* Check for provider values inside check_args of respective network code
* Partial revert of b9ee5aa
The no_log change is okay, but take out the action result munging
Recent Python3 versions require open() to specify binary mode if the data is anything other than text.
Python3: Use int() instead of long() in unarchive
Changes long() to int() for CRC values in the unarchive module. Affects unarchiving of zip files. Since CRC values in zipfile are 32 bits the behaviour should be unchanged even in Python 2.
When retrieving file contents for diffing we need to get the contents as
binary. Otherwise python3 will try to convert the file to text and fail
with non-decodable contents.
Fixes#23171
* Build HTTPSClientAuthHandler more similarly to how HTTPSHandler works
* Add docs for new client cert authentication
* Support older versions of python
* Simplify logic
* Initial support for client certs in urls.py
* Add an extra test
* Add a get_url test for client cert auth
* Add additional test for client cert auth, with validation and ssl mismatch
* Skip assert when http tester not available
* Update version_added for new options
Copy module was walking over files in subdirectories repeatedly (a
directory tree a few levels deep could bring the time spent into the
tens of minutes)
This was traced to the fix for this bug report: https://github.com/ansible/ansible/issues/13013Fixed#13013 a different way and added an integration test to check for
regressions of #13013 as we optimize this code.
Fixes#21513
Ansible will now automatically retry a connection if SSH returns an error:
mux_client_hello_exchange: write packet: Broken pipe
This is probably a bug in SSH, but because it's safe to retry this
connection there is no need for Ansible to fail because of it.
If we run the task with 'login' banner, the 'show banner' command
will return a dict containing key 'loginBanner'.
However for motd, it will just return 'motd'.
Yay naming consistency!
We were hard-coding the protocol, port and validate_certs on
eos EAPI via the action plugin.
Put defaults on the eos_argument_spec and pull those values from it.
* 'unable to open shell' -> direct to web help
The "unable to open shell" error is returned for a number of different,
direct people to online docs (we we can update out of band of releases)
to guide them though the various solutions.
* fix pep8 errors
* Resolve#23239:
- path is missing when state=absent
- update doc for unclear policy ID
- required params based on state
* Fix pep8 + doc
* Fix doc
* Another doc problem...
* doc
* Update doc fot policy ID
* Fix doc string
* fix required in doc
* fix required in doc Required when I(state=present).
The openvswitch_db module uses the ovs-vsctl binary to
address changes.
On other network modules we follow the pattern of returning 'commands'
as part of the result, containing the commands run on the target device.
Follow that for code consistency and maintenance.
Also, adding state param, which allows to add/remove keys on columns.
This reverts commit 97cb2016d8.
It was causing issues downstream as facts seem to be merged back for
subsequent tasks. Will restore if I ever figure out how to avoid that.
* Add workaround for evasive in apache2_module
* Fixes#22635
* Clean up workarounds for php/shib
* Add test for evasive workaround
* Remove use of re module, since all searches work with native python
* Add unit tests to apache2_module name replacements
Go back to using re package where needed
* Rename replace_name to create_apache_identifier
* Add ability to use either sec group name or sec group id or combination to ec2_lc. Also fix header size in AWS Guidelines
* Fix ec2 import to only import neccessary packages. Remove pep8 double line
The current implementation matches libreoffice-oldstable when testing for libreoffice.
So uninstalling libreoffice fails when libreoffice-oldstable is installed.
```
PS C:\WINDOWS\system32> choco list --local-only libreoffice
Chocolatey v0.10.3
libreoffice-oldstable 5.2.6
1 packages installed.
PS C:\WINDOWS\system32> choco list --local-only --exact libreoffice
Chocolatey v0.10.3
0 packages installed.
```
The solution is easy, just add `--exact`.
Apparently in some devices the filesystems gathering command can return
a dict containing a 'messages' key with the filesystems, instead of a
plain string.
Fixes#23217
* re-raise exception as expected
The current ThrottlingException handling code hides other actual exceptions from the user, and basically goes infinite loop instead. eg when the api caller doesn't have permission (example below) to use the api, ansible effectively hangs. adding the re-raise stops execution and shows the error to the command line as expected
can test by removing permission to the efs api, and calling the efs: module
The error was: botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the DescribeFileSystems operation: User: <x> is not authorized to perform: elasticfilesystem:DescribeFileSystems on the specified resource
* PEP8 fix
* Remove DryRun parameter in ec2_vpc_igw_facts check_mode
Using DryRun in check mode causes errors, and is not required
(as nothing changes when calling describe_internet_gateways)
Prevents the following error:
```
{"changed": false,
"failed": true,
"msg": "An error occurred (DryRunOperation) when calling
the DescribeInternetGateways operation: Request
would have succeeded, but DryRun flag is set."}
```
* ec2_vpc_igw_facts pep8 tidy up
Due to the number of "real world" caveats in the current runas become method, it was agreed that we'd warn that it's experimental on use. A potential future version based on LogonUser/CreateProcessAsUser will have very different requirements and limitations.
* . switched from 'user.id' to 'account.id' in REST API calls.
+ added ability to select desired account (by name or identifier) from list of accounts to which authorized user have access.
* + added account option addition version.
* Remove pubnub_blocks from PEP8-legacy list
* [cloud][tests] Create fixtures for using placebo to test boto3-using modules
* Use pytest's importorskip instead of manually skipping on missing deps
* Fix imports in cloudformation module
* Delete unused code
* Add maybe_sleep fixtures to speed up recorded test runs
* Build basic placebo-CFN tests
* Commit placebo recordings of basic stack operations
* Add placebo to test-requires
* Allow unit tests to run regardless of environment by setting a default region
* Use explicit relative import for Python 3 compat
* Use __name__ attribute that works on Python 2 and 3
These were deprecated back in the 1.x timeframe, so have been deprecated
for the 2 cycles required. They also do things wrong and should be
avoided anyway. Go ahead and remove them.
* GCP: backend service module
* GCP: rework param-checking code. Fixed a couple of bugs and changed to ValueError instead of custom tuple.
* GCP: fixed commit, spelled out Google Cloud for clarity in module description.
fixed itertools.imap busting several things that used to be lists,
profiles not being set correctly, upon create, when it was a separate
method, allowed port having the wrong lowest port (zero is allowed),
empty port value should just be interpreted as None.
The password_hash filter will generate a salt value if none is supplied.
The character set used by Ansible
(upper & lowercase letters, digits)
did not match that used by libc crypt
(upper & lowercase letters, digits, full stop, forward slash).
This resulted in a slightly smaller key space, and hence hashes would be
slightly easier to attack (e.g. by dictionary, brute force).
* Ansible 2.3 feature support for dellos6.
- With the new Ansible 2.3 infra changes, the dellos modules doesn't work
(the new infra changes are not backward compatible), so added the below
changes support it.
- Added the new terminal plugin for DellOS6
- Added the new action plugin for DellOS6
- Modified the modules to work with the new infra.
- with that it adds support for DellOS6 Persistent Connection support.
* Remove pep8 confirming files from dellos6.py and dellos6_config legacy-files
* add else statement to ensure instids is set
set res_list to None to avoid UnboundLocalError and fix iteration over a nonetype by adding an empty tuple
* make res_list empty tuple by default and check for instids before setting tags (fails otherwise)
* fix 'sequence' lookup shortcut syntax and documentation
* Update playbooks_loops.rst
Minor edits for grammar and clarity.
* Update playbooks_loops.rst
Another tweak for clarity.
If the banner is not set, the stdout of 'show configuration | begin banner <banner>'
returns empty string thus the re.search raises an exception.
Fixes#22216
The fix for leading junk in sudo output: fee6e29 causes problems with
ssh + sudo. On the initial connection using ControlPersist, the output
that we scan for the prompt contains both the command we're sending to
configure the prompt and the prompt itself. The code in fee6e29 ends up
sending the password when it sees the line configuring the prompt which
is too early.
Switch to a version that splits on lines and then checks whether the
first or last line starts with the prompt to decide if it's time to send
the password.
Fixes#23054
References #20858
The pass prompt expects an answer and compares a `str` to a binary buffer, thus crashing.
It's an obvious fix to help transitioning towards Python3 and hopes it does not need a specific test.
In old IOSXR versions, 'show commit changes diff' does not work.
Fall-back to 'show configuration' if that command fails so execution
can move forward.
Fixes#22235
When using state=latest with the package not being installled, Ansible complains that the package is not installed and fails the task.
Whereas the expected behaviour is to install the package when it is missing.
This PR fixes this behaviour.
* Fix a couple issues in synchronize with docker
* Make the rsync_opts parse as a list using the same criteria as
module_utils argumentspec parsing
* Do not quote arguments in the action plugin. The module will quote as
it knows whether it will invoke rsync with a shell or via exec.
Fixes#23046
The cron module forces changed=True when there was no real change,
but the original crontab did not contain a final newline, which is
mandatory.
When the user has no crontab or the user does not exist at all,
crontab -l exits with 1 and the cron module correctly interprets
this as "no crontab" and stores the old crontab as "".
However this triggers changed=True, even if we're not going to
change anything, e.g. when removing a crontab entry from a user
who has no crontabs at all.
Let's special-case the fact that the old crontab is empty and not
force changed=True in that case.
* Fixes bug https://github.com/ansible/ansible/issues/22455 - Git reset fails when file with the name 'origin' is present in the repository
* #22455 Integration test for git module to test if it clones a repository with a file named origin
* Fixed yaml errors for test/integration/roles/test_git_clone/tasks/main.yml
* Removed the newly added target git and moved the code to test/integration/targets/git
* Reorganised code structure as per comments
* Fixed playbook name
* Added code that didn't make it to the playbook before.
* No longer need git.yml
* Remove non tasks specific code from tasks file and use existing variables
* Removed msg var from the vars.yml
When the ios_config module has 'defaults' param it runs in the device the command
'show running-config all' but 'all' may not be available in older devices.
This change makes introspection by using the help command and run 'full' in case
'all' is not available.
Fixes#22747
* Add examples in os_server module showing userdata
Added an example using Bash and also using Cloud-init. Also, showing using {% raw %} and {% endraw %} to provide a pointer to those hitting similar issues to the ones I had.
* Removed erronious whitespace
* Ansible 2.3 feature support for dellos9 and dellos10
* Use Persistent Connection Manager
* Fix CI issue, revert the doc and metadata changes
* Reverted the meta_info (supported_by) to community from core
* Fixed the CI issues, use module_utisl.six and updated legacy-files
Set encrypted to default False, rather than None
Otherwise you get:
```
Invalid type for parameter Encrypted, value: None, type: <type 'NoneType'>, valid types: <type 'bool'>)
```
* Adding first checkin of resource_pool module
* fixing length issues and indentation multipliers
* mend
* mend
* mend
* remove * import from modules
* Add space on variable assignments
* changing line 321 to less characters
* fixing pep8 issues
* mend
* cleaning up example section
* Add RETURN section
* adding spacing to list
* all spacing consistent now
* move imports as per CI
* update integration tests for updated boto exception message
* integration tests fail on both "test credential" test cases
exception bubbles out of module. instead catch and wrap
* ec2_group does not support updating a security group's description
AWS security group descriptions are immutable.
if ec2_group finds a group that matches by name, but the descriptions do not match, the module does not support this case
previously it would check if the group was used, but would not do anything if it was
old behavior was erroneous because it could make a user expect that the description change of a group was fine when in fact it did not occur
also, it made an expensive check against all ec2 instances for no good reason
* comments not doc strings
* else must have pass w/o doc-string statement
* Catch specific BotoServerException, give context around error when fetching SGs
* python3 compatible exception blocks
* add traceback to fail_json
* two blank lines before first function
* fixes action handlers for sros
* fixes sros_config module execution to use AnsibleModule
* fixes sros_command module to use socket connection
* adds sros to constants
* key is ANSIBLE_METADATA, not METADATA
* Need to check that the node is an ast.Dict, not a real dict.
* Need to convert the ast.Dict into a real dict via literal_eval.
* synchronize: Convert cmd to list and fix handling of the copy_links argument
Converting cmd from str to list stops the pain of argument quoting/escaping.
* synchronize: Update imports according to #pullrequestreview-28758614
* fixes#15770
* When running under the UTF-8 codepage, Powershell subprocesses will fail (eg, Start-Job, others) if the input encoding is using the default BOM preamble. This fix forces it to use no preamble in leaf_exec and win_shell, and includes tests to verify that Start-Job works.
* win_command/win_shell: Clean up and make coherent
Changes include:
- Make win_command and win_shell more coherent
- Make condensed one-line more readable
* Revert to original formatting
This change to the template action plugin make template use the
platform's native newline_sequence for Jinja.
We also added the option `newline_sequence` to change the newline
sequence using by Jinja if you need to use another newline sequence than
the platform default.
This was previously discussed in
https://github.com/ansible/ansible/issues/16255#issuecomment-278289414
And also relates to issue #21128
* fixes#22441
* fixes#22655
* moves all env handling into the exec wrapper; this should work for everything but raw, which is consistent with non-Windows.
* Update module_utils.six to latest
We've been held back on the version of six we could use on the module
side to 1.4.x because of python-2.4 compatibility. Now that our minimum
is Python-2.6, we can update to the latest version of six in
module_utils and get rid of the second copy in lib/ansible/compat.
If the # is inside of quotes, it's a string. If it's outside of quotes
then an exception will be raised which we'll catch and then send to the
to_text() call at the end of the function anyhow.
Fixes#22868
The base64 stdlib functions require byte strings. So we have to
transform the strings into bytes before handing to the stdlib and then
transform them back into text before handing back to ansible.
Fixes#22873
The junos action handler was not honoring the host value in the provider
argument. This patch will now use the provider host entry if it exists
and falls back to the inventory hostname
Made ansible-doc more plugin agnostic
We can have docs in lookup, callback, connectionm strategy, etc
Use first docstring and make pepizis happy
generalized module_docs to plugin_docs
documented cartesian, ssh, default, jsonfile, etc as examples
changed lack of docs to warning when listing
made smarter about bad docstrings
better blacklisting
added handling of options/config/envs/etc
move blacklist to find_plugins, only need once
purge_subnets|routes were introduced recently.
ensure_subnet_associations now takes purge_subnets as a parameter. A
call to this function was missed when introducing this feature. With
out, results in a "got 5 expected 6" error.
Allows to health-check two services on one host. Before, asking for 2 health checks being present for `http://myhost:8888` and `http://myhost:9999` resulted in just a single health check, as this module considered the two specs as equal.
Bonus: route53_health_check now passes style guidelines
* ensure exit_json does not fail from stderr=False
- do a little bit of safety-checking in exit_json to not try to .splitlines() on a boolean
- remove the stderr=boolean from uri.py, this is the only spot that uses it (at least so obviously)
- add unit tests that call exit_json. These are useless because the stderr parsing is in _execute_module and is difficult to mock; deleting these tests after the commit.
* remove added unit tests per prev commit
exit_json doesn't do the param parsing, that is buried deep inside _execute_module.
* Fix get_s3_connection (fixes#22317)
Override aws_connect_kwargs rather than prepending to them. Should fix an issue in which `calling_format` is set twice in the kwargs passed to `boto.connect_s3` or `S3Connection` if a bucket name contains a `.`
* Revert "Fix get_s3_connection (fixes#22317)"
This reverts commit 7f61b8bebd.
* implements alternative way of fixing issue with aws_connect_kwargs for rgw and fakes3 (fixes 22317)
* add comment to explain why the keys are being removed from aws_connect_kwargs
* remove trailing whitespace on comment line
* don't modify an eni without eni_id
fix pep8
remove ec2_eni from pep8 legacy files
remove a couple unused variables in main()
fix the documentation
* fix yaml
If something else created the dir New-Item will throw an exception and
the task will fail. Check the existing file and as long as it's a dir,
we don't need to error out.
* cloudstack: fix connection by ENV vars and configs overloading
* cloudstack: pep8 cloudstack module_utils
* cloudstack: allow api_url to be set in ini config
* docsite: explain ENV vars support as written in python-cs for ansible
Add support for default credentials. Practically, this means that a playbook creator would not have to specify the service_account_email or credentials_file Ansible parameters.
Default Credentials only work when running on Google Cloud Platform. The 'project_id' is still required.
A test has been added to trigger this condition.
* allow users to control group var merge order
With ansible_group_priority var at each group will determine merge order with siblings,
falling back to sorted names when priority is equal as it did before.
Parent/children relationships still work as they did and have higher precedence than priority
* move priority setting to groups, sourc indep
* now both inventory and play group follow priority
* removed double exception handling
Due to how the result-dictionary is being used, in some codepaths it would have an empty dictionary.
This then is problematic if the code expects the 'changed' key later on.
I also improved the docs a bit, by clearly marking the parameter names and URL in the documentation.
* making ec2 pep8
* remove ec2 from pep8 legacy files
* missed a couple
* fix imports and remove iteritems
* making group_id and group_name mutually exclusive and fixing whitespace
* Tidy up docs for network 2.3 modules
* Use suboptions
* Correct indentation
* more tidyup
* bulk updates
* more tidyup
* Bulk changes
* nxos_mtu is dead
* revert
* NXOS_mtu is dead, also better layout
* rebase
* rebase
* win_scheduled_task: Added frequency: once and check_mode support
This patch includes:
- Renamed `execute:` parameter to `executable:`
- Renamed `argument:` parameter to `arguments:`
- Implemented `frequency: once` support
- Implemented check_mode support
- Fix idempotency issue related to empty description
- Added integration tests
* Improve the integration test structure
I think this is a great way to test normal mode and check-mode from the same playbook.
* Small fixes after review
* Clean up parameter handling and added check-mode support
Changes include:
- Remove trailing semi-colons
- Replaced PSObjects into normal hashes
- Make use of Get-AnsibleParam and types
- Added check-mode support
* Implemented -WhatIf:$check_mode support
* powershell.ps1: Ensure Fail-Json() works with Hashtables
Without this change a dictionary $result object would be emptied if it
is anything but a PSCustomObject. Now we also support Hashtables.
* Revert to original formatting
Fixes#22575 - issue under new exec wrapper where unconstrained handle inheritance (for stdin) caused WinRM to block on breakaway processes. Uses explicit handle inheritance to ensure that only stdin read handle gets inherited. Adds test to ensure that async is actually async.
On EAPI, the multi-line commands are expected to be a dict,
with key/value pairs 'cmd'/'input' .
This change implements that behaviour and fixes the idempotency
on EAPI as well.
Fixes#22494
Changes to the metadata format were approved here:
https://github.com/ansible/proposals/issues/54
* Update documentation to the new metadata format
* Changes to metadata-tool to account for new metadata
* Add GPL license header
* Add upgrade subcommand to upgrade metadata version
* Change default metadata to the new format
* Fix exclusion of non-modules from the metadata report
* Fix ansible-doc for new module metadata
* Exclude metadata version from ansible-doc output
* Fix website docs generation for the new metadata
* Update metadata schema in valiate-modules test
* Update the metadata in all modules to the new version
Currently the documentation utilizes with_subelements, but it does not parse the results correctly. By changing to with_items: and specifying the proper list, we are able to tag the instances as expected.
This will now print a log message that displays how long the ssh
connection took to establish to the remote device. If the connection
established time is exceed it will also print a message to the log file
that the connection attempts have exceed.
Updates default connection retries to 30
fixes#22319
Unclear how useful it is to still be catching BotoServerError exceptions
generally, especially when we are now hopefully handling most instances
of throttling, but kept it as it was already in the code. Moved to main
as catching BotoServerErrors inside individual functions will bypass any
AWSRetry.backoff decorator.
Move additional imports to top.
Use python2.6 formatting
A bit of cleanup on imports
Make one more string interpolation Python 2.6 compatible.
* Fix connection_draining idempotency in ec2_elb_lb
Ensure connection_draining types are equivalent when comparing
whether or not connection_draining is being changed.
This means that running `ec2_elb_lb` with connection_draining
set a second time will now report `changed=False`
* ec2_elb_lb: fixed latest Ansible standards compliance
Update to current pep8 standards, fix module imports
and remove module from exclusion file
* candidate var can now be string, list or element
* fixes minor bug in junos_template for backup argument
* disabled invalid integration test for junos_template
This is basically a replay of #16064 from `gce.py` to other pertinent
`gce_*.py` files. It enables expansions of paths in `gce.ini` like
`~/.project.json`
* removes cli functions
* adds comment and confirm to arguments
* implements zeroize argument
* fixes get_diff function in junos shared lib to return diff
* lots of minor bug fixes in junos_config
* minor syntax fixes in junos_netconf
* updates netconf integration tests
* junos_command should send all cli commands over netconf
* task based credentials are now optional
* commands and rpcs are not mutually exclusive anymore
* removes cli functions from shared lib
* adds cli functions to junos_netconf module
* statically pins junos_netconf to cli transport
* all other modules use netconf transport
* adds command rpc function to junos shared
* Fixes for junos_config errors
* Check transport settings for core Junos
* Don't pop from the same list you iterate over
* use of persistent connections are now explicitly enabled in junos
* modules must now explicitly enable persistent connections
* adds rpc support to junos_command
fixes#22166
The provider arguments where not correctly being mapped in the action
plugin for eapi transport. This will now correctly map existing
arguments as well as set the correct defaults for values.
fixes#22442
* Add simple module to import/delete ssl certificate from/to java keystore.
* add diff/check mode support, fix reported issues and simplify decision logic
* Fix build by adding new line at the end of file.
* Some updates to module requested PR review
* Add simple executable parameter
* Fix build error
* fix module doc fields
* More module docs corrections
* More module docs corrections
* More module docs corrections
* More module docs corrections
* correct aliases
* Review comments
* Must quote ':'
* More authors
* Use suboptions:
* restore type: bool
* type should be in the same place
* More tidyups
* authors
* Use suboptions
* revert
* remove duplicate author
* More issues post rebase
* Update the docs to conform to implementation
Somehow the docs were still mentioning a default timeout of 300 seconds.
Whereas the implementation defaults to 600 seconds.
* Improve examples even more
The map_config_to_obj calls the run_commands helper function,
which returns a list of results.
However, the map_params_to_obj return a single string.
Therefore, the comparison between the two datasets could never be equal,
breaking idempotency.
Also, the 'no banner' command should be run on absent only if there's a banner
text set.
Fixes#22194
* include upgraded packages in pacman upgrade action
* display upgraded packages as diff output for pacman upgrade
* document the packages return key
* add --diff support for installing, removing and checking packages
* include package versions in pacman diff output
* Add a new module for Cisco Spark notifications
* Added authentication validation to check mode
* Re-added description and removed Pylint references
* Moved the authentication test to the spark_message function
* removed duplicate fetch_url statements
* documentation formatting updates and if __name__ update
* recipient typo fix and added correct Formatting options to documentation options
* updated version added to 2.3
- Close the socket after use
- Use proper parameter types
- Remove redundant parameter options
- Clean up docs
- Move module from network/ to remote_management/
- Add check-mode support
* Retain vault password as bytes in 2.2
Prior to 2.2.1, the vault password was read in as byes and then remained
bytes all the way through the code. A bug existed where bytes and text
were mixed, leading to a traceback with non-ascii passwords. In devel,
this was fixed by changing the read in password to text type to match
with our overall strategy of converting at the borders. This was
backported to stable-2.2 for the 2.2.1 release.
On reflection, this should not have been backported as it causes
passwords which were originally non-utf-8 to become utf-8. People will
then have their working 2.2.x vault files become in-accessible.
this commit pipes bytes all the way through the system for vault
password. That way if a password is read in as a non-utf-8 character
sequence, it will continue to work in 2.2.2+. This change is only for
the 2.2 branch, not for 2.3 and beyond.
Why not everywhere? The reason is that non-utf-8 passwords will cause
problems when vault files are shared between systems or users. If the
password is read from the prompt and one user/machine has a latin1
encoded locale while a second one has utf-8, the non-ascii password
typed in won't match between machines. Deal with this by making sure
that when we encrypt the data, we always use valid utf-8.
Fixes#20398
(cherry picked from commit 5dcce0666a)
* description is only required when group state is present
also note that AWS requires a non-empty description when creating a security group
* clarify description requirement
One way to trigger this is having this snippet in meta/main.yml:
dependencies:
- role: foo
when: "use_foo == True"
It shouldn't show a warning but since we assume that 'foo' is the old
style format, it always show one. So we should verify the
style before calling role_spec_parse.
* virt.py: autostart VM attribute
autostart is now an idempotent VM attribute instead of a non idempotent forced autostart attribute set to True
* Make shippable happy
* Missing version added
* Fix some points
* Autostart default is now None
* Ident fix