Commit graph

1895 commits

Author SHA1 Message Date
James Cassell
b868f1c933
fix systemd use in container builds (#66062)
* systemd: unify "systemctl show" failure cases

* systemd: is-enabled to detect configured state

* systemd: is-enabled to detect masked status
2020-02-05 15:14:57 -05:00
Lihu Ben-Ezri-Ravin
48505af9d2
Remove filtering from edgeos_config module (#63362)
The edgeos_config module had a list of commands to filter out to avoid
load failures. This list had a single regular expression which caught
commands that attempted to set pre-encrypted passwords. This behavior is
undesirable for a few reasons.

* It's poorly documented. The documentation makes cryptic mention of a
  return value that some commands might be filtered out, but offers no
  explanation as to what they are or why.

* It's hard-coded. There's no way for the user to change or disable this
  functionality, rendering the commands caught by that expression
  completely unusable with the edgeos_config module.

* The obvious workaround is unsafe. The filter catches passwords that
  are already encrypted, but is perfectly fine letting the user set
  plain-text passwords. EdgeOS will encrypt them upon commit, but this
  module encourages unsafe handling of secrets up to that point.

* It's a security vulnerability if the user doesn't know about this
  behavior. While the module will warn if commands are filtered, the
  user won't know what got filtered out until after the fact, and may
  easily miss that warning if they are not vigilant. For something as
  sensitive as setting a password, it's not hard to imagine naive use of
  this module resulting in incorrect credentials being deployed.

* It provides no discernible benefit. Using the module without filtering
  does not result in load failures. If those commands are indeed harmful
  for some reason on (old?) versions of EdgeOS, it should be incumbent
  upon the user to be scrupulous in what commands they issue, rather
  than the module maintaining a blacklist of possible ways the user
  might misuse their own system.
2020-02-05 14:57:55 -05:00
Jørgen Lien Sellæg
43f93d275c
openssl_certificate: Selecting which acme directory to use to get certificate (#67109)
* "openssl_certificate - Add option for changing which ACME directory to use with acme-tiny. Set the default ACME directory to Let's Encrypt instead of using acme-tiny's default. (acme-tiny also uses Let's Encrypt at the time being, so no action should neccessary.)"
  * "openssl_certificate - Change the required version of acme-tiny to >= 4.0.0"
2020-02-05 14:10:27 -05:00
Ruediger Pluem
80c4b86abe
group - correctly determine if a local group exists. (#59772)
Fixes #58619
Add integration test
2020-02-05 12:34:41 -05:00
Mark Chappell
50eb2f6957
sns_topic: Retry on Topic 'NotFound' Exceptions when attempting to list subscriptions (#67089)
* sns_topic: Retry on Topic 'NotFound' Exceptions when attempting to list subscriptions

* add changelog
2020-02-05 12:16:07 -05:00
Mads Jensen
3dd4b3c8a3
Replaces a open/close to validate access with os.access in azure storageblob. (#65608) 2020-02-05 08:20:39 -05:00
Markus Bergholz
822077fefd
Asg mixed instance types (#67045)
* merge from origin pr 55067

* handle update existing asg with mixed-instance-policy

* fix documentation and append output

* update output documentation

* update documentation version added

* add integration test for mixed instance policy using launch template

* add changelog fragment

* Update lib/ansible/modules/cloud/amazon/ec2_asg.py

Co-Authored-By: Mark Chappell <mchappel@redhat.com>

* Update lib/ansible/modules/cloud/amazon/ec2_asg.py

Co-Authored-By: Mark Chappell <mchappel@redhat.com>

* Update lib/ansible/modules/cloud/amazon/ec2_asg.py

Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>

* add warning about botocore version and add expand example documentation

* Update changelogs/fragments/67045-ec2_asg_mixed_instance_policy.yml

Co-Authored-By: Mark Chappell <mchappel@redhat.com>

* Update lib/ansible/modules/cloud/amazon/ec2_asg.py

Co-Authored-By: Mark Chappell <mchappel@redhat.com>

* Update lib/ansible/modules/cloud/amazon/ec2_asg.py

Co-Authored-By: Mark Chappell <mchappel@redhat.com>

* remove useless line

Co-authored-by: Yi-Tse Hong <yitse.hong@soocii.me>
Co-authored-by: Mark Chappell <mchappel@redhat.com>
Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
2020-02-05 09:04:15 +01:00
James Cassell
1bb94ec92f
service_mgr: detect systemd, even offline (#66071)
* service_mgr: detect systemd, even offline

* service_mgr=systemd iff /sbin/init is symlink
2020-02-04 17:32:36 -05:00
James Cassell
fd954a9c5c
wait_for_connection: also retry interpreter discovery (#67040)
self._discovered_interpreter_key is None unless a previous iteration
has attempted discovery.  In that case, force re-discovery, as the
previous attempt certainly failed.
2020-02-04 11:40:09 -08:00
Matt Clay
f4a80bb600
Code cleanup and refactoring in ansible-test. (#67063)
* Code cleanup in ansible-test.
* Split out encoding functions.
* Consoldate loading of JSON files.
* Split out disk IO functions.
* Simplify file access.
* Add functions for opening files.
* Replace open calls with appropriate functions.
* Expose more types from typing module.
* Support writing compact JSON.
* Add verbosity argument to display.warning.
* Add changelog entry.
* Update files overlooked during rebase.
* Use `io.open` instead of `open`.
* Fix file opening for imp.load_module.
* Remove use of `r+` mode to access files.
* Add missing import.
* Fix httptester on Python 2.x.
* Clarify changelog fragment.
* Consolidate imports. Remove extra newlines.
* Fix indirect imports.
2020-02-04 11:21:53 -08:00
tavery321
994a6b0c5a
fixes ANSIBLE_DUPLICATE_YAML_DICT_KEY=error crashes (#66786)
* Fix #65366
2020-02-04 13:53:13 -05:00
Erwin Oegema
3b32f95fb3
user - warn if "append" is set but not "groups" (#65795)
This fixes people unknowingly changing the primary group rather than adding a secondary group.

* Add integration test
2020-02-04 12:35:05 -05:00
Felix Fontein
fe454d27a1
Fix removed_in_version to support honor suboptions (#66918)
* Add unit tests.
* Fix reporting for removed_in_version.
* Add changelog.
2020-02-04 10:14:55 -05:00
Felix Wong
8b2ead5870
add jittered backoff for elb (#66673) 2020-02-04 08:57:26 +01:00
Brian Scholer
fc7980af9a
Fix UNC path support in the powershell shell plugin (#66604)
* Fix UNC path joining in the powershell shell plugin, add test

* Remove testy bits and a redundant line

* Fix style nits

* Update to use os.ntpath

* Add changelog for #66604
2020-02-04 16:34:11 +10:00
Felix Fontein
23b2bb4f4d
docker_container: change behavior for one-port container ranges to be same as docker CLI (#66382)
* Adjust docker_container behavior for one-port container ranges to be similar to docker CLI.

* Add changelog.

* Add documented examples for ports:.
2020-02-03 23:27:40 +01:00
Felix Fontein
5c1a3a3ac2
docker_container and docker_swarm_service: allow to actually disable healthcheck of image (#66599)
* Allow to actually disable healthcheck of image.

* Add changelog.
2020-02-03 13:13:17 -05:00
Felix Fontein
a0e5e2e4c5
openssl_publickey: forgot to pass backend (#67036)
* Forgot to pass backend.

* Add changelog.

* Pass on backend from get_fingerprint.

* Handle cryptography backend in get_fingerprint.
2020-02-03 06:18:19 +01:00
Simon Dodsley
b1a8bded3f
Remove deprecated parameter for 2.10 in purefb_fs (#67026) 2020-02-02 15:30:01 +01:00
Felix Fontein
8f10db8552
Do fail instead of regenerate for password protected and invalid keys. (#65638) 2020-02-02 07:54:28 -05:00
Felix Fontein
d6fb9da8ed
openssl_* modules: allow direct input and output for some files (#65400)
* Allow to return generated object.

* Use slurp module instead of file lookup + b64encode.

* Rename return_xxx_content -> return_content.
2020-02-02 12:42:52 +01:00
Klaus Frank
14b1febf64
Fix pacman: "IndexError: list index out of range" #63077 (#65750)
* Fix #63077

If the package is already installed the stdout is not as expected by this function. Either remove `--needed` or just noop if we detect pacman returning. We cannot match the stdout string, as that is most likely localized.

```
[root@archBook user]# /usr/bin/pacman --upgrade --noconfirm --noprogressbar --needed  /srv/aur/src/i3cat-git/i3cat-git-r38.c6d29dd-1-x86_64.pkg.tar.xz
loading packages...
warning: i3cat-git-r38.c6d29dd-1 is up to date -- skipping
 there is nothing to do
```

* Add comment

Add comment

* Add changelog fragment.

Co-authored-by: Felix Fontein <felix@fontein.de>
2020-02-01 14:37:27 +01:00
Andrew Klychkov
3baea92ec9
Bugfix of 54239: mysql_variables not supporting variables name with dot (#66806)
* Bugfix of 54239: mysql_variables not supporting variables name with dot

* add changelog

* add CI tests
2020-02-01 12:39:52 +05:30
Mark Chappell
919a9e33e8
Minor AWS argument checks (required_if / mutually_exclusive) fixups (#66966)
* aws_netapp_cvs_snapshots - minor required_if fixup (state must be set if state=present)

* ec2 - fix typo in mutually_exclusive definition

* rds_instance: fix typo in mutually_exclusive restore_to_time should be restore_time - currently throws a boto error
2020-01-31 22:17:46 +01:00
Simon Dodsley
26175178ee
Fix user_agent string not getting set (#66914) 2020-01-31 15:50:53 -05:00
Sam Doran
9db0fb785d
Add collections path option to ansible-galaxy (#66969)
Some common code needed for 'collection list' and 'collection validate'
2020-01-31 14:27:54 -06:00
Andrew Klychkov
16ebeda86d
Bugfix of 66974: mysql_user doesnt support privileges with underscore (#66995)
* Bugfix of 66974: mysql_user doesnt support privileges with underscore

* add changelog

* add seealso
2020-01-31 20:44:03 +01:00
Stefan Horning
aad286b403
Make cloudfront_info work with Python3 … (#66695)
* Make cloudfront_info work with Python3 by using dict.update(dict) instead of dict += dict.

* Added changelog fragment for cloudfront_info fix
2020-01-31 14:37:36 -05:00
Andrew Klychkov
54520c4685
mysql_user: priv parameter can also be a dictionary (#66801)
* mysql_user: add priv_dict parameter

* add changelog

* priv can be string or dictionary

* fix example
2020-01-31 16:32:31 +01:00
Mark Chappell
813091cf94
Migrate ec2_vol_info to AnsibleAWSModule (#66979)
* Migrate ec2_vol_info to AnsibleAWSModule

* Enable ec2_vol_info tests

* Add changelog

* Update lib/ansible/modules/cloud/amazon/ec2_vol_info.py

Co-Authored-By: Sloane Hertel <shertel@redhat.com>
2020-01-31 09:55:10 -05:00
Jordan Borean
2a9ec8975f
win_unzip - LiteralPath fix (#66972)
* win_unzip - LiteralPath fix

* Fix up Python sanity issues
2020-01-31 12:59:46 +10:00
Matt Clay
d584584474 Reorganize ansible-test coverage code.
This change moves all code for the `ansible-test coverage` command into the `coverage` directory.

Each subcommand is split into a separate file.

Only minor spelling changes were made aside from code relocation.
2020-01-30 14:41:21 -08:00
Mark Chappell
5d4d9d40af
ansible-test - Add 'get' to the list of bad choices for state (#66921)
* ansible-test - Add 'get' to the list of bad choices for state

* Changelog fragment
2020-01-30 22:38:47 +01:00
Sam Doran
5112feeace
Make get_bin_path() always raise an exception (#56813)
This makes it behave in a more idiomatic way

* Fix bug in Darwin facts for free memory
    If the vm_stat command is not found, fact gathering would fail with an unhelpful 
    error message. Handle this gracefully and return a default value for free memory.

* Add unit tests
2020-01-30 12:54:25 -05:00
Abhijeet Kasurde
2728c2476e
docs: Fixed "Edit on GitHub" link for plugin, cli (#66745)
Fixed sphinx theme to navigate "Edit on Github" link to locate correct
plugin, cli source in GitHub repo.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2020-01-30 10:55:46 -05:00
Nathaniel Case
bf65e7a3f6
nxos_facts: Don't fail if faninfo isn't reported (#66866) 2020-01-30 10:23:21 -05:00
Dusan Matejka
e3190adcbb
zabbix_host - added support for usermacros and tags (#66777) 2020-01-30 08:32:47 -05:00
Felix Fontein
5fdc9a61f0
docker_container: pass volumes only for anonymous volumes (#66600)
* Simplify code.

* Only pass anonymous volumes.

* Add changelog and update porting guide.

* Add integration tests.
2020-01-30 14:08:25 +01:00
Dusan Matejka
57805b7def
zabbix_proxy interface option documentation and argspec fixes (#66837)
* zabbix_proxy interface option documentation and argspec fixes

* Update changelogs/fragments/66837-zabbix-proxy-interface.yml

Co-Authored-By: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
2020-01-30 14:06:44 +01:00
Matt Clay
49d8d5ae33 Fix ansible-test tar format handling. 2020-01-29 20:31:54 -08:00
Yanis Guenane
4fd2dce7f3
Testing: Add support for AIX platform (#65802) 2020-01-29 15:56:51 -08:00
rule88
6a1f82f174
url lookup - add options to match those in urls.py (#64892)
Add 'force_basic_auth' option
By default "force_basic_auth" option is set to False, with this adjustment it is up to the user if it wants to enforce basic authentication.
2020-01-29 16:45:25 -05:00
Mark Chappell
1156962cde
Forbid state=(list|info) in modules via ansible-test sanity check
PR #66898

This change introduces a new sanity check with code
`parameter-state-invalid-choice` in the `ansible-test sanity`
validator. It enforces modules not to support `list` or `info`
as their `state`.

Co-Authored-By: Sviatoslav Sydorenko <webknjaz@redhat.com>
Co-Authored-By: Felix Fontein <felix@fontein.de>
2020-01-29 21:06:36 +01:00
Jiri Hnidek
6f1bb37feb
When no pool quantity is set, then do not set quantity to 1 (#66807)
* Fixes #66478
* When no quantity is set, then candlepin server usually uses
  default value 1. When more quantities are required, then
  candlepin server can automatically choose correct minimal
  value.
2020-01-29 12:10:47 -05:00
Sam Doran
9276dd2007
file - change warning to error (#66671)
When 'src' is specified without 'state', raise an exception
2020-01-29 10:51:34 -05:00
Andrew Klychkov
308723c3ca
postgresql_idx: revert PR for 64138 (#66889) 2020-01-29 14:12:34 +00:00
Matt Clay
3c3cf50e7a Fix ansible-test coverage of ansible-connection. 2020-01-28 23:47:07 -08:00
Matt Clay
21069c84d9 Fix ansible-test color ls logic. 2020-01-28 17:48:54 -08:00
Matt Clay
428aaf7e65 Keep SSH authorized keys in ansible-test setup. 2020-01-28 17:48:54 -08:00
Matt Clay
efd2dd8929 Add more ansible-test args to delegation config. 2020-01-28 17:48:54 -08:00