Make pyca/cryptography the preferred backend for cryptographic needs (mainly vault) falling back to pycrypto
pyca/cryptography is already implicitly a dependency in many cases
through paramiko (2.0+) as well as the new openssl_publickey module,
which requires pyOpenSSL 16.0+. Additionally, pyca/cryptography is
an optional dep for better performance with vault already.
This commit leverages cryptography's padding, constant time comparisons,
and CBC/CTR modes to reduce the amount of code ansible needs to
maintain.
* Handle wrong password given for VaultAES format
* Do not display deprecation warning for cryptography on python-2.6
* Namespace all of the pycrypto imports and always import them
Makes unittests better and the code less likely to get stupid mistakes
(like using HMAC from cryptogrpahy when the one from pycrypto is needed)
* Add back in atfork since we need pycrypto to reinitialize its RNG just in case we're being used with old paramiko
* contrib/inventory/gce: Remove spurious require on pycrypto
(cherry picked from commit 9e16b9db275263b3ea8d1b124966fdebfc9ab271)
* Add cryptography to ec2_win_password module requirements
* Fix python3 bug which would pass text strings to a function which
requires byte strings.
* Attempt to add pycrypto version to setup deps
* Change hacking README for dual pycrypto/cryptography
* update dependencies for various CI scripts
* additional CI dockerfile/script updates
* add paramiko to the windows and sanity requirement set
This is needed because ansible lists it as a requirement. Previously
the missing dep wasn't enforced, but cryptography imports pkg_resources
so you can't ignore a requirement any more
* Add integration test cases for old vault and for wrong passwords
* helper script for manual testing of pycrypto/cryptography
* Skip the pycrypto tests so that users without it installed can still run the unittests
* Run unittests for vault with both cryptography and pycrypto backend
* create Ansible groups from host collections
* fix paging logic in _get_json
* replace Satellite with Foreman
* improve comment for environment variables
* enable host collections by default
* use requests params instead of urllib.quote_plus
* disable host collections by default
* change organization filter
* clean up load_cache methods
* remove usage of function defaults
* replace environment variables with host_filters
OpenStack dynamic inventory is still using the deprecated
ansible_ssh_host. This patch adds ansible_host until such
time as ansible_ssh_host is removed
* Do not ask for templates in Brook inventory if they do not exist
* Add availability zone variable to Brook inventory
* Add provider id variable to Brook inventory
* Error output sent to stderr in Brook inventory
* A basic start on an lxd dynamic inventory script
The script is a fairly basic start on an lxd dynamic inventory script. Only tested on ubuntu 16.04 and currently only reports ipv4 container addresses. Improvements to come.
* Updated formatting, indenting and python3 support
Updated to work on python3
* Additional options read from the ini file
Added options for connection and group to the ini file and modified to use these.
Host returned is now the name by default. For non-lxd connection, the ansible_host var is populated with the ip address.
* Additional options for group and connection
* Minor change to re-run tests
* Update module_utils.six to latest
We've been held back on the version of six we could use on the module
side to 1.4.x because of python-2.4 compatibility. Now that our minimum
is Python-2.6, we can update to the latest version of six in
module_utils and get rid of the second copy in lib/ansible/compat.
When specifying a literal whitelist of AWS EC2 regions in the dynamic
inventory configuration file, it should not be necessary to also include
a literal blacklist, especially as the blacklist is not honored in this
case anyway. By reading the literal blacklist only when necessary, it is
possible for a user to provide a more minimal EC2 configuration file.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
* EC2 inventory can now connect using an IAM role
* Fix comment indentation
* Make sure that Ec2Inventory.iam_role is always defined
* Add missing import
* Add ads server itself as an host in the inventory
* Comment all value in example
* Add Id in variable list per device
* Centralize code to add device status to variables
* Fix device variable name for blueprint
* Add Nagios livestatus inventory plugin.
* Add new capabilities for the nagios_livestatus inventory:
- host_field: set the name returned (default: 'name')
- group_field: set the field used for group (default: 'groups')
- host_filter: filter host using this filter (default: None)
To be more consistent, prefix was renamed into var_prefix.
* Fix py34 runtests errors against print call.
With this proposed PR, we want to make the use of many ec2 dynamic inventory files more flexible.
We are using multiple AWS accounts. We want to use different ini file (one for every account) and only one ec2.py.
* Use with statement when doing rw on files
* Deserialize file-like object directly instead of a string
For python 2/3 compatibility reasons, per PR feedback.
* adding route53_hostnames option to set the hostnames from route 53
* checking whether the route53_hostnames option is present as suggested by @s-hertel
* setting route53_hostnames to None when config option not present
* skip the to_safe only when using route53_hostnames option, as suggested by @ryansb
* skipping the to_safe strip only for the hostnames that came from route53 as suggested by @ryansb