* Initial commit for meraki_malware module
- Allows for manipulation of malware configuration
* Add full documentation and improve code coverage
* Add diff support
* Type change
* Sanity check fixes
* Convert org_id from str to int for consistency
* Sanity fixes again
* Fix argument type errors
* Remove ignore items for some Meraki modules so shippable is happy
* Restructure meraki_network to be simpler and work for all int tests
* Enable all integration tests and enhance error reports
* Slight tweaks to integration tests
* Add support for check mode.
* Add diff support
- Need to analyze diff for accuracy
- Updated check mode changed value
* Improve test coverage
* Remove a duplicate integration test
* Add support for check mode
* Add changelog fragment
* Add diff support
- Fix a few changed status
- Removed auth_key check since that's done in module_utils now
* win_chocolatey - honour version when bootstrapping chocolatey
* skip upgrade all step
* Fix install latest step
* Remove test changes now that Chocolatey is released
* tweak the package version detection
* Add integration test provider for vmware
This change adds a new remote cloud provider option for vmware,
supporting dynamic environments running on worldstream.nl as well as
static environments specific by the user in a cloud-config template.
* nxos_vlan: fix broken purge behavior (issue #57101)
Symptoms/Analysis:
- `nxos_vlan` `purge: true` would fail when `purge` was trying to delete all unspecified vlans, including vlan 1.
- `nxos` devices do not allow removing vlan 1 and raise a cli exception error
- Previous fix#55144 caused a side effect when `purge` was used: vlan changes specified by `aggregate` were ignored; e.g.
- vlan 4 is not present; playbook specifies `aggregate: { vlan: 4 }, purge: true`
- results in proper purging but vlan 4 is not created
Solutions:
- ignore vlan 1 when purging
- remove the `not purge` check from state present logic
Added additional unit tests and integration tests.
Tested against all regression platforms.
* PEP fixes
* Add agg_show_vlan_brief.txt fixture
* Add warning for removing vlan 1
* change method name check
* Fix order for warning on templated conditionals
Fix bare variable warnings when the variable is a boolean
* changelog
* Add tests for cases that should and should not give warnings
If the behavior may change when the default behavior for CONDITIONAL_BARE_VARS becomes False there should be a warning. Boolean type conditionals will not change in behavior so don't warn.
* oops, forgot to add files
* typo
* New module postgresql_copy
* New module postgresql_copy: added tests
* New module postgresql_copy: changed tests
* New module postgresql_copy: doc format fixes
* New module postgresql_copy: fixes
* New module postgresql_copy: added upper, PostgreSQL
* New module postgresql_copy: fixed description
* New module postgresql_copy: added note about superuser
* New module postgresql_copy: remove SQLParseError
* New module postgresql_copy: fixed opt_need_quotes type
* New module postgresql_copy: fixed check_mode
* New module postgresql_copy: small fix
* Attempt 2 of cert validation fixes
* Remove unused code
* Cleanup the tmp cert using atexit
* Fix linting issues
* Only add SSLValidationHandler when not HAS_SSLCONTEXT
* Catch value errors on non PEM certs
* Only catch NotImplementedError to avoid masking issues
* set self._context even with PyOpenSSLContext for conformity
* Fix error building
* normalize how we interact with the context we create
* Remove unused code
* Address test for py3.7 message difference
* open_url should pass the ca_path through
* Account for new error in url lookup test
* Guard some code behind whether or not we are validating certs
* Make _make_context public
* Move atexit.register up to where the tmp file is created
* Adding integration test for 127.0.0.1/32 and ::1/128.
* Making sure file is not corrupted when render fails
* Fixes#56430
* Adding changelog for MR 57147/Issue 56430
* Add test case for non-cascading deletes
Deleting a DaemonSet does not delete associated pods,
even though it should
* Add coverage module when using pip
Otherwise tests seemingly fail
* Add support for check mode
* Check mode returns proper changed status
- Added is_template_valid()
- Restructured check_mode so it will always return data
- Check mode should show proper changed status
- Code is untested and integration tests need to be expanded
* Fix deleting networks
- Add integration tests for deleting networks
- Refine tests based on changed/unchanged
* Remove one task from integration test
* Add support for disableRemoteStatusPage
- New feature in the Meraki API
- Yes, it's a double negative, I may fix at some point
* Remove double negative
- All disables became enable and logic is reversed
- This isn't yet tested
* Switching computers!!!
* Apply changes to make the logic work, even reversed
* Attempt to fix some formatting errors
* Add documentation fragment
* Fix whitespace
* Add disable_my_meraki back, with deprecation notice
* Edit changelog notice
* Update deprecation version
* Update example to be a block and change deprecation message.
* Remove duplicate delegate_to
* Change deprecation notice.
The jinja2 query() function (or lookup with wantslist=True, which is
the same thing) should always return a list.
However, if you combine a query with errors='ignore' and take the
error path, the current code returns a None value. This is important
in a case such as
- name: Conditional include file
import_tasks: '{{ item }}'
vars:
params:
files:
- path/file1.yaml
- path/file2.yaml
loop: "{{ q('first_found', params, errors='ignore') }}"
If neither file1.yaml or file2.yaml exist, this should do nothing by
returning an empty list to the loop. Currently if you run the above
task you'll get a rather unhelpful:
Invalid data passed to 'loop', it requires a list, got this instead: .
This change ensures that when a query ignores an error, it returns a
empty list. The errors='ignore' case is tested in several variants
with first_found. The extant (but deprecated) "skip: True" for
first_found doesn't seem to be explicitly tested; a test is added here
to avoid regressions before removal in 2.12.
This fixes a regression you'll hit if you follow the suggestion in the
deprecation message included with
e17a2b502d to use errors=ignore over
"skip: True" for first_found. This change adds an example that points
out the query/lookup difference and also fixes the error message to
not mention the now deprecated "skip: True".
Closes#56775
* Rewrite idempotency check
- Check now operates recursively and works on multiple types
- Order of lists matter
* Remove blank line for lint
* Fixed idempotency checks in meraki_ssid
- New sanitize() method for finding keys unique in compared dicts
- Fixed bug in meraki_ssid where SSID specified by number breaks
- This will require a backport
- Converted ignored_keys from tuple to list
* Made changes required for idempotency
* Add changelog fragment
* Add unidirectional option for testing
* Disable option 1 check
* General fixes for is_update_required testing
- Added commented out debug statements in method
- Fixed ignored_keys modifications
* Remove old commented algorithm
This was required to be installed by a human, out side of our testing.
Add it so ansible-test can now manage.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
ios_user requires escalated privledges, rather then doing this in the
inventory, we can just add it into the playbook tasks.
Also add missing provider settings for authorize.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
* ios_ntp: Switch interface to GigabitEthernet0/1 for tests
Lets use an interface we know that exists for testing, in some cases
Loopback0 maybe not be configured.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
* ios_ntp: properly register result variable for testing
This is currently broken, and tests don't work. Fix this by properly
registering the result variable.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
* Returns zone ID for existing zone or `null`
* route53_zone: add module unit tests
* route53_zone: add compatibility with Python 2.6 to the unit tests
* route53_zone: address pycodestyle warning (add blank line)
- In order to keep the integration with `ansible-test`, we prefer to avoid any
interaction with the Ansible inventory file.
- split up the prepare_vmware_tests/defaults/main.yml in two
configuration files: one for vcsim and one for a real environment
- remove all the access to hostvars
- directly interact with the ESXi to mount/umount the datastore
https://github.com/ansible/ansible/pull/56516
- record the virtual machine folder in the environment configuration
- vmware_guest_move: Use https://github.com/ansible/ansible/pull/55237
Until now, the module was only able to interact with vcenter. This
commit adds the ability to directly target an ESXi without the
`esxi_hostname` parameter.
- Also return url and update docs for other values to indicate they are only returned on success.
- Add integration tests
- Use info variable for common return values
- Use -1 as default status rather than None. This is lines up with with existing code in urls.py
- Add unit tests to ensure status and url are returned on failure
* Make datacenter as alias and optional
* Add folder param to place datastore cluster in specific folder
* Updated examples
* Updated tests
Fixes: #48010
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Quick and dirty attempt to handle eapi error
* Well this should probably change
* Hopefully this works correctly?
* Fix check_rc handling with httpapi
* Add tests that should hopefully cover the error
* Fix warnings
* Improve tests
* initial commit
* Fix typo in integration test which caused an assertion to fail
* Updated integration testing
* Fix Ansible Sanity Errors
* Changed version added to 2.8 from 2.9
* added from __future__ import absolute_import, division, print_function
__metaclass__ = type
Ensure `wait_condition`s with `Status: Unknown` actually
complete
Return k8s object after wait rather than k8s object before
wait when object is patched.
* [docker] images: add support for lookup by sha256 digest
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [tests] docker image by digest: work on a minimal test case
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docker] group branch conditions per lookup
Co-Authored-By: Felix Fontein <felix@fontein.de>
* [misc] add a news fragment for the added digest lookup for docker images
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* Allow python_requirements_facts to cope with packages with dashes
```
python_requirements_facts:
dependencies:
- kubernetes-validate
```
should work as expected
* Ensure tests run for python_requirements_facts
* azure_rm_azurefirewall
* a few updates
* fixed mistake
* updated docs, fixed syntax
* updated priority
* use checkmode for idempotence test, as it's very long
* fix check mode
* Adding New Model onyx_qos for Configuring QoS on Onyx Switches
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Fix Pep8 Failures in onyx_qos
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Fix Pep8 Failures phase 2
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Fix Samer's Comments on onyx_qos Module
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Fix Shippable Comments Phase 3
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Fix Current Version 2.9
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Attempt to handle just mode trunk properly
* Add test for trunk-only config and clean up tests
* Add missing eapi tests and remove references to provider as we do not test local
* Unchanged requests now return the original data
* Add changelog fragment
* Add integration tests for returned data for meraki_network
* Add integration tests for returned data
* Improve idempoetent output
- Make MX l3 rules always show default rule
- Add integration tests
* Add integration tests for returned data on meraki_network
* Improved idempotency in a few modules and improved tests
* Add waiter for AWSRegional
* Add support for WAF Regional
* Add support for regional waf web acl
* Remove set_trace, pep formatting
* Add paginator for regional_waf
* Change name of param for waf_regional
This is more in line with how AWS refers to the service. Additional
changes made to how client is called. Used ternary to reduce if
statements
* Change parameter name to waf_regional
* Add support for removal waf regional condition
* Change parameter from cloudfront to waf_regional
* Added state: absent waf rule
* Remove set_trace
* Add integration tests for waf regional
* WIP: adding region parameter to tests
* Add support for waf facts module
* Add region to waf regional integration tests
* Update security policy for waf regional testing
* Add type to documentation for waf_regional param
Resolve the two following errors:
ERROR: lib/ansible/modules/cloud/vmware/vsphere_copy.py:0:0: E309 version_added for new option (host) should be '2.9'. Currently None
ERROR: lib/ansible/modules/cloud/vmware/vsphere_copy.py:0:0: E309 version_added for new option (login) should be '2.9'. Currently None
* Rewrite much of the execution of meraki_switchport
- Previous versions had problems with idempotency and allowed_vlans
* Modified payload creation
- Parameter map is used
- propsed is created using .copy()
- Much cleaner this way
* Add whitespace for lint
* Add bugfix snippet for changelog
* Moves developer docs for AWS, ovirt, and openstack modules out of lib/ansible/, integrates them with dev_guide, with abadger's fix to make python snippets pass rstcheck
* Adds a new vmware module to support getting the folders and their paths within a datacenter
* Add integration tests
* Bump version added
* Refactor integration test
* Improve grammar in docs
* auth_key parameter is required
- This will have to change when httpapi is implemented
* Add integration test
* Add assertion
* Enable VLANs on network
* Add required for auth_key
It is possible we are using a different username then 'ansible' for
testing junos. By using ansible_user_id, this should be a more dynamic
check.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
* Fixed error handling in github_issue module
Due to recent changes in github3.py library module stopped working.
This fix adds extra error handling for new changes in library.
Fixes: #39627
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Check version
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Refactor github_issue
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Change S3 bucket urls to new method as per #56124
* duplicate / and dded changelog fragment
* Revert "duplicate / and dded changelog fragment"
This reverts commit b89d5cbe6d.
* duplicate /
* Rewrite vmware_portgroup module
* support check mode
* VLAN ID isn't required anymore
* VLAN ID 0 (no tagging) is the default
* Options match values in vSphere Client and vmware_vswitch module
* Policy override is configured properly
* VMware: vmware_portgroup updates
Ensure the module still work with the ESXi where CustomFieldsManager
does not exist.
From: https://www.vmware.com/support/developer/converter-sdk/conv60_apireference/vim.CustomFieldsManager.html
The CustomFieldsManager object is used to add and remove custom fields to
managed entities.
The custom fields values set on managed entities are available through the
customValue property and through the summary objects for VirtualMachine
and HostSystem. They are not available directly through this managed object.
This functionality is only available through VirtualCenter.
Fixes: #56071
The use of the `hostvars[esxi1].ansible_host` was attempt to use
different hostname and IP address. But it's actually the source of
more problems.
VMware expects to be able to resolvable the host name. This means, that
if someone wants to run the test-suite, s/he needs to use a DNS or
update the `/etc/hosts` files on the different hosts.
* nxos_switchport: remove deprecated test target files
* Remove tests for nxos_ip_interface, nxos_portchannel; update nxos_interface
- `nxos_ip_interface` and `nxos_portchannnel` tests have been removed
- `nxos_interface` now uses current module `nxos_l3_interface` instead of `nxos_ip_interface`
* Adding Support For EVPN in BGP Module
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Fix Pep8 Failures in onyx_bgp.py
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Fix Pep8 Failures in onyx_bgp.py Phase 2
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Fix Samer's Comments
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Remove file Variable
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Adding Support for NVE Protocol in onyx_protocol
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Fix Pep8 Failures in onyx_protocol.py
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Adding Support for Traffic Class in Onyx Switches
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* Enhancing the code and elemenating code duplicate
Signed-off-by: Anas Badaha <anasb@mellanox.com>
* nxos_vpc:Fix idempotency issues with multiple attributes
Several attributes were causing idempotency problems on various platforms:
- `auto_recovery`
- This command can be disabled on certain platforms and will nvgen as `no auto-recovery`
- When enabled it has an additional optional-keyword for changing the `reload-delay` timer value
- This was addressed by adding a new attribute `auto_recovery_reload_delay` to handle setting the timer value
- This new attribute is mutually exclusive with `auto_recovery`
- `/show run vpc/show run vpc all/`
- Changed the command that gets state to `all` so that it could differentiate between `auto-recovery` and `auto-recovery reload-delay`
- This change resulted in also changing some attribute handling withing `get_vpc`, since some attributes like `peer_gw` relied on presence of the config to determine state true or false. With `all` the config is always there so these attrs must specifically check for `'no '` in the string.
- `delay_restore`
- This command has two additional, optional keywords that exist on some platforms and not others.
- New attrs:
- `delay_restore_interface_vlan`
- `delay_restore_orphan_port`
- Modified the `sanity` test to include the new attributes and to fix the platform issues.
- Bugfix Pull Request
`modules/network/nxos/nxos_vpc.py`
- Validated `nxos_vpc` `sanity` test on these platforms, all are now 100% Pass: N35, N3K, N3K-F, N6K, N7K, N9K, N9K-F
- TBD: Future work is needed to add support for `peer_gw_exclude_gw` timers. This could be addressed in the same way as the `auto_recovery_reload_delay` changes included here.
* lint fix
* Add 'version_added' tags for new options
* nxos_snmp_user: platform fixes for get_snmp_user
snmp user output behavior varies quite a bit for the different nxos platforms and required several workarounds:
- N5K/N6k
- These platforms do not support structured output for `show snmp user`.
- The current code lands in an `except` clause when the output is not structured; so I added a new `get_non_structured_snmp_user` method to scrape the state from the regular cli output if it's present.
- N9K-F
- The `group` data in the JSON output is different for this platform; it has a different key (just `group` instead of `TABLE_groups` or `group_names`) and it is not indexed
- For a single group the value is a string, for multiple groups it's a list
- sanity
- N5K/N6K/N9K-F platforms will reject `no snmp user <name> <role>` when it's the last role defined for the user.
- workaround is to use `nxos_user` to remove the user
- Changes validated on:
- `N3K, N3K-F, N35, N6K, N7K, N9K, N9K-F`
- `6.0(2)A8`
- `7.0(3)I2, 7.0(3)I4, 7.0(3)I5, 7.0(3)I6, 7.0(3)I7`
- `7.3(2)D1`
- `7.3(3)N1, 7.3(4)N1`
- `8.3(2)`
- `9.2(2), 9.2(3)`
* fix lint warning
* use navigate_value instead navigate_hash
* add async wait method
* update dict compare
* remove unuse methods
* not all modules have timeouts parameter
* navigate_value, the input data may be None
* Same api client can be used for other service as well
* Incorporated Review comments. Modified Category and Guest Fact modules which are also dependent on vmware_rest_client module util
* Adding Integration Tests for vmware_rest_client changes
* Changes to incroporate changes in vcsim testware
* Change to get vm name to attach the tag
* Alter tests to pass
* Change diff_against to make changed work again
* Add another diff_against
* Expose supports_sessions across all EOS connection types
* Change session warning to failure
* supports_sessions needs to be a method to survive the rpc boundary
* Alter tests to match
It is possible the EOS appliance doesn't have an IP address on the
management1 interface, instead just check we have found that interface.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
* sysctl will now return an error if the value is invalid
sysctl can fail to set a value even if it returns an exit status 0. More
details: https://bugzilla.redhat.com/show_bug.cgi?id=1264080. Because of
this in case of an invalid value or a read-only file system, sysctl
module would return OK, even though it didn't set anything. To be sure
that sysctl correctly applied the changes we also need to check the
output of stderr.
* Run sysctl with LANG=C
Because we are parsing sysctl stderr we need to make sure that errors
are persistent across different system language settings.
* Add changelog fragment for sysctl