* Avoid assertion rewriting in pytest plugins.
Adding PYTEST_DONT_REWRITE to the ansible-test pytest plugin docstrings disables assertion rewriting in pytest for those plugins.
This avoids warnings during test execution if the plugins are loaded multiple times (such as being imported within tests).
* Run ansible-test pytest plugins early.
The ansible-test pytest plugins need to load and run earlier than conftest modules.
To facilitate this, the pytest_configure function is run during loading, which works since they are loaded (but not always run) before conftest modules are loaded.
A check has also been added to the pytest_configure functions to prevent them from running multiple times in the same process.
* Load pytest plugins using an env var.
The -p command line option loads plugins before conftest, but only during collection.
The PYTEST_PLUGINS environment variable loads plugins before confest, both during collection and test execution.
Creating a virtual environment using `venv` when running in a virtual environment created by `virtualenv` results in a copy of the original virtual environment instead of creation of a new one.
To work around this, `ansible-test` now identifies when it is running in a `virtualenv` created virtual environment and uses the real Python interpreter to create the `venv` virtual environment.
* AWS ec2_vpc_net: Enable ipv6 CIDR assignment
Enable IPv6 CIDRs in ec2_vpc_net, and fix ec2_vpc_subnet tests that
were depending on the aws cli for CIDR assignment.
Related to: #27800
The `test/results/` directory for Ansible test output was already ignored when not using git.
When Ansible Collections were switched to `tests/output/` the ignore entry was previously overlooked.
* bump hcloud version to 1.4.1
`hcloud`<=1.4.0 has requirement `requests==2.20.0`. This prevents the
installation of the Vcenter Automation SDK which depends on `requests>=2.22.0`.
`hcloud` 1.4.1 does not have the problem: 8bff356efb
Bumping the dependency will resolve the issue.
* Fix ansible-doc traceback for removed modules.
This avoids tracebacks with errors like the following when a module has been removed:
module module_name missing documentation (or could not parse documentation): 'NoneType' object does not support item assignment
* Fix ansible-doc sanity test warning handling.
Warnings about removed modules/plugins on stderr are now properly ignored.
Previously an ansible-doc error could result in unrelated errors going undetected because tests were stopped early and the underlying error was ignored.
* Fix ansible-test venv activation.
When using the ansible-test --venv option, an execv wrapper for each python interpreter is now used instead of a symbolic link.
* Fix ansible-test execv wrapper generation.
Use the currently running Python interpreter for the shebang in the execv wrapper instead of the selected interpreter.
This allows the wrapper to work when the selected interpreter is a script instead of a binary.
* Fix ansible-test sanity requirements install.
When running sanity tests on multiple Python versions, install requirements for all versions used instead of only the default version.
* Fix ansible-test --venv when installed.
When running ansible-test from an install, the --venv delegation option needs to make sure the ansible-test code is available in the created virtual environment.
Exposing system site packages does not work because the virtual environment may be for a different Python version than the one on which ansible-test is installed.
* create-deprecated-issues script can now add to a specified project
* Migrate the create deprecated issues script into a subcommand of build-ansible
* Remove deprecated-issue script from ignore list
* aws_secret: (integration tests) Move tests to using module_defaults
* Update hacking aws security policy to enable management of secrets
* aws_secret: (integration tests) Fixup integration tests
- Update tests to use resource_prefix as a prefix rather than a suffix
- Pause after role creation to cope with AWS being slow (and returning before the role it ready)
* Allow the use of _paramiko_conn even if the connection hasn't been started.
I'm not sure what the benefit is of Noneing paramiko_conn on close, but will keep for now
* Fix test
* Try to fix up net_put & net_get
* Add changelog
* Fix ec2_vpc_vgw broken tests
Add waiter function to wait for API to report detached vgw is available.
Also catch extra error code in attach retry as EC2 sometimes reports that
the vgw is available several seconds before permitting the attachment.
Fixes: #53185
* Re-enable ec2_vgc_vgw test target
* add new module: aws_stepfunctions_state_machine
* add integration tests for new module: aws_stepfunctions_state_machine
* fix sanity checks
* use files/ folder instead for integration test
* rename role name in integration test
* attempt further permissions
* iam states prefix
* iam integration test prefix
* add iam policy for running step functions state machine actions
* slightly increase iam permission scope
* rename integration test folder to proper name
* move main() method to end of file
* move contents of integration-policy.json for state machines to compute-policy.json
* make check_mode return proper changed value + add check_mode integration tests
* rename module to aws_step_functions_state_machine
* fix missed rename in integration test variable
* add purge_tags option
* bump to version 2.10
Python < 2.7.9 does not have the ssl.SSLContext attribute.
ssl.SSLContext is only required when we want to validate the SSL
connection. If `validate_certs` is false, we don't initialize the
`ssl_context` variable.
Add unit-test coverage and a little refactoring:
- avoid the use of `mocker`, when we can push `monkeypatch` which is
`pytest`'s default.
- use `mock.Mocker()` when possible
closes: #57072
* module_utils/ec2: (unit tests) Move unit tests for module_utils/ec2.py into test/units/module_utils
- compare_policies was refactored from s3_bucket
- "ec2_utils" doesn't seem to have ever existed
* module_utils/ec2: (unit tests) Add unit test for comparing quoted and unquoted bools and numbers within policies
As per https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
"Values are enclosed in quotation marks. Quotation marks are optional for numeric
and Boolean values."
* module_utils/ec2: Explicitly convert bools and ints to strings when comparing policies
See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
* Fixes to ecs_certificate cert chain for #61738
* Added changelog fragment
* Fixes to ecs_certificate for cleaner join, and better integration test
* Fix integration test formatting
* End cert chain with a \n
* Update changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update main.yml
* Update AWS hacking policy to enable ASG Tagging management
* aws_asg: Add tests for ASG Tagging (including idempotency)
* aws_asg: ignore sort order when comparing tags on the ASG (fix idempotency)
* ec2_asg: (integration tests) test for idempotency when managing metrics collection
* ec2_asg: sort list of enabled metrics to ensure clean comparisons.
Add a list of previously used release names to make it easy to tell what
release names are no longer usable.
Add a test that new release names have been added to the used list.
Fixes#61616
* iam_group: (integration tests) migrate tests to module_defaults
* iam_group: (integration tests) migrate to using temporary user and group with {{ resource_prefix }}
* iam_group: (integration tests) fix test, checking the return values
* iam_group: (integration tests) Add some more tests around the behaviour of 'changed'
* iam_group: (docs) Update documentation of iam_group return value
* Update AWS testing policies to enable group/user management
* aws_vpc_subnet: (integration tests) migrate to module_defaults
* aws_vpc_subnet: (integration tests) remove hard coded assumption that AZ A exists.
While Amazon now tends to enable all AZs in a region, new customers in us-west-1 are only assigned 2 out of the 3 AZs, which might not include AZ a
* ec2_vpc_subnet: (integration tests) General cleanup
- use "is changed" rather than .changed
- clean up labelling of a couple of assertions (C&P fail)
* ec2_launch_template: (integration tests) make sure security_token is optional
* ec2_launch_template: (integration tests) add dependencies at the top level so they're pulled into the docker containers
* Update Hacking Compute Policies for Launch Templates
* Fix bad assumption about shippable resource_prefix for codebuild and codepipeline tests
* Update test/integration/targets/aws_codepipeline/defaults/main.yml
On OpenBSD, 13 asterisk characters as a password hash, marks the
account as disabled. Otherwise daily(8) script which executes
security(8) will email operator about not properly locked accounts.
Before the diff, we see following warning:
> [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
After the diff, warning is gone.
- Add retries instead of a pause task
- Shorten the IAM role name length
- Put the IAM role name in defaults/main.yml instead
- Fix the aws_codepipeline tests too
* Migrate ec2_eip module to boto3
This patch is a step towards the integration of several PRs that have
attempted to migrate this code
closes#55190closes#45478
Follow-up PRs will address the outstanding changes made in #55190