* Fix check_mode in nxos_command
* Fix check_mode for ios_command
* fix check_mode for iosxr_command
* Fix check_mode in vyos_command
* Fix check_mode in eos_command
* Fix check_mode in junos_config
This commit aims to add the openssl_certificate module.
This module allows a user to manage openssl certificates.
This module implement the notion of backend provider, making this module
extensible to anyone wish as long as a provider is coded for it.
The current three providers are the following:
* selfsigned: Allows a user to self signed a certificate
* acme: Allow a user to generate acme-based CA challenges certificate.
(As of this writing this targets letsencrypt)
* assertonly: Allow a user to assert the characteristic of her SSL
certificate
Co-Authored-By: Markus Teufelberger <mteufelberger+ansible@mgit.at>
* Add tags support to cloud/amazon/ec2_group
* Finish making ec2_group tag support boto3 compatible.
Add integration tests to validate that tags are working as expected.
* Improvements and fixes in the packet_device module
* add version_added to new args
* remove default value from facility
* changed 'lock' from deprecated arg to alias of 'locked'
These were the changes I propose twice, a nullified PR edit, and then as
review comments when the PR was being merged.
I made those changes now to all purestorage modules.
* made composite vars and groups generic
now you can do both in every plugin that chooses to suport it
renamed constructed_groups as it now also constructs vars ... to constructed
moved most of constructed_groups logic into base class to easily share
* documented inventory_hostname
* typo fix
Fixes#28198
Changed how string format method is used to support Python 2.6 syntax. By adding in positional arguments to braces in format method (e.g. {0}, {1}), Python 2.6 can support this module, without causing issues in newer versions of Python.
See ref for info on format differences w/ 2.6:
https://docs.python.org/2/library/string.html#format-string-syntax
* openssl_privatekey: Extend test coverage
Extend the coverage of the integration test for the module
openssl_privatekey.
New tests have been added:
* passphrase
* idempotence
* removal
Co-Authored-By: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>
* openssl_publickey: Extend test coverage
Extend the coverage on the integration test for the module
openssl_publickey.
New tests have been added:
* OpenSSH format
* passphrase
* idempotence
* removal
* Fixes#28444: Renamed print_match function to match_print due to name conflict
* Rename `match_print` to `do_print_match`
I think this is less confusing.
* Fix 'the the' typos, fix 'pahting' filename typo
* Change 'the the' typos to a single 'the'.
* Change `playbook_pahting.rst` to `playbook_pathing.rst`.
* Delete trailing space in ec2_vol example
Delete the trailing space in `instance: "{{ item.id }} "`, which makes the
example fail when run because it looks for instance "i-xxxx ".
* win_copy rewrite with new tests and functionality
* minor pep fixes
* Handle UTF-8 filenames in zip
* fix for template
* when zip assemblies are not available in .net revert to old behaviour of copying one by one
* typo fix
* some more typos
* updated logic to correctly handle when new directories can be created
* removed testing file as it is not needed
* updated documentation based on PR
- Changed zone_name to name - Changed cluster_name to cluster - Changed pod_name to pod - Corrected tags type in docs - Remove unneeded returns - Other simplifications
* Fix KeyError bug by appending None if key doesn't exist
ensure value is the expected type; if if expecting something parsed as truthy try to turn it back into the desired value - fixes result showing always changed since bool compared to str
use to_text
* use string_types instead of str, remove inline conditionals, abbreviate boolean logic
* s3_sync was setting HAS_BOTO3 by the existence of botocore alone. Fixed to import from module_utils.ec2 to ensure boto3 + botocore are present.
Also documented module requirements.
* Remove unused import
Changed string check to verify that EOS device is not in config mode. This was required in order to work with Arista 7500 series modular switches.
Resolves#2830
* Added support to GCE module for image families and external projects.
* Added image_family and external_projects to gce_pd.
* Added version_added for new options.
This was causing wrong behaviour when `prev_state` was `hard`-link,
since the `file` module tried to apply the same `state` on the new
file, causing unexpected errors.
Particularly, both `overlay` and `devicemapper` storage drivers in
docker use hardlinks to share files between layers. This causes
most ansible playbooks to fail when working with files from layers
below.
This PR includes:
- PEP8 compliancy
- A fix to ensure the module fails when it failed for a package
- Various cosmetic changes to documentation
- Make `state: present` the default (and not required)
* Handle errors in jmespath in json_query better
Catch any exceptions raised from jmespath and raise
an AnsibleFilterError instead.
Avoid a traceback.
Fixes#20379
* pep8
* Fix logic in os_nova_host_aggregate module
Fix logic around adding availability zone to metadata and comparing existing host list to parameter host list.
Previously, when no availability zone was defined, an empty availability zone was being appended to metadata. This was causing 'empty named availability zone' errors when running the module against an already existing host aggregate with no availability zone. This was fixed by only appending availability zone to metadata if it is not an empty parameter.
Also added set() casting when comparing existing and new host lists. Previously, if existing host list was not in the same order as the host list in the .yml parameter file the module would consider this a change even if the two lists had the same entries.
* Update os_nova_host_aggregate.py
Currently the ignore_image option can be set, but can not work as it is
descripted in document. The reason is the code will check the difference
of configurations between current container and target image, and it
will mark the `different` to `True` when the image is different even we
set `ignore_image=true`, that will cause the container being re-create.
Add new option to pass the path to the hponcfg binary which may not live in
$PATH. For example on ESXi hypervisors it tends to be located in
/opt/hp/tools/ instead. Also properly implement a verbose option for which the
code was already commented out.
The command lxc-clone is deprecated in favor of lxc-copy. This patch
changes the lxc module to use the new lxc-copy command by default. If
not present, it will fallback to the old lxc-clone command to keep it
backward compatible with older versions of lxc.
As discussed in full at https://github.com/datacenter/aci-ansible
we desired a better naming convention for ACI modules before they ship
with Ansible v2.4
The result is summarized in this PR.
The modules now also include the classes from the object model, as well
as a link to the documentation.
When verifying if a router needs update, the os_router module should
take into account only network ports which are owned by routers. Other
ports might have been added e.g. by the HA network tenant, which would
lead the router to always be detected as changed and cause the module to
try removing these network interfaces.
* add infinity ansible module into ansible package
* move infinity to be the correct direction without a folder
* remove dependency on requests library and use ansible built-in method to send rest api call
* add missing whitespace
* Use open_url from module_utils instead of urlopen based on suggestions
* correct the path for infinity ansible modue, moving it into the ansible/modules/network/infinity
* make change on the documentation and code based on feedback
* change the data type in the Return documentation based on feedback
* add importing for path and define metaclass based on testing failure
* change the postion of importing __future__
* Move Infinity module from Network module into net_tools directory based on review
* put back the file that is accidently removed
* change ansible-metadata version to be 1.1
* Fix for os_recordset.py to filter based on record type. Fixes https://github.com/ansible/ansible/issues/19572
* remove redundant variable
* Needing to use recordset ID to update and delete records. Using the record name for update/delete causes issues when A and AAAA records exist for a name
* Adding exception handling for dictionary item
* alternatives: add integration tests
* alternatives: handle absent link (fix AttributeError)
Error occurred at least on Debian Stretch and OpenSuse 42.2:
Traceback (most recent call last):
File "/tmp/ansible_RY6X41/ansible_module_alternatives.py", line 161, in <module>
main()
File "/tmp/ansible_RY6X41/ansible_module_alternatives.py", line 113, in main
current_path = current_path_regex.search(display_output).group(1)
AttributeError: 'NoneType' object has no attribute 'group'
update-alternatives stdout sample:
dummy - manual mode
link best version is /usr/bin/dummy1
link currently absent
link dummy is /usr/bin/dummy
* alternatives: PEP 8 fixes
* alternatives: fix copyright in integration tests
* alternatives: nested loops handle more than 2 items
Thanks to Michael Scherer (@mscherer) for pointing that.
* alternatives: enable integration tests
* refactors nxos_vrf_af module
fixes#27595
* fix up unit test cases
* add commands to result dict
* add route-target on afi create
* adds deprecation note to safi argument
* updates network parse_cli filter to handle blocks from output
* minor updates to finish up parse_cli filter
* all vars are now under the vars key
* attributes key has been changed to keys
* added the start_block and end_block directives
* update PEP8 failures
When comparing expected and current value for keyUsage and
extendedKeyUsage current behavior is not deterministic.
As we compare two arrays, based on the order the value have been
specified, False might be returned when the two arrays actually matches.
In order to have a deterministic comparison we compare sets rather than
arrays.
* Add network value to support_by field.
* New support_by value, certified
* Deprecate curated in favor of certified
* Add conversion from 1.0 to 1.1 to metadata-tool
* Add supported by Red Hat field to ansible-doc output
* Added cyberarkpassword lookup plugin
Added cyberarkpassword lookup plugin: It allows to retrieve credentials
(password, sshkey) from CyberArk Digital Vault
* non-uac works
* switch become/runas to LogonUser/CreateProcessWithTokenW
* fixes#22218
* provides consistent behavior across authtypes
* auto-elevates on UAC if target user has SE_TCB_NAME ("Act as part of the operating system") privilege
* sets us up for much more granular capabilities later (eg, network/service/batch logons)
* New Cisco ACI Attachable Entity Profile Module
* PEP8 Verified
* Various Fixes
* Refactored: aci_aep
* Updated to the latest changes from aci-ansible
* And a small cosmetic change
* - deprecated panos_nat_policy in lieu of pano_nat_rule that uses next generation SDK (PanDevice). Also renamed the module so that is aligns with API calls and UI framework.
* - ansible_metadata requires metadata_version instead of just version key in 2.4
* PEP8 changes
* PEP8 changes
* Emit deprecation warning and add boilerplate
* ansible-inventory cli tool
added vars dump to graph
made yaml inventory dump actual yaml inventory format
cleaner dump
fixed graph, no dump needed
add pulling in host/group vars
pep indentation crime
added docstring for manpage autodoc
remove ansible_facts from output
added api compat layer
allow import from new and old APIs
better conditional for <2.4
pe4+p4
test stuck on OS X (seems popular today) but passes rest, merging anyways
* - renamed panos_security_policy to panos_security_rule in order to better align with UI and API calls
* - fixed PEP8 issues
* - ansible bot does not like multiline comments. Using > for now.
* Add deprecation warning and boilerplate
* Ansible Config part2
- made dump_me nicer, added note this is not prod
- moved internal key removal function to vars
- carry tracebacks in errors we can now show tracebacks for plugins on vvv
- show inventory plugin tracebacks on vvv
- minor fixes to cg groups plugin
- draft config from plugin docs
- made search path warning 'saner' (top level dirs only)
- correctly display config entries and others
- removed unneeded code
- commented out some conn plugin specific from base.yml
- also deprecated sudo/su
- updated ssh conn docs
- shared get option method for connection plugins
- note about needing eval for defaults
- tailored yaml ext
- updated strategy entry
- for connection pliugins, options load on plugin load
- allow for long types in definitions
- better display in ansible-doc
- cleaned up/updated source docs and base.yml
- added many descriptions
- deprecated include toggles as include is
- draft backwards compat get_config
- fixes to ansible-config, added --only-changed
- some code reoorg
- small license headers
- show default in doc type
- pushed module utils details to 5vs
- work w/o config file
- PEPE ATE!
- moved loader to it's own file
- fixed rhn_register test
- fixed boto requirement in make tests
- I ate Pepe
- fixed dynamic eval of defaults
- better doc code
skip ipaddr filter tests when missing netaddr
removed devnull string from config
better becoem resolution
* killed extra space with extreeme prejudice
cause its an affront against all that is holy that 2 spaces touch each other!
shippable timing out on some images, but merging as it passes most
* - deprecated panos_address and panos_service in lieu of common panos_object
* - deprecated/removed panos_address and panos_service in lieu for panos_object
* squash! - deprecated/removed panos_address and panos_service in lieu for panos_object
* - fixed PEP8 issues
* - ansible_metadata requires metadata_version instead of just version key in 2.4
* add > to multi line descriptions
* update version string to 2.4
* Update legacy-files.txt
* prompt for new pass on create/encrypt if none specified
Make 'ansible-vault' edit or encrypt prompt for a password
if none or provided elsewhere.
Note: ansible-playbook does not prompt if not vault password
is provided
* dont show vault password prompts if not a tty
* Fail if an empty string is set as src for copy module
Fixes#27363
* Cleanup task formatting on copy tests
Use multi-line YAML
Add debug statements with verbosity: 1 rather than leave them in there commented out.
* Add test for empty string as source
* Do more checks in order to add more specific errors messages
Add more integration tests for the various failure scenarios.
Cleanup some syntax on existing integration test tasks.
* Add config option for a default list of vault-ids
This is the vault-id equilivent of ANSIBLE_DEFAULT_PASSWORD_FILE
except ANSIBLE_DEFAULT_VAULT_IDENTITY_LIST is a list.
* Better handling of empty/invalid passwords
empty password files are global error and cause an
exit. A warning is also emitted with more detail.
ie, if any of the password/secret sources provide
a bogus password (ie, empty) or fail (exception,
ctrl-d, EOFError), we stop at the first error and exit.
This makes behavior when entering empty password at
prompt match 2.3 (ie, an error)
* Add comment option to authorized_keys
* Update version_added for authorized_keys comment
* PEP8
* Include index rank in parsed_key_key
* Properly display diff
Only display diff if specificed via settings
* Fix PEP8 test failure
Removed from legacy files since it is now properly formatted
* Cleanup integration test formatting and add test for new comment feature
* Correct version_added for new option
* Add intent arguments for ios_interface
* Intent argument support
* Integration test case for intent arguments
* Fix ci issue
* Add intent arguments for iosxr_interface
* Add intent check support for iosxr_interface
* Integration test for intent + configuration
* Fix ci failure
* Handle common agrument in aggregate parameter for vyos module
* Add supoort to set parameter in aggregate to it's respctive
top level argument if value not provided in aggregate.
* Aggregate argument spec validation
* Documentation for aggregate
* Fix unit test failure
Allow user to mark the x509v3 extensions as critical, by specifying the
$extension_critical boolean, where $extension is the name of the
extension.
Currently this module supports only 3 differents x509v3 extensions:
* keyUsage
* extendedKeyUsage
* subjectAtlName
There are more to come.
* circonus_annotation: clean description
- add 'default' field
- default value for 'required' field is false
- use formatting function
* circonus_annotation: clean argument_spec
remove useless conversion
default of 'required' False
use 'default' when possible
* circonus_annotation: fix pep8
* circonus_annotation: add RETURN block
* circonus_annotation: check_mode isn't supported, add a note
* aci_lldp_interface_policy: Manage LLDP interface policies
Module to manage LLDP interface policies on Cisco ACI fabrics.
This module is idempotent, and supports check-mode and has diff-support.
* Rename aci_lldp_interface_policy to aci_lldp_policy
* [password] _random_password -> random_password and moved to util/encrypt.py
* [passwordstore] Use built-in random_password instead of pwgen utility
* [passwordstore] Add integration tests
* First batch of modules renamed from plural to singular
Related to this proposal: https://github.com/ansible/proposals/issues/10
* Emit rename deprication warning
* Update legacy-files.txt and skip.txt to reflect new names
pip to core because users frequently use pip to install packages to run
ansible modules.
win_chocolatey to community as it still needs some work before we'd be
ready to include it in core support.
vca module utility uses response object instead of
response.content which raises exception in while fail_json
call. Use content attribute from response object instead which
is exact description of HTTP Response error.
Fixes#25378
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
1fe67f9 introduced retries to the ssh connection put file and fetch
file. Unfortunately, that change broke the smart transport because it
started raising exceptions instead of returning from _run(). This
breakage is documented in #23711.
An attempt to fix it was made at #23717 but the first attempt was
objected to as needing to touch too much code. The second attmept was
objected to as smart was forced to encapsulate retries (thus retrying
a sftp "rety" times before trying scp "retry" times and then finally
moving onto piped). This third attempt has retries encapsulate smart.
So each sub-transport is tried once and if all three fail, another retry
attempt is made which tries each of the three again.
Fixes#23711Fixes#23717
* Add state intent argument in vyos interface
* State intent argument support
* Integration test for supported intent arguments
* Add intent testcase
* FIx ci issue
* junos_interface intent arguments
* Add check for intent argument in junos_interface
* Integration test for intent arguments
* Minor type fixes
* Add delay only if config diff is present
* add enabled configuration argument
* net_interface test case changes
* Minor doc change
Tested with:
from datetime import datetime, timedelta
from dateutil.relativedelta import relativedelta
n = datetime.now()
assert n + timedelta(days=365) == n + relativedelta(years=1)
* Fixes#28016: rabbitmq_plugin for Windows
* Disable documentation check for rabbitmq_plugin.ps1
* Renamed rabbitmq_plugin -> win_rabbitmq_plugin
* Fixed the documentation after review
* Fixed 'RETURN' section
* Fixed docs for original module
* Added dots to original module docs.
* Optimize template
* In fixing template to handle diff correctly #24477, I introduced more
round trips to the remote end which slowed things down The new code now
uses one fewer round trips than the old code.
* Reimplement a large part of template by calling the copy action plugin
instead of doing it in template's code. This reduces the code in
template and gives us one place to fix bugs and optimize.
* Add a follow parameter to template that mirrors the follow parameters
for file and copy.
* Fix copy's diff handling (probably broken in my rewrite for in 2.4
development)
* Adjusted when copy creates tmp dirs to rduce round trips in copy and
template.
Fixes#27956
* Fix idempotency for Unix permissions in zip files.
This fix prevents the unarchive module from reporting 'changed' when a zipfile contains items with Unix permissions that differ from the system default.
* Update zip unarchive tests.
Additional tests for the unarchive module with zip files:
- Test file in zip archive with non-default permissions
- Test file added to zip archive with Windows permissions
* Additional fix for mixed win/unix archives.
Turns out my original fix fails under some mixed archives, as setting the umask to zero can be applied to those files. This creates a per-file umask variable, so a mix of permission types don't cause problems.
* CI Checks
CI checks for archives with:
* non default Unix permissions
* Windows permissions
* Workaround for BSD differences.
Using Zipinfo due to lack of support in BSD unzip.
Permissions handling is also different in BSD -- always applies UMASK to file permissions.
* Added checks for creating directories and SSH keys for existing users.
* Add AWSRetry to ec2_asg
* Paginate describing ASGs and launch configurations
pass connection to delete_asg
Fix a couple little bugs
* Use boto3's pagination build_full_result()
* Adapt azure_rm_resource_group to azure 2.0.0 + azure Cli support
* Fix exceptions in Azure ARM plugins
* update azure_rm_networkinterface documention to reflect required params
* change state param to not required for docs in azure_rm_subnet
* fix import to reflect azure==2.0.0 changes
* add aliases and fix docs for azure_rm_storageblob
* add resource_group_name alias to azure_rm_storageaccount_facts
* fix import bug due to change in azure==2.0.0
* fix args bug and enum modules issue
* update docs to reflect azure==2.0.0
* pin management clients to a specific api_version
* update docs to reflect the new azure-ansible-base python package
* add fallback for older api resource group listing
* rework azure dependencies installation
* refactor path joining to a cross-plat solution
* replace boto with boto3 for the s3 module
make s3 pep8 and remove from legacy files
fix s3 unit tests
* fix indentation
* s3 module - if we can't create an MD5 sum return None and always upload file
* remove Location.DEFAULT which isn't used in boto3 and tidy up the docs
* pep8
* s3: remove default: null, empty aliases, and required: false from documentation
fix incorrectly documented defaults
* Porting s3 to boto3. Simplify some logic and remove unused imports
* Fix s3 module variables
* Fix a typo in s3 module and remove from pep8 legacy files
* s3: add pagination for listing objects.
Fix logic and use head_object instead of get_object for efficiency.
Fix typo in unit test.
* Fix pagination to maintain backwards compatibility.
Fix incorrect conditional.
Remove redundant variable assignment.
Fix s3 list_object pagination to return all pages
* Use the revised List Objects API as recommended.
* Wrap call to paginated_list in a try/except
Also remembered to allow marker/prefix/max_keys to modify what keys are listed
* Simplify argument
* use of multiple chocolatey package names
It might be helpful to users, to clarify whether/when <name:> must specify a single package.
Users who are familiar with chocolatey may be accustomed to installing multiple packages in a single invocation of 'choco install'.
I believe win_chocolatey currently accepts multiple package names when state: is latest or present.
For instance, this appears to work currently:
- win_chocolatey:
name: >-
pscx
windirstat
state: latest
However, when state: is absent, uninstall is not performed if multiple package are specified.
The chocolate.log output suggests that chocolatey is treating the multiple packages as an 'exact' name of a single package name:
2017-08-10 19:04:04,087 2424 [DEBUG] - Command line: "C:\ProgramData\chocolatey\choco.exe" list --local-only --exact pscx windirstat
2017-08-10 19:04:04,087 2424 [DEBUG] - Received arguments: list --local-only --exact pscx windirstat
I find the current behavior helpful in terms of accepting multiple package names, even if uninstall must be treated differently.
It might be helpful to show an example of how multiple uninstalls can be handled by looping over them.
- win_chocolatey:
name: "{{ item }}"
state: absent
with_items:
- pscx
- windirstat
* revise per Jordan Borean. remote colon (:) from text. revise formating.
* Update win_chocolatey.py
* Use ChocolateyInstall env variable after installation
Fixes#19725 Custom install locations specified by the ChocolateyInstall
env variable in win_chocolatey
After an initial install of chocolatey, use the ChocolateyInstall
environment variable when assigning $script:executable .
* Improve process of locating "choco.exe" post-initial install
Implement feedback for locating choco:
* Check if choco.exe is in PATH, if there use this
* If not in path and ChocolateyInstall var is available, use that
* Otherwise, use the equivalent of Windows Special Folder CommonApplicationData for locating chocolatey.
(Chocolatey install (v0.10.7) uses CommonApplicationData when ChocolateyInstall is not set.)
* win_hotfix: new module to install Windows hotfixes
* revert to older module util loader style to satisfy the checks for now
* Changes from PR
* changed the test hotfix so we can run tests in shippable
* win_user_right: add module with tests
* fixed up name of module in docs
* forgot the test module
* fixed up whitespace
* changes made to win_user_right based on feedback
* moved away from using secedit to Win32 with P/Invoke
* tidied up copyright for documentation
The prompt_formats dict didn't get the 'prompt_ask_vault_pass'
item added for interactive --ask-vault-pass, which
caused "KeyError: u'prompt_ask_vault_pass'"
Fixes#27885
In answer to #2540, `aptitude` was introduced as tool of choice for running
upgrades in the apt module and installing new packages that arise as
dependencies during upgrades.
This recently lead to problems, as for example Ubuntu Xenial (16.04) ships
without aptitude (installed).
Studying the man pages of both apt-get and aptitude, it appears that we can
achieve the effects of `aptitude safe-upgrade` using
```
apt-get upgrade --with-new-pkgs --autoremove
```
while `aptitude full-upgrade` seems to be identical to `apt-get dist-upgrade`.
We use `apt-get` as described above as a fall-back in case that `aptitude`
cannot be found, issuing a warning when it does so.
Furthermore it introduces a flag `force_apt_get` which may be used to enforce
usage of apt-get (which does not issue a warning).
The integration tests are updated accordingly.
Cf. also the discussion in #27370.
Fixes#18987
* ovirt_templates: added option to name imported disk as a template
* ovirt_templates: added version_added to new attribute
* ovirt_templates: added alias for image_name and example
* added alias glance_image_disk_name for image_name
* example how to import image from glance as template
* improve description of template_image_disk_name
* Add aggregate functionality to eos_vrf
* Add tests for eos_vrf aggregate option
* Remove test2 and test3 vrfs at the beginning of the eos_vrf tests
* Pull all vrfs
With aggregate, we need to get all VRFs and we then compare with
desired VRFs, instead of assuming it will be just one.
* New Module: Notification module for Office 365 Connector Cards (notification/office_365_connector_card)
* Updates per review
* Added connection check when in check mode
* Adding VMware tools module
Functionality: Waits for VMware tools to become available (running
state)
* Adding base integration test preparations
Until govcsim supports actual guest tool status, the tests are disabled
* Cleanup and better getvm method
* Updating Changelog
* Adding required metaclass and future import
* Rename to vmware_guest_tools_wait
* Cleanup of documentation
* Fixing review remarks
This PR includes:
- Removal of get_exception (sadly)
- Avoid deprecating 'state' parameter with aci_rest
- Small fix for querying using aci_rest
Signed-off-by: @bcoca
* template: fix KeyError: 'undefined variable: 0
For compatibility with the Context.get_all() implementation
in jinja 2.9, make AnsibleJ2Vars implement collections.Mapping.
Also, make AnsibleJ2Template.newcontext() handle dict type
for the 'vars' parameter.
See: d67f0fd4cc
Fixes: https://github.com/ansible/ansible/issues/20494
* add units/template/test_vars
* intg tests for jinja-2.9 issues like 20494
test cases here are based on
https://github.com/ansible/ansible/issues/20494#issue-202108318
This commit provides an environment option to change the behaviour so
that it's possible to declare any changes shoudl be considered a junit
failure.
This is useful when carrying out idempotent testing to ensure that
multiple runs are safe and any changes should be considered a test
failure.
In a CI test of an ansible role the practice would be to run the role
once without this to configure the test system, and tehn to run a second
time including this environment vairable so that the CI engine
processing the junit report recognise any changes to be a test fail.
This provides a sensu_client module in order to be able to dynamically
configure a Sensu client.
It takes a different approach than the existing Sensu modules such as
sensu_check but is hopefully a much more flexible and simple way of
handling configurations.
* nxos_bgp_neighbor_af does not want required_together
* fixup tests
* Fix max_prefix_* issues
* Require address-family
* Fix idempotency for next_hop_third_party
* Fix idempotency for allowas_in*
* Fix idempotency for *_in and *_out
* Reorder command generation again
`default` is first, then `max-prefix`, then booleans
* Added in support for 'agent' and 'node' types.
* Tidies and moves `consul_acl` module closer to PEP8 compliance.
* Switched from using byspoke code to handle py2/3 string issues to using `to_text`.
* Made changes suggested by jrandall in https://github.com/ansible/ansible/pull/23467#pullrequestreview-34021967.
* Refactored consul_acl to support scopes with no pattern (and therefore a different HCL defintion).
* Corrects whitespace in Consul ACL HCL representation.
* Fixes Consul ACL to return the HCL equivalent JSON (according to the Consul docs) for the set ACLs.
* Repositioned import to align with Ansible standard (!= PEP8 standard).
* Adds Python 2.6 compatibility.
* Fixes PEP8 issues.
* Removes consul_acl.py as it now passes PEP8.
* Follows advice in the "Documenting Your Module" guide and moves imports up from the bottom.
* Tidies consul_acl module documentation.
* Updates link to guide about Consul ACLs.
* Removes new line spaces from error message string.
* Provide better error message if user forgets to associate a value to a Consul ACL rule.
* Minor refactoring of Consul ACL module.
* Fixes bug that was breaking idempotence in Consul ACL module.
* Detects redefinition of same rule.
* Adds test to check the Consul ACL module can set rules for all supported scopes.
* Fixes return when updating an ACL.
* Clean up of Consul ACL integration test file.
* Verify correct changes to existing Consul ACL rule.
* Adds tests for idempotence.
* Splits Consul ACL tests into cohesive modules.
* Adds test for deleting Consul ACLs.
* Test that Consul ACL module can set all rule scopes.
* Fixes issues surrounding the creation of ACLs.
Thanks for the comments by manos in https://github.com/ansible/ansible/pull/25800#issuecomment-310137889.
* Stops Consul ACL's name being "forgotten" if ACL updated by token.
* Fixes incorrect assignment when a Consul ACL is deleted.
* Fixes value of `changed` when Consul ACL is removed.
* Fixes tests for Consul ACL.
* Adds interal documentation.
* Refactors to separate update and create (also makes it possible to unit test this module).
* Improves documentation.
* Completes RETURN documentation for Consul ACL module.
* Fixes issue with equality checking for `None` in ACL Consul.
* Fixes Python 2 issue with making a decision based on `str` type.
* Fixes inequality check bug in Python 2.
* Adds tests for setting ACL with token.
* Adds support for creating an ACL with a given token.
* Outputs operation performed on Consul ACL when changed.
* Fixs issue with test for creating a Consul ACL with rules.
* Corrects property used to set ACL token in python-consul library.
* Fixes tear-down issue in test that creates a Consul ACL using a token.
A fileglob may issue a warning `Unable to find xxxx in expected paths` when `ansible_search_path` is not defined, because it loops over the characters in the string instead of looping over a list of one element.
* fixes for edge cases - load_balancers has not been specified - don't want to delete existing elbs, wanted elbs aren't a superset of has_elbs (eg. 1 elb existing, adding another), specifying load_balancers: [] to delete existing elbs
* Fix module failure with pacemaker_cluster: state=cleanup
If state=cleanup was used, set_cluster() was being called
with 'cleanup' state which it doesn't handle. Instead
use existing clean_cluster() method.
Fixes#27799
* get and return cluster_state on state=clean as well
* Import original unmodified upstream version
This is another attempt to get the xml module upstream.
https://github.com/cmprescott/ansible-xml/
This is the original file from upstream,
without commit 1e7a3f6b6e2bc01aa9cebfd80ac5cd4555032774
* Add additional changes required for upstreaming
This PR includes the following changes:
- Clean up of DOCUMENTATION
- Rename "ensure" parameter to "state" parameter (kept alias)
- Added EXAMPLES
- Remove explicit type-case using str() for formatting
- Clean up AnsibleModule parameter handling
- Retained Python 2.4 compatibility
- PEP8 compliancy
- Various fixes as suggested by abadger during first review
This fixescmprescott/ansible-xml#108
* Added original integration tests
There is some room for improvement wrt. idempotency and check-mode
testing.
* Some tests depend on lxml v3.0alpha1 or higher
We are now expecting lxml v2.3.0 or higher.
We skips tests if lxml is too old.
Plus small fix.
* Relicense to GPLv3+ header
All past contributors have agreed to relicense this module to GPLv2+, and GPLv3 specifically.
See: https://github.com/cmprescott/ansible-xml/issues/113
This fixescmprescott/ansible-xml#73
* Fix small typo in integration tests
* Python 3 support
This PR also includes:
- Python 3 support
- Documentation fixes
- Check-mode fixes and improvements
- Bugfix in check-mode support
- Always return xmlstring, even if there's no change
- Check for lxml 2.3.0 or newer
* Add return values
* Various fixes after review
* rm unneeded parens following assert
* rm unused parse_vaulttext_envelope from yaml.constructor
* No longer need index/enumerate over vault_ids
* rm unnecessary else
* rm unused VaultCli.secrets
* rm unused vault_id arg on VaultAES.decrypt()
pylint: Unused argument 'vault_id'
pylint: Unused parse_vaulttext_envelope imported from ansible.parsing.vault
pylint: Unused variable 'index'
pylint: Unnecessary parens after 'assert' keyword
pylint: Unnecessary "else" after "return" (no-else-return)
pylint: Attribute 'editor' defined outside __init__
* use 'dummy' for unused variables instead of _
Based on pylint unused variable warnings.
Existing code use '_' for this, but that is old
and busted. The hot new thing is 'dummy'. It
is so fetch.
Except for where we get warnings for reusing
the 'dummy' var name inside of a list comprehension.
* Add super().__init__ call to PromptVaultSecret.__init__
pylint: __init__ method from base class 'VaultSecret' is not called (super-init-not-called)
* Make FileVaultSecret.read_file reg method again
The base class read_file() doesnt need self but
the sub classes do.
Rm now unneeded loader arg to read_file()
* Fix err msg string literal that had no effect
pylint: String statement has no effect
The indent on the continuation of the msg_format was wrong
so the second half was dropped.
There was also no need to join() filename (copy/paste from
original with a command list I assume...)
* Use local cipher_name in VaultEditor.edit_file not instance
pylint: Unused variable 'cipher_name'
pylint: Unused variable 'b_ciphertext'
Use the local cipher_name returned from parse_vaulttext_envelope()
instead of the instance self.cipher_name var.
Since there is only one valid cipher_name either way, it was
equilivent, but it will not be with more valid cipher_names
* Rm unused b_salt arg on VaultAES256._encrypt*
pylint: Unused argument 'b_salt'
Previously the methods computed the keys and iv themselves
so needed to be passed in the salt, but now the key/iv
are built before and passed in so b_salt arg is not used
anymore.
* rm redundant import of call from subprocess
pylint: Imports from package subprocess are not grouped
use via subprocess module now instead of direct
import.
* self._bytes is set in super init now, rm dup
* Make FileVaultSecret.read_file() -> _read_file()
_read_file() is details of the implementation of
load(), so now 'private'.
* Changed rpm-keyid extraction and verification method
* minor style fixes
* fixed rpm key deletion,added integration test for mono key,fixed wording in integration tests
* Add delay and check configuration is right when interfaces is set on eos_vrf
Per the spec we put up for declarative intent modules, we need to check declarative
intent params (in the case of eos_vrf it's 'interfaces') after a delay and non-declarative
params have been set.
If that doesn't meet desired state after delay, we fail the task.
* Check declarative intent param only if config changed
* Fix pep8 issue
* Change default of delay param to 10
* Revert bogus change on eos_vlan
Since the module's path parameter is of the AnsibleModule type path
it's already being expanded. Hence no need to have the
set_fs_attributes_if_different method do its own expand.
This additional expand is an actual problem when the file module runs
recursively, as real existing file names can be mistakenly expanded to
something completely wrong and non-existing.
Fixes#25005Fixes#25639
Add support for adding multiple NICs in VMWare vSwitch.
Also, updated documetation with example.
Fixes: #23522
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* helpers.py: Fixes#27334 include empty task file within a 'block' disables the complete block
* include module: added warning if file without tasks is included
* moved aws elasticache module to boto3
* fixed error and improved code
* implemented requested changes
* now checking for missing boto3 packages in a better way
* now dynamically setting the default port depending on the engine if it is not set
* moved standard import in front of ansible ones
* now case insensitive in regards to engine name
* removed superfluous spaces
* now checking for None in the correct way
* removed elasticache module from exceptions to pep8 testing
* removed hardcoded default ports and letting aws decide if no port is given
Updates ec2_lc module to use boto3. Adds parameters:
instance_id
placement_tenancy
Also added a second example using instance_id and updated the docs with the new parameters.
* Return the request dictionary in the results
It's sometimes useful to have access to the request params in a k8s
style. The dictionary returned by the request_params call can be
serialized into YAML to produce a k8s like file.
* Add dry_run option to skip module execution
By having support for dry_run executions, it'll be possible to generate
YAML files from the results dictionary by using the data in the
`requests` key.
This PR includes:
- Documentation improvements (mostly related to boolean defaults)
- Make PEP8 compliant
- Ensure imports are specific
- Few cosmetic changes (sort lists, casing, punctuation)
* add new module do_sshkeys
* Deprecate digital_ocean_sshkey.py in favor of do_sshkeys
* Should not exit changed if name not set and key exist
* Add ansible metadata
* Return "ansible_facts" instead of "data" key
* Update documentation and remove unused import
* Remove facts module (1 module / PR)
* Fix
* Fix
* fix version_added
* Change old module status to deprecated
* Change old module status to deprecated
* Fix module deprecation
* Add support for new DO_OAUTH_TOKEN env var
* Fix python 2.6 positional index
* Update deprecation info
* Configure timeout and validate_certs for fetch_url
* rename do_sshkeys to digital_ocean_sshkeys
* Module is replaced, not deprecated anymore
* Fix module name
* Add version to new parameters
* Update module from boilerplate
We use ansible+cloudformation pretty heavily in our CI environments and occasionally bump into throttling issues. By adding this error code to the retry system we should be able to achieve better stability.
It's not clear from the docs whether you need to set `update_cache`
when using `cache_valid_time`.
Setting `cache_valid_time` should imply `update_cache`. Update docs
to reflect this.
* Reimplement iso_extract using 7zip (not requiring root)
So one of the drawbacks of the original implementation is that it required root for mounting/unmount the ISO image.
This is now no longer needed as we use 7zip for extracting files from the ISO.
* Fall back to using mount/umount if 7zip not found
As discussed with others.
Also improved integration tests.
This exposed some additional errors in logic in IncludeFile, which
had to be fixed to deal with the fact that the role path (unlike paths
from includes) are always absolute paths.
Fixes#27345
It allows retaining the version number in the downloaded artifact's name when the version to be downloaded is dynamically determined ('latest').
So far, the behavior was to overwrite the version string in the artifact name with 'latest' which leaves no trace of what version the downloaded artifact has. E.g., you cannot use this information for further processing like transferring it to an RPM that is built from the artifact.
This fulfills feature request ansible/ansible#22337
This PR includes:
- RETURN information (since the difference between status_code and
status was confusing)
- Improvements to parameter definition (and docs)
- PEP8 compliancy
Fix 'module' object is not callable
* rhn_register: fix Python 3 compatibility
* rhn_register: update requirements
* rhn_register: add unit tests
* Add missing method name
* use a dedicated line for XML related requirements
* rhn_register: drop support for Python 2.4
* rhn_register unit tests: fix Python 3 compatibility
* refactor in order to check order of the requests
* Fix for issue ansible/ansible#27715
* Also fixing mutually exclusive check
* Updating subspec checks
These changes take into account a spec with all features enabled and do
the following tests for subspecs:
1. Test proper specs
2. Test Alias
3. Test missing required param
4. Test mutually exclusive params
5. Test required if params
6. Test required one of params
7. Test required together params
8. Test required if params with a default value
9. Test basis subspec params
10. Test invalid subsec params
* adds new filter plugins for network use cases
* adds parse_cli filter
* adds parse_cli_textfsm filter
* adds Template class to network_common
* adds conditional function to network_common
* fix up PEP8 issues
* Add aggregate for junos modules and sub spec validation
* aggregate support of junos modules
* aggregate sub spec validation
* relevant changes to junos integration test
* junos module boilerplate changes
* Add new boilerplate for junos modules
* Fix CI issues
The IMC interface can be quite slow depending on the XML fragments used.
So we increase the default timeout to 60 seconds, and return the elapsed
time so it is easier to determine what timeout value makes sense from
earlier runs.
We also renamed **imc_xml** to **imc_rest**, now that we still can.
* win_stat: Add stat.isreg support
This PR includes the following changes:
- Adds stat.isreg support (cfr. the stat module)
- Always returns stat.isdir, stat.islnk, stat.isreg, stat.isshared
* Remove the controversial part
* s3_bucket: fix policy sorting for python3 so strings are evaluated as less than tuples.
Add tests to ensure this behavior is maintained.
* Fix s3_bucket comparison function to work on both Python 3.5 and 3.6
* s3_bucket: document that cmp_to_key is used for python 2.7.
Add another test for s3_bucket to compare policies of different sizes.
* fix pep8
* Work around code-smell grepping by not using the word 'cmp'.
* New module for managing AWS Datapipelines
* Supports create/activate/deactivate and deletion
* Handles idempotent creation by embeding the version in the
uniqueId field
* Waits for requested state to be reached, as Botocore doesn't
have waiters yet for datapipelines
* rename module, fix imports, add tags option, improve exit_json results, fix a couple bugs, add a TODO so I don't forget
fix pep8
allow timeout to be used for pipeline creation
make .format syntax uniform
fix pep8
fix exception handling
allow pipeline to be modified, refactor, add some comments, remove unnecessary imports
pipeline activation may not be in the activated state long
remove datapipeline version option
change a loop to a list comprehension
create idempotence by hashing the options given to the module minus the objects (which can be modified)
small bugfix
* data_pipeline unittests
make unittests pep8
fix bug in unittests
* remove exception handling that serves no purpose
* Fix python3 incompatibilities in datapipeline tests and add placebo fixture maybe_sleep for faster tests
Fix python3 incompatibilities in data_pipeline build_unique_id()
Don't delete a pipeline in diff_pipeline() because it's unexpected
Don't use time.time() because it causes an issue with placebo testing
re-recorded tests
fix pep8 in data_pipeline
Remove disable_rollback from tests
Make sure unique identifier is a string
re-record tests
* improve documentation and add another example
* use a placebo fixture instead of redundant code in tests
fix tests for PLACEBO_RECORD=false
* Fix data_pipeline docs
use isinstance instead of type()
fix documentation
* fix documentation
* Remove use of undefined variable from data_pipeline module and fix license
* fix copyright header
* Properly include aliases in ansible-doc output
Use correct variable name for storing aliases and only print them out if the list isn't empty.
Fixes#24498
* Only include choices in output if choices exist in the list
Fix adds missing imports and boilerplate for proxysql.
It also remove get_exception calls in-favor of native exception.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Added fix for missing imports and boilerplate in files modules,
also, removed get_exception calls to match 2.6> exception handling.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
A playbook that does `timezone name=Australia/Brisbane` on
a host previously in UTC will appear to take 10 hours.
Improve the seconds handling for playbooks that take longer
than one hour.
Improve the hours handling for playbooks that take longer than
one day.
TZ change before:
```
Playbook run took 0 days, 10 hours, 0 minutes, 36055 seconds
```
After:
```
Playbook run took 0 days, 0 hours, 0 minutes, 55 seconds
```
Sleep for 100s more than one hour before:
```
Playbook run took 0 days, 1 hours, 1 minutes, 3641 seconds
```
After:
```
Playbook run took 0 days, 1 hours, 1 minutes, 41 seconds
```
* add option for path to pear executable
this is useful if you have multiple versions of PHP installed at once,
using SCL PHP RPMs from Red Hat or some other method
* update version number
* improve wording
* ManageIQ: manageiq_user module, module utils and doc_fragment
ManageIQ is an open source management platform for Hybrid IT.
This change is adding:
- manageiq_user module, responsible for user management in ManageIQ
- manageiq utils
- manageiq doc_fragment
* Handle import error
* Use formatting options
* group parameter is required
* changed doesn't need to be an attribute
* resource dictionary should contain values which isn't None
* move from monitoring to remote-management
* Use ManageIQ nameing convention
* Do not set defauts in arguments
* Use idempotent state parameter instead of action
* Check import error in the manageiq util class
* Update the miq documentation
* rename the connection configuration from miq to manageiq_connection
* All messeges start with non cap, fix typos, add examples, rename vars
* more typos fixes
* Make sure we insert only strings to logs by using % formating
* use suboptions keyword for the manageiq connection
* do not log the managiq connection struct (it include sensitive information like username and password)
* add missing from __future__
* ahh, wrong no-log line
* Use sub options
Fix adds check for requests Python module and suggests user to install,
if no requests module installation found.
Fixes: #27643
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* openssl_csr: make subjectAltNames a list
* csr module now uses the new standard way to build openssl crypto modules
* add check functions for subject and subjectAltNames
* added support for keyUsage and extendedKeyUsage
* check if CSR signature is correct (aka the privatekey belongs to the CSR)
* fixes for first PR review
* fixes for second PR review
* openssl_csr: there is no need to pass on privatekey as it can be accessed directly
* openssl_csr: documentation fixes
* Initial commit for integration of HPE OneView resources with Ansible Core. Adding FC Network and FC Network Fact modules and unit tests, and OneView base class for all OV resources.
* Add 'cacheable' param to set_fact action and module.
Used just like set_fact, except facts set with cacheable: true
will be stored in the fact cache if fact caching is enabled.
set_fact normally only sets facts in the non_persistent_fact_cache, so they
are lost between invocations.
* update set_facts docs
* use 'ansible_facts_cacheable' in module/actions result
* pop fact cacheable related items out of args/results
We dont want to use 'ansible_facts_cacheable' result item
or 'cacheable' arg as actual facts, so pop them out of the
dicts.
* ec2_ami_copy.py: Fix WaiterError handling.
Change suggested by Adam Johnson at https://github.com/ansible/ansible/issues/26971
* ec2_ami_copy.py: WaiterError: fail_json: add exception parameter.
* ec2_ami_copy.py: import traceback
previously gather_subset=['!all'] would still gather the
min set of facts, and there was no way to collect no facts.
The 'min' specifier in gather_subset is equilivent to
exclude the minimal_gather_subset facts as well.
gather_subset=['!all', '!min'] will collect no facts
This also lets explicitly added gather_subsets override excludes.
gather_subset=['pkg_mgr', '!all', '!min'] will collect only the pkg_mgr
fact.
* fail the execution instead of panicking when the hostname is not found and the vmid was not provided
* return an empty vmid list if the hostname doesn't exist
* Add module cv_server_provision for integration with Arista CloudVision Portal.
* Doc update.
* Remove shebang from test file. Update short description with company and product name.
* Update exception syntax to Python3 style.
* Remove blank line between imports.
* Remove newlines from RETURN documentation.
* Add cvprac to unittest requirements.
* Update unittest format. Add a few additional tests.
* Mock exceptions from cvprac so the library is not needed for unittests.
* Mock cvprac imports.
* Update unit tests to support python 3.5.
* Mock full cvprac library for unittests.
* Update Jinja2 import to pass updated CI checks.
* Update cvprac imports format for new CI tests.
* Add __metaclass__ and __future__.
Create preserved_copy function in basic.py to perserve file ownership.
* Add a test for template preserved backup
* Use a script to get the random names
* bytes to strings
* Remove dump of hostvars
* Stop being fancy and create a testuser instead
* Fix pep8
* set file attributes
* Pass the correct data to set_attributes_if_different
* Use -j instead -b and pass the attributes as a string instead of a list
* remove debugging message
* Use shell to softly set the attr
Fixes#24408
Fix corrects the parsing of JSON output in Python 3
environment by using to_text API.
Fixes: #26489
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This allows a single template to be evaluated with different values in
the same task. For example, with a template like 'x:{{a}}', one could do
something like this:
- foo:
a: "{{ lookup('template', 'x.j2', template_vars=dict(a=foo[item])) }}"
b: "{{ lookup('template', 'x.j2', template_vars=dict(a=bar[item])) }}"
with_items:
- x
- y
…and "a" and "b" would expand to different strings based on what we
passed in to the template lookup.