add check in network_cli to handle all prompts

* Add check_all flag to mandatory handle all the command prompt
  in prompts list. By default if any one prompt is handled
  remaining prompts are ignored.

* Fix cli_command multiple prompt issue

* If multiple prompt and answers are given as input network_cli
  handles only the first prompt that matched by default
* If a command execution results in muliple prompt the fix
  add support to set a boolean option C(check_all) to indicate
  network_cli to wait till all the prompts and answers are processed.

* Update cli_command

* Update api doc

* Fix unit test failure

* Fix CI failure

* Update network_cli

* Fix review comment
2018-08-31 20:04:12 +05:30
Deepak Agrawal
50c7702e46
cisco firepower : Make API endpoints configurable via hostvars (#44952)
* httpapi host vars

* Make configurable end-points for firepower

* pep8 fix
2018-08-31 18:38:16 +05:30
Sam Doran
8cd8d17980
Add ability to unlock 1Password vault to lookup plugins (#44923)
* Add ability to use login to 1Password vault to 1Password lookups

* Adjust unit tests

* Add changelog
2018-08-30 16:24:06 -04:00
pierremahot
d11e078366 adding an option for the filter ipsubnet and testing (#40670)
* adding an option for the filter ipsubnet
2018-08-30 13:21:22 +01:00
Anton Nikulin
40a97d43d1 New modules and updated HTTP API plugin for FTD devices (#44578)
* Add common and Swagger client utils for FTD modules

* Update FTD HTTP API plugin and add unit tests for it

* Add configuration layer handling object idempotency

* Add ftd_configuration module with unit tests

* Add ftd_file_download and ftd_file_upload modules with unit tests

* Validate operation data and parameters

* Fix ansible-doc, boilerplate and import errors

* Fix pip8 sanity errors

* Update object comparison to work recursively

* Add copyright
2018-08-29 15:48:10 +02:00
Matthias Fuchs
7871027c9d Share the implementation of hashing for both vars_prompt and password_hash (#21215)
* Share the implementation of hashing for both vars_prompt and password_hash.
* vars_prompt with encrypt does not require passlib for the algorithms
  supported by crypt.
* Additional checks ensure that there is always a result.
  This works around issues in the crypt.crypt python function that returns
  None for algorithms it does not know.
  Some modules (like user module) interprets None as no password at all,
  which is misleading.
* The password_hash filter supports all parameters of passlib.
  This allows users to provide a rounds parameter, fixing #15326.
* password_hash is not restricted to the subset provided by crypt.crypt,
  fixing one half of #17266.
* Updated documentation fixes other half of #17266.
* password_hash does not hard-code the salt-length, which fixes bcrypt
  in connection with passlib.
  bcrypt requires a salt with length 22, which fixes #25347
* Salts are only generated by ansible when using crypt.crypt.
  Otherwise passlib generates them.
* Avoids deprecated functionality of passlib with newer library versions.
* When no rounds are specified for sha256/sha256_crypt and sha512/sha512_crypt
  always uses the default values used by crypt, i.e. 5000 rounds.
  Before when installed passlibs' defaults were used.
  passlib changes its defaults with newer library versions, leading to non
  idempotent behavior.

  NOTE: This will lead to the recalculation of existing hashes generated
        with passlib and without a rounds parameter.
        Yet henceforth the hashes will remain the same.
        No matter the installed passlib version.
        Making these hashes idempotent.

Fixes #15326
Fixes #17266
Fixes #25347 except bcrypt still uses 2a, instead of the suggested 2b.

* random_salt is solely handled by encrypt.py.
  There is no _random_salt function there anymore.
  Also the test moved to test_encrypt.py.
* Uses pytest.skip when passlib is not available, instead of a silent return.
* More checks are executed when passlib is not available.

* Moves tests that require passlib into their own test-function.

* Uses the six library to reraise the exception.

* Fixes integration test.

When no rounds are provided the defaults of crypt are used.
In that case the rounds are not part of the resulting MCF output.
2018-08-27 08:40:41 -07:00
jctanner
653d9c0f87 New keyword: ignore_unreachable (#43857) 2018-08-23 11:41:02 -04:00
Jordan Borean
6982dfc756 psrp: Added new Windows connection plugin (#41729)
* psrp: Added new Windows connection plugin

* Tweaks to connection options from review
2018-08-21 16:43:13 -07:00
Artem Leshchev
8323f3e3b7 Fix module name in error text at parse_xml filter (#44313)
* Fix module name in error text at parse_xml filter

* Fix test that includes erroneous module name in error text at parse_xml filter
2018-08-20 10:19:16 +05:30
Zhikang Zhang
0971a342d8
Solve race condition in password lookup (#42529)
NOTE:
1. use os.open() with os.O_CREAT|os.O_EXCL to check existence
and create a lock file if not exists, it's an atomic operation
2. the fastest process will create the lock file and others will
wait until the lock file is removed
3. after the writer finished writing to the password file, all the reading
operations use built-in open so processes can read the file parallel
2018-08-15 15:10:52 -04:00
Lindsay Hill
5981a7489b new nos_command module (#43056) 2018-08-10 13:50:02 -07:00
Zhikang Zhang
3a3869f4c8
Clarify usage of encrypt arg (#43330)
According to the do_encrypt interface, encrypt arg should be the hash method name used for encrypting returning password. But in the doc and lookup code it's a boolean flag, correct it to string.
2018-08-02 14:03:49 -04:00
Joren Vrancken
b954917761 Surround top-level function and class definitions with two blank lines. 2018-07-31 12:06:56 -07:00
Fran Fitzpatrick
5928ec04ca Adds an ipmath filter (#41985) 2018-07-11 10:52:31 -07:00
Jordan Borean
940d4a0e89
win_reboot: fix 2.6 issues and better handle post reboot reboot (#42330)
* win_reboot: fix 2.6 issues and better handle post reboot reboot

* changed winrm _reset to reset

* Add handler to reset calls when .reset() throws an AnsibleError on older hosts

* Moving back to _reset to get the issue fixed
2018-07-11 09:12:29 +10:00
Jordan Borean
8bdd04c147 Fix remote_tmp when become with non admin user (#42396)
* Fix tmpdir on non root become

 - also avoid exception if tmpdir and remote_tmp are None
 - give 'None' on deescalation so tempfile will fallback to it's default behaviour
   and use system dirs
 - fix issue with bad tempdir (not existing/not createable/not writeable)
   i.e nobody and ~/.ansible/tmp
 - added tests for blockfile case

* Revert "Temporarily revert c119d54"

This reverts commit 5c614a59a6.

* changes based on PR feedback and changelog fragment

* changes based on the review

* Fix tmpdir when makedirs failed so we just use the system tmp

* Let missing remote_tmp fail

If remote_tmp is missing then there's something more basic wrong in the
communication from the controller to the module-side.  It's better to
be alerted in this case than to silently ignore it.

jborean and I have independently checked what happens if the user sets
ansible_remote_tmp to empty string and !!null and both cases work fine.
(null is turned into a default value controller-side.  empty string
triggers the warning because it is probably not a directory that the
become user is able to use).
2018-07-06 10:49:19 -07:00
Nathaniel Case
5850591d14
Base connection class for network-style connections (#41839)
* Create base class for network-style connections

* clean up some differences

* Move NetworkConnectionBase

* Tweak netconf for tests

* Tweak when network_os is checked to avoid failing tests

* Pull back exec_command
2018-07-02 08:41:00 -04:00
Jordan Borean
9b7b564d75
Stop displaying kinit pass input on a failure (#41882)
* Stop displaying kinit pass input on a failure

* Fixed up minor logic info and added tests
2018-06-26 05:49:19 +10:00
Brian Coca
27c43daab8
fix minor issues with debug and item labels (#41331)
* fix minor issues with debug and item labels

 - no more `item=None`, we always have a label now
 - debug should only show expected information, either msg= or the var in var=
 - also fixed method name, deprecated misleading _get_item
2018-06-21 16:14:57 -04:00
Jordan Borean
11bd3fd318 win_updates fix when win_updates is run with async (#41756) 2018-06-20 14:52:24 -07:00
Matt Davis
b01779ad18
skip winrm unit tests if winrm is not installed (#41596) 2018-06-15 10:23:15 -07:00
Jordan Borean
ad8e13e9f8
winrm: fix up unit tests (#41112) 2018-06-07 06:09:10 +08:00
Martin Krizek
77e2bd5f8e
Fix inserting noop tasks by using active state (#36056) 2018-06-06 12:34:25 +02:00
Ganesh Nalawade
ba4b12358c
Refactor ios cliconf plugin and ios_config module (#39695)
* Refactor ios cliconf plugin and ios_config module

*  Refactor ios cliconf plugin to support generic network_config module
*  Refactor ios_config module to work with cliconf api's
*  Enable command and response logging in cliconf pulgin
*  cliconf api documentation

* Fix unit test and other minor changes

* Doc update

* Fix CI failure

* Add default flag related changes

* Minor changes

* redact input command logging by default
2018-06-06 11:12:45 +05:30
Matt Martz
ad7ba91f75 Use _remote_is_local=True for local connection in synchronize (#40833)
* All instances of local connection should use _remote_is_local=True. Fixes #40551

* Switch to instance attribute for synchronize

* Add test that shows that synchronize _remote_is_local addresses tmpdir building
2018-05-30 13:28:11 -07:00
Sloane Hertel
cba64f5869 Fix inventory plugin cache + add tests (#38229)
* Fix setting the cache when refresh_cache or --flush-cache are used

* Use jsonify function that handles datetime objects in jsonfile cache plugin

* Don't access self._options directly

* Add initial integration tests for aws_ec2 inventory plugin

* Add CI alias

* Fix and add a few more unit tests

* Add integration tests for constructed

* Fix typo

* Use inventory config templates

* Collect all instances that are not terminated by default

* Create separate playbook for setting up the VPC, subnet, security group, and finding an image for the host

Create a separate playbook for removing the resources

* Allow easier grouping by region and add an example

* use a unified json encode/decode that can handle unsafe and vault
2018-05-24 15:34:54 -04:00
Jordan Borean
5e28e282a5 winrm: add better exception handling for krb5 auth with pexpect (#39930)
* winrm: add better exception handling for krb5 auth with pexpect

* Added changelog fragment

* Added exception handler in case kinit path isn't valid, added test cases

* fixed for Python 2 compatibility
2018-05-23 13:33:07 -07:00
Jordan Borean
457bccf540 win_updates: add scheduled tasks back in for older hosts (#38708)
* win_updates: add scheduled tasks back in for older hosts

* Fixed up typo in category name error message

* Fixed up some minor issues after merge

* added changelog fragment

* Default to become but add override to use scheduled tasks

* Added basic unit tests for win_updates

* fix minor typos
2018-05-23 13:21:01 -07:00
flowerysong
e2c1589201 Add cidr_merge filter (#36081) 2018-05-23 14:35:23 -05:00
Ken Celenza
dd02a4e943 create cisco type 5 filters (#39901) 2018-05-22 13:35:54 +01:00
Jordan Borean
1ac180c74d
winrm: source user from options than remote_user (#40467)
* winrm: source user from options than remote_user

* fixed up mock for kerberos import

* Added changelog fragment

* get hostname from option as well
2018-05-22 09:36:48 +10:00