Previously, this module could throw the following error message:
NameError: global name 'current_roles_attrs' is not defined
The referencing key should also match the name of the column, which is
rolvaliduntil, not rol_valid_until
* WIP file_mode
* WIP
* Add file_mode + integration tests
* fix pep8
* Update doc fragments
Create mutualy_exclusive param
Fix yamllint problem in tests
* Add aliases file + main playbook for fortios
* Install pyfg before running tests
* Install pyfg before running tests in role
* Remove pre_task as it's done in roles
* Force pyFG minimal version for python3
* role_path not role_dir :(
* Change requirements
* Specify Error type when error on import
* Bug in pygf library with python 2.5 (PR is waiting https://github.com/spotify/pyfg/pull/19)
* Bad requirement format
* still bad format -_-'
* remove test/integration/fortios.py (auto generated by tests)
missing new lines at end of file
* pyFG is now fixed in 0.50
Fix adds check if app_key and api_key provided by
user is correct or not. If this combination is wrong
then fail with appropriate error message given by
Datadog server
Fixes https://github.com/ansible/ansible/issues/24325
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
CVE-2017-7481
Lookup returns wrap the result in unsafe, however when used through the
standard templar engine, this does not result in the jinja2 environment being
marked as unsafe as a whole. This means the lookup result looses the unsafe
protection and may become simple unicode strings, which can result in bad
things being re-templated.
This also adds a global lookup param and cfg options for lookups to allow
unsafe returns, so users can force the previous (insecure) behavior.
Output of `yum check-update` can contain lines with long package names and long
repository label names, which will be broken into multiple lines, which need to
be sanitized. The solution to this has been fixed and refactored in 2.3 in form
of parse_check_update(), but it still contains subtle bug, which makes such
multi-lines invisible to later logic (such packages aren't included in
parse_check_update()) output. The problem is caused by using '\1' in re.sub(),
instead of proper r'\1', which literally puts unicode symbol \1 into resulting
output.
ssh-keyscan isn't very verbose about errors. Give the user whatever
information we have available even if it isn't much. At least they will
know how we were running ssh-keyscan and why there's an error now.
Fixes#19440
Use the default repr of AnsibleVaultEncryptedUnicode.data instead
of a custom one, since jinja templating ends up using the repr()
results.
Fixes#23846, #24175
os_quota checks the current quotas for compute, network and volume
services and fails when no volume service is found in the catalog.
Since openstack test deployments without volume services are common
os_quota shouldn't fail if such service is missing.
Fixes#23085
Signed-off-by: Alberto Murillo Silva <alberto.murillo.silva@intel.com>
This allow users to write better playbooks by replacing
- shell: dnf autoremove -y
with
- dnf: autoremove=yes
Fixes#18815
Signed-off-by: Alberto Murillo Silva <alberto.murillo.silva@intel.com>
Fix adds correct warning after deleting Windows User.
Also, adds modular function to get group
Fixes https://github.com/ansible/ansible/issues/24190
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* ansible-doc -s is supposed to output a sample snippet of how you could
add the module into a playbook. These changes update the style:
* Use yaml mappings instead of key=value
* Use the module name directly instead of action: modulename
* Fixes a bug when displaying option descritpions which are yaml strings
instead of lists.
This fixes in code the bad formatting reported in #24201
Using github_issue module, user can retrive status of issue
listed on Github repository and depending upon status takes
various actions e.g., workarounds and downloading patches.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
When unittesting, the framework creates a pipes module that is picked up
by the basic module_utils test. Switch to using shlex_quote as that is
the right thing to use for portability anyway.
* Added new common argument api_version for all Avi modules
* Updated dependency for the new modules to use avi sdk 17.1 and above
* Updated Avi 17.1.1 modules with descriptions and moddule dependencies
* Updated version_added for new options
This fix adds a module option `validate_certs' to check
self-signed certificate of LDAP server.
Fixes https://github.com/ansible/ansible/issues/24009
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This fix makes it so that the module works as expected when
`server_hostname` is provided. It was being silently ignored
previously. I suppose this may also fix similar behavior with
`server_insecure`, but I did not check that explicitly.
* Fix netconf port validation and minor doc change
Add check to confirm if `validate_*` funcion is
callable.
Add `config_format` in `junos_facts` documentation
* Fix review comments
- Use `fail_json` for `get_all_load_balancers` unhandled exception.
- Do not mask error message on failure of `enable_zones`.
- Do not mask error message on failure of `disable_zones`.
Also added/removed blank lines to improve PEP 8 compliance.
If a bridge does not have a fail mode set, it returns nothing, i.e.
empty string.
This causes a failure when doing the want vs have compare in plays
where the fail-mode is missing, as we compare "" vs None respectively.
If a bridge does not have external_ids, ovs-vsctl returns '{}'.
This causes issues on the current want vs have comparison in cases
where the play does not define external_ids, as the comparison
is None vs '{}'.
* fix documentation and correct exception handling
* follow AWS exception guidelines
* fix parameter_group_family req; only needed when creating cache parameter group
make pep8 and remove from legacy files
* Added Composer Command global
Added a parameter to run composer commands globally. The `working_dir`
parameter is only required if `global_command` is `False`.
Fixes#24052
* Added Composer Command global
Added a parameter to run composer commands globally. The `working_dir`
parameter is only required if `global_command` is `False`.
Fixes#24052
The timeout for gathering facts needs to be settable from three places
(highest precedence to lowest):
* programmatically
* ansible.cfg (equivalent to the user specifying it explicitly when
calling setup)
* from the default value
The code was changed in b4bd6c80de to
allow programmatically and the default value to work correctly but
setting via ansible.cfg/parameter was broken.
This change should fix setting via ansible.cfg and adds unittests for
all three cases
Fixes#23753
ClearLinux has changed its pretty name in os-release file
from: 'Clear Linux Software for Intel Architecture'
to: 'Clear Linux OS for Intel Architecture'
This patch makes the SEARCH_STRING 'Clear Linux' rather than
the full name to make it compatible with the old and new name.
Signed-off-by: Alberto Murillo Silva <alberto.murillo.silva@intel.com>
template/__init__.py imported unsafe_proxy from vars which caused
vars/__init__.py to load. vars/__init__.py needed template/__init__.py
which caused issues. Loading unsafe_proxy from another location fixes
that.
Just after release of 2.0.0 (in 2.0.0.1) we had a change to the API of
callbacks without bumping the API version. We added the playbook to the
arguments passed to the callbacks.
This wasn't in the Tower callback at the time. In order to prevent
breaking that callback we added a temporary hack to inspect the
callback's API to decide if we needed to call it with arguments or not.
We scheduled the hack for removal in January 2017. Since that's now
past, removing the hack.
Change signed off by matburt on the Tower side.
Puppet modules are not always installed in the default location
(i.e, /etc/puppet/modules) so it is useful to be able to specify
an alternate location.
Fixes issue [#24078](https://github.com/ansible/ansible/issues/24078)
Resource pools are retrieved from VSphere regardless of the state of the `resource_pool` parameter. During this process, each retrieved Resource Pool is checked for the `parent` attribute, and if it exists, the currently-scoped parent object is compared against the Resource Pool's parent object. The method doing the check, however, `assert`s that the parent object is not `None`. In some cases, a Resource Pool will have the `parent` attr, but that `parent` object will be `None`, causing the `assert` to fail.
This should avoid that. :-)
* Add check_mode to get_url that does a HEAD request to make sure the URL exists, but doesn't write the real file
* Add info about new --check behavior to docs. Add tests for the new behavior. Populate res_args with the info the tests are looking for.
* Add trailing comma
* Change nonexistent test URL to http://{{httpbin_host}/DOESNOTEXIST. Fix spacing while I'm at it
* Further spacing cleanup
* State that this functionality is in Ansible 2.4+
* Split modules/network into two parts
Given the dedicated team we we have working on Ansible Networking a
clearer split is needed between Networking modules and "things that
happen to use the network"
* nmcli to net_tools
* nmcli moved
* Run `save` before exiting config mode.
* Fix unit tests for `save`
* Allow `save` to be on its own again and introspect success
* Introspecting `compare running` makes this a lot harder.
Move `save` tests to integration tests
Ok, so for openvswitch_db in particular we just return one command
but in the sake of consistency and code re-use, let's return a list
of "commands", even if it's just one.
* Document deprecation of fetch module validate_md5 and update --tags merging deprecation
Update the default of --tags merging config option to merge by default
* Update CHANGELOG.md
Minor edit
Added an integration test for fetch module idempotence. (Testing
that validate_checksum is doing what it's supposed to is harder as we'd
have to create a race condition with the downloaded data to trigger it.
Probably need to make that a unittest eventually).
Also give a deprecation message to the validate_md5 parameter so that we
can eventually get rid of it.
* atomic_image: add support for pull --storage=
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* atomic_container: new module
Manage atomic containers
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Minor junos_config module changes
* Add note for json config support
* Add example for lines argument
* Fix future warning for ElementTree
* Remove unwanted space
We fail-fast and display 'stderr' in case 'pacman' returns with 'rc != 0'.
There is no point computing 'module._diff' in such case anyway.
Fixes#23910
(cherry picked from commit 8c6a2a848c)
* Fix systemd in chroot
The 'request ignored' message is in stderr, not stdout.
* Check both stdout and stderr for systemd message
Some versions of systemd report to stderr, others to stdout. Also check
whether output could be a valid normal response to avoid false positives.
* Use sys.stdout.buffer to write vault bytes to stdout on py3
We need sys.stdout.buffer on py3 so we can write bytes to it since the plaintext
of the vaulted object could be anything/binary/etc
Before, attempting to write bytes to stdout on py3 would cause:
TypeError: write() argument must be str, not bytes
* keep unsafe .. unsafe
fixes#23734, which was broken in previous fix that allowed non string types to be templated
use new 'is_template' function vs bastardizing others
refactored clean_data to allow for arbitrary data structures to clean
fixed/removed some tests
* deal with complex data for is_template
* typos
We have a list of specific messages that we scree-scrape and flag
them as legit errors.
However, we also have a catch-all regex that matches everything
starting with %.
That can cause issues on commands that return lines with that
character, like for example the 'crypto key generate'.
Fixes#23770
In current stable (2.2), ansible galaxy install --force do erase
a role, even if the version is not set. This commit should restore
that specific behavior, in accordance to people reports:
https://github.com/ansible/ansible/issues/11266#issuecomment-273801480
It was also the behavior planned in the initial discussion:
"if you're not fixing versions in your roles file, then it's fine
to expect that the role will be reinstalled each time you run
ansible-galaxy install.", cf https://github.com/ansible/ansible/pull/12904
* Revert "fixes play context connection user (#21776)"
This reverts commit 58ee661437.
fixes#23530
* preserve original in copy
updated comment to clarify wtf is going on here
fixes#17382
alternate to #22979
deal with cases in which group/host have . in name
updated as per feedbck
only be strict about extension when doing dirs
also avoid ~ endings
without this patch, ansible-galaxy will mangle files containing
the archive parent directory name, eg 'owncloud/files/owncloud.cron'
will become 'owncloud/files/.cron'.
The previous code could affect the entire path and even filenames.
If a file path has the top level dir name as a substring, galaxy
replaces it with ''. In one example, the archive top level dir
is 'go', so 'files/go-bin.sh' becomes 'files/-bin.sh'.
Fixes#22572, #23694, #23623
* Fix vault reading from stdin (avoid realpath() on non-links)
os.path.realpath() is used to find the target of file paths that
are symlinks so vault operations happen directly on the target.
However, in addition to resolving symlinks, realpath() also returns
a full path. when reading from stdin, vault cli uses '-' as a special
file path so VaultEditor() will replace with stdin.
realpath() was expanding '-' with the CWD to something like
'/home/user/playbooks/-' causing errors like:
ERROR! [Errno 2] No such file or directory: u'/home/user/ansible/-'
Fix is to specialcase '-' to not use realpath()
Fixes#23567
* to_text decrypt output when writing to stdout
* Make warning logs consistent
Arguments outside provider with default
value should not log as warning in case
it is not mentioned in play.
* Make nxos timeout default consistent and add comments
* Make comments more verbose
update module to support more standard state=present/absent syntax
update module to use required_if, required_together, mutually_exclusive functions where possible
per ryansb review: make documentation section more clear, fix some extra quotes, remove FIXME comment
pre willthames review: force private_zone to True if vpc_id is set and fix word wrap
The commit was started before 2.3 was branched, but was only merged once
2.3 was actually branched. This leads to documentation stating this
module is new in 2.3 when it will be actually new in 2.4
Regex patterns were not being escaped properly so package names
containing characters that could be interpreted as regex symbols
were causing failures.
Fixes: #19714
* Support check mode in ec2_vpc_dhcp_options_facts
As a facts module, ec2_vpc_dhcp_options_facts supports check mode
by default
* ec2_vpc_dhcp_options_facts tidy up
Use named method imports, move imports to top of code
Use shared code to handle filters and tags
Use snake case for parameter names while retaining backward compatibility
* Code cleanup
Removed 'add' method from CustomNetworkConfig. It is identical
to the one inherited from NetworkConfig
* Removed unused CustomNetworkConfig import
* Replaced
```
def get_existing(module, args):
existing = {}
netcfg = get_config(module)
config = netcfg.get_section(parents)
```
with
```
netcfg = CustomNetworkConfig(indent=2, contents=get_config(module))
```
get_config returns a string, not an object in 2.3.
* Removed non-functioning get_object method in CustomNetworkConfig in favor of the
inherited method.
Added child_objs property so that expand_selection would work. The original
verion never worked correctly as it compared NetworkConfig obj's and str's.
* Removed ShellError method in favor or new load_config method.
* Removed ShellError method in favor or new load_config method.
fixes#20260
* nxos requires a "no" statement to change mcase group. Corrected.
Corrected changed logic.
* Corrected deleted CustomNetworkConfig import
This addresses a problem where the action plugin would ignore the
remote_addr value for the host. In this case, only the inventory values
for the hostname would be considered and populate the remote host
remote_addr value for the connection plugin.
Only a few more modules were using Set-Attr on the $result object rather
than using a normal hashtable. This PR changes the PSObject to a
hashtable and gets rid of Set-Attr.
This fixes issue when list from module contains more than one element.
Ansible and/or boto may put same elements in list in different order,
thus resulting task as changed.
Fixes#3310
* Improve Fortios IPv4 policy with logging capabilities. While there, fix typos in examples. forti_config: use the backup_filename param and dont enforce the the filename value.
* forti-typos
* Add version_added for new options in the documentation
* Make it easier to find network modules
Feedback has been it's difficult (via Google or directly) to find
modules as some people search for the company name vs product name,
therefore specify both.
* "IOS XR" (not "IOS-XR")
It's possible that if the module has a low-level failure, such as
"unable to open shell", or something else in the action plugin that
stdout and stdout_lines will not be returned.
Update the documentation to clarify this point.
When the security groups specified to the os_server module change they
should be updated on the server. This will require shade 1.19 where the
server security group commands were added.
Fixes: #23206
* allow split horizon for route53_zone and refactor
* fix documentation
remove comment
fix version_added
* Remove unused imports
* Only include zone as matching if it has the same privacy setting
* Use `.endswith` instead of indexing into a string
* Update public zone behavior to only create new if there is no matching public zone
* Remove from legacy PEP8 files
We invoke /usr/bin/apt inside of the ansible module. When that command
exits, it doesn't always include a helpful error message. Include the
exit code so that user's have all the information we can gice them as to
why apt failed.
Addresses #19128
* msg_format parameter added
error message received from telegram API is added to fail json
compatibility with python3 added
* pep8 formatted
* version_added property added for msg_format
* bot token must be set without 'bot' prefix in module parameters
* formatting options described in documentation
* six module for compatibility used
telegram.py removed from legacy-files.txt
* rpm_key: Decode bytes to string to work with Python 3 (#20326)
The read() method will return bytes we need to then decode() those bytes
to a string before trying to match() it using the re module.
* Make the rpm_key pgp regex more robust on both py2 and py3
* Check for provider values inside check_args of respective network code
* Partial revert of b9ee5aa
The no_log change is okay, but take out the action result munging
Recent Python3 versions require open() to specify binary mode if the data is anything other than text.
Python3: Use int() instead of long() in unarchive
Changes long() to int() for CRC values in the unarchive module. Affects unarchiving of zip files. Since CRC values in zipfile are 32 bits the behaviour should be unchanged even in Python 2.