In the past, selinux.security_get_boolean_names did return 'bytes'
on python 3, but this was changed to return string later, cf:
b8711e2eaf
So we have to convert to bytes only if the API return us bytes.
Fix#25651
More openssl modules are about to be made, each of them rewriting
some pieces of code that can be refactored and used via a common
library.
This commit aims to create this "base" object and the common functions
one might want to reuse in order to avoid duplication.
* Added ability to specify destination OU when joining a domain
* Updated win_domain_membership documentation to include OU destination option.
* Updated python to include version
* Additional info in the docs
Two reasons to do this:
- It provides a proper error message indicating why it failed
- It conforms to what is being done in the command and shell modules
unsafe_writes currently allows updating a file that can be updated but
not removed (for instance, when docker mounted). This change also
allows unsafe_writes to write to writable files in unwritable dirs. For
instance, if a system has made a single file inside of /etc/ writable to
a specific normal user.
Fixes#14961
The HTTP User-Agent "ansible-httpget" is already kind of the default,
it being the default value provided by the `url_argument_spec` helper
method. Yet, it may not be practical for all modules to get their
argument_spec that way.
Without a default User-Agent we fall back on the library
User-Agent. That being something like "Python-urllib/2.7".
While I'm no big fan of web servers making decisions based on the
provided User-Agent I still think that part of being a well-behaved
HTTP client is to provide an informative User-Agent. Not to mention
that it's a good thing for Ansible to behave consistently.
Indirectly fixes#26239
Turns out in some commands, like 'sh bgp summary' a line containing
'Not found' can be shown as a column.
This causes those commands to error out with RC=1 .
Fixes#26577
IncludeRole objects don't use _raw_params for the name/etc. of roles
like regular incudes, but the code for finding relative includes assumed
that all includes had a _raw_params field. This fixes that by correctly
checking the parent object type and using the appropriate field.
Fixes#26525
* We need a directory walker that can handle symlinks, empty directories,
and some other odd needs. This commit contains a directory walker that
can do all that. The walker returns information about the files in the
directories that we can then use to implement different strategies for
copying the files to the remote machines.
* Add local_follow parameter to copy that follows local symlinks (follow
is for remote symlinks)
* Refactor the copying of files out of run into its own method
* Add new integration tests for copy
Fixes#24949Fixes#21513
* add unit test: nested dynamic includes
* nested dynamic includes: avoid AnsibleFileNotFound error
Error was:
Unable to retrieve file contents
Could not find or access 'include2.yml'
Before 8f758204cf, at the end of
'path_dwim_relative' method, the 'search' variable contained amongst
others paths:
'/tmp/roles/testrole/tasks/tasks/included.yml' and
'/tmp/roles/testrole/tasks/included.yml'.
The commit mentioned before removed the last one despite the method
docstrings specify 'with or without explicitly named dirname subdirs'.
* add integration test: nested includes
Fix IOS TypeError
* if flags are None, then ' '.join(flags) fails
* fixed get_defaults_flag so that it returns a list, and ignores lines with white space
Fixes#26918
* Revert change to docker_common as it's not as good as the try: except fix
* limit docker_volume fix to ImportErrors
* fix docker_secret i nthe same way
* Remove docker_secret from import tests
* Ensure that include_role properly fires handlers
include_role needs to ensure that any handlers included
with the role are added to the _notified_handler and
_listening_handler lists of the TaskQueueManager, otherwise
it fails when trying to run the handler.
Additionally, the handler needs to be added to the
PlayIterator's `_uuid_cache` or it fails after running
the handler
Add more uuid debug statements - this code was hard
to debug with existing debug statements, so add more
uuid information at little additional output cost.
Fixes#18411
* Add tests for include_role handlers
Tests for #18411
* Adding ciscowlc_command module and unit tests.
* Adding __init__.py for unit test.
* Fixing PEP8 W503.
* Renaming module from ciscowlc_command to aire_command.
* Renaming aire_command to aireos_command.
* Added the docker_volume module
* Code style fixes
* Added yours truly to the copyright statement
* Added documentation link
* Fixed YAML syntax in documentation string
* Documentation style fixes based on the code review
* Implemented requested code corrections
* Added documentation for the "labels" option
* Handled APIErrors from docker-py
* Fixed the type of the "labels" option (dict -> list)
* Fixed typo
* Import APIError from docker_common, not from docker-py
* Only use `git verify-tag` when verifying annotated tags
The command `git verify-tag` only applies to annotated tags. When
verifying lightweight tags, which are more similar to non-moving
branches, one has to use `git verify-commit` instead.
Using ':' as a separator is appropriate since that is one of the
characters not allowed in a Git reference name.
See also https://www.kernel.org/pub/software/scm/git/docs/git-check-ref-format.html
* Improve testing of the Git module's gpg verification
Public key can be extracted extracted in different format from
the PEM formatted RSA pair.
This commit allows the user to specify the format s/he wants to generate
the public key:
* PEM
* OpenSSH
* openssl_publickey: Allow one to specify file permission
Allow a user to specify file permissions on the generated publickey via
the file module common arguments.
* openssl: Add documentation regarding file_common_args
Add documentation for those modules to let the user know that he can
rely on file_common_args to specify file permissions.
Added 'ovirt_host_storage_facts' module to retrieve
a list of HostStorage[1] objects by a specified iscsi
target and address.
E.g.
- ovirt_host_storage_facts:
vm: myhost
iscsi:
target: iqn.2016-08-09.domain-01:nickname
address: 10.34.63.204
[1] http://ovirt.github.io/ovirt-engine-api-model/master/#types/host_storage
ISSUE TYPE
* Feature Pull Request
COMPONENT NAME
* lib/ansible/modules/cloud/ovirt/ovirt_host_storage_facts.py
@machacekondra
@mureinik @maorlipchuk
* Add default description string to vyos_interface
* If `state=up` it should remove the `disable` configuration
for interface. However, if no other interface parameter is configured
this ends up deleting the interface itself which is not the desired
behaviour. Hence adding a default description field to avoid such
scenario's.
* Minor changes
* Add default description to aggregate
* Adding aruba_command module along with unit tests.
* Fixing PEP8 E303 too many blank lines.
* Adding default for timeout.
* Removing unused arguments. Moving default for timeout argument. Fixing cliconf to find hostname.
* Fixing PEP8 E302.
This fix corrects the usage of function FindByUuid by
specifying correct parameter 'uuid' and 'instanceUuid'
as documentation of VMWare's API.
Fixes: #24398, #24835, #25713
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
socket.create_connection is a higher-level function, which tries to
establish a socket connection using both AF_INET and AF_INET6. It got
introduced in Python 2.6, which ought to be fine with Ansible 2.4.
Fixes#26740
* Re-introduce relative paths to vmware_guest folder:
Move compile_folder_path_for_object function from vmware_guest_find to
utilities
Allow full path or relative path to be specified for the folder
parameter. We will build the full path to the new VM.
* Remove duplicate check
* PEP8 Fixes
* WIP update asa to use network_cli connection plugin
* add asa.py to cliconf plugins
* update asa.py terminal plugin to support regexp and events
* update constants to map asa modules to asa action handler
* update asa action handler to implement persistent connections
* update asa shared module to use persistent connections
* update asa_command module to use new connection
* fixed pep8 issues
* Fix symlink handling
On symlinks, make lnk_source return the absolute path of the target of the symlink.
Add a new return field lnk_target that returns the actual, unexpanded path to the target of the symlink.
* allow paths to be specified so slurp is not necessary for remote hosts to use
* Make requested changes
remove unused parameters
* remove module used out of scope
check the potential filepath to be true before checking isfile
remove required: false
* rephrase documentation
* remove 'lookups' from example
* The canonical location of BOOLEANS has moved. Switch imports to use that.
* clean up argument_spec use of booleans.
* Clean up imports to not use wildcards
* Remove usage of get_exception
Consolidate the module_utils, constants, and config functions that
convert values into booleans into a single function in module_utils.
Port code to use the module_utils.validate.convert_bool.boolean function
isntead of mk_boolean.
All play focused code should access constants via ansible.constants, not
via the config API. Even that API should only be used by
ansible-config. It should be considered an internal implementation
detail to everything else
* New module - elb_application_lb_facts
* Make sure tags dont get snake cased
* Add listeners and listener rules to application facts
* python3 compat fix
* aci_rest: New module to access Cisco ACI
This PR includes:
- Relicense as GPLv3+
- Check-mode support
- Cosmetic changes to documentation
- Examples in YAML format
- Removal of incorrect requirements (for this module)
- Do not log passwords
- Implement native fetch_url instead of requests
- Use standard hostname, username and password parameters
- Add alias src for parameter config_file
- Add mutual exclusive content option for inline data (and show some inline examples)
- Add timeout parameter
- Add validate_certs parameter
- Handling ACI result output (identical for JSON as XML input)
- Parse/expose ACI error output to user
* Lower case method, add use_ssl, Use python dicts
This commit includes:
- Use lowercase method names
- Add `use_ssl` parameter (not the `protocol` parameter)
- Use a python dict for the request data (not a JSON string)
- Documentation improvements
* Ensure one of 'content' or 'src' is provided
* Fix issue with totalCount being a string in JSON
This fixes the problem with JSON output where totalCount is a string and
not an integer.
This fixesjedelman8/aci-ansible#7
* Improve code documentation
* Improve error handling and module response
* Small typo
* Improve documentation and examples
* Keep protocol parameter, but deprecate it
* Extrude aci functions from module_utils
* aci_rest: Add unit tests
* Rework how listeners and rules and handled. Fixes#25270
* Tidy up, documentation and add rules to returned output
* Remove required=False from argument_spec
* Remove unused functions. Add or [] in case of no elb
* Handle when listners is None in ensure_listeners_default_action_has_arn
* Use Boto3 for ec2_group
Currently boto doesn't support ipv6. To support ipv6 in ec2_group, we need boto3.
boto3 has significant API changes, which caused more re-factoring for ec2_group module.
Added additional integration test to test_ec2_group role.
* Follow the standard for boto3 ansible
Fixed imports. Use boto3 ansible exception with camel_dict_to_snake_dict.
Refactored the call to authorize/revoke ingress and egress.
* Removed dependancy with module ipaddress
Added new parameter called cidr_ipv6 for specifying
ipv6 addresses inline with how boto3 handles ipv6 addresses.
* Updated integration test
* Added ipv6 integration test for ec2_group
* Set purge_rules to false for integration test
* Fixed import statements
Added example for ipv6.
Removed defining HAS_BOTO3 variable and import HAS_BOTO3 from ec2.
Cleaned up import statements.
* Fixed exception handling
* Add IAM permissions for ec2_group tests
Missing AuthorizeSecurityGroupEgress necessary for latest tests
* Wrapped botocore import in try/except block
Import just botocore to be more similar to other modules
* junos implementation for net_l3_interface module
* junos_l3_interface implementation
* junos_l3_interface integration test
* net_l3_interface integration test for junos
* Fix module name typo
* win_secedit: Added module with tests/diff mode
* fixed up test issues
* Added missing return value
* change for win_secedit based on review
* updated win_security_policy examples for rename
These integration tests were used for testing the exact behaviour of
Ansible for YAML-style syntax and key=value syntax.
This includes fixes to win_shortcut (as `src` can be a URL too)
* win_regedit: rewrite to support edge cases and fix issues
* fix up byte handling of single bytes and minor doc fix
* removed unused method
* updated with requested changes
When the file is opened with rwa+ and the update file size is smaller than the original the ini file can become corrupt. The issue was noticed when we had comments at the top of /etc/yum/pluginconf.d/rhnplugin.conf after using the rhn_register module the file became correct.
rwa+ also make no sense as the file is only written too and why would any appending need to happen?
* vyos implementation for net_interface module
* vyos_interface implementation module
* vyos_interface integration test
* net_interface integration test for vyos
* Change collection to aggregate
* Fix the editable condition into pip module (#19028)
* Add editable to tests
Default changed to False, so now editable: True is needed explicitly in
tests
* Allow creation of user with localhost exception.
Fixes#22791
When access control is enabled, Mongo allows a user to be created from
localhost (called the "localhost exception":
https://docs.mongodb.com/v3.2/core/security-users/#localhost-exception).
When the `update_password` parameter was added to this module in
Ansible 2.1, this functionality was broken due to a query performed
before `user_add()` is called. This fix only performs the query when
when `update_password` is set to `on-create`, allowing a user to be
created via the localhost exception.
* Only set `password = None` when user exists.
* Change iam_managed_policy to return snake case
Import module_utils.ec2 methods explicitly
* iam_managed_policy: tidy argument spec
Remove unnecessary specifications (`default=None`, `required=False`)
Use `required_if` to check for `policy` when `state` is `present`
* Provide exception handling in iam_managed_policy
Pretty much all AWS API calls can go wrong, and we should handle them.
Update line wrapping to improve readability of method calls
* Improve error handling when policy version limit exceeded
Better document policy version limit exceeded, and check
the error code to see that that's actually what happened
(rather than e.g. no permissions to add a new version)
* iam_managed_policy: better handle pagination and retry
* Update hpilo_facts.py
Add option to change the ssl version used to connect to the remote iLO
* Update hpilo_facts.py
addition of spaces after commas in lists and replace()
Removing module_version from Attributes, support for class based resouces that need version specified when multiple version are present, support for File resource that has blank output for ModuleName/Version in Get-DscResource
* shorten warning on reservd fact collision
also remove ansible_ from namespaced facts for vars manager
handle str conversion errors
use tuple to avoid iterator errors
version added added
* only modify final one
* removed ansible_ removal
* vmware_guest: fixes for cache objects and datacenter association
* find_all_objs was only looking for datastores
* Clear the result if it's datacenter is not correct.
* Re-enable pyvmomi installation
Addresses #25011
Addresses #26511
* apk: Fix failure when both install and upgrade in same command
If name list contains an installed package that needs upgrade plus a new package, apk command would fail due to missing space character.
* Simplify fix by concatenating lists
* add first, last and next usable
* add usable ip filters
* add size usable, range usable and wildcard
* add ip prefix and netmask filter
* add network formatting and check if ip in subnet
* clean up order, add comments
* fix pep8
* update format by index
* clean up and updates from jmcgill298
* Slight refactor on vmware_guest to fix path searching and vcsim compatibility.
* Clean up pep8 errors
* Fix more pep8 issues
* Add assertions
* Remove debug failure
* Update docsting for folder with examples
* Revise _get_vm_prop based on suggestions
* Implement folder walker to find a folder path
* More enhancements for datacenter->datacenter cloning
* Fix a few pep8 issues
* Remove useless check for subclass of None
* Fix a few suggestions
* Move serialize_spec to a util function
* Group exceptions together
Fixes#25011
* add connection plugin for buildah
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* fixup
* create a method to invoke buildah
* mount container filesystem persistently so we can access it
during put and fetch
* use copyfile function for copying files
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* revert tests
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* fixup
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* progress
(this will be squashed into a single commit before merge)
* add docs for the conn plugin
* fix issue invoking the integration tests
* add a way to invoke commands inside the container as a different user
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* fix shellcheck warning
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* adds more intelligent save logic and diff to network config modules
* adds sha1 property to NetworkConfig
* adds new argument save_when to argument_spec
* adds new argument diff_against to argument_spec
* adds new argument intended_config to argument_spec
* renames config argument to running_config with alias to config
* deprecates the use of the save argument
* before and after now work with src argument
* misc module clean
Modules updated
* nxos_config
* ios_config
* eos_config
Most notably this makes the save mechanism more intelligent for config
modules for devices that need to copy the ephemeral config to
non-volatile storage.
The diff_against argument allows the playbook task to control what the
device's running-config is diff'ed against. By default it will return
the diff of the startup-config.
* removes ios_config from pep8/legacy_files.txt
* extends the ignore lines argument to the module
* clean up CI errors
* add missing list brackets
* fixes typo
* fixes unit test cases
* remove last line break when returning config contents
* encode config string to bytes before hashing
* fix typo
* addresses feedback in PR
* update unit test cases
This was discussed with the core team and removing this option was preferred.
For backward compatibility we accept the parameter, but warn the user instead.
Previously the gce module would only allow scopes to be specified by
alias, this adds support for specifying scopes by full URI, however
validation is limited to just ensuring the URI begins with:
https://www.googleapis.com/auth
Based on issue 23642, add some info about the used python
executable and version to the error message when ssl connection
fail in a way that may be related to the version.
Module was importing '*' from facts to get to TimeoutError
but that has moved to facts.timeout, so import is updated.
Also rm old style imports to new style imports at the start
of the module.
'signal' py module was used and referenced but never imported,
presumably it was using the 'signal' previously imported into
module_utils.facts. Now imported directly.
'AnsibleModule' was also from a * import, so now imported directly.
A ref to 'module' was in _delete_disks_when_detached(), so now it
is updated to raise an AzureException() with its message, and
let its caller catch it and call module.fail_json()
* Rm check for unused 'name' arg for restarted.
The module docs claim 'name' is not required for
restarted state, and the code doesn't seem to use
it is.
* Better error msg for linode 'restarted' state.
* Remove the eval() and loop over args.
* Fix use of eval(args), and cleanups.
* linode 'stopped' state doesnt need name either
Fixes#3873
It was in lib/ansible/modules/system/setup.py since it
was the only thing using it, but move it back to module_utils
and add a ansible_collector.get_ansible_collector() to build
a facts collector just like the one used by setup.py
mv test_setup.py -> test_ansible_collector.py
All the code it was testing is now in ansible_collector
rm code to create 'ansible_facts' subkey from namespace
Just leave it up to the caller to do, and just return a
flat dictionary from AnsibleFactCollector.collect()
* junos_linkagg implementation and junos modules refactor
* junos_linkagg implementation
* junos_linkagg integration test
* net_linkagg integration test for junos
* decouple `load_config` and `commit` operations,
to allow single commit (in case on confirm commit) and
to perform batch commit (multiple `load_config` followed by single
`commit`)
* Other related refactor
* Fix CI issues
* Fix unit test failure
In Python a function is always truthy, and the name of the
`create_changeset` function was being accidentally used instead of
`module.params['changeset']`.
VMware provides a different DMI product name for VMs booted via UEFI vs BIOS.
VMware provides a different DMI product name for VMs booted via UEFI ('VMware7,1') vs BIOS ('VMware Virtual Platform')
Fixes#26517
During the writing of Windows path integration tests we discovered that
incorrect paths (including escape sequences) cause very cryptic error
messages.
This fix ensures that invalid paths cause a proper error message.
We also had to fix the following modules:
- win_shortcut: `src` can be a URL
* Add transformed json output in junos_command
Fixes#26363
If the display is in `xml` format for command responses
add th transformed `json` output in the result.
* Fix CI issue
* Feature #2731: added postgres import and dump
* Feature #2731: be more permissive of arguments
```
hacking/test-module -m ./ppostgresql_db.py -a "db=example state=dump target=/tmp/out"`
```
failed previously since host, user, and port were required as keywords
in the pg_dump / pg_import methods.
* Feature #2731: fixed doc string for validate-modules
```
$ ansible-validate-modules database/postgresql/
```
now passes.
* Feature #2731: disable 'password' for dump/restore
* Feature #2731: bump added version to 2.3
* Feature #2731: replace db_import with db_restore
* Feature #2731: add missing version description
* Feature #2731: fix 'state' description
* Feature #2731: fix pep8 issues
* Feature #2731: put state documentation in a single string
* Bump added version from 2.3 to 2.4
* Fix pep8 and pylint errors
* Attempt yaml formatting of documentation string
* Add integration tests for postgres_db:dump/restore
* Update dump/restore logic to support new kw-args
Also attempt to support password; integration tests are
still failing.
* Revert to postgres user for dump/restore
Passing PGPASSWORD is not working for subprocesses. For the
moment, reverting to the strategy of failing if login_password
is set and using `postgres` for all testing of dump/restore.
* Various cleanups to have tests passing
* Working tests for {sql,tar} x {,bz2,gz,xz}
* Use pg_user to support FreeBSD
* Revert login_ prefixes and re-enable password support
All `login_` keywords are mapped to their non-prefix versions
so the previous changes were effectively using `postgres` for
all actions. With the proper keywords, PGPASSWORD-passing to
the subprocess is now working.
* Optionally add password
environ_update doesn't handle None values in the
dictionary to be added to the environment. Adding
check.
* Quick fixes
* Refactor login arguments after fixes from pchauncey
The fixes introduced by pchaunchy pointed to further issues
(like no --dbname on PG<=9.2) with the login parameters. This
refactors them and adds further tests.
Note: this will still not pass integration tests due to a further
issue with pg_dump as a non-admin user:
pg_restore: [archiver (db)] Error while PROCESSING TOC:
pg_restore: [archiver (db)] Error from TOC entry 1925; 0 0 COMMENT EXTENSION plpgsql
pg_restore: [archiver (db)] could not execute query: ERROR: must be owner of extension plpgsql
* Introduce target_opts for passing limiting dumped/restored schemas
The current integration tests (PG version and template DBs) don't
permit a regular user (`{{ db_user1 }}`) access to plpgsql causing
restores to fail. By adding an option for passing arbitrary args to
pg_dump and pg_restore, testing is made easier. This also paves the
way for `-j` usage, once the PG version is bumped.
The iApp service module worked fine previously, but this patch
adds enhancements to it to include more fields that can be
specified when creating iapp services.
* add enhanced run option support for win_scheduled_task
* changed run_level option to runlevel
* correct merge conflicts since task path fix
* changed run_level option to runlevel
* changed do_not_store_password to store_password, and other minor fixes
* conditional logic swap, and documentation change for password
* postgresql_user module - transaction logic hacks to allow recovery from failed select
* postgresql_user - PEP8 and style fixes to make debugging easier
* postgresql_user - move password changing logic to separate function
* postgresql_user - trap failure in case where there is no access to pg_authid
* postgresql_user - further PEP8 fixes
* postgresql_user - Simplify password change logic and improve imports according to suggestions from PR review
* postgresql_user - Eliminate pep8/blank line errors introduced in merge
* Check behaviour when pg_authid relation isn't readable
TASK [postgresql : Normal user isn't allowed to access pg_authid relation:
password comparison will fail, password will be updated] ***
An exception occurred during task execution. To see the full traceback,
use -vvv. The error was: psycopg2.ProgrammingError: permission denied
for relation pg_authid
* Don't reintroduce passlib, remove useless query
This PR includes:
- Checkmode improvements
- Integration tests
- A fix for python3
- PEP8 fixes
This backports improvements from the win_wakeonlan module.
* Implementation of junos_static_route module
* junos implementation of net_static_route
* integration test for junos_static_route
* integration test for junos net_static_route
* Minor change
* Doc change
* Fix CI issue
* On python3, stdin goes through a buffer that translates from raw bytes
to text. this interferes with pause as it (1) performs universal
newline conversion and therefore '\r' is turned into '\n' and (2) the
buffering prevents us from getting the typed characters immediately
(possibly a python3 bug?) Using the raw byte stream that's behind the
text decoder fixes these problems.
Unrelated cleanups:
* Use to_text instead of str for conversion into strings to avoid possible tracebacks
* Use either \r or \n as the end of a line.
Fixes#26278Resolves#26446
* openwrt_init: clearly state that python is required
As python isn't installed by default on OpenWrt/LEDE,
clearly state that python is required
Signed-off-by: Etienne CHAMPETIER <echampetier@anevia.com>
* opkg: clearly state that python is required
As python isn't installed by default on OpenWrt/LEDE,
clearly state that python is required
Signed-off-by: Etienne CHAMPETIER <echampetier@anevia.com>
* junos_user declarative module changes
* Active/Deactivate support
* junos_user integration test
* net_user intergration test for junos
* Add version_added for active param
By default, the vendor neutral modules will just go on if no
implementation module is found.
If user specifies the task argument fail_on_missing_module and
sets it to True, then we bail out the play early and report that
to the user.
restored 'rc' inspection but only when failed is not specified
removed redundant changed from basic.py as task_executor already adds
removed redundant filters, they are tests
added aliases to tests removed from filters
fixed test to new rc handling
This is part of the effort to make win_get_url parameters conform to
other modules. The option `validate_certs` is the common option for
this.
See also #20160
* as a result of recent core engine changes to ignore rc, modules are responsible to set `failed` on nonzero RC if they want that behavior
* the `failed` filter currently triggers on nonzero RC, which caused the tests to false-pass
* updated tests to explicitly check both rc and failed keys, as well as using the failed filter.
This is a new fix to replace #20361 due to the synchronize module changing
sufficiently to make that commit no longer merge cleanly.
Fixes#20361
Related to #20311
Currently chocolatey is not failing when the user requests version X,
but version X is not available in the repository.
Obviously the module should fail in this case.
This fixes#25393
* Fix ansible-doc traceback when a plugin doesn't parse correctly
* Change extract_metadata ivocation to take either an ast or source
code. When given source code, it can find file offsets for the start
and end of dict. When given the ast, it is quicker as it doesn't have
to reparse the source. Requires changing the call to the function to
use a keyword arg.
* Fix reading of metadata to find the last occurrence of
ANSIBLE_METADATA instead of the first.
* Add some more unittests to get closer to complete coverage
* Pep8 fixes
* Removed redundant check for name
* Check validity of api_token
* Don't report changed when tag is already present
Fixes#24265
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fixes become_method: runas for unprivileged users
* sets permissions on tempdir appropriately
* allows automatic system environment generation for new token (old Process.Start way prevents this)
* add basic become runas tests
All that is required to verify the signature is that the matching
public key is present in the remote user's keyring. There is no need
for GnuPG to explicitly trust the authenticity of the key.
Not Ansible specific, but rather the behavior of the `git verify-commit`
and the `git verify-tag` command line invocations.
The following snippet:
- name: Let the DMZ connect to internet
firewalld:
zone: dmz
masquerade: True
permanent: True
immediate: True
state: enabled
will fail with this error message:
Exception caught: set_masquerade_enabled() takes 1 positional argument but 3 were given
It turn out that it treat 'zone' as a array of string instead of 1 string.
I only tested on Python 3 with a Fedora 25.
* correct, cleanup & simplify dwim stack
latlh chIS logh HeS qar wej chel laD
better errors
update find_file to new exception
* addressed latest comments
* test should not use realpath as it follows symlink
this fails when on OS X as /var is now a symlink to /private/var
but first_found was not supposed to follow symlinks
CreateSnapshot may fail with several exceptions. This
fix generically handles these exceptions.
Fixes#21121
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Fixed he exception handling logic for the delete_group function.
fixes issue #26100
* Removed the unnecessary del_meta variables and made some other adjustments to the delete_user function
Fix adds support for quiesce and memory options while taking
snapshot of virtual machine. Update documentation and examples
for reflecting this change.
Fixes#26270
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Unittests for extracting metadata from plugins
* Port plugin_docs to use the generic extract_metadata function
* Make the helper functions seek_end_of{string,dict} private
check_mode should behave pretty similarly to non-check mode -
just don't actually create or delete subnets or change tags.
Using DryRun for check_mode behaves very differently and results
in the following module failure:
```
"msg": "Unable to update tags for subnet-abcd1234,
error: EC2ResponseError: 412 Precondition Failed
<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<Response><Errors><Error><Code>DryRunOperation</Code>
<Message>Request would have succeeded, but DryRun flag
is set.</Message></Error></Errors>
<RequestID>12345678-abcd-1234-abcd-abcd1234abcd</RequestID></Response>"
```
* Add support for EC2 dynamic data in ec2_facts
- Flattens out JSON in the instance identity document and IAM info/credentials for easy access to facts
- This changes region fact from ‘ansible_ec2_placement_region’ to ’ansible_ec2_instance_identity_document_region’
* Maintain backwards compatibility by putting the region into the old key
* Improve JSON parsing logic and split security group IDs
* Add documentation, backwards compatibility, fix bug and formatting
- Update documentation for ec2_facts with return values
- Preserve JSON value from the metadata service for backwards compatibility
- Fix bug in fix_invalid_varnames
- The keys in the dict were being modified in place; new dict now created to hold the sanitized keys
- Consolidate two replace calls with a regex substitution
- Move imports for ec2_facts to the top
* Add support for parsing the IAM instance profile role
When using Python3, the exec_module function errors out with a
unsupported operand type(s) for +: 'dict_keys' and 'list'
error when adding the .keys() to a static list. Use the explicit
list function to make a list of keys and then add to the ['tags'] list.
This module can add, remove, update versions, and set default versions
of managed policies. It will cycle out old versions of policies if too
many are present. It will check and set the version of the policy that
matches the pased in policy document if one already exists.
Incorporating changes from PR
Descriptions now have full stops, and pep8 error has been
addressed. Also added requirements, author, and updated interface to
"preview"
Additional change to pass CI
Previous commit added in some whitespace errors. Additinoally added
correct value for version_added, added in a RETURN block for
documentation, and moved import to top of file
Fixed error detaching policy from users
Updates to pass 2.4 CI
Updating iam_managed_policy supporting feedback
The user variable stores whether we need to set user@ in our connection
string. It's now being used at the toplevel of the run() method so the
default needs to be calculated further up the stack
Fixes#24910
Switch to dicts in common code caused silent failures during arg translation, so default values and non-check-mode were always used.
* fixes#23653
* fixes#24062
* fixes#22938
* fixes#25156
commit f79beaa3b3b642c370552d63b0848195358bccd0
Author: James Cammarata <jimi@sngx.net>
Date: Wed Jun 28 17:00:57 2017 -0500
Add example for iptables using the policy option
commit 1a0f9debdb526bef9d8d469a84a8cc55ef68da03
Author: James Cammarata <jimi@sngx.net>
Date: Wed Jun 28 16:59:52 2017 -0500
Fix missing re import for iptables after merging #19476
commit 084479d21d
Author: Alexey Solodkiy <work@x1.by>
Date: Sun Dec 18 12:07:05 2016 +0300
fix#19476
* win_say: Fix issue, add integration test
This PR includes:
- Make speed_speech an integer parameter
- Test for empty parameters too
- Add integration tests
* Improve the $speech_speed parameter handling
As requested
include_vars will now also return a key 'ansible_included_var_files'
which contains the list of files that were successfully loaded.
This is useful information and, amongst other things, a way for users
to know exactly what files were included when debugging their
playbooks.
This also allows us to improve the integration tests around
include_vars.
So in an effort to verify if Windows modules are feature complete
compared to the python equivalent, I stumbled upon these differences.
This PR includes:
- Add missing 'data' option from documentation
- Simplify ping module
- Update integration tests to test exception
As we can see in
9537453586
:
CN used to be without whitespaces around the `=` but OpenSSL 1.1 introduced
whitespaces:
1.0.1: subject=/CN=example.com
1.1.0: subject=CN = example.com
This commit makes them optional.
OpenSSL 1.1 is present on the newly-released Debian Stretch, so absence
of this fix makes us not being able to use this module on this distro.
If target_group_arns is an empty list, then return
an empty target_group_names list.
If a connection to elbv2 is not obtainable, then it is
not possible to return target_group_names
* Fix logical flaw (update when diff), use string ports everywhere
* Change port comparison to integer vs. string
The comparison works either way as long as it's consistent. Boto docs
state that it takes in an integer, but if given a string apparently
keeps it as such. This change just ensures that when we compare, we
specifically deal with integers.
So I thought I fixed it before, but there's still one location where
the `rc` value is influential to decide whether a task failed or not.
We already established in #24867 that it is up to the module to decide
what the return code actually means, not the task executor. We modified
the existing modules to move that logic into the module (eg. for
command, shell, etc.)
This relates to the integration tests of win_robocopy, where different
return codes have different meanings:
- 0 -- No files copied.
- 1 -- Files copied successfully! (changed)
- 2 -- Some Extra files or directories were detected. No files were copied. (warning)
- 3 -- (2+1) Some files were copied. Additional files were present. (changed)
- 4 -- Some mismatched files or directories were detected. Housekeeping might be required! (changed + warning)
- 5 -- (4+1) Some files were copied. Some files were mismatched. (changed + warning)
- 6 -- (4+2) Additional files and mismatched files exist. No files were copied. (warning)
- 7 -- (4+1+2) Files were copied, a file mismatch was present, and additional files were present. (changed + warning)
- 8 -- Some files or directories could not be copied! (changed + failed)
- 9 - 15 -- Fatal error. Check log message! (failed)
- 16 -- Serious Error! No files were copied! Do you have permissions to access $src and $dest? (failed)
This also fixes#24652
Make pyca/cryptography the preferred backend for cryptographic needs (mainly vault) falling back to pycrypto
pyca/cryptography is already implicitly a dependency in many cases
through paramiko (2.0+) as well as the new openssl_publickey module,
which requires pyOpenSSL 16.0+. Additionally, pyca/cryptography is
an optional dep for better performance with vault already.
This commit leverages cryptography's padding, constant time comparisons,
and CBC/CTR modes to reduce the amount of code ansible needs to
maintain.
* Handle wrong password given for VaultAES format
* Do not display deprecation warning for cryptography on python-2.6
* Namespace all of the pycrypto imports and always import them
Makes unittests better and the code less likely to get stupid mistakes
(like using HMAC from cryptogrpahy when the one from pycrypto is needed)
* Add back in atfork since we need pycrypto to reinitialize its RNG just in case we're being used with old paramiko
* contrib/inventory/gce: Remove spurious require on pycrypto
(cherry picked from commit 9e16b9db275263b3ea8d1b124966fdebfc9ab271)
* Add cryptography to ec2_win_password module requirements
* Fix python3 bug which would pass text strings to a function which
requires byte strings.
* Attempt to add pycrypto version to setup deps
* Change hacking README for dual pycrypto/cryptography
* update dependencies for various CI scripts
* additional CI dockerfile/script updates
* add paramiko to the windows and sanity requirement set
This is needed because ansible lists it as a requirement. Previously
the missing dep wasn't enforced, but cryptography imports pkg_resources
so you can't ignore a requirement any more
* Add integration test cases for old vault and for wrong passwords
* helper script for manual testing of pycrypto/cryptography
* Skip the pycrypto tests so that users without it installed can still run the unittests
* Run unittests for vault with both cryptography and pycrypto backend
* Add new windows module win_psmodule
* Add checkmode, allow_clobber parameter, integration tests
* Add aliases, replace win_raw with win_shell
* restore original test_win_group1.yml, add powershel version test
* fix var type
* add conditional on assert
* integration tests conditional tasks review
* documentation fix, test fix, adds result.change
* fix yml
* fix railing whitespace
* add nuget_changed and repository_changed in result
There are too many possible special cases for Ansible to be able to
precheck known_hosts files without introducing all kinds of false
failures.
* Alternative known_hosts paths
* Alternative host name aliases
* ssh host certificates
* SSHFP + DNSSEC
Fixes#24860
Fix adds support for adding VMWare vSwitch without
any physical NICs (uplinks). This makes nic_name as
an optional parameter. Also, updated documentation and
examples to reflect these changes.
Fixes#25632
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Mutually reference Windows and non-Windows modules
To make it easier for Windows or non-Windows users to find the relevant
module information, we are mutually referencing both variants in their
documentation.
We are also adding a special note if a module works on both Windows and
non-Windows targets.
* Mutually reference Windows and non-Windows modules
To make it easier for Windows or non-Windows users to find the relevant
module information, we are mutually referencing both variants in their
documentation.
We are also adding a special note if a module works on both Windows and
non-Windows targets.
* Replace 'look at' with 'use', as requested
ci_complete
So I noticed this when doing integration tests:
Failed to copy file Could not find a part of the path
and this change turns it into:
Failed to copy file: Could not find a part of the path
I also moved something out of the exception handling.
* openbsd_pkg: Handle versionless names with branch.
This makes package names such as "openldap-server--%openldap" work.
Problem reported by Landry Breuil.
While here fix cornercase check for versionless packages and add some
more debug output to packet parsing.
Fixes#25910.
* openbsd_pkg: Split up lines to pass build checks.
===
The test ansible-test sanity --test pep8 failed with the following errors:
lib/ansible/modules/packaging/os/openbsd_pkg.py:383:161: E501 line too long (292 > 160 characters)
lib/ansible/modules/packaging/os/openbsd_pkg.py:398:161: E501 line too long (198 > 160 characters)
===
* cisco_imc_xml: New module to manage Cisco IMC hardware
This module provides direct access to the Cisco IMC API.
See the included examples for a glimpse of what it can do.
* Rename cisco_imc_xml to imc_xml
After discussion with Peter Sprygada renamed from cisco_imc to imc.
As Cisco ACI is named aci as well.
The dependency chain should not include roles below the parent, as it
can introduce very weird things like conditionals from child deps impacting
non-related roles.
Fixes#25136
* Add junos_system declartive module and other related change
* junos_system declartive module
* integration test for junos_system
* integration test for net_system (junos platform)
* pep8 fixes for junos modules
* move to lxml from elementree for xml parsing as it support
complete set of xpath api's
* other minor changes
* Fix CI and doc changes
* Fix unit test failures
* Fix typo in import
* Fix import issue for py2.6
* Add missed Element in import
Fix adds support for Red Hat Enterprise Linux Atomic Host.
RHEL Atomic host uses same RHEL Server strategy for
modifying hostname.
Fixes#25903
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* New facts module for AWS EC2 VPC Endpoints
* ec2_vpc_endpoint_facts - meet latest Ansible standards
Fix exception syntax and use of `iteritems` for python3
Fix undefined `ec2` variable (should have been `connection`
Address various flake8 issues
Use `ansible_dict_to_boto3_filter_list` rather than
duplicating its implementation
* Remove max_items and next_token from vpc_endpoint_facts
max_items and next_token should be a module concern, not
a caller concern. It would be very difficult for a module
consumer to use next_token properly, whereas it's easy for
the module to handle it.
* ec2_vpc_endpoint_facts trivially supports check mode
Add supports_check_mode=True to the argument spec.
* Improve RETURN documentation for ec2_vpc_endpoint_facts
Fix bug in EXAMPLE documentation too
* fix return type for validate-modules
* iam_cert.py Fix duplicate certificate detection with included chains.
The iam_cert module would fail to detect certificates as duplicates
if the certificate body included the authority chain directly.
This commit fixes the problem by checking if a given certificate
matches the start of the data returned by AWS, since in all cases
where they would match the certificate will come first.
* iam_cert.py Return certificate ARN in all success cases.
When uploading certificates or interacting with IAM, the certificate ARN
is needed for other operations with AWS such as provisioning elastic load
balancers.
This commit returns the certificate ARN in all success cases, which allows
it to be used to idempotently provision other Amazon services depending on
it (ELBs being an immediate example).
ansible_host can be pulled from inventory and not match inventory_hostname,
this can "loose" vars to a new host named by ansible_host vs the delegated host
fixes#25770
This is a cleanup of the win_uri module to make it feature-complete.
This PR includes:
- Added check-mode support
- Add as many options from the uri module as possible
- Added creates
- Added follow_redirects
- Added maximum_redirection
- Added password
- Added removes
- Added return_content
- Added status_code
- Added timeout
- Added user
- Added validate_certs
- Fixed list-handling for comma-separated strings
- Added basic integration tests (should come from uri module)
As per documentation and code, external_user_name is
required parameter is case of type 'chat'.
Fix corrects error message displayed to user.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* add aws dynamo_ttl module, small parameter setter
- New Module Pull Request
`dynamodb_ttl`
2.3.0/devel
Very self-contained TTL setter. This is independent of the dynamodb_table module
as it's really designed to be a helper for tables that may be created in other
ways (say, CloudFormation, which doesn't support setting TTL).
* committer is no longer a valid value
* bump version_added, catch common exceptions
* pep8 fixes
* one more pep8
Previously, we used StrictVersion which failed to parse some passlib
version strings. For example, Debian currently ship passlib with a
__version__ of '1.7.0.post20161128115349'
StrictVersion throws an exception when parsing this version string.
Change to using LooseVersion which successfully parses version strings
such as this.
Fixes#20199
* Added new module: github_deploy_key
added a new module for managing deploy keys for GitHub repositories
* Updated github_deploy_key module based on feedback
- added GPL header
- switched to using fetch_url instead of requests
- changed version to 2.4
- set no_log for otp and token arguments
- implemented check mode
* made github_deploy_key module PEP8 compliant
Now that remote-to-remote copies are supported in the copy module,
the module documentation has been updated to indicate this in the
synopsis and examples to make the capability obvious for someone
skimming the documentation.
refactors the Connection class to use the top level function. This will
make the request_builder() function useful for other components such as
action handlers.
* Add junos_banner declartive module
* junos_banner implementation
* Integration test for junos_banner
* Integration test for net_banner (junos)
* Minor fixes
* Minor doc change
The method name was missing a 'd'. The method was not used anywhere
however, so no other code needs to be changed. Neither 'has_chilren'
nor 'has_children' are used in the codebase.
* Add net_interface declartive module
* Add net_interface module
* Add junos_interface implementation module
* Other minor changes
* Add integration test
* Integration test for net_interface
* Integration test for junos_interface
* Fix CI failures
* Documentation changes
* adds new common functions for declarative intent modules
* adds Entity and EntityCollection
* adds dict_diff and dict_combine
* update for CI PEP8 compliance
* more CI PEP8 fixes
* more PEP8 CI clean up
* refactors the lambda assignments into top level classes
this is to be in compliant the PEP8 CI sanity checks
* one last pep8 ci fix
* Add nxos_nxapi tests
* Simple changes to nxos_nxapi
* Move validation to check_args
* Don't mark protocol change unless change is requested
* Add different regex to handle HTTP{,S} ports on a different version of nxos
* Updating ufw.py to support comments
* Revert "Updating ufw.py to support comments"
This reverts commit 54a42de97c77004d4755543bf310f0ec6e1b4d14.
* Support ufw v0.35 in ufw.py
* Add ufw version check to ufw module
* Initial commit for Pure Storage Ansible module
* Initial commit for Pure Storage Ansible module
* Initial commit for Pure Storage Ansible module
* Fix import issues as required by post-2.2
* Move last import to top
* Follow suggestions and only implement one module per PR
Fix documentation changes requested
* Documentation and formatting changes
Setting default values for FieldAttribute values created in the Base class
prevents the _get_parent_attribute() code from working correctly, as the value
is always non-None.
Related to #22924
The boto Route53 get_all_rrsets method will return the record set
matching the name, type, and identifier specified, followed by ALL
subsequent sets in alphabetical order based on name. If the specified
set does not exist, the method will still return all the sets that
_would_ have come after it. Searching through sets we know will not
match is not just a waste of resources but, more importantly, often
triggers AWS API throttling when used on zones with large numbers of
records.
finished normalizing of path handling
removed overloaded '-p' from init_paths option, it is for role_paths
removed expand_tilde and get_opt methods as both were redundant, adjusted rest of code
updated tests to match
* Add vyos_user implementation module
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Integration test for vyos_user
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Make state absent work
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Unit test for vyos_user
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Standardize user names
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Modify integration test with idempotent case
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Add role as alias to level
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Allow EC2-VPC instances to update SG
make ec2 pep8
* use sets instead of loop and a break
* bring things in an indentation level
* Use to_text instead of str, text_type instead of basestring, - instead of difference
* basestrings not unicode
* simplifying syntax
* Start of ansible config project
moved configuration definitions to external yaml file vs hardcoded
* updated constants to be a data strcutures that are looped over and also return origin of setting
changed to manager/data scheme for base classes
new cli ansible-config to view/manage ansible configuration settings
* prints green for default/unchanged and yellow for those that have been overriden
* added list action to show all configurable settings and their associated ini and env var names
* allows specifying config file to see what result would look like
* TBD update, edit and view options
removed test for functions that have been removed
env_Vars are now list of dicts
allows for version_added and deprecation in future
added a couple of descriptions for future doc autogeneration
ensure test does not fail if delete_me exists
normalized 'path expansion'
added yaml config to setup packaging
removed unused imports
better encoding handling
updated as per feedback
* pep8
* allows win_scheduled_task to support adding and removing task paths
* fix line length for documentation
* added integration tests for path creation and removal
* removing ability to remove TaskPath if a task isn't removed. also removed superfluous line of code in Invoke-TaskPathCheck function
* Various fixes to VM customizations (from template)
This patch implements:
- New find_obj() function from vmware.py replacing get_obj()
- Implement proper resource_pool selection
- Fix productId implementation (was not working)
- Ensure that we are not changing anything that is not mandatory (hostName, orgName, fullName)
This is an alternative proposal to #24283
This does not fix#19860 yet though.
For our use-case, we do not want to customize the network information (or any information in fact).
What is used in the template should remain intact.
* Added find_obj() function
* Fix the returned object-list (unused yet)
* Small improvement
* Support DHCP type and fix customizations
* Small fix
* Support resource_pool also for reconfiguring VM
* Remove redundant
* Fix short hostname, specific resource_pool, PEP8
* Improve docs and examples
* Fix missing hostsystem
* Make folder absolute path
* Improve docs, add missing 'mac'
At present, the available facts around block devices are not sufficient to be able to find stable names guaranteed to work across reboots, or to identify block devices by label (UUID, etc).
This patch provides a list of observed links for each device. It relies on functionality specific to Linux (as does the existing sysfs-based code which it extends), but should not cause issues on other platforms.
Moreover, it prevents virtual devices from being excluded, and links such devices to the physical devices to which they are attached.
* Add more mount point statvfs info including sizes
Based on https://github.com/ansible/ansible/pull/12073
facts.utils.get_mount_size() now returns a dict of most
of the posix statvfs data, including block_size and inode
counts.
Update the facts.hardware classes that use get_mount_size() to
use the new info by mount_info.update(mount_statvfs_inof) to merge.
* add back unit tests for LinuxHardware mount/fs facts
* add test cases for facts.utils.get_mount_size
* region isn't required for ec2.py; allow endpoints to be used
* move where aws_connect_kwargs is set
* remove camel_dict_to_snake_dict and display error message
