* Add openssh-client to default docker container.
* Include Azure requirements in default container.
To do so, handling of pip requirements was updated to install each
set of requirements separately and then run a verification pass to
make sure there are no conflicts between requirements.
* Add missing --docker-no-pull option.
* Add documentation for the azure-requirements test.
* Handle timezone updates on Ubuntu 16.04+ on containers
Although Ubuntu 16.04 will use timedatectl by default,
containers without a working timedatectl need to use the
old method.
A bug in Ubuntu for the old method means having to write
a nasty hack
https://bugs.launchpad.net/ubuntu/+source/tzdata/+bug/1554806
* Add tests for timezones
Ensure timezone changes work across various OSs
* added win_audit_rule with integration test
* Updated integration testing to target files as well as directories
and registry keys. Split testing files apart to be more organized.
Updated powershell for better handling when targetting file objects
and optimized a bit. Removed duplicated sections that got there from a
previous merge I think.
* Decided to make all the fact names the same in integration testing.
Seemed like there would be less change of accidentally using the wrong
variable when copy/pasting that way, and not much upside to having
unique names.
Did final cleanup and fixed a few errors in the integration testing.
* Fixed a bug where results was displaying a wrong value
Fixed a bug where removal was failing if multiple rules existed due to
inheritance from higher level objects.
* Resolved issue with unhandled error when used didn't have permissions
for get-acl.
Changed from setauditrule to addauditrule, see comment in script for reasoning.
Fixed state absent to be able to remove multiple entries if they exist.
* fixed docs issue
* updated to fail if invalid inheritance_rule when defining a file rather than warn
Module allows you to wait for a bigip device to be
"ready" for configuration. This module will wait for things like
the device coming online as well as the REST API and MCPD being
ready.
If all of the above is not online and ready, then no configuration
will be able to be made.
* better cleanup on task results display
callbacks get 'clean' copy of result objects
moved cleanup into result object itself
removed now redundant callback cleanup
moved no_log tests
* moved import as per feedback
In this refactor we moved to the most recent coding standards for
both F5 and Ansible. Many bugs were fixed and some features were
also added (such as ipv6 support).
New conventions for ansible warrant fixes to accomodate those
in bigip_partition.
This patch also includes an import fix that can raise an error when
Ansible unit tests run
This adds a new type of vault-password script (a 'client') that takes advantage of and enhances the
multiple vault password support.
If a vault password script basename ends with the name '-client', consider it a vault password script client.
A vault password script 'client' just means that the script will take a '--vault-id' command line arg.
The previous vault password script (as invoked by --vault-password-file pointing to an executable) takes
no args and returns the password on stdout. But it doesnt know anything about --vault-id or multiple vault
passwords.
The new 'protocol' of the vault password script takes a cli arg ('--vault-id') so that it can lookup that specific
vault-id and return it's password.
Since existing vault password scripts don't know the new 'protocol', a way to distinguish password scripts
that do understand the protocol was needed. The convention now is to consider password scripts that are
named like 'something-client.py' (and executable) to be vault password client scripts.
The new client scripts get invoked with the '--vault-id' they were requested for. An example:
ansible-playbook --vault-id my_vault_id@contrib/vault/vault-keyring-client.py some_playbook.yml
That will cause the 'contrib/vault/vault-keyring-client.py' script to be invoked as:
contrib/vault/vault-keyring-client.py --vault-id my_vault_id
The previous vault-keyring.py password script was extended to become vault-keyring-client.py. It uses
the python 'keyring' module to request secrets from various backends. The plain 'vault-keyring.py' script
would determine which key id and keyring name to use based on values that had to be set in ansible.cfg.
So it was also limited to one keyring name.
The new vault-keyring-client.py will request the secret for the vault id provided via the '--vault-id' option.
The script can be used without config and can be used for multiple keyring ids (and keyrings).
On success, a vault password client script will print the password to stdout and exit with a return code of 0.
If the 'client' script can't find a secret for the --vault-id, the script will exit with return code of 2 and print an error to stderr.
* documentation was not inline with other Ansible modules
* Python 3 specific imports were missing
* monitor_type is no longer required when creating a new pool; it is now the default.
* A new monitor_type choice of "single" was added for a more intuitive way to specify "a single monitor". It uses "and_list" underneath, but provides additional checks to ensure that you are specifying only a single monitor.
* host and port arguments have been deprecated for now. Please use bigip_pool_member instead.
* 'partition' field was missing from documentation.
* A note that "python 2.7 or greater is required" has been added for those who were not aware that this applies for ALL F5 modules.
* Unit tests were fixed to support the above module
* Correct usage for shutil.rmtree
Fix adds correct usage of shutil.rmtree in git module
Fixes: #31225
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Include archive tests so they get run
* Use new include syntax
* Cleanup syntax on git tests
- use multi-line YAML
- remove unneeded {{ }} around vars in conditionals
- remove unneeded quotes
- add task file name to task names for easier troubleshooting when things fail
* Make archive tests work for RHEL/CentOS 6
The older versions of Jinja2 in RHEL/CentOS 6 required assertion tasks using the map filter to be skipped.
The older version of git required gzip compression to be skipped on RHEL/CentOS 6.
* Account for ansible_distribution_major_version missing
* Adding a cli transport option for the bigip_command module.
* Fixing keyerror when using other f5 modules. Adding version_added for new option in bigip_command.
* Removing local connection check because the F5 tasks can be delegated to any host that has the libraries for REST.
* Using the network_common load_provider.
* Adding unit test to cover cli transport and updating previous unit test to ensure cli was not called.
* Initial CD-ROM support
* create cdrom bugfix
* Improving CDROM change detection and fixing template creation bug
Running MarkAsTemplate on an existing template will fail with an error
* Better change detection for guest ID
Should only mark a change in case it actually changes
* Adding integration tests
* Pep8 compliance fixes
* Adding CDROM support, including iso, client and none types
* Updating added release version for CDROM option
* Fix rollback in junos_config
Fixes#30778
* Call `load_configuration` with rollback id in case
the id is given as input
* Pass rollback id to `get_diff()` to fetch diff from device
* Fix unit test
- old functionality is still available direct lookup use, the following are equivalent
with_nested: [[1,2,3], ['a','b','c']]
loop: "{{lookup('nested', [1,2,3], ['a','b','c'])}}"
- avoid squashing with 'loop:'
- fixed test to use new intenal attributes
- removed most of 'lookup docs' as these now reside in the plugins
* Remove sysctl entry when state=absent
* Cleanup sysctl integration test syntax
* Correct grammar on error message
* Add sysctl integration test for state=absent
* [rpm_key] Fix to import first key on the system
Fixes: #31483
* [rpm_key] removed unsafe_shell and "throwaway" underscore
* [rpm_key] adding test to add the first key on system
* Added warning for 'force' option
* Changed 'profiles' type to list
* Changed 'interfacetypes' type to list
* Added deprecation warning and fixed doc
* updated force parameter
* Remove cloudstack, f5, and nxos from the wildcard import whitelist
* Remove nxos and f5 from the get_exception whitelist
* Remove some files from the pep8 legacy whitelist
* win_become: Added support to become a service user
* fixes for linting
* changes to get local and network service working
* fixed linting issues again
* pleasing pepe
* Make ansible_selinux facts a consistent type
Rather than returning a bool if the Python library is missing, return a dict with one key containing a message explaining there is no way to tell the status of SELinux on the system becasue the Python library is not present.
* Fix unit test
* Add update_only parameter for yum module
When using latest, `update_only: yes` will ensure that only existing
packages are updated and no additional packages are installed.
* Update yum.py
Update version added for `update_only` parameter to 2.5
* add unit tests for update_only flag in yum module
* Add new lines to end of config file lines
* Properly write out selinux config file
Change module behavior to not always report a change but warn if a reboot is needed and return reboot_required.
Improve the output messages.
Add strip parameter to get_file_lines utility to help with parsing the selinux config file.
* Add return documentation
* Add integration tests for selinux module
* Use consistent capitalization for SELinux
* Use atomic_move in selinux module
* Don't copy the config file initially
There's no need to make a copy just for reading.
* Put message after set_config_policy in case the change fails
* Add aliases to selinux tests
* win_become: move error handling to Ansible outside of shell
* trimmed the output so double newlines don't get set
* added test for non-zero exit code
* missed issue URL on test
* changed exit to SetShouldExit
The /etc/os-release based distro detection doesn't
seem to work for Ubuntu 10.04 (no /etc/os-release?).
So it was testing the next case which was /etc/lsb-release to
see if it is 'Mandriva'. Since the check for existence of
(/etc/lsb-release, Mandrive) was the first non-empty dist
file match, 'ansible_distribution' was being set to 'Mandriva'
expecting to be corrected by the data from the dist file content.
But since the dist file parsing for Mandriva didn't match for
Ubuntu 10.04 /etc/lsb-release _and_ there is no Debian specific
lsb-release check, 'ansible_distribution' stayed at 'Mandriva'
and the dist file checking loop keeps going and eventually off
the end of the list before finding a better match.
Adding a debian/ubuntu specific check for /etc/lsb-release after
the debian os-release sets the info correctly and stops further
checking of dist files.
Fixes#30693
In cli.CLI.unfrack_path callback, special case if the
value of '--output' is '-', and avoid expanding
it to a full path.
vault cli already has special cases for '-', so it
just needs to get the original value to work.
Fixes#30550
* Added support to retrieving LIG resources in HPE OneView
* Fixing copyright header according to review
* Swapping out config for full credentials in parameter for documentation
* Added support to retrieving Enclosures in HPE OneView
- Added unit tests
* Updated version_added to 2.5
* Changing return type of enclosure_script to string
* Fixing copyright header according to review
* Replaced config for credentials in parameters for documentation
Fix adds a new module 'vmware_guest_powerstate' to manage
power states of virtual machine.
Fixes: #30371
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Fix fact failures cause by ordering of collectors
Some fact collectors need info collected by other facts.
(for ex, service_mgr needs to know 'ansible_system').
This info is passed to the Collector.collect method via
the 'collected_facts' info.
But, the order the fact collectors were running in is
not a set order, so collectors like service_mgr could
run before the PlatformFactCollect ('ansible_system', etc),
so the 'ansible_system' fact would not exist yet.
Depending on the collector and the deps, this can result
in incorrect behavior and wrong or missing facts.
To make the ordering of the collectors more consistent
and predictable, the code that builds that list is now
driven by the order of collectors in default_collectors.py,
and the rest of the code tries to preserve it.
* Flip the loops when building collector names
iterate over the ordered default_collectors list
selecting them for the final list in order instead
of driving it from the unordered collector_names set.
This lets the list returned by select_collector_classes
to stay in the same order as default_collectors.collectors
For collectors that have implicit deps on other fact collectors,
the default collectors can be ordered to include those early.
* default_collectors.py now uses a handful of sub lists of
collectors that can be ordered in default_collectors.collectors.
fixes#30753fixes#30623
Avoid the following seen when running ec2_ami tests on python3,
presumably because the return type of `map` is different between
python2 and python3.
```
Traceback (most recent call last):
File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 242, in <module>
main()
File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 238, in main
list_ec2_snapshots(connection, module)
File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 193, in list_ec2_snapshots
snapshots = connection.describe_snapshots(SnapshotIds=snapshot_ids, OwnerIds=owner_ids, RestorableByUserIds=restorable_by_user_ids, Filters=filters)
File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 312, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 575, in _make_api_call
api_params, operation_model, context=request_context)
File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 630, in _convert_to_request_dict
api_params, operation_model)
File "/usr/local/lib/python3.5/dist-packages/botocore/validate.py", line 291, in serialize_to_request
raise ParamValidationError(report=report.generate_report())
botocore.exceptions.ParamValidationError: Parameter validation failed:
Invalid type for parameter OwnerIds, value: <map object at 0x7ff577511048>, type: <class 'map'>, valid types: <class 'list'>, <class 'tuple'>
```
https://github.com/ansible/ansible/pull/30435#issuecomment-330750498
* Save the serialized values instead of their types
* Add tests for creating and modifying VMs without using a template
* Remove blank line
* Add tests for vm deletion
* Fix cloudwatchevent_rule exception handling
Where it is currently present, this change fixes the exception handling.
However, there are many places that it is lacking.
Fixes#30806
* Add new exception handling for cloudwatchevent_rule
Ensure all API calls are wrapped with exception handling
* PEP8 tidy up
* Remove unnecessary HAS_BOTO3 import and checks
Tidy up documentation so that NO_QA can be removed
* Use vault_id when encrypted via vault-edit
On the encryption stage of
'ansible-vault edit --vault-id=someid@passfile somefile',
the vault id was not being passed to encrypt() so the files were
always saved with the default vault id in the 1.1 version format.
When trying to edit that file a second time, also with a --vault-id,
the file would be decrypted with the secret associated with the
provided vault-id, but since the encrypted file had no vault id
in the envelope there would be no match for 'default' secrets.
(Only the --vault-id was included in the potential matches, so
the vault id actually used to decrypt was not).
If that list was empty, there would be an IndexError when trying
to encrypted the changed file. This would result in the displayed
error:
ERROR! Unexpected Exception, this is probably a bug: list index out of range
Fix is two parts:
1) use the vault id when encrypting from edit
2) when matching the secret to use for encrypting after edit,
include the vault id that was used for decryption and not just
the vault id (or lack of vault id) from the envelope.
add unit tests for #30575 and intg tests for 'ansible-vault edit'
Fixes#30575
* Fix 'distribution' fact for ArchLinux
Allow empty wasn't breaking out of the process_dist_files
loop, so a empty /etc/arch-release would continue searching
and eventually try /etc/os-release. The os-release parsing
works, but the distro name there is 'Arch Linux' which does
not match the 2.3 behavior of 'Archlinux'
Add a OS_RELEASE_ALIAS map for the cases where we need to get
the distro name from os-release but use an alias.
We can't include 'Archlinux' in SEARCH_STRING because a name match on its keys
but without a match on the content causes a fallback to using the first
whitespace seperated item from the file content as the name.
For os-release, that is in form 'NAME=Arch Linux'
With os-release returning the right name, this also supports the
case where there is no /etc/arch-release, but there is a /etc/os-release
Fixes#30600
* pep8 and comment cleanup
* Fix pkg_mgr fact on OpenBSD
Add a OpenBSDPkgMgrFactCollector that hardcodes pkg_mgr
to 'openbsd_pkg'. The ansible collector will choose the
OpenBSD collector if the system is OpenBSD and the 'Generic'
one otherwise.
This removes PkgMgrFactCollectors depenency on the
'system' fact being in collected_facts, which also
avoids ordering issues (if the pkg mgr fact is collected
before the system fact...)
Fixes#30623
* Fix nxos provider transport warning issue
* Add default value of transport arg in provider spec
* Remove default value if transport arg in top level spec
This ensure deprecation warning is seen only in case transport
is given as a top level arg in task
* Refactor nxos modules to reference transport value from provider
spec
* Fix unit test
* Remove transport arg assignment in nxos action plugin
* As assigning transport value is handled in provider spec
top level task arg assignment is no longer required
* win_scheduled_task_stat: add new module to get stat on scheduled tasks
* fixed up linting errors and aliases file
* I should learn how to spell
* removing URI from test
* added state information for the task
* removed argument so task stays running
* Undeprecate ec2_elb_*
* Make ec2_elb* full fledged modules rather than aliases
* Split tests for ec2_elb_lb and elb_classicb_lb
* Change names in documentation of old and new elb modules
Add tests for ec2_elb_lb
As discussed before we selected win_environment to the documentation,
and point to win_uri for a more advanced module.
If we want to make this the reference module, we have to get this one
absolutely right in every possible way.
This PR cleans up both win_environment and win_uri, and makes the
required changes to the windows module development section.
This PR includes:
- An important fix to charset encoding of from address
- Documentation and examples cleanup
- PEP8 fixes
- Warning on insecure access
- Strict parameter typing
- More modern interface (using lists rather than comma, space or pipe-delimited strings)
- Warn on failure to send mail to some recipients
```
[WARNING]: Failed to send mail to 'foobar': 550 5.1.1 <foobar>:
Recipient address rejected: User unknown in local recipient table
```
- Warn on failure to parse some headers
```
[WARNING]: Skipping header 'Foobar', unable to parse
```
- Return failed recipients as return value
- Changed default encoding to utf-8
* Add Routing Engine Facts
- Map routing engine output information to routing_engines facts dict.
- Add fact 'has_2RE', which is a quick way to determine how many REs
the chassis has.
* Fix a typo
* Fix more typos
* Add slot number to routing_engine dict
* Add facts about the installed chassis modules
* Fix typo
* Fixed another typo
* Fix Path
* Change path again.
* More Typos
* Add some deubgging
* Add additional information for hardware components.
- Return information about the Routing Engines.
- Return a fact to easily determine if the device
has two routing engines.
- Return information about the hardware modules.
* Addressed pep8 stardard failures.
* Add unit test fixtures.
* Rename fixture.
* Fix unit test failures.
- Rename the fixture file to what the unit test expects.
- Strip out junos namespace attributes.
Rename file to match what the unit test expects.
* Scrubbed the routing engine serial numbers.
* Add unit test facts for new tests.
- Add unit test for ansible_net_routing_engines fact
- Add unit test for ansible_net_modules fact
- Add unit test for ansible_net_has_2RE
* Fixed spacing.
Provide all necessary permissions for AMI tests
Allow tests to run in us-east-2
Ensure `always` section gets used
Update tests to ensure that cleanup works better, and add
deletion idempotency test
* win_scheduled_task: rewrite for additionality functionality and bug fixes
* fixes for docs and os version differences
* started with the testing
* doc fix
* added more tests
* added principals tests
* finished tests for win_scheduled_task rewrite
* feedback from PR
* change to fail when both new and deprecated args are set
* change diff variable to match new standard and update doc sentance
* Don't ask for password confirm on 'ansible-vault edit'
This is to match the 2.3 behavior on:
ansible-vault edit encrypted_file.yml
Previously, the above command would consider that a 'new password'
scenario and prompt accordingly, ie:
$ ansible-vault edit encrypted_file.yml
New Password:
Confirm New Password:
The bug was cause by 'create_new_password' being used for
'edit' action. This also causes the previous implicit 'auto prompt'
to get triggered and prompt the user.
Fix is to make auto prompt explicit in the calling code to handle
the 'edit' case where we want to auto prompt but we do not want
to request a password confirm.
Fixes#30491
Unittests are sometimes run without network connectivity in build
systems. Make that work correctly by mocking out _get_url_data with the
expected return value.
* windows: fix list type in legacy module utils
* only change the return for the list type instead of affecting it all
* additional null check when using an array
As-merged, had several issues that prevented idempotent usage. Some args were defined at the wrong UI level. Dual-state args didn't match up with typical Ansible UI.
* Adds nxos_pim_rp_address integration test role for group_list,
prefix_list and route_map (cli and nxapi)
* * Adds explicit removal of static RP configs to match cli behaviour
* * Removes config deletion using nxos_config module (for 2.4 only)
* * Attempt short and long delete config command
* Add a platform check for N3K for bidir
* Replace pause in integration tests with until.
Use resource prefix instead of generating a random number
Only try to delete keys if they exist
* Add alias to tests
keyUsage and extendedKeyUsage are currently statically limited via a
static dict defined in modules_utils/crypto.py. If one specify a value
that isn't in there, idempotency won't work.
Instead of having static dict, we uses keyUsage and extendedKyeUsage
values OpenSSL NID and compare those rather than comparing strings.
Fixes: https://github.com/ansible/ansible/issues/30316
Current openssl_certificate is mistakenly taking its derivating its
version number from the csr version number.
Thos two fields are completly unrelated and hence the version number of
the certificate should be able to be directly specified (via
selfsigned_version parameter).
* openssl_certificate: Fix parameter assertion in Python3
Parameter assertion in Python3 is broken. pyOpenSSL get_X() functions
returns b'' type string and tries to compare it with '' string, leading
to failure.
The error mentionned above has been fixed by sanitizing the inputs from
a user to the assert only backend.
Also, this error was hidden by the fact that the improper check method
was called in the generate() functions.
* Add simple integration test for openssl_certificate
* remove subject == issuer assertion
* run integration tests only on supported hosts
* change min supported version to 0.15.x
* Add test for more CSR fields
* also convert dict members to bytes
* fix version_compare
* openssl_{csr, certificate}: Fail if pyOpenSSL <= 0.15
Previous 0.13 pyOpenSSL was a C-binding, and required the parameter
passed to add_extention to be in ASN.1. This has changed with the move
to 0.14 and it is now all pythong and string based.
Previous the 0.15 release, the `get_extensions()` method didn't exist,
since the modules rely heavily on it we ensure pyOpenSSL version is at
last 0.15.0.
* check pyopenssl version in openssl_csr integration test
* Clean up nxos_snmp_contact & nxos_snmp_location
* Bring nxos_snmp_community in line
* Bring nxos_snmp_host in line
* And I would have gotten away with it too,
if it weren't for those meddling sanity tests
* Bring nxos_snmp_traps & nxos_snmp_user in line
* Appease Shippable
* ini_file: add integration test
Start integration tests for ini_file module.
* ini_file test: add comments for lisibility
* update from review: use var instead of checksum to assert content
* fixes#26623
* Test-Path (and thus `-type path` in Get-AnsibleParam) fail on a nonexistent drive letter, since it can't be mapped to a PSProvider.
* added support and basic smoke tests for
* Correctly validate module name for modules with aliases
If a module has an alias (ie is a symlink) then we need to ensure that
DOCUMENTATION.module is set to the main name, not the aliased name
* formatting
* Show warning when using pylint on Python 2.6.
* Add pylint disable entries for Python 2.
* Fix unicode handling in ansible-test.
* Add missing documentation.
* refactor firewalld module with object abstraction
This change creates a FirewallTransaction object that each
individual transaction type is a sub-class of as they all follow the
same pattern to enable or disable something in the firewall.
Also, there's a few bugfixes here:
- Fix the "source" type to handle permanent operations
- Remove ambiguity of required parameters for only specific use
cases that can lead to transactions effectively being a no-op.
Instead, pick sane defaults and document them.
- Change how imports are done so globals are no longer needed
This is based on the original feedback by Toshio from the last
refactor attempt:
https://github.com/ansible/ansible-modules-extras/pull/3383
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
* fix line too long for pep8 for shippable tests
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
* remove firewalld from pep8/legacy-files
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
from __future__ unicode_literals leads to developer confusion as
developers no longer can tell whether a bare literal string is a byte
string or a unicode string. Explicit marking as u"" or b"" is the way
to solve the same problem in the Ansbile codebase.
* This commit includes a unit test to exercise the _is_role
function and make sure it doesn't break in any Python version.
* Import os.path and other minor fixups
On setup we set it to 'switch', so teardown should be 'switch'.
Also, using inventory_hostname breaks the test, since in our CI
it's a long UUID string, which exceeds the 32 chars maximum for setting
a hostname on NXOS.
* Update elasticsearch_plugin.py
Change module to work with Elasticsearch 2.x and 5.x automatically.
Update examples and docs.
Supersedes #21989
* Check system paths for elasticsearch-plugin binary
Use get_bin_path from basic.py for searching paths.
* Create a copy of PLUGIN_BIN_PATHS rather than modifying the global
* Use provided plugin_bin path first before trying other places
Change global PLUGIN_BIN_PATHS to a tuple
* Divide Windows integration tests into 2 groups.
* Support `none` for `--changed-all-target`.
* Run 2 separate Windows groups on Shippable.
* Only run smoketest and minimal for the group1 job.