* Better handling of malformed vault data envelope
If an embedded vaulted variable ('!vault' in yaml)
had an invalid format, it would eventually cause
an error for seemingly unrelated reasons.
"Invalid" meaning not valid hexlify (extra chars,
non-hex chars, etc).
For ex, if a host_vars file had invalid vault format
variables, on py2, it would cause an error like:
'ansible.vars.hostvars.HostVars object' has no
attribute u'broken.example.com'
Depending on where the invalid vault is, it could
also cause "VARIABLE IS NOT DEFINED!". The behavior
can also change if ansible-playbook is py2 or py3.
Root cause is errors from binascii.unhexlify() not
being handled consistently.
Fix is to add a AnsibleVaultFormatError exception and
raise it on any unhexlify() errors and to handle it
properly elsewhere.
Add a _unhexlify() that try/excepts around a binascii.unhexlify()
and raises an AnsibleVaultFormatError on invalid vault data.
This is so the same exception type is always raised for this
case. Previous it was different between py2 and py3.
binascii.unhexlify() raises a binascii.Error if the hexlified
blobs in a vault data blob are invalid.
On py2, binascii.Error is a subclass of Exception.
On py3, binascii.Error is a subclass of TypeError
When decrypting content of vault encrypted variables,
if a binascii.Error is raised it propagates up to
playbook.base.Base.post_validate(). post_validate()
handles exceptions for TypeErrors but not for
base Exception subclasses (like py2 binascii.Error).
* Add a display.warning on vault format errors
* Unit tests for _unhexlify, parse_vaulttext*
* Add intg test cases for invalid vault formats
Fixes#28038
* azure_rm_virtualmachine: added support for specifying custom image
* Use separate parameter for custom_image, add very basic test
* missed the version_added tag for doco
* removed whitespace I accidentally left in
* merged custom image into the image dict and added more tests
* added one more test
* Protect AWS credentials from accidental commits
* Improve documentation for IAM policies
* Update ELB tests to be multi region
Allow AZs to reflect the region in which the tests are run.
This will not work for regions with fewer than three AZs,
but those are relatively rare
This fix adds details about snapshots in result of
vmware_guest_snapshot, when operation is successful.
Fixes: #32154
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Move profile and region checking to module_utils.ec2
Remove ProfileNotFound checking from individual modules
There are plenty of `if not region:` checks that could be removed,
once more thorough testing of this change has occured
The ec2_asg, iam_managed_policy and ec2_vpc_subnet_facts modules
would also benefit from this change but as they do not have tests
and are marked stableinterface, they do not get this change.
* Add configuration of vlan trunk, security settings and port policies, and tests
This commit adds the following capabilities to the
vmware_dvs_portgroup module:
- Support for VLAN trunk portgroup
- Support for all security settings (promiscuous, forged transmits & mac
address changes)
- Support for all the port specific policies
- port specific policies match the vCenter UI behaviour (for instance:
block override is enabled by default)
- Cleanup and use of proper API entities not root entities
- Integration testing
* Cleanup of docs and adding more examples
* win_dsc: improved parameter handling
* removed uneeded try/catch leftover from testing
* removed undeed return values
* added custom DSC to fully test out casting
* fix up codestyle issues
* using new Requires ps version check
* fixed up error message check on earlier ps version
* win_become: make it easier to become with an admin token
* Fixed up pep8 whitespace
* fix for Server 2008
* Added support for async and become on newer hosts and fix warnings
* show specific undefined var errors on -v in debug
allows users to get more specific information about undefined errors
as they might be looking at a complex data structure and need to find
the specific leaf that has the issue
* now tests works at all verbosity levels
* updated to unicode objects
* win_package: add support for arguments as list
* re-added failure tests as they were accidentally commented out
* changed exit_code in failure messages to rc
* [ec2_ami_facts] new boto3-based module as a replacement for ec2_ami_find
- new boto3-based module to gather facts about ec2 images
- intended to replace ec2_ami_find which uses boto
- an ami find task (using new module) added to the ec2_ami integration test
* [ec2_ami_facts] Use AnsibleAWSModule. Catch BotoCoreError.
* add ec2_ami_facts alias to tests
* [ec2_ami_facts] return ami launch permissions as well
* Fix wrong prompt issue for network moodules
Fixes#31161Fixes#32416
* Store the device prompt in case of error
from remote device
* Check for prompt value in ios action plugin
* Add integration test
* add support to vmware_guest for template => vm conversion
While the vmware_guest currently supports conversion of VMs to templates
using the is_template argument, it does not support the inverse:
converting templates back into VMs. This change adds that
functionality.
When converting a template back into a VM, the extra config option
"uuid.action" is also set so that VMware will automatically create a new
UUID for the converted VM. If the "uuid.action" setting is already
configured, it will not be modified. Setting this prevents an
interactive question from being raised when attempting to boot the VM.
* Add integration tests for vmware_guest is_template
* Add additional idempotency test for vmware_guest is_template
Also add tests for vmware_guest_snapshot, but disable them due to
vcsim not fully supporting such operations yet.
Implement changes suggested in review. Also fix same in remove_or_revert_snapshot() for consistency
These tests are doing string matches on the error condition. Update
them to match the new strings. This is probably okay to push out to old
releases even though it's technically backwards incompatible because
production playbooks won't be checking that a parameter was missing.
Param missing is something detected and fixed while writing the playbook.
* add static route and hsrp it cases
* add snmp_user and snapshot it
* password strength correction
* fix typo
* add compare snapshot as it is fixed in the code now
* skip snapshot tests for titanium
* titanium and nxapi conditions added