* also consolidated temp dir name generation, added pid for more 'uniqness'
* generalize error message
* added notes about remote expansion
CVE-2020-1733
fixes#67791
* Force collections to be static
Templating of collection names does not work at all. Force them to
be static so that a warning is generated for the user.
* Add collectionsearch unit test and fix for reviews
New unit test validates the new _load_collections() code and moves
the new check to the end of the method.
* Change unit test to pytest
* Adjust unit test to use capsys instead of monkeypatch
* Fix pep8 error
* Add changelog fragment
Closes#68704
* subversion module - provide password securely with svn command line option --password-from-stdin when possible, and provide a warning otherwise.
* Update lib/ansible/modules/source_control/subversion.py.
* Add a test.
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Don't trigger full CI run for changes to changelogs/ and docs/ in collections.
* Add changelog fragment.
* Update changelogs/fragments/68550-ansible-test-docs-changelogs.yml
Co-Authored-By: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* Update docker.txt to use the OpenSUSE 15.1 container image
Signed-off-by: Rick Elrod <rick@elrod.me>
* handle installing mysql on suse
Signed-off-by: Rick Elrod <rick@elrod.me>
* add changelog fragment
Signed-off-by: Rick Elrod <rick@elrod.me>
* Update changelogs/fragments/ansible-test-opensuse-15.1.yml
Co-Authored-By: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* Update tests to use RHEL 7.8.
Keeping support for RHEL 7.6 since collections are still using it.
* Fix tests for RHEL 7.7+ due to extras repo name change.
* fixed fetch traversal from slurp
* ignore slurp result for dest
* fixed naming when source is relative
* fixed bug in local connection plugin
* added tests with fake slurp
* moved existing role tests into runme.sh
* normalized on action excepts
* moved dest transform down to when needed
* added is_subpath check
* fixed bug in local connection
fixes#67793
CVE-2019-3828
* Allow tasks to notify a fqcn handler name
* Add tests. Fixes#68181
* Add changelog fragment
* Add test to ensure handlers are deduped properly with fqcn, role, and just handler names
* Add some docs about new special vars
fial_json() requires a message be given to it to inform the end user of
why the module failed. Prior to this commit, the message had to be a
keyword argument:
module.fail_json(msg='Failed due to error')
Since this is a required parameter, this commit allows the message to be
given as a positional argument instead:
module.fail_json('Failed due to an error')
* Always set the discovered interpreter on the delegated host. Fixes#63180
* Make code a little more generic
* Move code into a function
* Implement some changes based on reviews
* Add changelog fragment
* when possible, use filedescriptors from mkstemp to avoid race
* when using path strings, ensure we are always creating the file
CVE-2020-1740
Fixes#67798
Co-authored-by: samdoran
The last task in a play should now properly report code coverage.
This change should also eliminate empty coverage files, as well as incomplete coverage files resulting from early worker termination.
* Fix test_check_mutually_exclusive exception-checking
Asserting inside of the `with` context of `pytest.raises`
doesn't actually have any effect. So we move the assert
out, using the exception that gets placed into the scope
after we leave the context, and ensure that it actually gets
checked.
This is also what the pytest documentation says to do:
https://docs.pytest.org/en/latest/assert.html#assertions-about-expected-exceptions
Signed-off-by: Rick Elrod <rick@elrod.me>
* Add some tests for check_required_together
Signed-off-by: Rick Elrod <rick@elrod.me>
* use to_native instead of str, for consistency
Signed-off-by: Rick Elrod <rick@elrod.me>
* Add newlines for pep8
Signed-off-by: Rick Elrod <rick@elrod.me>
* Add tests for check_required_arguments
Signed-off-by: Rick Elrod <rick@elrod.me>
* Sort missing keys in error message, since hashes are unsorted and this can be random
Signed-off-by: Rick Elrod <rick@elrod.me>
* Add changelog entry
Signed-off-by: Rick Elrod <rick@elrod.me>
* fix vault tmpe file handling
* use local temp dir instead of system temp
* ensure each worker clears dataloader temp files
* added test for dangling temp files
* added notes to data loader
CVE-2020-10685
* Remove some unreachable code in the file module
Remove some cases in file.py which are covered by conditionals a few
lines earlier. Remove the duplicate code which will never be hit.
Signed-off-by: Rick Elrod <rick@elrod.me>
* Restore incidental file coverage from timezone module
Signed-off-by: Rick Elrod <rick@elrod.me>
* Combine two conditionals, add a changelog entry
Signed-off-by: Rick Elrod <rick@elrod.me>
* Make new test syntax consistent, add two stat tests
Signed-off-by: Rick Elrod <rick@elrod.me>
* Support pre-releases via new SemanticVersion. Fixes#64905
* Don't treat buildmeta as prerelease
* Don't inherit from str and int
* Add helper method to try and construct a SemanticVersion from a LooseVersion
* Don't count major 0 as pre-release, it's different
* Guard against invalid or no version in LooseVersion
* return a bool
* Add integration tests for pre-release
* Fix up lingering issues with comparisons
* typo fix
* Always allow pre-releases in verify
* Move pre-release filtering into CollectionRequirement, add messaging when a collection only contains pre-releases
* Update changelog
* If explicit requirement allow pre releases
* Enable pre-releases for tar installs, and collections already installed when they are pre-releases
* Drop --pre-release alias, make arg name more clear
* Simplify code into a single line
* Remove build metadata precedence, add some comments, and is_stable helper
* Improve from_loose_version
* Increase test coverage
* linting fix
* Update changelog
* remove azure extras and extras_require support
* Since Azure will be collectionized, the requirements will float more frequently than Ansible releases; the Azure collection needs to host the requirements now.
* Removed the dynamic extras support as well, since Azure was the only thing using it. If we need it again, it's easy to pull back from history.
* Mark azure-requirements as orhpaned.
This keeps the docs around so that existing links from old test runs remain valid.
Co-authored-by: Matt Clay <matt@mystile.com>
Now empty `*.py` files are ignored during module_utils import analysis for change detection.
This eliminates "No imports found" warnings for files which should have no imports.
* Address compat issue for collection loading on py26
* Move import_module shim to utils for compat across the codebase
* Enable collection tests on py2.6
* Update changelog fragment
* Simplify code using sys.moduls
* Move compat to module_utils/compat/importlib
* Add back errantly deleted newline
* Remove hack comment
Co-Authored-By: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* win_timezone - Allow for _dstoff timezones
* Update win_timezone-Allow-dstoff.yml
* Added doc entry for new format
Co-authored-by: Jordan Borean <jborean93@gmail.com>
* ansible-galaxy - optimise some paths and use fake galaxy int tests
* Added init, built, and publish tests
* Test against both mocked Galaxy and AH server
* Finish off writing the install tests
* Fix up broken tests
* Rename test target and add migrated tests
* Use cloud provider for Galaxy implementation
* Added blank static config
* Use correct alias group
* Set release version and fix copy typo
* Remove reset step as it is no longer needed
* Use sane env var names for test container name
* Run modules on windows container
This provides an ability to run Powershell modules on windows container via docker connection. Otherwise, Ansible tries to run python modules on windows containers and fails.
* Removing whitespace in the blank lines
* Adding a changelog fragment
* fix:git module ignores remote_tmp
* WIP: added the changelog fragment and edit comment
* Revert "WIP: added the changelog fragment and edit comment"
This reverts commit 2f739df619.
* WIP: added changelog fragments
* WIP: added changelog fragment
* WIP: fixed spelling in changelog fragment
* reworked sqs_queue
* Switch default purge_tags behaviour to false.
This matches the behaviour of ec2_tag and ecs_tag.
* Minor lint / review fixups
* Add missing AWS IAM policy for SQS tests
* Move integration tests to using module_defaults: group/aws:...
* add changelog
* Break out the 'compatability' map from our spec definition (gets flagged by the schema validation)
* Tweaks based on review
* add basic examples
* Lint fixups
* Switch out NonExistentQueue logic so it's easier to follow
* Reorder name argument options for consistency
Co-authored-by: Dennis Podkovyrin <dennis.podkovyrin@gmail.com>
* Allow passing through of (almost) all params available on boto methods in aws_api_gateway
* Linting and docs fixes
* Refactored method signature of create_deployment() to use keyword args instead of named args
* Updated version_added flags to 2.10
* Cleanup and improve aws_api__gateway integration test play. Also included new params into test.
* Fixed RETURN docs and some ttests
* Completed RETURN docs and made integration tests match
* Fixed variable names in test and YAML syntax in docs
* Comment out critical sections of integration test
* Fixed update test after figuring out what the error message means. Also updated error message to be more descriptive.
* Fixed test assertion
* Update docs and make tests reflect that endpoint type wont be changed on updates
* Syntax fix
* Add changelog fragment
* Improve aws_api_gateway docs, fix typos.
* Quote doc lines with colon
* Cleanup tests
* Auto-Retry on ResourceNotFound and RequestInProgress exceptions
* Use AnsibleModule options for required_if logic
* changelog
* Remove (now) duplicate RequestInProgressException catching
* Allow a single retry when attempting to fetch the information about a cert directly after deleting it.
There is a small chance that it goes away while we pull the details.
* add key rotation option
* add changelog fragment
* provide version added as string
* change changelog to minor_changes
* Update changelogs/fragments/67651-aws-kms-key-rotation.yml
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* prevent key upgrade if key rotation was enabled manually. In that case, the key rotation would be disabled, if not mentioned in the playbook
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
Co-authored-by: Mark Chappell <mchappel@redhat.com>
Handle NoneType error occured due to accessing host system service info
in vmware_host_service_info module.
Fixes: #67615
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fixed#47050
* added changelog fragment
* added quick and basic test
* Revert "added quick and basic test"
This reverts commit 75f4141656.
* added better tests
* now also creating files to copy on the remote
* removed tests for recursive copying which is not supported by remote_src
* sns_topic: (integration tests) Move the tests over to using module defaults
* sns_topic: (integration tests) Add test for behaviour of changed when using delivery_policy
* sns_topic: ensure "changed" behaves properly when managing delivery policies
- a delivery_policy isn't an IAM policy, so compare_policies didn't cope with it
- AWS automatically adds an additional option when you set an HTTP delivery
policy
* Parse the delivery policies so we can test the changes properly
* Remove dead code key_matches_filter/key_matches_filters
* Fail more cleanly when we don't recognise the 'shape' of KMS policy
* Refactor aws_kms to bring down the complexity
* Minor docs tweaks
* Changelog fragment
* Fixups from review
* cloudfront_distribution: (integration tests) Migrate to using module_defaults
* cloudfront_distribution: (integration tests) Use the ID rather than the alias
Using aliases requires providing a valid SSL certificate, as such we're not longer able to test using an arbitrary hostname
* cloudfront_distribution: (integration tests) Make sure we delete the test s3 bucket when tests fail
* cloudfront_distribution: field_level_encryption_id is now a mandatory field always add it
Setting the field to an empty string has the same effect as the original behaviour.
* Copy & Paste fixup
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
* ec2_tag - Deprecate the use of state=list
* Update lib/ansible/modules/cloud/amazon/ec2_tag.py
* Add changelog and porting_guide entries
Co-authored-by: flowerysong <junk+github@flowerysong.com>
* required_if checks should have three or four parts.
* Validate mutually_exclusive, required_together, required_one_of, required_if and required_by.
* Simplify code.
* Improve messages.
* Add changelog.
* Sanity check.
* Update docs.
* Update ignore.txt.
* Don't continue with tests when terms are not strings.
* Remove ignore.txt entry.
* Make sure validate-modules doesn't choke on things already flagged by schema test.
* Check required_if requirements list for strings.
* added omit_date option for template dump
omit_date=yes removed the date field in the exported template
* Update zabbix_template.py
- ansibot fixes
- better function call handling
* Update zabbix_template_info.py
* Create 67302-zabbix_template_info-add-omit_date-field
* Rename 67302-zabbix_template_info-add-omit_date-field to 67302-zabbix_template_info-add-omit_date-field.yml
* Allow botocore configuration to be configurable for boto3 modules
* Allow modification of the boto user agent
* play nicely with modules that might be modifying config
* changelog
* 'message' parameter is replaced by 'commit_message' in grafana_dashboard
* 'message' parameter is replaced by 'notification_message' in datadog_monitor
This change is required since 'message' as parameter name is used internally by
Ansible core engine.
Fixes: #39295#45362#47132#59617
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* facts virtual: detect KVM when product_name is 'KVM Server'
* added changelog fragment for "facts virtual: detect KVM when product_name is 'KVM Server'"
* Add multi-domain forest Support
cloned extra_args so there is no check for credentials needed.
Fixed Formatting
added missing extra_args to pure state
* minor Fixes
do not clone $extra_member_args again
do not overide $name
better description
* added Changelog
fixed typo in Documentation
* [aws_s3] fix deleting the current objects and the previous versions from a version-enabled bucket
* use existing paginated_list function to keep compatibility with the other places it is called
* changelog
* Add noteworthy change to the porting guide
* Reword that with acozine's suggestion
Co-authored-by: Alicia Cozine <879121+acozine@users.noreply.github.com>
* Fix DHCP support in win_dns_client + more
* Fix bugs and test failures, add changelog fragment
* Add idempotency tests for DHCP
* Address review feedback; dedup address-family code
* Remove legacy function
* Remove old reference
User can now specify tag and category using dict in vmware_tag_manager
module. This is useful when tag or category name contains colon.
Fixes: #65765
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Start adding ansible-galaxy collection list options
* Working list all collections and list a specific collection
* Nuke debugging cruft
* Use to_text to get a string of the FQCN for sorting
* Improve collection output formatting
- add header
- display collection name and version in separate columns
- width of columns is dynamic based on collection name and version length
* Make role list output match collection output list
- add header
- add columns for role name and version
- make column width dynamic based on name and version length
* remove debug statemnt and extra header
* Revert "Make role list output match collection output list"
This reverts commit a0b3db47bb3b198aafd34c1f1be5b6561af2f928.
* Add validate_collection_path function
Utility function for ensuring a collection target ends with 'ansible_collection'
* Use validate_collection_path
* Do not warn if a specific collection in found in any search path
* Fix extraneous warning and remove duplicate code
Do not warn when listing a specific collection and it does not exist
in other collection paths.
Restructure the code that loops through collection paths to remove
duplicate conditional code.
* Indicate role path was found
* Use new function name
* WIP Save Point
* Use separate functions for role and collection list
* Wrap error message
There may be a better way to do this besides hard coding a line break, but this
does make the message a lot more readable.
* Add validate_collection_path function (#66441)
* Add validate_collection_path function
Utility function for ensuring a collection target ends with 'ansible_collection'
* Fix bad syntax
* Correct docstring
* Bikeshed the names
* Properly list a single role
* Simplify _display_warnings()
Only display warnings. Move exception raise back to each caller.
* Move private methods to private functions
They don't need self, so it makes sense to have them as functions
Get rid of _display_warnings() function since it doesn't do anything worthy of
an independent function.
* Add integration tests for ansible-galaxy collection list
* Fix docs sanity test
* Fix bug where ansible_collections dir does not exist
The path may exist, but if there is no ansible_collections dir inside that path,
an exception was raised in find_existing_collections().
Add integration test for this scenario
* Put execute_list() method back
* Add some informational messages for debugging
* Add unit tests
Units tests for the various private methods in support of collection list
* Start adding unit tests for test_execute_list
* Display collection path when listing specific collection
* Add unit tests for listing all collections and specific collection
- Create fixture for creating test objects
- Add function for controlling os.path.isdir results
* Set defaults for minimum collection widths
Ensure that collections with small FQCNs display correctly.
Add unit tests
* Split up unit tests and fix fixtures
Add more fixtures for mocking objects during the specific collection tests
* Change help message for -p in list subcommand
Give accurate description of what it actually does rather than trying to use language shared between sub commands.
* Disable colorized output in unit test
* Add docs for collection list
* Fix integration test on macOS
The temp file path is really long on macOS, so the warning message gets wrapped
across multiple lines. That make seth grep fail. Switch to matching on a smaller
part of the warning.
* Recreate common path options for collections
Improve help about what the '-p' option does and how it works.
* Remove unnecessary elif after continue statements
* Account for duplicate paths in collections_searh_paths
If someone specifies the same path via '-p' that is the COLLECTIONS_PATHS,
do not list the collections twice.
* Docs updates
* [WIP] Add verify subcommand command to 'ansible-galaxy collection'
* Fix pep8 and use consistent display order
* WIP - docs
* Remove some redundancy in verify display messages by using an error queue for each collection
* Share common code and improve output format
* clean up documentation
* typo
* Apply suggestions from code review
Co-Authored-By: Sandra McCann <samccann@redhat.com>
* Move ModifiedContent namedtuple to the global scope
Add a public metadata property
Rename function to _get_json_from_tar_file
* Add some unit tests
* fix using common functions after rebase
* changelog
* Improve efficiency finding specific installed collections
Improve efficiency by only downloading the tar.gz from the galaxy server for comparison after checking that the collection has been installed
Handle multiple collection paths
Fix up tests
* pep8
* reword that for accuracy
* use more common code and verify collection name
* Improve error message and add documentation
* Update unit tests and add coverage for both local and remote collections that are unable to be located
* Only validate collections using the format collection_namespace.collection_name
Fix tests to reflect that
Fix documentation
* Fix a bug when a local collection does not contain a file
* pep8
* Fix formatting
Co-authored-by: Sandra McCann <samccann@redhat.com>
* win_package - Refactor with msp, appx support
* Added msi test for ALLUSERS
* Added some msix tests, refactored tests
* Added remaining msix tests
* Enable msix sideloading for tests
* Added remaining exe path tests
* Added basic msp tests
* Remove url options now the util no longer has them
* Fix file version check for older Windows hosts
* Remove no_proxy ansible-test setting
* Use same mechanism of become to copy the file with explicit creds
* AnsibleAWSModule related cleanup - redshift
* Apply a backoff on modify_cluster to cope with concurrent operations
* Add AWS 'hacking' policy to allow creation of Redshift ServiceRole
* Adding the retry policies makes the redshift test suite more reliable
* Make validate-modules stop ignore FILE_COMMON_ARGUMENTS.
* Add types to FILE_COMMON_ARGUMENTS and update document fragment to match it.
* Update ignore.txt.
* Add changelog.
* Clean up FILE_COMMON_ARGUMENTS.
* postgresql_pg_hba doesn't declare the backup option.
* uri doesn't declare the remote_src option.
* Add documentation.
* maven_artifact seems to use directory_mode, which it doesn't declare.
* Update changelogs/fragments/66389-file-common-arguments.yml
Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst
ci_complete
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
* Refactor coverage file enumeration.
* Relocate sanitize_filename function.
* Support sets when writing JSON files.
* Generalize setting of info_stderr mode.
* Split out coverage path checking.
* Split out collection regex logic.
* Improve sanitize_filename type hints and docs.
* Clean up coverage erase command.
* Fix docs and type hints for initialize_coverage.
* Update type hints on CoverageConfig.
* Split out logic for finding modules.
* Split out arc enumeration.
* Split out powershell coverage enumeration.
* Raise verbosity level of empty coverage warnings.
* Add code coverage target analysis to ansible-test.
The edgeos_config module had a list of commands to filter out to avoid
load failures. This list had a single regular expression which caught
commands that attempted to set pre-encrypted passwords. This behavior is
undesirable for a few reasons.
* It's poorly documented. The documentation makes cryptic mention of a
return value that some commands might be filtered out, but offers no
explanation as to what they are or why.
* It's hard-coded. There's no way for the user to change or disable this
functionality, rendering the commands caught by that expression
completely unusable with the edgeos_config module.
* The obvious workaround is unsafe. The filter catches passwords that
are already encrypted, but is perfectly fine letting the user set
plain-text passwords. EdgeOS will encrypt them upon commit, but this
module encourages unsafe handling of secrets up to that point.
* It's a security vulnerability if the user doesn't know about this
behavior. While the module will warn if commands are filtered, the
user won't know what got filtered out until after the fact, and may
easily miss that warning if they are not vigilant. For something as
sensitive as setting a password, it's not hard to imagine naive use of
this module resulting in incorrect credentials being deployed.
* It provides no discernible benefit. Using the module without filtering
does not result in load failures. If those commands are indeed harmful
for some reason on (old?) versions of EdgeOS, it should be incumbent
upon the user to be scrupulous in what commands they issue, rather
than the module maintaining a blacklist of possible ways the user
might misuse their own system.
* "openssl_certificate - Add option for changing which ACME directory to use with acme-tiny. Set the default ACME directory to Let's Encrypt instead of using acme-tiny's default. (acme-tiny also uses Let's Encrypt at the time being, so no action should neccessary.)"
* "openssl_certificate - Change the required version of acme-tiny to >= 4.0.0"
self._discovered_interpreter_key is None unless a previous iteration
has attempted discovery. In that case, force re-discovery, as the
previous attempt certainly failed.
* Fix UNC path joining in the powershell shell plugin, add test
* Remove testy bits and a redundant line
* Fix style nits
* Update to use os.ntpath
* Add changelog for #66604
* Fix#63077
If the package is already installed the stdout is not as expected by this function. Either remove `--needed` or just noop if we detect pacman returning. We cannot match the stdout string, as that is most likely localized.
```
[root@archBook user]# /usr/bin/pacman --upgrade --noconfirm --noprogressbar --needed /srv/aur/src/i3cat-git/i3cat-git-r38.c6d29dd-1-x86_64.pkg.tar.xz
loading packages...
warning: i3cat-git-r38.c6d29dd-1 is up to date -- skipping
there is nothing to do
```
* Add comment
Add comment
* Add changelog fragment.
Co-authored-by: Felix Fontein <felix@fontein.de>
* aws_netapp_cvs_snapshots - minor required_if fixup (state must be set if state=present)
* ec2 - fix typo in mutually_exclusive definition
* rds_instance: fix typo in mutually_exclusive restore_to_time should be restore_time - currently throws a boto error
This change moves all code for the `ansible-test coverage` command into the `coverage` directory.
Each subcommand is split into a separate file.
Only minor spelling changes were made aside from code relocation.
This makes it behave in a more idiomatic way
* Fix bug in Darwin facts for free memory
If the vm_stat command is not found, fact gathering would fail with an unhelpful
error message. Handle this gracefully and return a default value for free memory.
* Add unit tests
Fixed sphinx theme to navigate "Edit on Github" link to locate correct
plugin, cli source in GitHub repo.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Add 'force_basic_auth' option
By default "force_basic_auth" option is set to False, with this adjustment it is up to the user if it wants to enforce basic authentication.
PR #66898
This change introduces a new sanity check with code
`parameter-state-invalid-choice` in the `ansible-test sanity`
validator. It enforces modules not to support `list` or `info`
as their `state`.
Co-Authored-By: Sviatoslav Sydorenko <webknjaz@redhat.com>
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fixes#66478
* When no quantity is set, then candlepin server usually uses
default value 1. When more quantities are required, then
candlepin server can automatically choose correct minimal
value.
* Move warn() and deprecate() methods out of basic.py
* Use _global_warnings and _global_deprications and create accessor functions
- This lays the foundation for future functions being moved outside of AnsibleModule
that need an interface to warnings and deprecations without modifying them.
* Add unit tests for new warn and deprecate functions
Add integration test
There are a number of other parameters that result in stack traces as well when this module is used ad-hoc. I'm not sure if we're interested in fixing them all since this module isn't meant to be run ad-hoc.
I consistently reach a timeout with the current (10s) timeout. This
commit increases the default value to 30s, this should simplify the life
of our users.
Also, the documentation was incorrect. The value is in second, not minute.
* enable new update rule to delete missing linked templates
New update rule is available from 4.0.16 and 4.4.4 up. Add check for version and enable new update rule.
fixes#66720
* adding fragment file
* Update zabbix_template.py
* Update zabbix_template.py
* make sure current_pass_hash is a string before using it in comparison
* add changelogs/fragments file
* fix changelogs/fragments file: it is actually a bugfix, not a minor change
* throttle tests: fix detection of parallel execution
The test wasn't able to detect if too many workers were running.
On my laptop:
- without this change, the 'throttle' target takes ~20 seconds
- with this change, the 'throttle' target takes ~70 seconds
- 1 second isn't long enough to encounter the issue
* Fix throttle test when strategy is 'free' based
'free' strategy allows multiple tasks to be executed in parallel: use
one 'throttledir' per task.
Use 'linear' strategy with a dedicated play for cleanup/setup tasks
* throttle: reset worker idx before queuing a new task
* TestStrategyBase: define task.throttle
otherwise '1' will be used instead of the default value due to the
following expression being equal to '1':
int(templar.template(task_mock.throttle))
Co-authored-by: James Cammarata <jimi@sngx.net>
* Add new configuration parameter to make this timeout configurable
* Rename keys to be more correct and reformat exception message for whitespace handling
* Rename config away from default prefix. Add vars element and associated changes to support.
* Update 65001-allow_configuring_async_startup_timeout.yml
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
* Fixing errors on empty linked templates
fixes#66417
Line 409 fixes KeyError if existing template has no linked templates - as Zabbix API isn't returning an empty array either.
Line 417 is needed to mark as changed if new/modified template has no linked but existing one has.
Line 442 is needed to actually update even if link_templates was None.
* decode parsed xml root
fixes#66466
Line 533: without .decode() the ET.tostring on python3 returns byte-like object
* Create 66463-zabbix_template-fix-error-linktemplate-and-importdump.yml
* Update changelogs/fragments/66463-zabbix_template-fix-error-linktemplate-and-importdump.yml
Co-Authored-By: Dusan Matejka <D3DeFi@users.noreply.github.com>
* Update changelogs/fragments/66463-zabbix_template-fix-error-linktemplate-and-importdump.yml
Co-Authored-By: Dusan Matejka <D3DeFi@users.noreply.github.com>
Co-authored-by: Dusan Matejka <D3DeFi@users.noreply.github.com>
* Add validate_collection_path function
Utility function for ensuring a collection target ends with 'ansible_collection'
* Fix bad syntax
* Correct docstring
When HostVars are part of the data that goes through (de)serialization
when being passed from a worker process to the main process, its
variable manager reference loses some of its attributes due to the
implementation of __getstate__ and __setstate__ (perf utilization).
Since HostVars already has those attributes, use __setstate__ to assign
them.
Fixes#65365
Allow the built in commands for checking boot time to be overridden. This is mainly for containers and other odd systems where it would add too much complexity to the plugin code to try and discern the correct command to use.
On Python 2, leave all fds open since there is no mechanism to close specific fds with subprocess.Popen() on Python 2
Add unit tests.
Co-authored-by: Matt Martz <matt@sivel.net>
This change contains fixes for argument spec and respective datatypes.
Created separate PR since these changes might alter the behavior of these modules.
Will need shipit from individual module owner(s).
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Fixes#66549
The inefficiency improvement
https://github.com/ansible/ansible/pull/63713 introduced a bug where
`enablerepo` was not being honored if combined with
`disablerepo="*"`. This fixes that issue.
Signed-off-by: Adam Miller <admiller@redhat.com>
* Add integration tests
* Handle error in _get_diff_data()
* Change to warning rather than error
* Also change failure to warning in assemble action plugin
Redact GitLab Project variables which might include sensetive information
such as password, api_keys and other project related details.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* don't mix " and '
* rename functions that perform changes
* add diff, reorganize _present/_absent functions
* update tests to match function reorg
* add result to _exit_hostvars and removal of possibly sensitive information
* shallow copy dict for proper diff, add check_mode
* set check_mode to False for unit tests
* move _parse_meta back to it's original place
* use get_openstack_vars for diff when not in check_mode
* add changelog fragment
* remove the line that is suppressing the output being shown when running
terraform from ansible
* Address #56934 and #57044
* added changelog for bug fix for missing terraform output
Co-authored-by: Adam <adam.lemanski@gmail.com>
* RoleRequirement - Include stderr in the error message if there's a non-0 return code
* Don't try to concatenate str and bytes
Co-Authored-By: Sam Doran <sdoran@redhat.com>
* Deprecate Windows 2008, and 2008 R2
* Remove shippable nodes
* Update windows_faq.rst
Be less specific about 2008/R2 timeframes
* Update setup.ps1
tweak warning text
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
* Update ec2_vol.py
When `name` is specified, it ignores `zone` filter. That is you could not have same tag:Name in different zones.
* Add changelog fragment
* Add collection support with local for supported network platforms
* The legacy behavior of network action plugins using persistent
the framework is to override the connection=local with the actual connection type (network_cli/netconf/httpapi) based
on the value of transport option in provider.
* After the actual connection plugin is identified try to load it from
`ansible.netcommon` collection, if it fails load it from ansible
core. This is done to work with Ansible 2.10 and also maintain backward compatibility for
Ansible 2.9 version to ensure it works with network collections.
* To support this need to pass collection_list value to connection
plugins. As in case of connection=local it loads `persistent`
connection within action plugin which in turn invokes `network_cli`
or `netconf` connection. Similarly `network_cli` connection plugin invokes
`terminal` and `cliconf plugins and `netconf` connection plugin invokes `netconf`
`plugins` based on value on `ansible_network_os`.
* Add deprecation warning for connection=local support and
provider support for applicable platforms
* Fix CI failures
* Allow to not read content from file.
* Allow to feed content directly into _info modules.
* Allow to feed non-primary content into openssl_certificate, openssl_csr and openssl_publickey.
* Rename changelog.
* Bugfix of 65367: postgresql_query doesn't support non-ASCII characters in SQL files with Python3
* add changelog
* fix
* change changelog fragment, add example
As AnsibleModule._log_invocation is currently implemented, any parameter
with a name that matches PASSWORD_MATCH triggers the no_log warning as a
precaution against parameters that may contain sensitive data, but have not
been marked as sensitive by the module author.
This patch would allow module authors to explicitly mark the aforementioned
parameters as not sensitive thereby bypassing an erroneous warning message,
while still catching parameters which have not been marked at all by the
author.
Adds tests for various no_log states including True, False, and None (as
extracted by AnsibleModule._log_invocation) when applied to an argument with
a name that matches PASSWORD_MATCH.
Fixes: #49465#64656
* Modify the parent class for net_put and net_get
module to refer from `ActionModule` class in
network.py action plugin which contains the
common code for network plugins.
* Replace `_handle_template` with `_handle_src_option`
function name which is defined in common class.
* virtual facts: /proc/<pid>/environ is NULL-separated
* non-empty "container" env is a guest container
* This is consistent with `systemd-detect-virt --container`
* fact utils: line_sep option: specify delim for split
* allow using the same function to split null-delimited objects
Since 4.0.0 there is a field proxy_address for limiting proxy requests.
Official Docs: "Proxy address If specified then active proxy requests are only accepted from this list of comma-delimited IP addresses, optionally in CIDR notation, or DNS names of active Zabbix proxy.
This field is only available if an active proxy is selected in the Proxy mode field. Macros are not supported.
This option is supported since Zabbix 4.0.0."
updated documentation/help
fixed test issues
fixed version_added not a string
fix suggestions by D3DeFi
added changelog fragment
applied D3DeFi suggestions
way cleaner and better readable
Updates the user module to support pull request #64733. Neither the
update_password or password_lock field contains sensitive information, so
mark them as such.
* Use is_sequence, and Mapping throughout, add support for tuples. Fixes#65722
* Address tests
* Remove unused import
* Add changelog
* Add docstring for clarity
* Argh, linting fix
* Not chasing this rabbit
* wrap_var doesn't return a ref to the original item
* no ref tests
* Remove unused import
* #65993 - update restart policy (restart policy & restart retries) without restarting the container
* - proper indentation on the continuation-line
- set restart_policy to the correct value independent from the api version
* - move restart_policy definitions into the if block
- add a new variable for the restart_policy configuration value
* add changelog fragment
* typo; minus -> underscore
* rename changelog fragment to contain the correct module name
* rename restart_policy_config_value to just restart_policy and refer to the correct dict values
* Add support for timeout while waiting for state.
* Allow to limit removal wait time.
* Add changelog.
* Forgot version_added.
* Add some check mode tests.
* Use removal_wait_timeout in tests.
* Parse Healthcheck.StartPeriod properly
* Add changelog fragment
* Use proper markup in changelog
Co-Authored-By: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Allow to inspect containers directly.
* Wait for containers to be removed before recreating them.
* Also wait for containers to be removed before creating them.
* Add changelog.
* Fix multiple subnet (of same IP version) idempotence for docker_network.
* Add changelog.
* Unit tests no longer make sense, since the part of the code they test has been removed.
* Re-add CIDR validation. Move it to better position (module setup instead of idempotence check).
* Update changelog.
* Only run new tests on VM test images.
* Actually do what is documented. Especially since an empty object is a valid value for aux_addresses.
In addition to signing update queries also use the TSIG key to sign
lookup queries. By doing that we allow a hidden master to not only to
be looked down network wise, but also TSIG wise.
A bonus benefit of threating update queries and lookup queries more
the same is that will allow for all queries to be refactored into a
shared helper method. Currently we have a bit too much duplicated code
within the module.
Check for virtualNicManager in Esxi host system before accessing properties in vmware_vmkernel_info.
Fixes: #62772
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Load the cache plugin for the inventory script plugin and fix update cache logic
* Remove the illusion and let individual scripts deal with it
* reword that
* Deprecate instead of a hard failure
* changelog
* Fix netconf plugin related to collections
Fixes#65655 (partly)
* Make netconf plugins configurable so that the
information of ncclient device handler
for give platform resides in the platform
specific netconf plugin.
* If the device handler value in ncclient is
different from the ansible_network_os value
the right value of `ncclient_device_handler`
should be set in the plugin documentation.
* Fix review comments
* Fix CI issue
* Fix review comment
elb_network_lb.py: allow UDP and TCP_UDP protocols
- Fixing documentation
- Add support to UDP and TCP_UDP as described on AWS SDK
elb_target_group.py: allow UDP, TLS, TCP_UDP proto
- Fixing documentation
- Making health checks with response codes and paths only in HTTP/HTTPS
- Allow UDP, TLS, TCP_UDP protocols as described on AWS SDK.
others:
- Added changelog fragments
- Integration test
Fixes: #65265
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* free strategy - include failed hosts that were notified so --force-handlers is used
* trim line length a bit
* Loop over the force handler tests with the strategies linear and free
* rename changelog
* Use the play iterator instead of TQM for accurate failure representation in blocks
* Remove hack in a backwards compatible way for 3rd party plugins
* Fix copy/pasta for ecs_ecr test names
* Add support for lifecycle policies to ecs_ecr
New feature for ecs_ecr to support [ECR Lifecycle Policies][].
Fixes#32003
[ECR Lifecycle Policies]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html
* Improve error message for ecs_ecr parsing errors
Replaces the exception and stack trace with a description of what's
actually going wrong from a user perspective.
* Rename delete policy to purge policy
Marks the `delete_policy` parameter as deprecated, to be removed in
Ansible 2.6.
* Add version_added to purge_policy
* Remove changing results based on verbosity
What I really want is --diff support, and changing results based on
verbosity is abnormal.
* Ensure repository name is lowercase
* Fix deprecation cycle to 4 releases
* Use a YAML anchor for credentials
* Remove filters from assertions
* Add minimal permissions needed
* Updating version_added and deprecation cycle
The original PR sat while a few releases happened.
* Bumping version added and deprecation version
We missed the 2.8 release.
* Removing bare except:
This is not allowed and is generally bad practice.
* Fix lint errors
* update ansible release metadata
* Use the new alias deprecation scheme
This was added in the time the PR has been in development, so rework
things to use it.
* Add test coverage
This makes sure that lifecycle_policy is produced when passed in.
*Also a minor suggestion for simplification from PR.
* Restore changes from 62871 lost in rebase
* Add changelog
* Remove version_added for new purge_policy option
Per sanity test fail.
* Move new Ansible cli options '--ask-vault-password' and '--vault-pass-file' to the existing calls to add_argument
* Add changelog fragement
* Change order of ansible cli arguments to use --ask-vault-password and --vault-password-file by default
* Update runme.sh in vault integration tests to test new options --ask-vault-password and --vault-pass-file
Rather than silently processing extra_vars filename without @ sign,
CLI now fails with appropriate warning about requirement.
Fixes: #51857
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Modified to include plan information.
* Fixed where plan is passed to the virtual machine object.
* Added changelog file
* Update changelogs/fragments/65335-add-plan-to-azure-vmscaleset-module.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Added plan suboptions with required flag. Removed code block checking plan since suboptions were added.
* Changed true to True. Added space after commas where failed tests indicated.
* Removed extra blank line. Added promotion_code to plan param list.
* Trying to fix indention issue
* Trying to fix indention
* Changed example capacity to trigger build check. Last failure was not due to code.
* Removed property for accepting terms and code block using it..
* Removed extra unneeded spaces.
* Simply sorting of Windows files below other plugin types
Using the sort method with a custom key function uses less memory than creating multiple lists then joining them.
This seemed to be an acceptable use of a lamdba, even though I geneally try to avoid them.
* Fix sorting of plugins inside of collections
Explicitly sort Windows files below others, mimicking what we do in plugin/loader.py
* Add documentation about ansible.builtin and ansible.legacy
Also document to the two different methods used for searching based on the candidate type.
* Add changelog
* Add integration test
* Update comment with expected sort order
* Fix network action plugin load in collection
Fixes https://github.com/ansible/ansible/issues/65071
* Load network action plugin that matches the module
prefix name from list of collections.
* Update changelog
* Fix unit test
* Fix nxos_file_copy option value path validation
* Modify `local_file`, `local_file_directory` and
`remote_file` option type from `str` to `path`
so that the option value is validated in Ansible
for a legitimate path value
* Fix review comments
* fixes bug: visible_name was not updated when not set in existing host in zabbix
* Update changelogs/fragments/fix_zabbix_host_visible_name.yml
Co-Authored-By: Dusan Matejka <D3DeFi@users.noreply.github.com>
* Update lib/ansible/modules/monitoring/zabbix/zabbix_host.py
Co-Authored-By: Dusan Matejka <D3DeFi@users.noreply.github.com>
* The become method name check is not required in network_cli
as the become command is specific to platform and is implemented
in the platform specific terminal plugins
* Fix action plugin isse with network connection type in common collection
* For network connection in common collection the value of
ansible_connection is the FQCN of the connection type
For example ansible_connection=network.common.network_cli
* Add fix in supported network action plugins to extract
the connection name from FQCN
* Fix CI issue
* Fix review comments and update community network action plugins
if user sets 'write_files' to False or does not set value, then
handle file write related operations.
Fixes: #64936
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
CVE-2019-14904 - solaris_zone module accepts zone name and performs actions related to that.
However, there is no user input validation done while performing actions.
A malicious user could provide a crafted zone name which allows executing commands
into the server manipulating the module behaviour.
Adding user input validation as per Solaris Zone documentation fixes this issue.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Since older versions of paramiko do not require cryptography,
we cannot catch the exact exception from cryptography.
Remove other exceptions since we're catching everything now
Previously you'd get one of the following behaviours:
- A boto3 error
- Nothing would change
- An error that you're not allowed to change the strategy
So of the bahaviour would depend on the random order that AWS returns the list of all Placement Groups
* Use correct var, move cleanup for async
* Add changelog and tests. Fixes#65393. Fixes#65277.
* Kill off all long running async tasks from listen_ports_facts
* Update task to work with older jinja2
If user specifies a port number in vmware_vm_inventory plugin configuration,
then use that port to connect to vCenter rather than connecting to 443 which
is default port.
Fixes: #64096
* Finished implementing the "start" parameter to the nagios module. The backend functions already had it; this change just exposes it. This allows setting the time a Nagios outage begins rather than always starting at the time the module was run. If not provided, "start" defaults to the current time (preserving compability with existing playbooks).
* Changed default start time to None, as per comment by @goneri. This avoids initializing the variable twice.
* win_find - refactor to make more performance and use newer style
* win_find - refactor for performance improvements and alignment to find
* More path alignment to find
* Fix yamllint error
* Fix encrypt command output when using --stdin-name
Add a new line after reading input if input doesn't end with a new line
* Only print is we're in a tty
* Add changelog fragment
* Add test for print() call in module_utils and modules.
* Add changelog fragment.
* Add ignore.txt entries.
* Use blacklist plugin instead of adding a new.
* Update ignore.txt
Although it's not enforced that fail_json['msg'] should be a string
[1], I think it is pretty strongly implied.
In this case the failure_response['msg'] is sent through as the
fail_json['msg'], and the trailing commas here turn it into a tuple.
It's not clear if this is a typo or intended, but it does cause
problems for callbacks that expect this as a string (e.g. [2]).
Since there seems no point to having these values as a tuple, remove
the trailing commas so they return a string as per everywhere else.
[1] 4c589661c2/lib/ansible/module_utils/basic.py (L2078)
[2] https://review.opendev.org/#/c/696081
* win_share - Implement append paramtere for access rules
* changed fragment
* add test
* missing bracket
* removed whitespace
* Wrong number of lines
* Forgot the actual new parameter in the test
* community review
* Change option names
* version update
* Update tests.yml
* Add idempotence to rule_action: add
* Ensure `allow_duplicates: true` enables to run single role multiple times(#64902)
* Changed return value in `_load_roles` . Fixes#64902
* Add changelog fragment
* Add an integration test for the issue
* Fix changelog generation error and integration test.
* Fix yaml syntax error in changelog fragment
* The ssh key may be created manually prior the task execution with a
passphrase. And the task will be executed on the same key.
* The ssh key may be broken and not usable.
The module will check the private key and if the key is password
protected or broken, it will be overridden.
The check of the ssh key performed by retrieve the public key from the
private key.
Set the "self.force" check before the "isPrivateKeyValid" check.
In case of any issue with the "isPrivateKeyValid" function, the user
will be able to force the regeneration of the key with the "force: yes"
argument.
* ufw: escalate privileges in integration tests
A few of the integration tests for the UFW module forgot to `become`.
This is problematic if the test suite is executed as a non-privileged
user. This commit amends that by adding `become` when appropriate.
* ufw: add unit tests for direction and interface
Extend the unit tests for the UFW module to test the `direction` and
`interface` parameters. This will help in the implementation of a fix
for issue #63903.
* ufw: add support for interface_in and interface_out
The UFW module has support for specifying `direction` and `interface`
for UFW rules. Rules with these parameters are built such that
per-interface filtering only apply to a single direction based on the
value of `direction`.
Not being able to specify multiple interfaces complicates things for
`routed` rules where one might want to apply filtering only for a
specific combination of `in` and `out` interfaces.
This commit introduces two new parameters to the UFW module:
`interface_in` and `interface_out`. These rules are mutually exclusive
with the old `direction` and `interface` parameter because of the
ambiguity of having e.g.:
direction: XXX
interface: foo
interface_XXX: bar
Fixes#63903
* Elevate privileges for luks_device integration tests
Several tests in `key-management.yml` don't `become` before executing,
despite needing elevated privileges. This commit fixes that.
* Add passphrase support for luks_device
Previously, the luks_device module only worked with keyfiles. The
implication was that the key had to be written to disk before the module
could be used.
This commit implements support for opening, adding and removing
passphrases supplied as strings to the module.
Closes#52408
* proxmox: use 'release' key for version detection if possible
* proxmox: fix PEP issues
* add changelog fragment
* Uses LooseVersion for proxmox version detection
* move imports
* removes useless comment
* Replaced 'ansible_facts' by 'foreman_facts'
'foreman_facts' is the key that the foreman inventory script used
'ansible_facts' is a special key that is overwritten internally and has never worked in this inventory plugin
* Added changelog
Lookup 'first_found' returns empty list which results in
raw_params checking. Check NoneType for 'raw_params' before
proceeding.
Fixes: #64939
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Inventory CLI - Ignore settings for when vars plugins should run and just always run them
* Add note to porting guide
* Fix loading vars plugins
* changelog
* Remove a staging test for ansible-inventory since it ignores that setting
* docker_swarm_service: Sort lists when checking for changes
When two lists are checked for changes in this module, the lists are
reported changed when the order of the items is different. This PR
resolves this issue.
* docker_swarm_service: Minor typo fix
* docker_swarm_service: Another minor typo
* docker_swarm_service: Should use sorted(), not sort()
* docker_swarm_service: Sort lists of dictionaries
* docker_swarm_service: Fix style issues in tests
* docker_swarm_service: Updates to integration tests
* docker_swarm_service: Casting string types within lists when comparing
* docker_swarm_service: Special handling of unordered networks with ordered aliases
* docker_swarm_service: Sorting network lists
* docker_swarm_serivce: Better unit test code coverage for lists and networks
* docker_swarm_service: Fixed coding style for sanity tests
* docker_swarm_service: More coding style fixes
* docker_swarm_service: Ignoring test for Python < 3
* docker_swarm_service: Update to version info check for backwards compatibility
* docker_swarm_service: Added change fragment #63887
* docker_swarm_service: Better handling of missing sort key for dictionary of lists
* docker_swarm_service: Preventing sorts from modifying in-place
Co-Authored-By: Felix Fontein <felix@fontein.de>
* docker_swarm_service: Removed spurious import in test
* docker_swarm_service: Preventing sorts from modifying more data in-place
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Set name_version when version is not specified, fix#55097
This will default to installing the latest version available
* Add changelog fragment
* update changelog
self._get_user_property returns a string, so when doing a comparison
using this value, cast the second variable to a string so that the
comparison behaves correctly
* Add changelog
* Add to_text import
* Add integration test
* iam_user: use AnsibleAWSModule.client to fetch connection rather than C&P code
* iam_role: Add deprecation warning so we can switch purge_polices default behaviour from true to false
* iam_user/role/group: Rename 'managed_policy' and 'purge_policy'
Rename from singluar to plural (we accept a *list* of policies), and add aliases for the old values.
* Cleanup documentation
* Changelog
* ansible.utils.color.stringc: add wrap_nonvisible_chars flag in stringc
* add exaplanation for `wrap_nonvisible_chars` case in utils.stringc
* add changelog entry
* reworked iam_policy
* Deprecate policy_document option
* deprecate defaulting skip_duplicates to true
* No longer explicitly catch ParamValidationError.
ParamValidationErrror is already caught by ClientError
* Work with complex policy objects rather than json documents
comparisons can better cope with the special cases (eg True vs "True" )
* Enable check_mode tests and fix related 'changed' bug
* changelog
* doc cleanup based on review
* Implementing ability to specify certificates.
* Changelog fragment for rabbitmq_publish certificate checking
* Fixing version_added
* Reducing line size.
* Minor documentation updates.
* Update to add missing space.
Co-Authored-By: Felix Fontein <felix@fontein.de>
If two tags with same name and different category exists, vmware_tag_manager
used to take first found tag.
This commit use combination of tag and category to identify the category.
Fixes: #59379
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Revert most of PR #61605 commit e218c9814c
This removes the git error handling that converted all git errors into warnings.
* Fix ansible-test handling of git submodules.
Due to confusion between 'Custom Attributes' and 'Advanced options',
this change got in devel. Revert to original behavior i.e. customizing
custom values using vmware_guest is done in this PR.
Fixes: #64291
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* renamed module tls client auth parameters to avoid overlaping with ansible fetch_url
* added version_added info for params
* Updated version_added
Updated version_added info from 2.9 to 2.10
* Update pulp_repo.py
removed version_added for renamed params
* Apply suggestions from code review
added ca_cert alias and 'version_added'
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Apply suggestions from code review
added old behavior for client_cert and client_key which will deprecate in 2.14
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update pulp_repo.py
fix for linting error ansibot is complaining
* added changelog fragment for 59522
* Apply suggestions from code review
more informative depreciation warning and changelog fragment
Co-Authored-By: Felix Fontein <felix@fontein.de>
* added mention for changes in client_key and client_cert behavior
* fixed too long line (linting)
* deprecated ca_cert alias to have consistent module params in Ansible 2.14
* fixed indentation for deprecation warning
* changed deprecated alias handling to argument_spec
* moved deprecated_aliases insied argument dict, thanks tremble
* suggestions from felixfontein
Move doc info about client_cert and client_key into its own paragraph
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Add full IPv6 support to win_dns_client - Fixes#55962
* Fix missing cast
* Add type to win_dns_client.py
* Remove version_added again, to hopefully make ansibot happy. Even though it was added as a response to the bot...
* Fix $params undefined error, that was introduced by fixing the "global variable" linting issue
* Fix casting error
* Fix inverted logic
* Fix rebase error
* Fix assignment to readonly variable
* Fix "reset IPv4 DNS back to DHCP adapter_name"
* Fix legacy windows server support (2008/2008R2)
* Fix 2k8
* Remove unecessary pslint ignore
* Added IPv6 tests, changelog fragment and further docs
This info about backing_disk_mode was renamed to backing_diskmode,
to keep backward compatability re-introducing backing_disk_mode along
with backing_diskmode info.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Restore module vmware_dns_config
* Remove domainname and change_hostname_to
* Changed version_added from 2.10 to '2.10'
* Add setup_attach_host: true to test case
* Add 'vcsim is not defined' block to integration tests
* Change 'result' to 'dns_config_result'
* Bugfix: Changing some static configurations while keeping others can crash the module
* Implement changing DNS config from DHCP to static on a cluster
* Update documentation for vmware_host_dns
* vmware_host_dns integration tests: Always revert to original DNS configuration, even if a test fails
* Deprecate vmware_dns_config
* Add support for multiple manager attributes configuration
* Updated version_added to 2.10
* Added support for modifying LC and system attributes
* Added support for LC and system attributes
* Pylint fixes
* Add support for multiple manager attributes
* Add support for multiple manager attributes
* Add support for multiple manager attributes
* add connect_as, username, password parameters
add tests
* fixed reference to undefined variable.
added version added to new options.
* add changelog fragment
* fix line endings
* use ansible facts to determine os version
remove unused iis version check
test checksum of iis configuration after backup
* correct assertion
* added more cleanup tasks.
* version added is now 2.10
* skip server 2008 r2 for now
* run tests on server 2012 and higher
* Adds win32_disk_drive object to win_disk_facts
* Names class parameter for Get-CimInstance as requested in the devdocs
* Maps whole class and adds docs
* Improve matching of disks when UniqueID is different format
* Improve logic for PNPDeviceID mapping
* Adds test for win32_disk_drive
* win_chocolatey: Fix error when choco.exe not found
* Slight tweak to check and added changelog fragment
* Removed ignore rule that's no longer needed
* win_domain_user: add retry logic for null user principal group
* win_domain_user.ps1: Fix "user without group" case use
* Added changelog fragment
* Fix up missing dollar sign
Use the --venv option instead.
This option was only available when running from source to test the ansible/ansible repository.
This will have no effect on testing collections or running from an installed version of Ansible.
Also update docs to reference the --venv option instead of the --tox option.
This is a fix for a regression introduced by Perfy. Since then we mainly
operate on host.name instead of the Host object. In a call to
set_nonpersistent_facts where we set ansible_failed_task and
ansible_failed_result variables we were still passing the object which
led to those vars being undefined.
Fixes#64789
While deleting gitlab user, several parameters such as email, name,
password are not required. This fix removes this requirement from the
module.
Fixes: #61921
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* win_domain_computer module: Minor documentation error
* Fix idempotence when name != samaccountname
* Added changelog
* Added unsupported alias for CI check
* win_acl no longer needs SeSecurityPrivilege
Set-ACL raises missing SeSecurityPrivilege error when the inheritance
from the parent directory is disabled.
* fixes test sanity
* registry rights can only be modified with Set-ACL
* add changelog
* Corrected Get-adcomputer
Corrected Get-adcomputer on "Remove-ConstructedState" and "Set-ConstructedState" functions.
resolved error: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.
* Update lib/ansible/modules/windows/win_domain_computer.ps1
Co-Authored-By: Daniel-Sanchez-Fabregas <33929811+Daniel-Sanchez-Fabregas@users.noreply.github.com>
* Update win_domain_computer.ps1
changed
"-credential $credential" to "@extra_args" (Line 115 and 150)
corrected exception message (Line 122)
* Added changelog fragment, minor code tweak
* Ensure we work on only one user.
After the initial get/create use the GUID of the found/created user to
ensure we will not start to work with a different user. If we create a
user or modify it's attributes an he is not identified with the name
parameter afterwards this module fails in rather unpredictable ways.
This addressed #45298
* Use splatting create_args for creating user.
This prepars this for adding more optional create arguments without
nesting of condictions.
* Set the UserPrincipalName and SamAccountName on create.
Set the UserPrincipalName and SamAccountName on the create operation if
upn is given to ensure the User is created with a contollable
SamAccountName.
* Rename $username to $name.
$username is missleading as its not the SamAccountName.
* Add a identity parameter to win_domain_user
This gives the user full controll over how the user is identified in the
AD.
* Add version_added information for new parameter and fix yaml syntax.
* Added changelog fragment
wait_for_connection creates AnsiballZ_ping.py in temp directory,
which remains on remote machine even after playbook run.
Fixes: #62407
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add output_encoding_override params to win_command/win_shell (#54896)
This enhancement enables Ansible to parse the output of
localized commands that ignore the prompt code page.
* Added changelog and minor nits
* Set alter_sys=True instead of False to address backwards incompat
* ci_complete
* Add integration test
* ci_complete
* sanity
* ci_complete
* Changelog fragment
* Update import test and validate-modules to match
This fixes a regression that was caused by switching from copy() to
deepcopy() when 'saving' variables before templating. Since HostVars
did not implement the __deepcopy__() method, deepcopy returned incorrect
results when host vars were present in the variables.
Fixes#63940
* docker_login: Use with statement for accessing files (#64382)
* Update changelogs/fragments/64382-docker_login-fix-invalid-json.yml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* ec2_ boilerplate
* Deprecate unused options.
* ec2_vol: Perform explicit type checking on volume_size and iops when parsing the args
Boto would through a type exception if the string couldn't be converted to an int.
* ec2_lc_find: remove duplicate definition of region
It's defined in ec2_argument_spec and ec2 doc fragment
* ec2_lc_info: Move responsibility for type checking/conversion of sort_start and sort_end into arg parser
* General sanity test related doc fixups
* Remove EC2 related sanity/ignore.txt entries
* Add changelog fragment
* Move var plugins handling to a separate file
* Allow var plugins to require whitelisting
* Add global configuration ('demand', 'start') for users to control when they execute
* Add 'stage' configuration ('all', 'task', 'inventory') for users to control on a per-plugin basis when they execute
* Update ansible-inventory and InventoryManager to the global and stage configuration
* Update host_group_vars to use stage configuration and whitelisting
* Add documentation for using new options and to the developer's guide
* Add integration tests to exercise whitelisting and the new configuration options, using vars plugins in collections, and maintain backward compatibility
* Changelog
Co-Authored-By: Brian Coca <brian.coca+git@gmail.com>
Co-Authored-By: Sandra McCann <samccann@redhat.com>
* Remove Sanity test ignore.txt entries
* Fixup boilerplate
* Remove use of blacklisted _ variable name
* cloudformation: Add an explicit removal version for template_format
This option's been ignored since ansible 2.3
* General docs cleanup to clear sanity errors
* elasticache_parameter_group: Add list of choices
- matches documented choices
- other values wouldn't have worked
* data_pipeline: Deprecate 'version' - always ignored
* Add deprecation documentation
Let the caller choose a namespace for `to_uuid` and document the
behaviour of both the default case, and the new explicit case.
This PR does not change the existing behaviour of the `to_uuid` UUIDv5
filter.
* Move X25519, X448, Ed25519 and Ed448 feature tests to module_utils.
* Correctly sign with Ed25519 and Ed448 keys.
* Fix public key comparison. Ed25519 and Ed448 do not have public_numbers().
* Add tests.
* Add changelog.
* Give better errors for cryptography 2.6.x and 2.7.x.
* Test for new errors.
* Forgot one.
* Used wrong private key.
* Use private key password for CA key. Add more stuff to its certificate.
* Make docker_stack adhere to standard return values
The names of the various fields returned from ansible modules are e.g defined here https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#msg.
Adhering to this improves usability and makes use of functionality for e.g stdout_lines etc.
* Update lib/ansible/modules/cloud/docker/docker_stack.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fix under-indentation of continuation line (pep8)
Issue exposed in test here https://app.shippable.com/github/ansible/ansible/runs/146667/1/console
* Don't break old playbooks/roles
Made sure the changes are only adding new variables, not removing anything existing yet.
* Added comment
* Minor fixes
* Update lib/ansible/modules/cloud/docker/docker_stack.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update lib/ansible/modules/cloud/docker/docker_stack.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* minor change to docker_stack.py
* Add changelog fragment for PR 63467
* Format changelog fragment
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Add fragment about docker_stack return val depr
* Add docker_stack doc note about deprecated vals
* Remove whitespace in empty line
* Add docker_stack depr notice to porting guide
* Update changelogs/fragments/63467-docker-stack-return-fix.yml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update docs/docsite/rst/porting_guides/porting_guide_2.10.rst
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update lib/ansible/modules/cloud/docker/docker_stack.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Added back a missing new line
* Fix validate-modules support for collections.
- Relative imports now work correctly.
- The collection loader is now used.
- Modules are invoked as `__main__`.
* Remove obsolete validate-modules code ignores.
* Handle sys.exit in validate-modules.
* Add check for AnsibleModule initialization.
* Remove `missing-module-utils-import` check.
This check does not support relative imports or collections.
Instead of trying to overhaul the test, we can rely on the `ansible-module-not-initialized` test instead.
* Fix badly named error codes with `c#` in the name.
The `#` conflicts with comments in the sanity test ignore files.
* Add changelog entries.
* check status code value lower boundary
Any HTTP code below 200 cannot be considered a success, should be
handled like a failure instead.
This is particularly true for below zero status codes.
Fixes#63139
* provide changelog fragment
* ensure connection errors are handled in Acme module
* add fetch_url check to ACME.send_signed_request
* remove module.fail_json
* move _assert_fetch_url_success out of ACMEAccount
* fix ansible-lint errors
* use simplified syntax status checking
Since https://github.com/ansible/ansible/pull/56733, we were not able to apply
firewall rules with no `allowed_hosts` key.
closes: #61332
In addition, this patch ensures the `allowed_hosts` key accepts a dict,
instead of a dict in a single entry list.
```yaml
vmware_host_firewall_manager:
esxi_hostname: "{{ esxi1 }}"
rules:
- name: NFC
enabled: True
allowed_hosts:
- all_ip: False
ip_address:
- "1.2.3.4"
```
Should be written:
```yaml
vmware_host_firewall_manager:
esxi_hostname: "{{ esxi1 }}"
rules:
- name: NFC
enabled: True
allowed_hosts:
all_ip: False
ip_address:
- "1.2.3.4"
```
* postgresql_db: allow to pass users names with dots
* postgresql_db: allow to pass users names with dots, add changelog fragment
* postgresql_db: allow to pass users names with dots, fix ci
* Introduce context manager for temporary templar context changes. Fixes#60106
* Rename and docstring
* Make set_temporary_context more generic, don't hardcode each thing you can set, apply to template action too
* not None
* linting fix
* Ignore invalid attrs
* Catch the right things, loop the right things
* Use set_temporary_context in a few extra action plugins
Added exception handling when module tries to modify user details,
and /etc/shadow file is missing or not found.
Fixes: #63490
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* DNF Handle Empty AppStream stream definition
Fixes#63683
Signed-off-by: Adam Miller <admiller@redhat.com>
* Switch Fedora dnf test target modularity to stratis
In Fedora 29, the metadata was not properly set for a default stream
for ripgrep even though there is a profile called "default", however
that's an arbitrary string and the module maintainer must set the
default stream (which it never was for the ripgrep module, thus
failing the "empty stream" install test)
Signed-off-by: Adam Miller <admiller@redhat.com>
* yum - only instantiate YumBase once
Previously, this code was re-instantiating the `YumBase` object
many times which is unnecessary and slow. However, we must do it
twice in the `state: absent` case because the `yumSack` and
`rpmSack` data of the previously instantiated object becomes
invalid and is no longer useful post transaction when we verify
that the package removal did in fact take place. Also, this patch
removes the repetitive re-processing of enable/disable of repos in
various places.
Here's a display of the speed increase against a RHEL7 host:
```yaml
- hosts: rhel7
remote_user: root
tasks:
- name: Install generic packages
yum:
state: present
name:
- iptraf-ng
- screen
- erlang
- name: Remove generic packages
yum:
state: absent
name:
- iptraf-ng
- screen
- erlang
```
Before this patch:
```
real 0m52.728s
user 0m5.645s
sys 0m0.482s
```
After this patch:
```
real 0m17.139s
user 0m3.238s
sys 0m0.277s
```
Fixes#63588Fixes#63551
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog
Signed-off-by: Adam Miller <admiller@redhat.com>
* Added missing param to lambda module to pass it through to boto3
* Allow updating of runtime, because there is no reason why not
* Updated version_added to 2.10 to make tests green again
* Updated RETURN docs of Lambda module
* Added tests to aws_lambda test-suite.
Use a separate variable for the boolean test rather than having the same variable sometimes be a boolean and sometimes be a regular expression match object
Add integration tests to cover this scenario
Currently, attach an attached volume from OpenStack VM’s returns only
argument data. It is better to return full data as attaching a detached
volume.
In my use case, I need the extra data to mount and format the volume.
* AH servers include automation-hub as part of the server configuration.
So we don't need to add it here.
Fixes#63699
* Update unittests for the fix to galaxy wait_import_task
* Added a parameter (wait_for_ip_address_timeout) to allow a longer timeout than the default.
* Removed the wait_for_vm_ip function in this module as one in module_utils is already being used elsewhere.
* clear configuration candidate when return to user-view.
* add a changelog fragment for the pr.
* Update 63513-ce_action_wait_prompt_trigger_time_out.yaml
* Update 63513-ce_action_wait_prompt_trigger_time_out.yaml
* postgresql_privs: add support a type parameter option for types
* postgresql_privs: add support a type parameter option for types, add changelog fragment
* postgresql_privs: add support a type parameter option for types, add schema handling
* postgresql_privs: add support a type parameter option for types, fix typo
* postgresql_privs: add support a type parameter option for types, add comment
* Deprecate openssl_csr's version.
* Add changelog.
* Change PR so that version will no longer accept values != 1 from 2.14 on.
* Make sure it is a string.
* Add support for format option.
* Improve private key format detection.
* Fix raw format handling.
* Improve error handling.
* Improve raw key handling.
* Add failed raw test.
* Improve raw key loading.
* Simplify tests.
* Add raw format tests.
* Fail if format != 'auto_ignore' is specified for pyopenssl backend.
* Fix quoting.
* Bump version.
* Allow to convert private keys between different formats.
* Improve description.
* Add extra args and executable name to podman connection plugin
Like there is for docker plugin, add extra arguments for command
line of podman. Also add configurable executable and checking if
this executable exists on host. Fail module if executable is not
in PATH.
* Update changelogs/fragments/63166-add-extra-args-executalbe-podman-connection.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Handle galaxy v2/v3 API diffs for artifact publish response
For publishing a collection artifact
(POST /v3/collections/artifacts/), the response
format is different between v2 and v3.
For v2 galaxy, the 'task' url returned is
a full url with scheme:
{"task": "https://galaxy-dev.ansible.com/api/v2/collection-imports/35573/"}
For v3 galaxy, the task url is relative:
{"task": "/api/automation-hub/v3/imports/collections/838d1308-a8f4-402c-95cb-7823f3806cd8/"}
So check which API we are using and update the task url approriately.
* Use full url for all wait_for_import messages
Update unit tests to parameterize the expected
responses and urls.
* update explanatory comment
* Rename n_url to full_url.
* Fix issue with overwrite of the complete path
* Fixes overwrite of the complete path in case there's extra path stored
in self.api_sever
* Normalizes the input to the wait_import_task function so it receives
the same value on both v2 and v3
Builds on #63523
* Update unittests for new call signature
* Add changelog for ansible-galaxy publish API fixes.
The commit 4e895c1 aimed to ensure that TXT record values were sanely
quoted. Sadly it failed to take the scenario of non-existing values
into account. While record values are required for record creation
they are not required for record deletion.
This change rectifies that oversight, saving Ansible from
unsuccessfully trying to operate on NoneType objects.
Resolves#63364
* Get no_log parameters from subspec
* Add changelog and unit tests
* Handle list of dicts in suboptions
Add fancy error message (this will probably haunt me)
* Update unit tests to test for list of dicts in suboptions
* Add integration tests
* Validate parameters in dict and list
In case it comes in as a string
* Make changes based on feedback, fix tests
* Simplify validators since we only need to validate dicts
Add test for suboptions passed in as strings to ensure they get validated properly and turned into a dictionary.
ci_complete
* Add a few more integration tests
* clean "changed" after it has been processed
without this change, a loop of `debug` tasks with `changed_when`
causes the "changed" status to get lost before output
* runme.sh tests for debug loop status
* fix default collection resolution in adhoc
* if an adhoc command is run with a playbook-dir under a configured collection, default collection resolution is used to resolve unqualified module/action names
* Set ANSIBLE_PLAYBOOK_DIR in integration tests.
* Fix config conflict in ansible integration test.
* add adhoc default collection test
* text-ify warning string
* mysql_replication: add connection_name param for MariaDB multi source support
* mysql_replication: add connection_name param for MariaDB multi source support, add changelog
* add ANSIBLE_PLAYBOOK_DIR envvar support
* allows `ANSIBLE_PLAYBOOK_DIR` envvar as a fallback on CLI types that support `--playbook-dir`. This should have been implemented with #59464, but was missed due to an oversight.
* added basic integration test
* make first-class PLAYBOOK_DIR config entry
* update changelog
Newer versions of ssh-keygen create PEM keys that are not recognized by Paramiko.
Now ansible-test compensates for this by updating they keys it generates so Paramiko will recognize them.
Previously the temporary directory used to run integration tests resided under the user's home directory. This prevented ansible-playbook from detecting the default collection when running tests.
Now the temporary directory is created within the collection to facilitate default collection detection.
This change effectively filters out any network interfaces which were
not explicitly configured for the guest. This fixes some unexpected behaviour where a machine with multiple IP addresses (for example, when Docker is installed, an internal IPv4 interface is added to
communicate with the container) would show one of the internal
addresses in the 'ipv4' field, but then no other information about the
corresponding hardware interface.
This fixes test errors related to failures copying temporary test results files from a remote system back to the local system.
It also speeds up processing of test results and reduces network utilization by avoiding the temporary files.
* Specifying IP addresses needs API version 1.22 or newer.
* Simplify code.
* Use IPAMConfig.IPv*Address instead of IPAddress and GlobalIPv6Address.
* Add changelog.
* Fix syntax errors.
* Add integration test.
* Don't rely on netaddr.
* Normalize IPv6 addresses before comparison.
* Install netaddr, and use it.
Using a regular recursive resolver to lookup the zone name might not
work when the zone in question belong to a private/internal
domain. The authoritative server being used on the other hand will
definitely know about the zone(s) it's serving.
This approach is also consistent with the nsupdate module already
querying the specified authoritative server for TTL values.
The reason for the implementation having to loop until finding a
direct match is to account for different SOA responses triggered by
CNAMEs and DNAMEs. The previously used `dns.resolver.zone_for_name()`
function does the same.
Resolves#62052
* support creating an image from a volume
* leave filename/volume optional
* enforce volume/filename mutual exclusivity
* bump version_added to 2.10 for volume option
* add changelog fragment
Running from an installed version of ansible-test now results in tests using a dedicated directory for PYTHONPATH instead of using the site-packages directory where ansible is installed.
This provides consistency with tests running from source, which already used a dedicated directory.
Resolves https://github.com/ansible/ansible/issues/62716
* fix get_nc_next.
* add a changelog fragment.
* upadte for changelgo fragment.
* merge two prs, one depens another.
* merge two prs, one depens another.
* update changelog.
* iam_role: Add support for managing MaxSessionDuration
* iam_role: Add support for deleting the IAM Instance Profiles we created
* iam_role: migrate all boto failures to fail_json_aws for consistency
* iam_role: test validity of path so we can throw a more understandable error
* iam_role: (integration tests) Split iam_role integration tests from sts_assume_role tests
- Make the iam_role tests more comprehensive
- Add tests for iam_role_info
* iam_role: (integration tests) Make some of our pauses optional
If the tests appear to be flakey we may need to enable standard_pauses
Improve tests
- add more unit test cases
- add specific integration test with more cases
Testing shows no major downside to calling .strip() twice in a comprehension vs. using a regular for loop and only calling .strip() once. Going with the comprehension for ease of maintenance and because comprehensions are optimized in CPython.
when creating or deleting an object (e.g. via an API), before/after can
be `None` (or at least represented as such by the used library). to
avoid modules havig to do
diff={'before': before or '', 'after': after or ''}
let's just convert `None` to an empty string that can be diffed properly
* Add a representer for AnsibleUnsafeBytes
* changelog
* Add unit tests
Remove native string test until we have time to evaluate how this the function should work
Add non-ASCII characters to test cases
* Compare to the string on Python 2
Add a comment in the test about this behavior
* Ensure k8s apply works with check mode
Update the new predicted object with fields from the previous object
before applying in check mode
Don't log output of `file` with `state: absent` on huge virtualenvs!
Fixes#60510
* Use openshift client fix to improve apply for check mode
Use new apply_object method to get a better approximation
of the expected object in check mode.
Requires released upgrade to openshift
* Add changelog fragment for k8s apply check mode fix
* Update changelogs/fragments/60510-k8s-apply-check-mode.yml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fix plugin names for collection plugins.
Add an integration test to verify plugin __name__ is correct for collection plugins.
* Fix collection loader PEP 302 compliance.
The `find_module` function now returns `None` if the module cannot be found. Previously it would return `self` for modules which did not exist.
Returning a loader from `find_module` which cannot find the module will result in import errors on Python 2.x when using implicit relative imports.
* add changelog
* sanity/units/merge fixes
In some remote environments, the `crontab` executable is
overloaded with a custom executable, which typically does
some pre/post processing before forwarding to crontab.
Instead of using the hardcoded `/usr/bin/crontab`, this uses
the `get_bin_path` utility to locate the default crontab executable.
* ce_bgp_neighbor_af: fix a typo in module's parameter
* ce_bgp_neighbor_af: fix a typo in module's parameter, add version_added and changelog
* ce_bgp_neighbor_af: fix a typo in module's parameter, add aliase
* Support large folder size comparisons for win_find
Changed [int] to [int64] to support larger folders. Otherwise module fails as soon as a large folder is encountered.
* Create 58466-FIX_win_find-Bug-Get-FileStat_fails_on_large_files.yml
The documentation links are now displayed when running from an install.
Previously the links were only displayed when running from source.
This was due to ansible-test checking for the presence of documentation files locally, which are only present when running from source.
The check is no longer necessary since there is a sanity test in place to enforce the presence of documentation for all sanity tests.
Following module used internal results key as part of return json, this commit
changes this to appropriate values -
* vmware_datastore_maintenancemode.py
* vmware_host_kernel_manager.py
* vmware_host_ntp.py
* vmware_host_service_manager.py
* vmware_tag.py
Fixes: #62083
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* ansible-galaxy - add config to control the display wheel
* Fix changelog and make test more stable
* Don't use display thread at all if progress wheel isn't being shown
The default behavior of the ansible-test vcenter plugin is to use the govcsim container to run tests.
However, unless the govcsim mode was specified using the VMWARE_TEST_PLATFORM environment variable, the filter code would skip the tests unless the tests ran on Shippable or the user had an ansible-core-ci key.
Now the filter correctly recognizes that govcsim is the default.
* Fix location of unit test requirements.
* Preserve ansible-test unit test requirements.
* Remove redundant unit test requirements.
* Fix location of network test requirements.
* Preserve ansible-test network test requirements.
* Remove redundant network test requirements.
* Add missing ordereddict requirements.
* Load collection requirements correctly.
* Add changelog fragment.
* luks_device.py: allow the user create LUKS based on specific versions
- Allow user pass an option 'type' that explicits define the version of LUKS
container that will be created. It should be 'luks1' or 'luks2' format.
- If 'label' option is defined the 'type' option will be 'luks2' independently
of the option 'type' informed by user. (labels NEED luks2 format)
Fixes: #58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* added the changelog fragment
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* luks_device.py: make it fail in certain conditions
- Not allow user especify luks1 type and label at the same playbook
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* Pika v1.0.0 and above were causing issues for publish_message. Updated
to ensure publish_message works with pika 0.13.1 and 1.0.0 and above.
* Adding changelog fragment for rabbitmq_publish fix.
* Updating return value.
* In pika v1.0.0 BlockingChannel.is_closing was removed. Updating
plugin accordingly.
Ref: https://github.com/pika/pika/pull/1034
* Adding change fragment for is_closing bug.
* Updated change fragment description.
Use hostnamectl command to get current hostname for host while using
systemd strategy.
Fixes: #59438
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Creating a virtual environment using `venv` when running in a virtual environment created by `virtualenv` results in a copy of the original virtual environment instead of creation of a new one.
To work around this, `ansible-test` now identifies when it is running in a `virtualenv` created virtual environment and uses the real Python interpreter to create the `venv` virtual environment.
* AWS ec2_vpc_net: Enable ipv6 CIDR assignment
Enable IPv6 CIDRs in ec2_vpc_net, and fix ec2_vpc_subnet tests that
were depending on the aws cli for CIDR assignment.
Related to: #27800
The `test/results/` directory for Ansible test output was already ignored when not using git.
When Ansible Collections were switched to `tests/output/` the ignore entry was previously overlooked.
* Fix ansible-doc traceback for removed modules.
This avoids tracebacks with errors like the following when a module has been removed:
module module_name missing documentation (or could not parse documentation): 'NoneType' object does not support item assignment
* Fix ansible-doc sanity test warning handling.
Warnings about removed modules/plugins on stderr are now properly ignored.
Previously an ansible-doc error could result in unrelated errors going undetected because tests were stopped early and the underlying error was ignored.
* Fix ansible-test venv activation.
When using the ansible-test --venv option, an execv wrapper for each python interpreter is now used instead of a symbolic link.
* Fix ansible-test execv wrapper generation.
Use the currently running Python interpreter for the shebang in the execv wrapper instead of the selected interpreter.
This allows the wrapper to work when the selected interpreter is a script instead of a binary.
* Fix ansible-test sanity requirements install.
When running sanity tests on multiple Python versions, install requirements for all versions used instead of only the default version.
* Fix ansible-test --venv when installed.
When running ansible-test from an install, the --venv delegation option needs to make sure the ansible-test code is available in the created virtual environment.
Exposing system site packages does not work because the virtual environment may be for a different Python version than the one on which ansible-test is installed.
* Allow the use of _paramiko_conn even if the connection hasn't been started.
I'm not sure what the benefit is of Noneing paramiko_conn on close, but will keep for now
* Fix test
* Try to fix up net_put & net_get
* Add changelog
Python < 2.7.9 does not have the ssl.SSLContext attribute.
ssl.SSLContext is only required when we want to validate the SSL
connection. If `validate_certs` is false, we don't initialize the
`ssl_context` variable.
Add unit-test coverage and a little refactoring:
- avoid the use of `mocker`, when we can push `monkeypatch` which is
`pytest`'s default.
- use `mock.Mocker()` when possible
closes: #57072
* module_utils/ec2: (unit tests) Move unit tests for module_utils/ec2.py into test/units/module_utils
- compare_policies was refactored from s3_bucket
- "ec2_utils" doesn't seem to have ever existed
* module_utils/ec2: (unit tests) Add unit test for comparing quoted and unquoted bools and numbers within policies
As per https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
"Values are enclosed in quotation marks. Quotation marks are optional for numeric
and Boolean values."
* module_utils/ec2: Explicitly convert bools and ints to strings when comparing policies
See also: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html
* Fixes to ecs_certificate cert chain for #61738
* Added changelog fragment
* Fixes to ecs_certificate for cleaner join, and better integration test
* Fix integration test formatting
* End cert chain with a \n
* Update changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update main.yml
* compare list of dicts
* update example for dhcp_server_opts to include ip_version which is automatically added by openstack
* add note about dhcp_server_opts
* add changelog fragment
* fix forgotten exception+pass
* no need to excplicitly check for None
* fix oops
* fix import error
* missed missing_required_lib
* changelog fragment formatting and grammar fixes
* update requirements in documentation and fix spelling
* Update AWS hacking policy to enable ASG Tagging management
* aws_asg: Add tests for ASG Tagging (including idempotency)
* aws_asg: ignore sort order when comparing tags on the ASG (fix idempotency)
* ec2_asg: (integration tests) test for idempotency when managing metrics collection
* ec2_asg: sort list of enabled metrics to ensure clean comparisons.
* Fix ansible-connection persist after playbook run issue
* PR https://github.com/ansible/ansible/pull/59153 to add support
for delaying the ansible-connection added an old issue of
ansible-connection persisting even after playbook run is finished
till either command timeout or connect timeout is triggered.
ansible-connection persist after playbook execution is done
and also delays the connection initilization untill a method
in invoked from module side on the connection object.
* Add chanegelog
* fix erroneous failures in docker_compose due to deprecation warnings from docker (#60961)
* Update error handling to work with new method of capturing output
Co-Authored-By: Felix Fontein <felix@fontein.de>
* update error handling
* fix syntax error
* fix indentation
* fix indentation (again)
* remove erroneous line
On OpenBSD, 13 asterisk characters as a password hash, marks the
account as disabled. Otherwise daily(8) script which executes
security(8) will email operator about not properly locked accounts.
Before the diff, we see following warning:
> [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
After the diff, warning is gone.
* luks_device.py: Allow manipulate LUKS containers with label or UUID
- Allow create a LUKS2 container format with label support
- Allow manipulate (open, close, modify) an LUKS container based on
both label (LUKS2 format) or UUID instead of using devices only.
Fixes: #58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* test_luks_device.py: organizing tests to support labels
- Add label on some tests and fix errors reported by Shippable
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* luks_device.py: adjusting versions and messages
- Modifying version_added from 2.9 to 2.10
- Fixing some messages
- Created a changelog fragment
- Moving blkid from scope
Fixes#58973
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* Update DevOps AWS policy
- Fix typos in permission names
- While AWS claims you can use 'arn:aws:codecommit:*' it errors unless you use '*'
* aws_codecommit: (integration tests) Migrate to module_defaults
* aws_codecommit: (integration tests) Fix integration tests
* aws_codecommit: (integration tests) Add tests for updating the description
* aws_codecommit: Add support for updating the description and rename "comment" option to "description"
* Cleanups and version bumping for 2.10
* Fix changelog url now that stable has been branched
* Fix the lenth of the porting guide title now that the version is two digits
The `git submodule status` command is relative to the current git repository by default.
When running from a repository subdirectory paths can be returned above the current directory.
Specifying the current directory with `git submodule status` avoids listing submodules above that directory.
This will fix issues when testing a collection that is rooted below the repository root when that repository uses submodules.
* default collection support
* playbooks run from inside a registered collection will set that collection as the first item in the search order (as will all non-collection roles)
* this allows easy migration of runme.sh style playbook/role integration tests to collections without the playbooks/roles needing to know the name of their enclosing collection
* disable default collection test under Windows
* enable collection search for role dependencies
* unqualified role deps in collection-hosted roles will first search the containing collection
* if the calling role has specified a collections search list in metadata, it will be appended to the search order for unqualified role deps
* disable cycle detection unit test
* failing on 3.7+, needs proper cycle detection
* see #61527
* play, block, task: New attribute forks
With this it is possible to limit the number of concurrent task runs.
forks can now be used in play, block and task. If forks is set in different
levels in the chain, then the smallest value will be used for the task.
The attribute has been added to the Base class as a list to easily provide
all the values that have been set in the different levels of the chain.
A warning has been added because of the conflict with run_once. forks will
be ignored in this case.
The forks limitation in StrategyBase._queue_task is not used for the free
strategy.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Handle forks in free strategy
The forks attribute for the free strategy is handled in run in the free
StrategyModule. This is dony by counting the amount of tasks where the uuid
is the same as the current task, that should be queued next. If this amount
is bigger or equal to the forks attribute from the chain (task, block,
play), then it will be skipped to the next host. Like it is also done with
blocked_hosts.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Test cases for forks with linear and free strategy
With ansible_python_interpreter defined in inventory file using
ansible_playbook_python.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Changing forks keyword to throttle and adding some more docs
* default collection support
* playbooks run from inside a registered collection will set that collection as the first item in the search order (as will all non-collection roles)
* this allows easy migration of runme.sh style playbook/role integration tests to collections without the playbooks/roles needing to know the name of their enclosing collection
* ignore bogus sanity error
* filed #61460
* fixed task unit test failure
* don't append an empty collections list to the ds
* ignore leftover local_action in mod_args ds action parsing
* fix async_extra_data test to not require ssh and bogus locale
* disable default collection test under Windows
* ensure collection location FS code is always bytes
* add changelog
* Fix TypeError in ec2_group.py for Python3 when sorting dictionary list
* Using json.loads() and dumps() to replace sorting
* Bug fixes for ec2_group.py
* Dictionaries cannot be compared/sorted in Python3
* Diff will occur when the IpPermissions have the same IpRanges but have different ordering
* 'before' will be sorted by 'Type' with high priority than 'IP', but 'boto3.describe_security_groups()' function cannot get 'Type' from Amazon
* Add some basic diff mode testing to exercise the rule-sorting code
* Change collection PS util import pattern
* Add changes for py2 compat
* fix up regex and doc errors
* fix up import analysis
* Sanity fix for 2.6 CI workers
* Get collection util path for coverage collection
* Rename OneView _facts modules -> _info
* Adjust PR #.
* Forgot to update test names.
* Remove superfluous blank line.
* Some more things from review.
* Initial commit for rate limiting
- Detects if error code is 429
- Pauses for random time between .5 and 5 seconds before retrying
- If it fails 10 times, give up and tell user
* Redo structure of request() to support rate limiting
* Hold down timer is now a sliding scale
- 3 * number of retries
- Fails after the 30 second wait
* Whitespace fixes
* Redo implementation using decorators
- Errors aren't tested but code works for regular calls
* Unit tests work for error handling
* Add integration tests for successful retries
* Add condition for 502 errors and retry
* Move _error_report out of the class
* PEP8 fixes
* Add changelog entry
* Template value of debugger and then check for validity
* Removed if/else and forcing failure on undefined as per comments
* Added changelog
* changed colon to brackets so it appears as a string
* aws_kms: (integration tests) Test updating a key by ID rather than just my alias
* aws_kms: (integration tests) Test deletion of non-existent and keys that are already marked for deletion
* aws_kms: Ensure we can perform actions on a specific key_id rather than just aliases
In the process switch over to using get_key_details rather than listing all keys.
* aws_kms: When updating keys use the ARN rather than just the ID.
This is important when working with cross-account trusts.
* Handle multiple Content-Type headers correctly
Avoids situations where mulitple Content-Type headers including charset information can result in errors like
```
LookupError: unknown encoding: UTF-8, text/html
```
* Account for multiple conflicting values for content-type and charset
* Add changelog fragment
* Renaming `onepassword_facts` to `onepassword_info`.
* Update module examples.
* Add changelog fragment.
* Add module rename to the 2.9 porting guide.
* Document the parameter types in the module docs.
* Fix incorrect parameter name.
* Update docs/docsite/rst/porting_guides/porting_guide_2.9.rst
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Remove `onepassword_facts` as it has been renamed to `onepassword_info` including fixes for the sanity tests.
* Add support for SubjectKeyIdentifier and AuthorityKeyIdentifier to _info modules.
* Adding SubjectKeyIdentifier and AuthorityKeyIdentifier support to openssl_certificate and openssl_csr.
* Fix type of authority_cert_issuer.
* Add basic tests.
* Add changelog.
* Added proper tests for _info modules.
* Fix docs bug.
* Make sure new features are only used when cryptography backend for openssl_csr is available.
* Work around jinja2 being too old on some CI hosts.
* Add tests for openssl_csr.
* Add openssl_certificate tests.
* Fix idempotence test.
* Move one level up.
* Add ownca_create_authority_key_identifier option.
* Add ownca_create_authority_key_identifier option.
* Add idempotency check.
* Apparently the function call expected different args for cryptography < 2.7.
* Fix copy'n'paste errors and typos.
* string -> general name.
* Add disclaimer.
* Implement always_create / create_if_not_provided / never_create for openssl_certificate.
* Update changelog and porting guide.
* Add comments for defaults.
* aws_kms: (integration tests) Use module_defaults to reduce the copy and paste
* aws_kms: (integration tests) make sure policy option functions.
* aws_kms: (integration tests) Move iam_role creation to start of playbook.
iam_roles aren't fully created when iam_role completes, there's a delay on the Amazon side before they're fully recognised.
* aws_kms: Update policy on existing keys (when passed)
* iam_password_policy: (integration tests) Use module defaults for AWS connection details
* iam_password_policy: (integration tests) Ensure the policy is removed when tests fail
* iam_password_policy: (integration tests) Add regression test for #59102
* iam_password_policy: Only return changed when the policy changes.
* iam_password_policy: PasswordReusePrevention must be omitted to remove/set to 0
* #60930 add changelog
* Update hacking AWS security policy to allow testing of Password Policy Management
* Rename hcloud_datacenter_facts to hcloud_datacenter_info
* Rename hcloud_location_facts to hcloud_location_info
* Rename hcloud_image_facts to hcloud_image_info
* Rename hcloud_floating_ip_facts to hcloud_floating_ip_info
* Rename hcloud_server_type_facts to hcloud_server_type_info
* Rename hcloud_server_facts to hcloud_server_info
* Rename hcloud_ssh_key_facts to hcloud_ssh_key_info
* Rename hcloud_volume_facts to hcloud_volume_info
* Fix typo in hcloud_image_info
* Add to porting guide and add changelog fragment
* Reword porting guide
* add subdir support to collection loading
* collections may now load plugins from subdirs under a plugin type or roles dir, eg `ns.coll.subdir1.subdir2.myrole`->ns.coll's roles/subdir1/subdir2/myrole, `ns.coll.subdir1.mymodule`->ns.coll's plugins/modules/subdir1/mymodule.py
* centralize parsing/validation in AnsibleCollectionRef class
* fix issues loading Jinja2 plugins from multiple sources
* resolves#59462, #59890,
* sanity test fixes
* string fixes
* add changelog entry
* Warn when transforming constructed groups
The `keyed_groups` field has used sanitization since 2.6, but `groups` only started doing so in 2.8.
This adds a warning for the change in behavior.
* changelog
Preserve tag key case by only calling camel_dict_to_snake_dict once,
before the tags are added.
Don't call assert_policy_shape as it seems to fail
Use aws_caller_info in the test suite now that it exists rather
than running `aws sts get_caller_identity`
Ensure that calls using `grant_types` can also use key aliases
* aws_kms: Rename various policy manipulation options to reduce confusion
AWS KMS now has the concept of issuing a 'grant', which is independent
of the policy attached to a key. Rename the following options to make
it clearer that the operate on the CMK Policy *not* on CMK Grants
* aws_kms: don't just rename grant_types/mode, deprecate them too.
* Make win_domain_user idempotent for passwordchanges
* Add changelog fragment
* Use test-credentials function from win_user.
* Split domain from username
* Update win_domain_user.ps1
* Fix ci
* Update win_domain_user.ps1
Fix ci
* Implement review
* Logic cleanup and remove securestring
* Fix typo
* fix syntax
fix syntax
* Use AD object instead of user input as requested by review
* migrate to Ansible.AccessToken
* Add support for passing networks as dicts
* Add function to compare a list of different objects
* Handle comparing falsy values to missing values
* Pass docker versions to Service
* Move can_update_networks to Service class
* Pass Networks in TaskTemplate when supported
* Remove weird __str__
* Add networks integration tests
* Add unit tests
* Add example
* Add changelog fragment
* Make sure that network options are clean
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Set networks elements as raw in arg spec
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fix wrong variable naming
* Check for network options that are not valid
* Only check for None options
* Validate that aliases is a list
* Addition of entrust provider to openssl_certificate module
* Fix native return values of error messages and JSON response.
* Documentation and syntax fixes per ansibot.
* Refactored structure of for loop due to ansible test failures in python 2.6
* Remove OCSP functionality for inclusion in possible seperate future pull request.
* Remove reissue support.
* Indicate the entrust parameters are specific to entrust.
* Comment fixes to make it clear module_utils request is used.
* Fixes to not_after documentation
* Response to pull request comments and cleanup of error handling for bad connections to properly use the 'six' HttpError for compatibility with both Python 2/3 underlying url libraries.
* pep8/pycodestyle fixes.
* Added code fragment and response to comments.
* Update license to simplified BSD
* Fixed botmeta typo
* Include license text in api.yml
* Remove unsupported certificate types, and always submit an explicit organization to match organization in CSR
* Fix documentation misquote, add expired to a comment, and fix path check timing.
* Update changelogs/fragments/59272-support-for-entrust-provider-in-openssl_certificate_module.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Add cryptography backend for get_certificate.
* Add changelog.
* Use short names (if possible).
* Adjust version (to behave as pyOpenSSL).
* Work around bugs (needed for cryptography 1.2.3).
* Don't run cryptography backend tests for CentOS 6.
* Bump cryptography requirement to 1.6 or newer.
Otherwise, signature_algorithm_oid isn't there, either.
* Simplify requirement text.
* CentOS 6 has cryptography 1.9, so we still need to block.
* Add auto-detect test.
* Improve YAML.
* fix: docker_swarm_service does not publish both tcp and udp ports for same published port
* fix the linting problems and add the changelog fragment.
* add test
* modify test to ensure result rather than return value
* Mark logout as changed when docker logout does not return 'Not logged in to '.
* Add changelog.
* Improve logout detection.
* Also return output of 'docker logout'.
* ansible-galaxy tidy up arg parse with better validation
* Add support back in for -v before sub aprser
* Added deprecation warning for manually parsed verbosity
* Adding waiter to cluster remove process
* blank line contains whitespace
* update aws_eks integration test
* Refactor aws_eks test suite to use pip
* update version testing
* missing parens...
* add changelog fragment
* Add waiter to module_utils, fix exception handling.
* Correct EKS waiter checks
* various mod_args fixes
* filter task keywords when parsing actions from task_ds- prevents repeatedly banging on the pluginloader for things we know aren't modules/actions
* clean up module/action error messaging. Death to `no action in task!`- actually list the candidate modules/actions from the task if present.
* remove shadowed_module test
* previous discussion was that this behavior isn't worth the complexity or performance costs in mod_args
* fix/add test, remove module shadow logic
* address review feedback
- Split the key validation to separate private and public.
- In case public key does not exist, recreate it.
- Validate comment of the key.
- In case comment changed, update the private and public keys.
* Improve link handling.
* Also fetch alternate certificate chains.
* Add retrieve_all_alternates option.
* Simplify code.
* Forgot when condition.
* Add tests for retrieve_all_alternates.
* Fixes.
* Moved utility function for link parsing to module_utils.
* Fix grammar.