* tolerate windows line endings when loading windows module utils. Helpful for old custom windows modules.
* add test modules to demonstrate win line ending module load behaviour.
* attempt to fix sanity check failures
* pep8 fix
* explict skip of test modules from shebang check (core modules must still have expected unix style line endings)
* switch to rstrip() following core team meeting feedback
The gunicorn module has a hard-coded reference to '/tmp' which may
or may not be the actual temp directory for an operating system.
This patch replaces '/tmp' with module.tmpdir which should
resolve to the correct temp directory for the OS.
Fixes Issue #36953
Signed-off-by: Eric Brown <browne@vmware.com>
* Add aws_ses_identity_policy module for managing SES sending policies
* Add option to AnsibleAWSModule for applying a retry decorator to all calls.
* Add per-callsite opt in to retry behaviours in AnsibleAWSModule
* Update aws_ses_identity_policy module to opt in to retries at all callsites.
* Add test for aws_ses_identity_policy module with inline policy.
* Remove implicit retrys on boto resources since they're not working yet.
* Fix bug 36936
* Added version_added to argument and fixed whitespace
* Update panos_import documentation
Update parameter documentation and add note.
* Add type documentation
* added version number for documentation
For real
* Integrated recommended changes
- Added recommended changes from PR
* Changed validate_ssl default back to True considering there is a
note at the top of documentation explaining change
* Format changes based on recommendations from gundalow
* Rename validate_ssl to validate_cert
* Change description to remove SSL reference
* Change url default ih documentation
* Integrated small changes from bug report
- Renamed validate_cert to validate_certs
- Changed documentation for disabling cert validation
Consolidate waiters to a single file
* Add waiter message with token ID
* Add waiter
Add waiter for WAF change tokens
Working waiter for waf_condition module
Add support for waiters to waf_rule
* WAF data model refactor
* Fix ref to self.client
* Add custom waiters to aws_waf_web_acl
* Allow add/remove rule tasks to operate in parallel, then wait for their change tokens to complete
* Move waiter into run_func_with_change_token_backoff since it is generic to all WAF update operations
* Wait for deletes on waf_web_acl
* Remove always-wait
* Remove waiter retry catch
* Add OpenNebula one_image_facts module
`one_image_facts` - module for gathering facts about OpenNebula images
Add integration tests
* Add an alias for ids
Map values can contain commas, e.g.
- name: Configure OVN bridge mapping
openvswitch_db:
state: present table: open_vswitch record: . col: external_ids key: ovn-bridge-mappings
value: '"vmnet-static:br-vmnet-st,vmnet-dynamic:br-vmnet-dyn"'
Previous behaviour was splitting the value and raised an exception.
`get_options` is an undefined method from CallbackBase
As a result, remove the trailing `s` letter.
Signed-off-by: Daniel Andrei Minca <mandrei17@gmail.com>
This fix adds check for NMClient, NetworkManager availability
while using require_version API.
Fixes: #38042
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add error handling for junos in case wrong connection type
Fixes#37990
If a junos module doesn't support given connection/transport type
return appropriate error message.
* Fix CI issues
* Fix review comment
* fixes issue when netconf would report ios is not supported
This change now will map ansible_network_os=ios to the correct netconf
plugin implementation. This will resolve an error where the netconf
connection plugin will report that ios is unsupported.
* stabilize ec2_vpc_subnet module
* Add waiters for ec2_vpc_subnet
Clean up integration tests
* Reenable CI for stabilized ec2_vpc_subnet tests
* rename waiters
* Use module_json_aws where applicable
Handle WaiterError first if waiting failed
* Fix traceback when tagging with keys/values that look like booleans
* Fix check mode with tags
* Add integration tests for tags that look like booleans and check mode
* Add waiter for deleting subnet
* Sleep a few seconds after using aws command line
Iterating an object and changing it at the same time is unsecure and no longer permitted in Python >= 3.6
Provisioning an instance fail with the Python error: "RuntimeError: dictionary changed size during iteration"
* Update office_365_connector_card.py
The two bullet items were about one single item; this module is not idempotent.
Therefore the two bullet items should be one.
label: docsite_pr
* Update office_365_connector_card.py
Removed trailing white space that caused the test failure.
When the URI module returns complex JSON objects, the YAML callback
fails while trying to represent these objects. The problem arises
because the filter method returns an iterator in Python 3, rather than a
str object. Therefore, the str method expandtabs() is not available,
and the callback fails with the following error:
[WARNING]: Failure using method (v2_runner_on_failed) in callback plugin (<ansible.plugins.callback.yaml.CallbackModule object at 0x7f7c7ed8aa20>): 'filter' object has no attribute 'expandtabs'
Issue can be replicated by running this playbook:
- hosts: localhost
gather_facts: false
tasks:
- uri:
url: https://jsonplaceholder.typicode.com/posts
ansible-playbook tmp.yml -v
* Use AnsibleAWSModule to simplify AWS connection
* Add Exception handling, pagination, retries and backoff
* Allow events to be switched off
* Allow details to be obtained without having to specify services
This is required if we want to ensure that #36809 doesn't cause any
important behavioral changes.
This PR changes the uri module to support follow_redirects=urllib2
It also adds a better error message when the connection closes before
any data was returned.
* module_common: set required parameter templar
Fix the following error (related to b455901):
$ ./hacking/test-module -m ./lib/ansible/modules/system/ping.py -I ansible_python_interpreter=/usr/bin/python
Traceback (most recent call last):
File "./hacking/test-module", line 268, in <module>
main()
File "./hacking/test-module", line 249, in main
(modfile, modname, module_style) = boilerplate_module(options.module_path, options.module_args, interpreters, options.check, options.filename)
File "./hacking/test-module", line 152, in boilerplate_module
task_vars=task_vars
File "ansible/lib/ansible/executor/module_common.py", line 910, in modify_module
environment=environment)
File "ansible/lib/ansible/executor/module_common.py", line 736, in _find_module_utils
shebang, interpreter = _get_shebang(u'/usr/bin/python', task_vars, templar)
File "ansible/lib/ansible/executor/module_common.py", line 452, in _get_shebang
interpreter = templar.template(task_vars[interpreter_config].strip())
AttributeError: 'NoneType' object has no attribute 'template'
* module_common.modify_module: templar is required
SGs created when a VPC ID was not specified would not necessarily
get the default egress rule, even when no explicit egress rules
were set.
Add some checks for egress rules in results from existing tests
The generated file was completely unusable by the system
therefore the fix which ensures that diffing the file
prior to changes and after only shows diffs
Furthermore the code did not work for Python 3.6
> f.writelines(to_bytes(lines, errors='surrogate_or_strict'))
E TypeError: a bytes-like object is required, not 'int'
The other modifications (lambda variable renaming) is to
comply with default flake8 rules
VMware throws error if hostname provided by user is not RFC 952
compliant. Added minor documentation fixes.
Fixes: #24225, #27096
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Currently the --rsh command arg being passed to rsync is not quoted,
but we're adding arguments to the ssh command and that causes rsync
to attempt to accept them as it's own, which is not the desired
outcome.
Fixes#35717
Signed-off-by: Adam Miller <admiller@redhat.com>
If user does not specify esxi_hostname then module
fails to detect ESXi hostsystem from given configuration.
This fixes the regression in get_all_host_objs API by
getting first host managed object from list.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Fix 'New Vault password' on vault 'edit'
ffe0ddea96 introduce a
change on 'ansible-vault edit' that tried to check
for --encrypt-vault-id in that mode. But '--encrypt-vault-id'
is not intended for 'edit' since the 'edit' should always
reuse the vault secret that was used to decrypt the text.
Change cli to not check for --encrypt-vault-id on 'edit'.
VaultLib.decrypt_and_get_vault_id() was change to return
the vault secret used to decrypt (in addition to vault_id
and the plaintext).
VaultEditor.edit_file() will now use 'vault_secret_used'
as returned from decrypt_and_get_vault_id() so that
an edited file always gets reencrypted with the same
secret, regardless of any vault id configuration or
cli options.
Fixes#35834
* continue fact gathering even without dmidecode
If dmidecode is not available we still wan to continue with fact
gathering.
On certain platforms dmidecode just won't work
Updated EXAMPLES documentation which had following 2 incorrect parameters:
'type' has been changed to 'ds_type'
'basic_auth' parameter has been removed.
label: docsite_pr
Change assign_public_ip to default to None rather than False so
that we can detect whether the value is being explicitly set or
not, and only warn if it is explicitly set to False for something
with a public_dns_name
Fixes#37985
* Make the module idempotent
* pep8 fixes.
* Made required changes for overwrite_value for idempotency.
* Fix missing error definition
* Add in missing documentation variable.
* Use arg_spec type for comparisons on default and choices
* Further improve type casting
* Make sure to capture output in more places
* Individually report invalid choices
* Update ignore.txt after resolving merge conflicts
* Make it less likely that we have to identify all the modules during
a playbook run. PluginLoader is optimized to look for modules one
directory at a time. If we find a module before we've examined all
the directories we never have to touch the other directories.
Reordering this conditional makes it so tasks which don't have
a module file will not force us to examine all the module directories
before moving on to other sources of task actions.
* Change several variables we consult to see if a task is in a certain
category from lists/tuples to frozensets. These are static lists
which we only do containment tests on so frozensets should be faster
Fixes#37208
If check_mode is enabled instead of committing th config need to
discard all the chnages to cnadidate db
In case of cli to discard changes issue `rollback 0` command
and for netconf execute `discard-changes` rpc call
The message text used to check stderr for a warning about
groupinstall in order to determine if a change occurred is specific
to the version of yum that is in RHEL7 and newer. This change simply
removes a couple words off the end in order to only use text found
in the warning message in older versions of yum.
Fixes#35982
Signed-off-by: Adam Miller <admiller@redhat.com>
This patch fixes up some English typos in the yaml inventory
plugin documentation.
* s/specifically/specific
* s/as/as an
Signed-off-by: Eric Brown <browne@vmware.com>
If a repo with `repo_gpgcheck=1` is added and the repo GPG key was never
accepted, quering this repo would throw an error `repomd.xml signature
could not be verified` and the module would fail. If that happens now
`yum -y makecache` will be run which will fetch the new repo data and
accept the repo GPG key.
* template: Add integration tests for `lstrip_blocks'
Signed-off-by: Alex Tsitsimpis <alextsi@arrikto.com>
* template: Fix passing `trim_blocks' inline
Fix passing `trim_blocks' option to the template module as inline
argument. Previously passing the `trim_blocks' option inline instead of
using the YAML dictionary format resulted in it always being set to
`True', even if `trim_blocks=False' was used.
Signed-off-by: Alex Tsitsimpis <alextsi@arrikto.com>
* template: Add option to `lstrip_blocks'
Add option to set `lstrip_blocks' when using the template module to
render Jinja templates. The Jinja documentation suggests that
`trim_blocks' and `lstrip_blocks' is a great combination and the
template module already provides an option for `trim_blocks'.
Note that although `trim_blocks' in Ansible is enabled by default since
version 2.4, in order to avoid breaking things keep `lstrip_blocks'
disabled by default. Maybe in a future version it could be enabled by
default.
This seems to address issue #10725 in a more appropriate way than the
suggested.
Signed-off-by: Alex Tsitsimpis <alextsi@arrikto.com>
* template: Add integration tests for `trim_blocks'
Signed-off-by: Alex Tsitsimpis <alextsi@arrikto.com>
* template: Check Jinja2 support for `lstrip_blocks'
Since the `lstrip_blocks' option was added in Jinja2 version 2.7, raise
an exception when `lstrip_blocks' is set but Jinja2 does not support it.
Check support for `lstrip_blocks' option by checking `jinja2.defaults'
for `LSTRIP_BLOCKS' and do not use `jinja2.__version__' because the
latter is set to `unknown' in some cases, perhaps due to bug in
`pkg_resources' in Python 2.6.6.
Also update option description to state that Jinja2 version >=2.7 is
required.
Signed-off-by: Alex Tsitsimpis <alextsi@arrikto.com>
* Decodes kv values from Consul to utf-8.
* Switches to using module utils to perform text decoding.
* Adds self to authors list to help community maintenance.
include_vars and set_fact are already updating hostvars in strategy
no need to 're add again' with lower priority the same data.
fixes#37535, mostly by avoiding reprocessing and 'cleaning'
* Fix loading of filter and test plugins
Filter and test plugins are different than other plugins in that they
can have many plugins in a single file. Therefore they need to operate
a little differently. They need to have all of the potential files
returned. Then the caller takes care of passing those onto jinja2 in
order for jinja2 to make use of them.
This problem was (most recently) introduced with f921369445
This commit also restructures how we deduplicate plugins to take paths
into account. If we want to start scoping which set of modules are
loaded (due to roles, for instance) we'll need to hang on to the path
information.
* add integration test for override
* Fix style checks for bcoca code
* Implement jinja2 plugin loader as a subclass
Having a subclass allows us to customize the overriding of jinja
plugins. We can then move common parts of common code into the Loader.
* Added missing scalable target creation
* Changed if statement
* Added support to results of all actions
* Fixed line lengths, whitespaces and blank lines between functions
* Fixed documentation formatting
* Work in progress, fixed returns from functions, still need to do exception handling
* Work in progress, still need to do exception handling
* Moved to AnsibleAWSModule, Added exception handling
* Added detailed return doc
* Fixed return doc alarms
* fixed return yaml
* Fixed function calls when creating/deleting
* fixed unnecessary blank line
* removed imports and unnecessary checks handled by AnsibleAWSModule
* removed whitespace
* [cloud] ec2_vpc_route_table: ignore routes without DestinationCidrBlock
Add module warnings rather than silently skipping
* Permit warnings for routes tables containing vpc endpoints to be turned off
* Add tests to ensure a VPC endpoint associated with a route table does not result in a traceback
As with list_users, list_vhosts can sometimes return a value that
doesn't contain a '\t' character. This appears to be the case if the
server has no vhosts, for example.
The same fix was applied to the rabbitmq_users module here:
fafb89cde5
* New generator inventory plugin
Allows construction of hosts and groups through cartesian
product of various group combinations
* Add generator plugin documentation
* adding possibility to specify resource group for referred virtual network
* fixed sanity issues
* removed trailing whitespace
* added test
* fixed documentation
* try to fix unstable test
* Tidied up the description of virtual_network_resource_group
* adding possibility of disabling public ip address
* fixed indent
* fixed whitespace
* fixed mistake
* try to create test with vm without public ip address
* try to fix test
* another attempt for test
* fixing test
* create vm with no ip with different name and delete it immediately
* a few additional fixes
* another attempt to pass test
* must be deleted
* simplified no ip test
* reorganised tests
* Wrapped choice in C()
* fixed issue when public ip address should not be created
* adding test for public ip address
* fixed samples
* another fix to sample formatting
* fixed test
* fix test
* fixed test
* another attempt to fix test
* maybe it works now
* still wrong
* improved check per customer request
* removed stupid semicolon
* updated test to match main scenario
* changed ip configurations to list
* another attempt
* msi
* add env and param
* add msi in default
* add azure_rm
* add document
* subscription param
* if not enabled msi
* remove the msi in default mode since the infinite loop will block if not enabled msi
* lint
* lint
* Update azure_rm_common.py
* fix
* catch exc and make error message more friendly
* lint
* Minor docs changes to the msi source option
* added set_env_proxy function for setting proxy environment
Added set_env_proxy function, that set system http(s)_proxy
environment for fetching RPM if proxy settings set in yum.conf file
that fix Issue - #18979
* fix automatic field numbering specification
* changed if statement in setting http_proxy environment
* Change set_env_proxy function to function with decorator
That decorator set system proxy environment from yum.conf and revert
back to system configuration after fetching RPM
* Minor fix
- rename variable schem to scheme
- change 'in' to 'startswith'
* change decorator set_env_proxy to decorating through contextmanager
- added import contextmanager from contextlib
- set_env_proxy now decorating through contextmanager
- fix http/https setting environment principle
* Fix csvfile traceback on Python3
The csvfile lookup uses some custom iterators. These needed to be
ported to handle the python3 iterator protocol. In addition, the
csvfile module takes an iterator of byte strings in Python2 and an
iterator of text strings in Python3
Fixes#36808
* Fix a traceback in ansible-pull on python3 comparing output from
subprocess with a text string.
* Rename variables that hold byte strings so we are clear that those are
not text strings.
* Use to_text() to transform variable that's being displayed as it's
less fragile than str().
Fixes#36962
The user_data field is base64 encoded inside of the boto library. In
Python3, base64 must be used with byte strings. So we make sure to
encode the user_data into a byte string before passing it on to the boto
library.
Fixes#34978
An IncludedFile() object built using the original_task will have
its _task bound to the original_task. The iterative reassignment of
original_task._role_name during with_item loops leaves all returned
included_files with the same ._task._role_name (the final name from
the with_items list). This commit builds IncludedFile() objects
from an original_task.copy() to avoid the problematic binding.
NSO verify did not handle leaf-list value verification in 4.5 and
later due to changes made for configuration writing made.
map prefix for identityref types in verification.
NSO operations can take much longer than 10 seconds as they operate on
real network equipment, set default timeout to 5 minutes and allow for
user override.
* Fix redundant yaml error blurbs on ModArgs parse errors
Some of the AnsibleParserErrors from parsing.mod_args
are created with the obj=some_yaml_ds options but
some are not.
If they were, we don't want to add another yaml_ds to
it, because that will result in double yaml error blurbs.
And since we dont need to add info, we can just re raise it.
But if there is no ._obj, add it here so we get the extra
detail in the error message (see issue #14790) and raise
a new AnsibleParserError instance.
Fixes#36848
* cleanup existing test_tasks pep8/sanity issues
* Don't mask values specified in data.
This heavily improves readability of error messages such as
'Authorization for ******** returned in********: CHALLENGE: ********-01 DETAILS: Incorrect TXT record "********" (and 1 more) found at ********.********;'
(verbatim quote).
* Added documentation.