* The ssh key may be created manually prior the task execution with a
passphrase. And the task will be executed on the same key.
* The ssh key may be broken and not usable.
The module will check the private key and if the key is password
protected or broken, it will be overridden.
The check of the ssh key performed by retrieve the public key from the
private key.
Set the "self.force" check before the "isPrivateKeyValid" check.
In case of any issue with the "isPrivateKeyValid" function, the user
will be able to force the regeneration of the key with the "force: yes"
argument.
* ufw: escalate privileges in integration tests
A few of the integration tests for the UFW module forgot to `become`.
This is problematic if the test suite is executed as a non-privileged
user. This commit amends that by adding `become` when appropriate.
* ufw: add unit tests for direction and interface
Extend the unit tests for the UFW module to test the `direction` and
`interface` parameters. This will help in the implementation of a fix
for issue #63903.
* ufw: add support for interface_in and interface_out
The UFW module has support for specifying `direction` and `interface`
for UFW rules. Rules with these parameters are built such that
per-interface filtering only apply to a single direction based on the
value of `direction`.
Not being able to specify multiple interfaces complicates things for
`routed` rules where one might want to apply filtering only for a
specific combination of `in` and `out` interfaces.
This commit introduces two new parameters to the UFW module:
`interface_in` and `interface_out`. These rules are mutually exclusive
with the old `direction` and `interface` parameter because of the
ambiguity of having e.g.:
direction: XXX
interface: foo
interface_XXX: bar
Fixes#63903
* Elevate privileges for luks_device integration tests
Several tests in `key-management.yml` don't `become` before executing,
despite needing elevated privileges. This commit fixes that.
* Add passphrase support for luks_device
Previously, the luks_device module only worked with keyfiles. The
implication was that the key had to be written to disk before the module
could be used.
This commit implements support for opening, adding and removing
passphrases supplied as strings to the module.
Closes#52408
* proxmox: use 'release' key for version detection if possible
* proxmox: fix PEP issues
* add changelog fragment
* Uses LooseVersion for proxmox version detection
* move imports
* removes useless comment
* adding encoding dump/import support for the mysql_db module, with updated documentation, and full test suite
* fixing lint issue test #3
* fixing lint issue test #1
* fixing lint issue test #1 second time
* Improving Test to be re-entrant
* improving test to not fail on centos/6
* Update test/integration/targets/mysql_db/tasks/encoding_dump_import.yml
Comminting suggestion
Co-Authored-By: Benjamin MALYNOVYTCH <bmalynovytch@users.noreply.github.com>
* Update test/integration/targets/mysql_db/tasks/encoding_dump_import.yml
comminting suggestion
Co-Authored-By: Benjamin MALYNOVYTCH <bmalynovytch@users.noreply.github.com>
* adding comment
Adding comment to explain test strategy
* Update test/integration/targets/mysql_db/tasks/encoding_dump_import.yml
Co-Authored-By: Benjamin MALYNOVYTCH <bmalynovytch@users.noreply.github.com>
* Update test/integration/targets/mysql_db/tasks/encoding_dump_import.yml
Co-Authored-By: Benjamin MALYNOVYTCH <bmalynovytch@users.noreply.github.com>
* Update test/integration/targets/mysql_db/tasks/encoding_dump_import.yml
accepted
Co-Authored-By: Andrey Klychkov <aaklychkov@mail.ru>
* Update test/integration/targets/mysql_db/tasks/encoding_dump_import.yml
Co-Authored-By: Andrey Klychkov <aaklychkov@mail.ru>
* Update encoding_dump_import.yml
* Fixing typoo
When a VM has been provisioned with unmanaged disks (VHD), the URI
schemes used for those disks are kept untouched. Unfortunately, the regexp that
parses the URI only accepts 'https' leading the module to fail if one
uses for instance 'http'.
Please note that the official Azure API documentation uses 'http' and
not 'https' as URI scheme.
Resolves#64506
Testing Done: Using an ARM template, provision a VM with one OS and one
data disk with 'http' as VHD URI scheme. Then use the
azure_rm_virtualmachine module to delete the VM. Finally check that the
module does not fail anymore and that the unmanaged disks are correctly
deleted from the storage account.
The 'azure_rm_storageaccount_info' module was calling the storage client
'list_by_resource_group()' method rather than the 'list()' one, leading
to callers not being able to fetch all the storage accounts of their
subscription.
Issue: #64319
Testing Done: was successfully able to call the module and retrieve
all the storage accounts in the subscription without having to
specify a resource group.
If a NIC has no primary ipConfiguration, the 'primary' field returned
by Azure is set to 'null' thus removed from the 'nic_model'
ipConfigurations properties. Unfortunately the code generating the
hostvars dict. assumes the 'primary' key always exists, leading the
entire host parsing to fail.
This patch changes the way the 'primary' field is accessed by using the
dict. 'get' method with a default value set to 'False'.
Resolves#63721
Testing Done: Run ansible-inventory with an azure_rm plugin that points
to a resource group that contain a two VMs, on with a primary
ipConfiguration and another one without. Check that without the patch
the inventory output does not contain the VMs (or just the one with the
primary ipConfiguration set, depending on the VM names). Finally check
that with the patched azure_rm.py file, both VMs show up.
* Replaced 'ansible_facts' by 'foreman_facts'
'foreman_facts' is the key that the foreman inventory script used
'ansible_facts' is a special key that is overwritten internally and has never worked in this inventory plugin
* Added changelog
Lookup 'first_found' returns empty list which results in
raw_params checking. Check NoneType for 'raw_params' before
proceeding.
Fixes: #64939
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Allow updating of ec2_group rules with EC2 classic ELB targets
Fix regression introduced in #45296 with EC2 Classic SGs
Fixes: #57247
Also add (unsupported) ec2 classic test suite with test case for this scenario
* move ec2 classic tests to conditional within ec2_group target
* clean up ec2_classic tests
* ec2_classic account can't run most ec2_group tests
* Fix cli context check for network_cli connection
Fixes#64575
* Check cli context for network_cli connection
at the start of new task run only.
* Pass task_uuid around to identify start of new task run
* Handle for local connection
* Fix empty and zeroed memory variables on Windows
The CIM elements about swap information are for Unix platform implementations of Powershell. CIM has separate elements for the "Windows swap". This fixes memory information being non-present or zero.
* Properly name Windows variables for Page File
See https://github.com/ansible/ansible/pull/65259 for discussion
* Update setup.ps1
* add win_compact module
* fixed line endings
* fix documentation
* Use cim method instead of wmi method
* renamed to win_file_compression
added single file support
added force option to avoid traversing large directory structures
* fixed end of file
* fixed renaming.
bench test still had win_compact as a module
* Removed more NTFS references and slight test tweaks
* Inventory CLI - Ignore settings for when vars plugins should run and just always run them
* Add note to porting guide
* Fix loading vars plugins
* changelog
* Remove a staging test for ansible-inventory since it ignores that setting
* Added logic to match on protocol 'any'
I personally use this to remove the default created egress rules from
security groups.
* Fixes for ansible-test
* Append is not a list
* Adding new example. Renaming reboot var to match other modules
* syspatch: Fixing if statement logic issue to properly compare integer
* Syspatch: Using get_bin_path to find path. Revert to reboot_needed instead of reboot_required.
* syspatch: Fix wording in playbook example
* docker_swarm_service: Sort lists when checking for changes
When two lists are checked for changes in this module, the lists are
reported changed when the order of the items is different. This PR
resolves this issue.
* docker_swarm_service: Minor typo fix
* docker_swarm_service: Another minor typo
* docker_swarm_service: Should use sorted(), not sort()
* docker_swarm_service: Sort lists of dictionaries
* docker_swarm_service: Fix style issues in tests
* docker_swarm_service: Updates to integration tests
* docker_swarm_service: Casting string types within lists when comparing
* docker_swarm_service: Special handling of unordered networks with ordered aliases
* docker_swarm_service: Sorting network lists
* docker_swarm_serivce: Better unit test code coverage for lists and networks
* docker_swarm_service: Fixed coding style for sanity tests
* docker_swarm_service: More coding style fixes
* docker_swarm_service: Ignoring test for Python < 3
* docker_swarm_service: Update to version info check for backwards compatibility
* docker_swarm_service: Added change fragment #63887
* docker_swarm_service: Better handling of missing sort key for dictionary of lists
* docker_swarm_service: Preventing sorts from modifying in-place
Co-Authored-By: Felix Fontein <felix@fontein.de>
* docker_swarm_service: Removed spurious import in test
* docker_swarm_service: Preventing sorts from modifying more data in-place
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Set name_version when version is not specified, fix#55097
This will default to installing the latest version available
* Add changelog fragment
* update changelog
self._get_user_property returns a string, so when doing a comparison
using this value, cast the second variable to a string so that the
comparison behaves correctly
* Add changelog
* Add to_text import
* Add integration test
VM relocate to destination host works without pool param when hosts are part of same cluster. but spec.pool is required when hosts are part different clusters.
Closes: #64503
* Add integration tests for aws lightsail
* lightsail - use module_defaults instead of aws_connection_info
* lightsail tests - assert instance state on create
* Fix yaml syntax error
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
* [lightsail] create keypair as part of the testsuite
* Fix lightsail actions in compute-policy
* Add ability to delete keypair in lightsail_keypair
* iam_user: use AnsibleAWSModule.client to fetch connection rather than C&P code
* iam_role: Add deprecation warning so we can switch purge_polices default behaviour from true to false
* iam_user/role/group: Rename 'managed_policy' and 'purge_policy'
Rename from singluar to plural (we accept a *list* of policies), and add aliases for the old values.
* Cleanup documentation
* Changelog
* ansible.utils.color.stringc: add wrap_nonvisible_chars flag in stringc
* add exaplanation for `wrap_nonvisible_chars` case in utils.stringc
* add changelog entry
* reworked iam_policy
* Deprecate policy_document option
* deprecate defaulting skip_duplicates to true
* No longer explicitly catch ParamValidationError.
ParamValidationErrror is already caught by ClientError
* Work with complex policy objects rather than json documents
comparisons can better cope with the special cases (eg True vs "True" )
* Enable check_mode tests and fix related 'changed' bug
* changelog
* doc cleanup based on review
* Implementing ability to specify certificates.
* Changelog fragment for rabbitmq_publish certificate checking
* Fixing version_added
* Reducing line size.
* Minor documentation updates.
* Update to add missing space.
Co-Authored-By: Felix Fontein <felix@fontein.de>
* add new command SetManagerNic in redfish_config module
* use a more explicit/rigorous way to select the EthernetInterface, split port for default nic_addr if root_uri has port, update variable name to lower_case_with_underscores instead of CamelCase
* add missing whitespace around arithmetic operator, fix inline comment should start with '# '
* Add support for jumphost setting in junos_scp and junos_package
* Since junos_scp and junos_package module uses junos-eznc library
to transfer file and load package respectively to a remote device
it does not read the jumphost related configuration in netconf
connection plugin unlike other junos modules which uses the
Ansible persistent.
* Add `ssh_config` and `ssh_private_key_file` to add support to
read custom ssh config file and mention ssh private key file
for junos_scp and junos_package module
* Fix CI issue and update note section
If two tags with same name and different category exists, vmware_tag_manager
used to take first found tag.
This commit use combination of tag and category to identify the category.
Fixes: #59379
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Due to confusion between 'Custom Attributes' and 'Advanced options',
this change got in devel. Revert to original behavior i.e. customizing
custom values using vmware_guest is done in this PR.
Fixes: #64291
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Domain is newly added in 2.10 release, specify this in the
documentation section in Checkpoint httpapi connection plugin.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add example showing that when using the `argv` syntax for command module instead of the string one, we can directly provide other parameters in the "command" block, rather than using an "args" block.
* iam_role tags support
* Make sure we don't Camel -> Snake tags in our return values
* Minor documentation tweaks
* Add tagging tests
* Make sure we return the state of tags once we updated them
* Update lib/ansible/modules/cloud/amazon/iam_role.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Move boto3/botocore before we start making changes
* renamed module tls client auth parameters to avoid overlaping with ansible fetch_url
* added version_added info for params
* Updated version_added
Updated version_added info from 2.9 to 2.10
* Update pulp_repo.py
removed version_added for renamed params
* Apply suggestions from code review
added ca_cert alias and 'version_added'
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Apply suggestions from code review
added old behavior for client_cert and client_key which will deprecate in 2.14
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update pulp_repo.py
fix for linting error ansibot is complaining
* added changelog fragment for 59522
* Apply suggestions from code review
more informative depreciation warning and changelog fragment
Co-Authored-By: Felix Fontein <felix@fontein.de>
* added mention for changes in client_key and client_cert behavior
* fixed too long line (linting)
* deprecated ca_cert alias to have consistent module params in Ansible 2.14
* fixed indentation for deprecation warning
* changed deprecated alias handling to argument_spec
* moved deprecated_aliases insied argument dict, thanks tremble
* suggestions from felixfontein
Move doc info about client_cert and client_key into its own paragraph
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Add full IPv6 support to win_dns_client - Fixes#55962
* Fix missing cast
* Add type to win_dns_client.py
* Remove version_added again, to hopefully make ansibot happy. Even though it was added as a response to the bot...
* Fix $params undefined error, that was introduced by fixing the "global variable" linting issue
* Fix casting error
* Fix inverted logic
* Fix rebase error
* Fix assignment to readonly variable
* Fix "reset IPv4 DNS back to DHCP adapter_name"
* Fix legacy windows server support (2008/2008R2)
* Fix 2k8
* Remove unecessary pslint ignore
* Added IPv6 tests, changelog fragment and further docs
This info about backing_disk_mode was renamed to backing_diskmode,
to keep backward compatability re-introducing backing_disk_mode along
with backing_diskmode info.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add ldap_attrs module
* Fix codesyle error
* Apply deprecation rules
* Add support for X-ORDERED extension in ldap_attrs
The 'X-ORDERED' LDAP extension allows definition of ordered LDAP object
attributes. This extension is used in OpenLDAP "cn=config" database to
support ordered configuration options.
Specification: https://tools.ietf.org/html/draft-chu-ldap-xordered-00
* Update ldap_attr deprecation notice
* Documentation improvements based on suggestions
* Remove redundant dots from documentation
* Correct 'insertations' to 'insertions'
* Remove insecure 'params' option
* Fix sanity ignore errors
* Improve module documentation
* Change example value from string to list
* Fix support for "" values
* Restore module vmware_dns_config
* Remove domainname and change_hostname_to
* Changed version_added from 2.10 to '2.10'
* Add setup_attach_host: true to test case
* Add 'vcsim is not defined' block to integration tests
* Change 'result' to 'dns_config_result'
* Bugfix: Changing some static configurations while keeping others can crash the module
* Implement changing DNS config from DHCP to static on a cluster
* Update documentation for vmware_host_dns
* vmware_host_dns integration tests: Always revert to original DNS configuration, even if a test fails
* Deprecate vmware_dns_config
##### SUMMARY
The second example of the documentation uses an argument "hostname" that does not exist in this module.
It should be replaced by argument "name"
##### ISSUE TYPE
- Docs Pull Request
+label: docsite_pr
The following modules a new, and were not yet in `module_defaults.yml`:
- vmware_guest_register_operation
- vmware_guest_serial_port
- vmware_guest_tools_info
* Add support for multiple manager attributes configuration
* Updated version_added to 2.10
* Added support for modifying LC and system attributes
* Added support for LC and system attributes
* Pylint fixes
* Add support for multiple manager attributes
* Add support for multiple manager attributes
* Add support for multiple manager attributes
* add connect_as, username, password parameters
add tests
* fixed reference to undefined variable.
added version added to new options.
* add changelog fragment
* fix line endings
* use ansible facts to determine os version
remove unused iis version check
test checksum of iis configuration after backup
* correct assertion
* added more cleanup tasks.
* version added is now 2.10
* skip server 2008 r2 for now
* run tests on server 2012 and higher
* Adds win32_disk_drive object to win_disk_facts
* Names class parameter for Get-CimInstance as requested in the devdocs
* Maps whole class and adds docs
* Improve matching of disks when UniqueID is different format
* Improve logic for PNPDeviceID mapping
* Adds test for win32_disk_drive
* win_chocolatey: Fix error when choco.exe not found
* Slight tweak to check and added changelog fragment
* Removed ignore rule that's no longer needed
* win_domain_user: add retry logic for null user principal group
* win_domain_user.ps1: Fix "user without group" case use
* Added changelog fragment
* Fix up missing dollar sign
* Add default value to 0 for disk in nova_flavor module
* Apply suggestions from code review
Add type int for disk size
Co-Authored-By: John R Barker <john@johnrbarker.com>
* ec2_vpc_net: (integration tests) migrate to using module_defaults
* ec2_vpc_net: (integration tests) use a private subnet for the tests
* ec2_vpc_net_info: Add integration tests
* ec2_vpc_net_info: add cidr_block_association_set to documentation
* Update AWS hacking test policy to allow VPC CIDR disassociation
* Update test/integration/targets/ec2_vpc_net/tasks/main.yml
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
* Store vpc2 ID to make it clearer which VPC we're changing
* Be more consistent with our quoting
* Explicitly test that the VPC IDs haven't changed