Commit graph

377 commits

Author SHA1 Message Date
David Lee Whiteside
805799ac8b
add pkcs11 support to Ansible ssh connection module (#32829)
* rebased with upstream

* removed extra usetty as it wasnt needed, style changes, added var option setable by inventory for pkcs11

* update pkcs11_provider version_added

* Update lib/ansible/plugins/connection/ssh.py

Co-authored-by: Jordan Borean <jborean93@gmail.com>

* Update lib/ansible/plugins/connection/ssh.py

Correct logic for a password being required for pkcs11_provider

Co-authored-by: Jordan Borean <jborean93@gmail.com>

* style nit fixes for checking pkcs11_provider is set

* fixed duplication when using password_prompt with pkcs11_provider

* added changelog fragment

* added changelog fragment

Co-authored-by: David Whiteside <david.whiteside@nrel.gov>
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
Co-authored-by: Jordan Borean <jborean93@gmail.com>
2021-06-02 12:32:43 +10:00
Sloane Hertel
5640093f1c
Use the module redirect_list when getting defaults for action plugins (#73864)
* Fix module-specific defaults in the gather_facts, package, and service action plugins.

* Handle ansible.legacy actions better in get_action_args_with_defaults

* Add tests for each action plugin

* Changelog

Fixes #72918
2021-05-27 19:06:45 -04:00
Matt Martz
4a4ffbadc5
Remove deprecated PlayContext.make_become_cmd (#74790) 2021-05-25 11:03:55 -04:00
Abhijeet Kasurde
1bd7dcf339
encrypt: add new paramter 'ident' (#74595)
Add a new parameter `ident` for specifying version of BCrypt
algorithm. This parameter is only valid for `blowfish` hash type.
2021-05-24 11:46:37 -04:00
Sam Doran
55b401a3e7
pause - ensure control characters are always set appropriately (#74568)
* pause - ensure control characters are always set appropriately

On some systems, curses.tigetstr() returns None, which does not work as a control character.

* Add unit tests

* Sort imports

* Skip on older Python

This is an action plugin and only runs on the controller, so no need to test of Python 2. Making
the import hackery work on Python 2 would required some more work which I am not sure is
worth it since we are moving away from Python 2 support on the controller.

* Make the tests work on Python 2 and 3
2021-05-06 15:09:26 -04:00
Harm Geerts
9bd70045c9
Fix BaseFileCacheModule#keys to respect prefix (#72789)
* Fix BaseFileCacheModule#keys to respect prefix

Change:
- Previously BaseFileCacheModule#keys would return keys with the cache
  prefix. These keys are impossible to retrieve from the cache without
  removing the prefix or using the cache without a prefix.
  Now it removes the prefix from the key and only returns keys that
  share the same prefix as the cache.

Test Plan:
- New unit tests

* Add explicit BaseFileCacheModule#keys test

Test that files that do not match the cache prefix are ignored.
Test that the prefix is removed from the cache key.
2021-04-30 15:28:28 -04:00
Sam Doran
74b2add460
paramiko_ssh - mark connection as connected when successful (#74459)
* Remove unused import from test
2021-04-29 15:11:02 -04:00
Brian Coca
3cff54d69b
Fix missing delegate display (#74370)
* dont rely on vars, task already gives us info
* ensure we always display delegation in host label
* also added parens with ansible_host to show  target host vs resolved host
* delegating to self is not delegating
* delegated vars restoration for backwards compat
* tests need mock task with delegate_to
2021-04-28 13:24:38 -04:00
Rick Elrod
9f1513d4c0 [become] Add Solaris chmod ACL fallback
Change:
- Newer Solaris drops setfacl. Add a fallback for its chmod ACL syntax.

Test Plan:
- New units

Tickets:
- Fixes #74282

Signed-off-by: Rick Elrod <rick@elrod.me>
2021-04-19 20:28:57 -05:00
Rick Elrod
7d64aebdd3 [become] Fix solaris permissions regression
Change:
- Regression introduced in #70785
- When macOS chmod ACL syntax is used, Solaris-derived chmods return
  with a status of 5. This is also used for our sshpass handling,
  because sshpass will return 5 on auth failure. This means on Solaris,
  we incorrectly assume auth failure when we reach this branch of logic
  and try to run chmod with macOS syntax.
- We now wrap this specific use of chmod in an exception handler that
  looks for AnsibleAuthenticationFailure and skips over it. This adds
  another authentication attempt (something we normally avoid to prevent
  account lockout), but seems better than the regression of not allowing
  other fallbacks to be used.
- Without this patch, if setfacl fails on Solaris (and sshpass is used),
  we do not try common_remote_group or world-readable tmpdir fallbacks.

Test Plan:
- New unit

Signed-off-by: Rick Elrod <rick@elrod.me>
2021-04-19 20:28:57 -05:00
Alex Willmer
185d410316
Factor out host_label() in default stdout callback plugin (#73814)
This simplifies rendering the hostname (or hostname+delegated host) in
the default callback module, and reduces code duplication

I've chosen not move where in each handler the host label is rendered,
in case subsequent operations has side effects. However I'm happy to
change that if considered safe.

I've chosen not to change the formatting operator used (%), to avoid
changes in rendering that might result.

Signed-off-by: Alex Willmer <alex@moreati.org.uk>
2021-04-16 11:12:25 -04:00
Brian Coca
84e473a26e
All lookups ported to config system (#74108)
* all lookups to support config system

 - added get_options to get full dict with all opts
 - fixed tests to match new error messages
 - kept inline string k=v parsing methods for backwards compat
 - placeholder depredation for inline string k=v parsing
 - updated tests and examples to also show new way
 - refactored and added comments to most custom k=v parsing
 - added missing docs for template_vars to template
 - normalized error messages and exception types
 - fixed constants default
 - better details value errors

Co-authored-by: Felix Fontein <felix@fontein.de>
2021-04-13 15:52:42 -04:00
abikouo
29aea9ff34
constructed - Add keyed_groups suboptions 'default_value' and 'trailing_separator' (#74005)
* Support omitting the trailing separator when a dictionary key's value is an empty string

* Support a default value when the value used in the group name is an empty string

* Add tests

* change log
2021-04-13 11:59:50 -04:00
Sloane Hertel
ce96591313
Remove deprecated cache interfaces (#74198)
* update unit test
* Remove FactCache 'update' method
2021-04-13 11:08:20 -04:00
Brian Coca
b07a78b4ba
remove deprecated connection password functions (#74155)
* they were moved from connecitons to become plugins
* fixed clog, removed sanity ignore
* fixed tests to use become functions
2021-04-08 15:11:06 -04:00
Felix Fontein
af7f3fc266
Revert "Add duplicated set filter and documentation (#72729)" (#74053)
This reverts commit 99a6627c60.

* ci_complete
2021-03-27 20:28:28 -05:00
Matt Martz
88d6a72178
Temporarily disable strategy units (#74048) 2021-03-26 19:10:00 -07:00
Baptiste Mille-Mathias
99a6627c60
Add duplicated set filter and documentation (#72729)
Co-authored-by: Kerry <kerry@flatline-studios.com>
2021-03-27 00:18:55 +01:00
Matt Martz
78f34786dd
Send callbacks directly from the TaskExecutor instead of TaskResults masquerading as callbacks (#73927) 2021-03-18 12:12:29 -07:00
Brian Coca
935528e22e
finish migrating ssh plugin to config system (#73708)
* finish migrating ssh plugin to config system

  fixes #72739
  fixes #57220

* fix connection detection in reset
* correct options for connection meta reset

Co-authored-by: David Shrewsbury <Shrews@users.noreply.github.com>
2021-03-03 15:25:16 -05:00
Brian Coca
2b0cd2c13f
use correct executable and options in all cases (#73323)
Use correct ssh executable and options in all cases on connection plugin

  * Also nicer naming/comments

Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2021-01-26 20:21:24 -05:00
Martin Krizek
ae08c6a639
Ensure Ansible's unique filter preserves order (#67856)
Fixes #63417
2020-11-23 08:55:18 +01:00
Sam Doran
8f9cf456b0
url lookup - set default user agent (#72324)
* Add unit tests
* Add note about when default changed
2020-10-28 09:34:06 -04:00
Sloane Hertel
8b07d46166
Add a toggle for the leading separator for keyed_groups (#60882)
* Add a toggle for the leading separator for keyed_groups if no prefix is given

* changelog

* Add tests for backward compatibility and the new toggle
2020-10-23 15:57:44 -04:00
Evan Van Dam
3db08adbb1
Add optional attribute arg for min and max filters (#50909)
* Pass **kwargs to min and max filters

* Use the jinja2 filters if available

* Add unit tests

* Add examples to docs passing attribute
2020-10-05 10:40:37 -04:00
Jordan Borean
8897d7e2ff
powershell - fix nested CLIXML parser (#71412) 2020-08-26 07:06:19 +10:00
Rick Elrod
0d7c144ce4
Allow macOS ACLs to work for unpriv -> unpriv (#70785)
Change:
- Use `chmod +a` in the fallback chain to allow MacOS to use ACLs to
  allow an unprivileged user to become an unprivileged user.

Test Plan:
- CI, new tests

Tickets:
- Fixes #70648

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-08-04 14:32:48 -04:00
Rick Elrod
7f62a9d7b5
Make cache adjudicator's flush call plugin flush (#70987)
Change:
- Previously CachePluginAdjudicator#flush only removed entries from the
  cache backend that it knew about by using them earlier. Now it calls
  the underlying plugin's flush() method.

Test Plan:
- New unit tests

Tickets:
- Fixes #68770

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-08-03 17:16:15 -05:00
Matt Davis
4c0af6c808
fix internal cases of actions calling unqualified module names (#70818)
* fix internal cases of actions calling unqualified module names

* add porting_guide entry
* misc other fixes around action/module resolution broken by redirection

ci_complete

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst

Co-authored-by: Rick Elrod <rick@elrod.me>

* address review feedback

* pep8

* unit test fixes

* win fixes

* gather_facts fix module args ignores

* docs sanity

* pep8

* fix timeout test

* fix win name rewrites

Co-authored-by: Rick Elrod <rick@elrod.me>
2020-07-23 09:02:57 -07:00
Rick Elrod
69472a5f8d
Refactor _fixup_perms2 to remove way-nested logic (#70701)
Change:
- Refactoring to make it harder to get wrong and easier to read.
- Generalize become_unprivileged tests and fix some that never worked
  but also never failed.

Test Plan:
- CI, new units/integration tests

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-07-20 18:46:47 -05:00
Jordan Borean
e22e103cdf
winrm - Added kinit_args to control the args for kinit calls (#70624) 2020-07-14 12:05:11 -04:00
Brian Coca
cf89ca8a03
Make filter type errors 'loop friendly' (#70417)
- ensure we preserve the typeerror part of the exception so loop defereed error handling
 can postpone those caused by undefined variables until the when check is done.
 - fix tests to comply with the 'new normal'

 - human_to_bytes and others can issue TypeError not only on 'non string'
 but also bad string that is not convertable.

Co-authored-by: Sloane Hertel <shertel@redhat.com>

Co-authored-by: Sloane Hertel <shertel@redhat.com>
2020-07-10 18:49:57 -04:00
Felix Fontein
24dcaf8974
plugin loader: return collection name; ansible-doc: handle ansible.builtin correctly (#70026)
* Determine collection in plugin loader.

* Fix test.

* Use PluginPathContext objects in PluginLoader._plugin_path_cache instead of tuples.
2020-07-11 00:24:08 +02:00
Martin Krizek
b05e00e99a
Fix delegate_facts with interpreter not being set (#70293)
Fixes #70168

ci_complete

Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
Co-authored-by: Matt Clay <matt@mystile.com>
2020-06-30 15:49:09 +02:00
Rick Elrod
7584e145a9
Nuke _get_item() from callback, deprecated 2.11 (#70233)
Change:
- Remove _get_item() alias as it has been deprecated
- Update tests
- Remove relevant sanity curtailment
- Add changelog

Test Plan:
CI, grep

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-06-23 12:03:27 -04:00
Matt Clay
98a0995fd0 Clean up unit test boilerplate. 2020-06-22 14:20:33 -07:00
Sloane Hertel
51f6d129cb
support hard coded module_defaults.yml groups for collections (#69919)
* Only allow groups which were hardcoded in module_defaults.yml

only load action groups from the collection if module_defaults contains a potential group for the action

* Fix tests using modules that override those whitelisted in lib/ansible/config/module_defaults.yml

Third party modules should not be using group/ - use the action name instead

* add externalized module_defaults tests

add the missing group and collections

ci_complete

Co-authored-by: Matt Davis <mrd@redhat.com>

* changelog

ci_complete

* Fix import in tests

ci_complete

* Update with requested changes

ci_complete

* don't traceback since we don't validate the contents of module_defaults

ci_complete

Co-authored-by: Matt Davis <mrd@redhat.com>
2020-06-09 15:38:57 -07:00
Matt Davis
984216f52e
various deprecation, display, warning, error fixes for collections redirection (#69822)
* various deprecation, display, warning, error fixes

* Update lib/ansible/utils/display.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update lib/ansible/utils/display.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update lib/ansible/utils/display.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* cleanup, test fixes

* add collection name to deprecated() calls

* clean up redirect entries from uncommitted tests

* fix dep warning/error header text to match previous

Co-authored-by: Felix Fontein <felix@fontein.de>
2020-06-05 00:28:40 -07:00
Nilashish Chakraborty
dae3ba71a8
Add FQCN mappings for network facts modules (#69601)
* Add FQCN mappings for network facts modules

Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>

* Add unit tests

Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>

* update entry for ironware

Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
2020-05-22 23:20:21 +05:30
Brian Coca
de3f7c7739
fix delegated interpreter discovery (#69604)
* fix delegated interpeter
* allow returning fact if it is 'the right host'
* added note for future fix/efficiency
 as it stands we rerun discovery for the delegated host
unless its saving facts to itself
 * fixed test lacking delegate_to mock
2020-05-22 09:31:34 -04:00
Bob Weinand
f200487414
Fix filedescriptor out of range in select() when running commands (#65058)
* Fix filedescriptor out of range in select() when running commands

* Simplify the run_command() code

Now that we're using selectors in run_command(), we can simplify some of
the code.

* Use fileobj.read() instead of os.read()
* No longer use get_buffer_size() as we can just slurp all of the data
  instead.

Also use a simpler conditional check of whether the selector map is
empty

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
2020-05-14 11:46:34 -04:00
Jordan Borean
702949e64c
windows - fix up env var quoting for unicode single quotes (#68968)
* windows - fix up env var quoting for unicode single quotes

* Add sanity ignore check for smart quotes
2020-04-16 20:24:23 +10:00
Ansible Core Team
e0e57b4beb migration final cleanup 2020-03-23 11:14:21 -05:00
Ansible Core Team
35063de590 Migrated to junipernetworks.junos 2020-03-23 11:14:21 -05:00
Ansible Core Team
8ee0187388 Migrated to openstack.cloud 2020-03-23 11:14:21 -05:00
Ansible Core Team
7e04b5ba8b Migrated to cisco.ios 2020-03-23 11:14:21 -05:00
Ansible Core Team
6da1ec1d8c Migrated to check_point.mgmt 2020-03-23 11:14:21 -05:00
Ansible Core Team
48d4e9370e Migrated to ansible.windows 2020-03-23 11:14:21 -05:00
Ansible Core Team
829eb0f1d1 Migrated to ansible.posix 2020-03-23 11:14:21 -05:00
Ansible Core Team
9a7a574ffc Migrated to ansible.netcommon 2020-03-23 11:14:21 -05:00