* ManageIQ: manageiq_user module, module utils and doc_fragment
ManageIQ is an open source management platform for Hybrid IT.
This change is adding:
- manageiq_user module, responsible for user management in ManageIQ
- manageiq utils
- manageiq doc_fragment
* Handle import error
* Use formatting options
* group parameter is required
* changed doesn't need to be an attribute
* resource dictionary should contain values which isn't None
* move from monitoring to remote-management
* Use ManageIQ nameing convention
* Do not set defauts in arguments
* Use idempotent state parameter instead of action
* Check import error in the manageiq util class
* Update the miq documentation
* rename the connection configuration from miq to manageiq_connection
* All messeges start with non cap, fix typos, add examples, rename vars
* more typos fixes
* Make sure we insert only strings to logs by using % formating
* use suboptions keyword for the manageiq connection
* do not log the managiq connection struct (it include sensitive information like username and password)
* add missing from __future__
* ahh, wrong no-log line
* Use sub options
Fix adds check for requests Python module and suggests user to install,
if no requests module installation found.
Fixes: #27643
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* openssl_csr: make subjectAltNames a list
* csr module now uses the new standard way to build openssl crypto modules
* add check functions for subject and subjectAltNames
* added support for keyUsage and extendedKeyUsage
* check if CSR signature is correct (aka the privatekey belongs to the CSR)
* fixes for first PR review
* fixes for second PR review
* openssl_csr: there is no need to pass on privatekey as it can be accessed directly
* openssl_csr: documentation fixes
* Initial commit for integration of HPE OneView resources with Ansible Core. Adding FC Network and FC Network Fact modules and unit tests, and OneView base class for all OV resources.
* Add 'cacheable' param to set_fact action and module.
Used just like set_fact, except facts set with cacheable: true
will be stored in the fact cache if fact caching is enabled.
set_fact normally only sets facts in the non_persistent_fact_cache, so they
are lost between invocations.
* update set_facts docs
* use 'ansible_facts_cacheable' in module/actions result
* pop fact cacheable related items out of args/results
We dont want to use 'ansible_facts_cacheable' result item
or 'cacheable' arg as actual facts, so pop them out of the
dicts.
* ec2_ami_copy.py: Fix WaiterError handling.
Change suggested by Adam Johnson at https://github.com/ansible/ansible/issues/26971
* ec2_ami_copy.py: WaiterError: fail_json: add exception parameter.
* ec2_ami_copy.py: import traceback
previously gather_subset=['!all'] would still gather the
min set of facts, and there was no way to collect no facts.
The 'min' specifier in gather_subset is equilivent to
exclude the minimal_gather_subset facts as well.
gather_subset=['!all', '!min'] will collect no facts
This also lets explicitly added gather_subsets override excludes.
gather_subset=['pkg_mgr', '!all', '!min'] will collect only the pkg_mgr
fact.
* fail the execution instead of panicking when the hostname is not found and the vmid was not provided
* return an empty vmid list if the hostname doesn't exist
* Add module cv_server_provision for integration with Arista CloudVision Portal.
* Doc update.
* Remove shebang from test file. Update short description with company and product name.
* Update exception syntax to Python3 style.
* Remove blank line between imports.
* Remove newlines from RETURN documentation.
* Add cvprac to unittest requirements.
* Update unittest format. Add a few additional tests.
* Mock exceptions from cvprac so the library is not needed for unittests.
* Mock cvprac imports.
* Update unit tests to support python 3.5.
* Mock full cvprac library for unittests.
* Update Jinja2 import to pass updated CI checks.
* Update cvprac imports format for new CI tests.
* Add __metaclass__ and __future__.
Create preserved_copy function in basic.py to perserve file ownership.
* Add a test for template preserved backup
* Use a script to get the random names
* bytes to strings
* Remove dump of hostvars
* Stop being fancy and create a testuser instead
* Fix pep8
* set file attributes
* Pass the correct data to set_attributes_if_different
* Use -j instead -b and pass the attributes as a string instead of a list
* remove debugging message
* Use shell to softly set the attr
Fixes#24408
Fix corrects the parsing of JSON output in Python 3
environment by using to_text API.
Fixes: #26489
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This allows a single template to be evaluated with different values in
the same task. For example, with a template like 'x:{{a}}', one could do
something like this:
- foo:
a: "{{ lookup('template', 'x.j2', template_vars=dict(a=foo[item])) }}"
b: "{{ lookup('template', 'x.j2', template_vars=dict(a=bar[item])) }}"
with_items:
- x
- y
…and "a" and "b" would expand to different strings based on what we
passed in to the template lookup.
When parsing a vaulttext blob, use .splitlines()
instead of split(b'\n') to handle \n newlines and
windows style \r\n (CRLF) new lines.
The vaulttext enevelope at this point is just the header line
and a hexlify()'ed blob, so CRLF is a valid newline here.
Fixes#22914
The AnsiBallZ wrapper is transferred to the remote machine with
a filename similar to the Ansible-module it runs. For modules like copy
and tempfile, this can end up conflicting with stdlib modules on the
remote machine depending on how python is setup there. We have a little
bit of code in the wrapper to deal with this by removing the path that
the ansible module resides in from sys.path.
On MacOSX, that code was having a problem. The path the module ends up
in included a symlinked directory so we were looking for a path in
sys.path but we had to look for the unsymlinked path instead.
Fix that by using os.path.realpath() instead of os.path.abspath()
Got removed in arg parsing updates. Now added back in
setup_vault_secrets().
The default value for DEFAULT_VAULT_PASSWORD_FILE was also
set to '~' for some reason, change to to no default.
Add integration tests.
* Added cyberarkpassword lookup plugin
Added cyberarkpassword lookup plugin: It allows to retrieve credentials
(password, sshkey) from CyberArk Digital Vault
* Added Modules: cyberark_authentication & cyberark_user
Added Modules:
- cyberark_authentication: Logon/Logoff to CyberArk Vault
- cyberark_user: user management
These 2 modules use CyberArk Privileged Account Security Web Services
SDK
* Update cyberark_authentication.py
* Update cyberark_user.py
* Removed ternary conditional to comply with 2.4
* Replaced usage of iteritems() for items() to comply with python3
* PEP8 Updates
* Fixed Doc Issues
* Doc Fixes
* More Doc Fixes
* Removing cyberark_user module, and cyberark lookup plugin
for initial approval of PR, and continue with 2 different PRs after PR
#21764 is approved.
* PEP8 Fixes
* Moved cyberark modules to identity category
From IRC #ansible-devel recommendation (@bcoca) I moved cyberark to
identity category so the authorized maintainers can provide feedback
and move it forward.
* Updates based on community_review by bjolivot
- Updated description lines to have full stops in the documentation
section.
- changed file to use delimiter-separated words instead of camel case
- Updated AnsibleModule module_spec parameters to use
mutually_exclusive, required_if and required_together parameters to
avoid manual validation of the parameters.
- Added comments for more readability.
- Removed “required”: false as they are implicit.
- Enhanced check_mode handling.
* PEP8 Updates
* Updates based on IRC Feedback June 6
* Fixed description for token item
* Fixed Documentation RETURN string
* Fixed PEP8 W291 trailing whitespace
* Changes based on feedback from community review
* Added import to_text from ansible.module_utils._text
* Updates based on recommendation from community
* Changed Exception for Error in friendly messages in try/except blocks
* Updates based on community review (bcoca & dagwieers)
* Fixed httplib for python3 (http.client)
If we don't use more than one vault-id, and we use
--ask-vault-pass, instead of using the new vault prompt
format ('Vault password (my_vault_id): ') we use the old
one ('Vault password: ').
This avoids confusing Tower when it needs to detect an
interactive vault password prompt.
This also potentially could allow vault password prompts
to be customized per vault_id.
* Added new module interfaces_file
* interfaces_file: added unit tests
* interfaces_file: added golden files for unit tests
* interfaces_file: moved to system modules
* interfaces_file: fixed code formatting and convention issues
* New module redshift_facts
Gather facts about aws Redshift cluster(s).
* Fix she-bang, PEP8 violations, and ansible metadata.
* Bump version_added to "2.4"
* Fix some typos and add supporting check mode
* Fix type of RETURN fields
Fix type of RETURN fields number_of_nodes and
automated_snapshot_retention_period from integer to int.
* Add traceback information to fail_json()
* ios implementation for net_interface
* ios_interface implementation
* ios_interface integration test
* net_interface integration test for ios and other refactor
* Update boilerplate and minor refactor
* Add command_timeout timer that defines the amount
of time to wait for a command or RPC call before
timing out.
* Remove connect_retries and connect_interval configuration
varaible and replace it with connect_retry_timeout to control
the timeout value of connection to local scoket.
* Make required changes to netowrk action plugins and relevant
network files in module_utils.
* Required documentation changes.
* Fixed Retrieving All IPv4 Addresses on L3 Interfaces
The ios_facts module retrieving the interface subnet, would only get the primary IPv4 address on the interface and would not capture all the secondary IPs (ones that I would be set by "ip address x.x.x.x x.x.x.x secondary").
This was tested and confirmed to work on a Cisco 6500 with IOS 15.1(2)SY6.
* Fixed whitespace and if statement issues for sanity.
* Fixed spacing because sanity.
* Add 2.0-2.3 facts api compat (ansible_facts(), get_all_facts())
These are intended to provide compatibilty for modules that
use 'ansible.module_utils.facts.ansible_facts' and
'ansible.module_utils.facts.get_all_facts' from 2.0-2.3 facts
API.
Fixes#25686
Some related changes/fixes needed to provide the compat api:
* rm ansible.constants import from module_utils.facts.compat
Just use a hard coded default for gather_subset/gather_timeout
instead of trying to load it from non existent config if the
module params dont include it.
* include 'external' collectors in compat ansible_facts()
* Add facter/ohai back to the valid collector classes
facter/ohai had gotten removed from the default_collectors
class used as the default list for all_collector_classes by
setup.py and compat.py
That made gather_subset['facter'] fail.
* Add aggregate parameter validation
aggregate parameter validation will support checking each individual dict
to resolve conditions for aliases, no_log, mutually_exclusive,
required, type check, values, required_together, required_one_of
and required_if conditions in argspec. It will also set default values.
eg:
tasks:
- name: Configure interface attribute with aggregate
net_interface:
aggregate:
- {name: ge-0/0/1, description: test-interface-1, duplex: full, state: present}
- {name: ge-0/0/2, description: test-interface-2, active: False}
register: response
purge: Yes
Usage:
```
from ansible.module_utils.network_common import AggregateCollection
transform = AggregateCollection(module)
param = transform(module.params.get('aggregate'))
```
Aggregate allows supports for `purge` parameter, it will instruct the module
to remove resources from remote device that hasn’t been explicitly
defined in aggregate. This is not supported by with_* iterators
Also, it improves performace as compared to with_* iterator for network device
that has seperate candidate and running datastore.
For with_* iteration the sequence of operartion is
load-config-1 (candidate db) -> commit (running db) -> load_config-2
(candidate db) -> commit (running db) ...
With aggregate the sequence of operation is
load-config-1 (candidate db) -> load-config-2 (candidate db) -> commit
(running db)
As commit is executed only once per task for aggregate it has
huge perfomance benefit for large configurations.
* Fix CI issues
* Fix review comments
* Add support for options validation for aliases, no_log,
mutually_exclusive, required, type check, value check,
required_together, required_one_of and required_if
conditions in sub-argspec.
* Add unit test for options in argspec.
* Reverted aggregate implementaion.
* Minor change
* Add multi-level argspec support
* Multi-level argspec support with module's top most
conditionals options.
* Fix unit test failure
* Add parent context in errors for sub options
* Resolve merge conflict
* Fix CI issue
* Make camel_to_snake work on capitalized plurals
`TargetGroupARNs` should become `target_group_arns`, not
`target_group_ar_ns`
Promote `camel_to_snake` to top layer function but prefix
it with an underscore.
Add tests for improved `_camel_to_snake` function.
Reduce use of `re.compile` as it makes no sense when the
compilation result is not reused.
* Remove unused LooseVersion check
* Fix PLURALs case for camel_to_snake
Also renamed EXPECTED_CAMELIZATION to EXPECTED_SNAKIFICATION
* iosxr implemetation for net_interface
* iosxr_interface implementation
* Add integration test
* iosxr_interface integration test
* net_interface intergration test for iosxr
* update boilerplate
* Added priority attribute for pool members (bigip_pool_member module)
* Line break missing
* Change from 'priority' to 'priority_group'
* Update bigip_pool_member.py
* Update bigip_pool_member.py
Currently socket path is send from `ansible-connection` (running as background
process) over stdout. This can conflict with debug logs that are also send on
stdout resulting in incorrect socket path received by the main process.
To avoid this add a socket path delimiter string which is recevied by
main process and socket path is retrieved based on delimiter string.
This implementation will change in future when ansible-connection
framework is made more robust.