Commit graph

842 commits

Author SHA1 Message Date
Marek Nogacki
b9223cdc89 ec2_group: do not fail on description mismatch (#31704) (#31734)
* ec2_group: do not fail on description mismatch (#31704)

* ec2_group: do not fail on description mismatch (#31704) - fix test case
2017-10-18 09:21:55 -04:00
Martin Krizek
e2fc61c554 Add yum integration tests using fake repo (#31646) 2017-10-18 13:07:48 +02:00
Matt Clay
7623c2fbda Disable flakey win_rabbitmq_plugin test. 2017-10-17 14:03:25 -07:00
Jordan Borean
743ff4897a win_regedit: added function to load a dat file for editing (#31289)
* win_regedit: added function to load a dat file for editing

* try to make the tests more resiliant

* more stability changes
2017-10-18 06:30:33 +10:00
Matt Clay
264452e0a8 Fix bad syntax in test_infra integration test. 2017-10-17 09:53:54 -07:00
Jordan Borean
888de842b3 win_regedit: fix extra info coming into stdout (#31813) 2017-10-17 11:58:32 +10:00
Adrian Likins
297dfb1d50 Vault secrets script client inc new 'keyring' client (#27669)
This adds a new type of vault-password script  (a 'client') that takes advantage of and enhances the 
multiple vault password support.

If a vault password script basename ends with the name '-client', consider it a vault password script client. 

A vault password script 'client' just means that the script will take a '--vault-id' command line arg.

The previous vault password script (as invoked by --vault-password-file pointing to an executable) takes
no args and returns the password on stdout. But it doesnt know anything about --vault-id or multiple vault
passwords.

The new 'protocol' of the vault password script takes a cli arg ('--vault-id') so that it can lookup that specific
vault-id and return it's password.

Since existing vault password scripts don't know the new 'protocol', a way to distinguish password scripts
that do understand the protocol was needed.  The convention now is to consider password scripts that are
named like 'something-client.py' (and executable) to be vault password client scripts.

The new client scripts get invoked with the '--vault-id' they were requested for. An example:

     ansible-playbook --vault-id my_vault_id@contrib/vault/vault-keyring-client.py some_playbook.yml

That will cause the 'contrib/vault/vault-keyring-client.py' script to be invoked as:

     contrib/vault/vault-keyring-client.py --vault-id my_vault_id

The previous vault-keyring.py password script was extended to become vault-keyring-client.py. It uses
the python 'keyring' module to request secrets from various backends. The plain 'vault-keyring.py' script
would determine which key id and keyring name to use based on values that had to be set in ansible.cfg.
So it was also limited to one keyring name.

The new vault-keyring-client.py will request the secret for the vault id provided via the '--vault-id' option.
The script can be used without config and can be used for multiple keyring ids (and keyrings).

On success, a vault password client script will print the password to stdout and exit with a return code of 0.
If the 'client' script can't find a secret for the --vault-id, the script will exit with return code of 2 and print an error to stderr.
2017-10-13 15:23:08 -04:00
Abhijeet Kasurde
a047fe0e4c Correct usage for shutil.rmtree (#31541)
* Correct usage for shutil.rmtree

Fix adds correct usage of shutil.rmtree in git module

Fixes: #31225

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

* Include archive tests so they get run

* Use new include syntax

* Cleanup syntax on git tests

- use multi-line YAML
- remove unneeded {{ }} around vars in conditionals
- remove unneeded quotes
- add task file name to task names for easier troubleshooting when things fail

* Make archive tests work for RHEL/CentOS 6

The older versions of Jinja2 in RHEL/CentOS 6 required assertion tasks using the map filter to be skipped.

The older version of git required gzip compression to be skipped on RHEL/CentOS 6.

* Account for ansible_distribution_major_version missing
2017-10-13 10:30:15 -04:00
Lujeni
91ab88dac7 pip: Use chdir directive in the venv path (fixes #25122) (#26865) 2017-10-13 12:39:47 +02:00
Matt Clay
80b0e0e05a Remove cryptography version limit in Azure tests.
No longer needed now that cryptography 2.1.1 has been released.
2017-10-12 15:34:36 -07:00
jctanner
c05a7add5f Only install pyvmomi if user is root (#31628) 2017-10-12 10:20:33 -04:00
Trishna Guha
e7145e249f fix ios_interface test unsupported param (#31622)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-10-12 11:17:06 +05:30
Matt Clay
8acb901bf2 Update Azure tests to limit cryptography version. (#31616)
* Revert "Work around cryptography 2.1 requiring pip 8.1.2+"

This reverts commit a10a80b8a3.

* Update Azure tests to limit cryptography version.
2017-10-11 19:18:16 -07:00
Rene Moser
0c416b5891 tests: cs_snapshot_policy: add integration tests 2017-10-11 18:35:54 +02:00
Philippe Dellaert
9580a6569e Fix #21112 : Adding support for configuring a CD-rom iso image (#28155)
* Initial CD-ROM support

* create cdrom bugfix

* Improving CDROM change detection and fixing template creation bug
Running MarkAsTemplate on an existing template will fail with an error

* Better change detection for guest ID
Should only mark a change in case it actually changes

* Adding integration tests

* Pep8 compliance fixes

* Adding CDROM support, including iso, client and none types

* Updating added release version for CDROM option
2017-10-11 14:29:13 +02:00
rahushen
c976ac7ed6 change ports to non well known ports and drop time_range for N1 (#31261) 2017-10-11 17:37:01 +05:30
Ricardo Carrillo Cruz
7acb0bb187 Parameterize the ssh port on ios_user tests (#31573)
On CI we use 8022 for SSH, thus we need to explicitly pass
ansible_ssh_port to the ssh command to work.
2017-10-11 12:44:57 +02:00
Ricardo Carrillo Cruz
ac95ecaf13 Remove duped authorize on ios_ping anchored tasks (#31572)
Otherwise, we get warnings.
2017-10-11 12:28:10 +02:00
Ricardo Carrillo Cruz
c75c4cbfc8 Introspect the management IP on ios_ping (#31571)
On our CI we don't have external connectivity, so let's ping to
the management interface IP.
Also, ignore errors on the expected failures tests.
2017-10-11 12:10:11 +02:00
Ganesh Nalawade
88da95bb77 Fix rollback in junos_config (#31424)
* Fix rollback in junos_config

Fixes #30778

*  Call `load_configuration` with rollback id in case
   the id is given as input
*  Pass rollback id to `get_diff()` to fetch diff from device

* Fix unit test
2017-10-11 10:25:56 +05:30
Toshio Kuratomi
dde2c96d67 Try to cleanup after the rpm_key test 2017-10-10 17:40:35 -07:00
Ricardo Carrillo Cruz
bd17edd5ed Run neighbors intent tests for ios_interface only if show lldp contains netdev (#31539) 2017-10-10 21:26:47 +02:00
Sam Doran
2610b521bc Remove sysctl entries when state=absent (#31486)
* Remove sysctl entry when state=absent
* Cleanup sysctl integration test syntax
* Correct grammar on error message
* Add sysctl integration test for state=absent
2017-10-10 09:01:33 -07:00
Lukas Bednar
5ccc1072ea [rpm_key] Fix to import first key on the system (#31514)
* [rpm_key] Fix to import first key on the system

Fixes: #31483

* [rpm_key] removed unsafe_shell and "throwaway" underscore

* [rpm_key] adding test to add the first key on system
2017-10-10 13:31:20 +02:00
Artem Zinenko
2b63ae61f2 minor updates + tests to win_firewall_rule as per jborean93 review (#29148)
* Added warning for 'force' option

* Changed 'profiles' type to list

* Changed 'interfacetypes' type to list

* Added deprecation warning and fixed doc

* updated force parameter
2017-10-10 16:23:08 +10:00
Jordan Borean
82fa922491 win_become: Added support to become a service user (#30407)
* win_become: Added support to become a service user

* fixes for linting

* changes to get local and network service working

* fixed linting issues again

* pleasing pepe
2017-10-09 17:58:29 -07:00
Jordan Borean
f2bc89a880 win_copy: added decrypt option (#31291) 2017-10-10 08:21:25 +10:00
Jordan Borean
c4b51009f0 win_copy: allow src to have invalid windows chars (#31392)
* win_copy: allow src to have invalid windows chars

* create file with colon instead of avoid checkout errors
2017-10-06 15:23:37 +10:00
Martin Krizek
08bffbcbaa yum: add integration tests for installing from URL (#30616) 2017-10-05 15:25:45 +02:00
Martin Krizek
488534b906 yum: add integration test for incompatible arch rpm (#31185) 2017-10-05 14:57:15 +02:00
Stephen
9c6ad3d076 Add update_only parameter for yum module (#22206)
* Add update_only parameter for yum module

When using latest, `update_only: yes` will ensure that only existing
packages are updated and no additional packages are installed.

* Update yum.py

Update version added for `update_only` parameter to 2.5

* add unit tests for update_only flag in yum module
2017-10-04 10:25:13 +02:00
Sam Doran
00df1fda10 Correctly write SELinux config file (#31251)
* Add new lines to end of config file lines

* Properly write out selinux config file

Change module behavior to not always report a change but warn if a reboot is needed and return reboot_required.

Improve the output messages.

Add strip parameter to get_file_lines utility to help with parsing the selinux config file.

* Add return documentation

* Add integration tests for selinux module

* Use consistent capitalization for SELinux

* Use atomic_move in selinux module

* Don't copy the config file initially

There's no need to make a copy just for reading.

* Put message after set_config_policy in case the change fails

* Add aliases to selinux tests
2017-10-03 23:38:58 -04:00
Jordan Borean
e61c2799ff win_become: move error handling to Ansible outside of shell (#31227)
* win_become: move error handling to Ansible outside of shell

* trimmed the output so double newlines don't get set

* added test for non-zero exit code

* missed issue URL on test

* changed exit to SetShouldExit
2017-10-03 21:42:27 -04:00
Jordan Borean
bba941cd5b win_copy: fix for copying encrypted file without pass (#31084)
* win_copy: fix for copying encrypted file without pass

* fix pep8 issue

* reduced the diff and fixed some minor issues
2017-10-03 12:51:57 -07:00
Adrian Likins
278ff19bea Handle vault decrypt --output=- (#31066)
In cli.CLI.unfrack_path callback, special case if the
value of '--output' is '-', and avoid expanding
it to a full path.

vault cli already has special cases for '-', so it
just needs to get the original value to work.

Fixes #30550
2017-10-03 12:02:16 -04:00
Jordan Borean
12a4dca447 win_dotnet_ngen: fix after broken in 2.4 (#31076)
* win_dotnet_ngen: fix after broken in 2.4

* added description to return values
2017-10-03 07:34:00 +11:00
Jordan Borean
67fd98da09 win_msg: added doc about msg limit and included an explicit check for better error handling (#31078) 2017-10-03 07:32:30 +11:00
Matt Clay
6d3cbbfc38 Disable failing vmware_maintenancemode test. 2017-10-02 13:19:17 -07:00
Abhijeet Kasurde
02b5c7a8a3 New module - vmware_guest_powerstate
Fix adds a new module 'vmware_guest_powerstate' to manage
power states of virtual machine.

Fixes: #30371

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2017-10-02 18:57:44 +02:00
Abhijeet Kasurde
6a7676d738 Add testsuite for vmware_maintenancemode
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2017-10-02 18:55:06 +02:00
Brian Coca
ac9278ff0f remove action plugin only fields from 'file' calls (#31047)
* remove action plugin only fields from 'file' calls

fixes #30556

* Add a test for #30556
2017-09-29 17:13:32 -07:00
Nathaniel Case
d07d9390d7 Stop toggling nxapi (#28532)
* Stop toggling nxapi all the time

* Update failed_modules

* Restore nxapi state at each toggle
2017-09-28 15:09:30 -04:00
Adrian Likins
95abc1d82e Fix fact failures cause by ordering of collectors (#30777)
* Fix fact failures cause by ordering of collectors

Some fact collectors need info collected by other facts.
(for ex, service_mgr needs to know 'ansible_system').
This info is passed to the Collector.collect method via
the 'collected_facts' info.

But, the order the fact collectors were running in is
not a set order, so collectors like service_mgr could
run before the PlatformFactCollect ('ansible_system', etc),
so the 'ansible_system' fact would not exist yet. 

Depending on the collector and the deps, this can result
in incorrect behavior and wrong or missing facts.

To make the ordering of the collectors more consistent
and predictable, the code that builds that list is now
driven by the order of collectors in default_collectors.py,
and the rest of the code tries to preserve it.

* Flip the loops when building collector names

iterate over the ordered default_collectors list
selecting them for the final list in order instead
of driving it from the unordered collector_names set.

This lets the list returned by select_collector_classes
to stay in the same order as default_collectors.collectors

For collectors that have implicit deps on other fact collectors,
the default collectors can be ordered to include those early.

* default_collectors.py now uses a handful of sub lists of
collectors that can be ordered in default_collectors.collectors.

fixes #30753
fixes #30623
2017-09-28 10:36:22 -04:00
Ganesh Nalawade
b86eea9a52 Remove provider from prepare_ios_tests integration test (#31038) 2017-09-28 15:43:15 +05:30
Ganesh Nalawade
65ab37cbd3 Remove provider from ios integration test (#31037)
*  Remove provider from each task as it is not required.
*  Add `authorize: yes` whereever required
2017-09-28 15:23:52 +05:30
Jordan Borean
a41077df20 fix for webapppool when specifying an attribute that holds a collection (#30729)
* fix for webapppool when specifying an attribute that holds a collection

* re-add always block on test
2017-09-28 16:15:55 +10:00
Will Thames
5900fee67a Fix ec2_snapshot_facts for python3
Avoid the following seen when running ec2_ami tests on python3,
presumably because the return type of `map` is different between
python2 and python3.

```
Traceback (most recent call last):
  File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 242, in <module>
    main()
  File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 238, in main
    list_ec2_snapshots(connection, module)
  File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 193, in list_ec2_snapshots
    snapshots = connection.describe_snapshots(SnapshotIds=snapshot_ids, OwnerIds=owner_ids, RestorableByUserIds=restorable_by_user_ids, Filters=filters)
  File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 312, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 575, in _make_api_call
    api_params, operation_model, context=request_context)
  File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 630, in _convert_to_request_dict
    api_params, operation_model)
  File "/usr/local/lib/python3.5/dist-packages/botocore/validate.py", line 291, in serialize_to_request
    raise ParamValidationError(report=report.generate_report())
botocore.exceptions.ParamValidationError: Parameter validation failed:
Invalid type for parameter OwnerIds, value: <map object at 0x7ff577511048>, type: <class 'map'>, valid types: <class 'list'>, <class 'tuple'>
```

https://github.com/ansible/ansible/pull/30435#issuecomment-330750498
2017-09-27 20:38:39 -07:00
jctanner
0dd3a61a75 vmware_guest: tests for createvm+modifyvm tasks (#30959)
* Save the serialized values instead of their types
* Add tests for creating and modifying VMs without using a template
* Remove blank line
* Add tests for vm deletion
2017-09-27 18:10:08 -04:00
Adrian Likins
a14d0f3586 Use vault_id when encrypted via vault-edit (#30772)
* Use vault_id when encrypted via vault-edit

On the encryption stage of
'ansible-vault edit --vault-id=someid@passfile somefile',
the vault id was not being passed to encrypt() so the files were
always saved with the default vault id in the 1.1 version format.

When trying to edit that file a second time, also with a --vault-id,
the file would be decrypted with the secret associated with the
provided vault-id, but since the encrypted file had no vault id
in the envelope there would be no match for 'default' secrets.
(Only the --vault-id was included in the potential matches, so
the vault id actually used to decrypt was not).

If that list was empty, there would be an IndexError when trying
to encrypted the changed file. This would result in the displayed
error:

ERROR! Unexpected Exception, this is probably a bug: list index out of range

Fix is two parts:

1) use the vault id when encrypting from edit

2) when matching the secret to use for encrypting after edit,
include the vault id that was used for decryption and not just
the vault id (or lack of vault id) from the envelope.

add unit tests for #30575 and intg tests for 'ansible-vault edit'

Fixes #30575
2017-09-26 12:28:31 -04:00
Ganesh Nalawade
c3d226a739 Increase pause time in junos integration test (#30740)
*  Increase pause time to a value greater
   than persistent connection timeout to clean
   out socket path.
2017-09-22 16:42:16 +05:30