This adds a new type of vault-password script (a 'client') that takes advantage of and enhances the
multiple vault password support.
If a vault password script basename ends with the name '-client', consider it a vault password script client.
A vault password script 'client' just means that the script will take a '--vault-id' command line arg.
The previous vault password script (as invoked by --vault-password-file pointing to an executable) takes
no args and returns the password on stdout. But it doesnt know anything about --vault-id or multiple vault
passwords.
The new 'protocol' of the vault password script takes a cli arg ('--vault-id') so that it can lookup that specific
vault-id and return it's password.
Since existing vault password scripts don't know the new 'protocol', a way to distinguish password scripts
that do understand the protocol was needed. The convention now is to consider password scripts that are
named like 'something-client.py' (and executable) to be vault password client scripts.
The new client scripts get invoked with the '--vault-id' they were requested for. An example:
ansible-playbook --vault-id my_vault_id@contrib/vault/vault-keyring-client.py some_playbook.yml
That will cause the 'contrib/vault/vault-keyring-client.py' script to be invoked as:
contrib/vault/vault-keyring-client.py --vault-id my_vault_id
The previous vault-keyring.py password script was extended to become vault-keyring-client.py. It uses
the python 'keyring' module to request secrets from various backends. The plain 'vault-keyring.py' script
would determine which key id and keyring name to use based on values that had to be set in ansible.cfg.
So it was also limited to one keyring name.
The new vault-keyring-client.py will request the secret for the vault id provided via the '--vault-id' option.
The script can be used without config and can be used for multiple keyring ids (and keyrings).
On success, a vault password client script will print the password to stdout and exit with a return code of 0.
If the 'client' script can't find a secret for the --vault-id, the script will exit with return code of 2 and print an error to stderr.
* documentation was not inline with other Ansible modules
* Python 3 specific imports were missing
* monitor_type is no longer required when creating a new pool; it is now the default.
* A new monitor_type choice of "single" was added for a more intuitive way to specify "a single monitor". It uses "and_list" underneath, but provides additional checks to ensure that you are specifying only a single monitor.
* host and port arguments have been deprecated for now. Please use bigip_pool_member instead.
* 'partition' field was missing from documentation.
* A note that "python 2.7 or greater is required" has been added for those who were not aware that this applies for ALL F5 modules.
* Unit tests were fixed to support the above module
* Correct usage for shutil.rmtree
Fix adds correct usage of shutil.rmtree in git module
Fixes: #31225
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Include archive tests so they get run
* Use new include syntax
* Cleanup syntax on git tests
- use multi-line YAML
- remove unneeded {{ }} around vars in conditionals
- remove unneeded quotes
- add task file name to task names for easier troubleshooting when things fail
* Make archive tests work for RHEL/CentOS 6
The older versions of Jinja2 in RHEL/CentOS 6 required assertion tasks using the map filter to be skipped.
The older version of git required gzip compression to be skipped on RHEL/CentOS 6.
* Account for ansible_distribution_major_version missing
* Adding a cli transport option for the bigip_command module.
* Fixing keyerror when using other f5 modules. Adding version_added for new option in bigip_command.
* Removing local connection check because the F5 tasks can be delegated to any host that has the libraries for REST.
* Using the network_common load_provider.
* Adding unit test to cover cli transport and updating previous unit test to ensure cli was not called.
* Initial CD-ROM support
* create cdrom bugfix
* Improving CDROM change detection and fixing template creation bug
Running MarkAsTemplate on an existing template will fail with an error
* Better change detection for guest ID
Should only mark a change in case it actually changes
* Adding integration tests
* Pep8 compliance fixes
* Adding CDROM support, including iso, client and none types
* Updating added release version for CDROM option
* Fix rollback in junos_config
Fixes#30778
* Call `load_configuration` with rollback id in case
the id is given as input
* Pass rollback id to `get_diff()` to fetch diff from device
* Fix unit test
- old functionality is still available direct lookup use, the following are equivalent
with_nested: [[1,2,3], ['a','b','c']]
loop: "{{lookup('nested', [1,2,3], ['a','b','c'])}}"
- avoid squashing with 'loop:'
- fixed test to use new intenal attributes
- removed most of 'lookup docs' as these now reside in the plugins
* Remove sysctl entry when state=absent
* Cleanup sysctl integration test syntax
* Correct grammar on error message
* Add sysctl integration test for state=absent
* [rpm_key] Fix to import first key on the system
Fixes: #31483
* [rpm_key] removed unsafe_shell and "throwaway" underscore
* [rpm_key] adding test to add the first key on system
* Added warning for 'force' option
* Changed 'profiles' type to list
* Changed 'interfacetypes' type to list
* Added deprecation warning and fixed doc
* updated force parameter
* Remove cloudstack, f5, and nxos from the wildcard import whitelist
* Remove nxos and f5 from the get_exception whitelist
* Remove some files from the pep8 legacy whitelist
* win_become: Added support to become a service user
* fixes for linting
* changes to get local and network service working
* fixed linting issues again
* pleasing pepe