From 8c74df5e67fcae15d5d050ea1ffb4d6d1aa9070c Mon Sep 17 00:00:00 2001 From: Dag Wieers Date: Tue, 19 Feb 2019 15:42:14 +0100 Subject: [PATCH] validate-modules: Fix all system modules (#52384) This PR includes validate-modules fixes for all system modules. Except a few that are deliberately implemented like this. --- lib/ansible/modules/system/aix_inittab.py | 6 +- lib/ansible/modules/system/capabilities.py | 1 + lib/ansible/modules/system/cron.py | 65 ++++-- lib/ansible/modules/system/cronvar.py | 25 +- lib/ansible/modules/system/crypttab.py | 28 ++- lib/ansible/modules/system/debconf.py | 22 +- lib/ansible/modules/system/firewalld.py | 13 +- lib/ansible/modules/system/iptables.py | 219 ++++++++++-------- lib/ansible/modules/system/java_cert.py | 46 ++-- lib/ansible/modules/system/make.py | 39 ++-- lib/ansible/modules/system/mount.py | 52 +++-- lib/ansible/modules/system/open_iscsi.py | 113 +++++---- lib/ansible/modules/system/osx_defaults.py | 100 +++----- lib/ansible/modules/system/pamd.py | 12 +- lib/ansible/modules/system/puppet.py | 56 +++-- lib/ansible/modules/system/runit.py | 17 +- lib/ansible/modules/system/sefcontext.py | 13 +- lib/ansible/modules/system/selinux.py | 77 +++--- .../modules/system/selinux_permissive.py | 29 +-- lib/ansible/modules/system/seport.py | 19 +- lib/ansible/modules/system/service.py | 4 +- lib/ansible/modules/system/solaris_zone.py | 28 ++- lib/ansible/modules/system/ufw.py | 38 +-- lib/ansible/modules/system/user.py | 9 +- lib/ansible/modules/system/vdo.py | 7 +- test/sanity/validate-modules/ignore.txt | 25 -- 26 files changed, 568 insertions(+), 495 deletions(-) diff --git a/lib/ansible/modules/system/aix_inittab.py b/lib/ansible/modules/system/aix_inittab.py index d19315250b..08ba70d962 100644 --- a/lib/ansible/modules/system/aix_inittab.py +++ b/lib/ansible/modules/system/aix_inittab.py @@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- author: - Joris Weijters (@molekuul) @@ -42,7 +42,7 @@ options: - bootwait - hold - initdefault - - off + - 'off' - once - ondemand - powerfail @@ -174,7 +174,7 @@ def main(): ]), command=dict(type='str', required=True), insertafter=dict(type='str'), - state=dict(type='str', required=True, choices=['absent', 'present']), + state=dict(type='str', default='present', choices=['absent', 'present']), ), supports_check_mode=True, ) diff --git a/lib/ansible/modules/system/capabilities.py b/lib/ansible/modules/system/capabilities.py index 369662618d..307788e230 100644 --- a/lib/ansible/modules/system/capabilities.py +++ b/lib/ansible/modules/system/capabilities.py @@ -24,6 +24,7 @@ options: - Specifies the path to the file to be managed. type: str required: yes + aliases: [ key ] capability: description: - Desired capability to set (with operator and flags, if state is C(present)) or remove (if state is C(absent)) diff --git a/lib/ansible/modules/system/cron.py b/lib/ansible/modules/system/cron.py index 7a31648d15..34148afebc 100644 --- a/lib/ansible/modules/system/cron.py +++ b/lib/ansible/modules/system/cron.py @@ -15,7 +15,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} -DOCUMENTATION = """ +DOCUMENTATION = r''' --- module: cron short_description: Manage cron.d and crontab entries @@ -27,67 +27,78 @@ description: which is used by future ansible/module calls to find/check the state. The "name" parameter should be unique, and changing the "name" value will result in a new cron task being created (or a different one being removed).' - - 'When environment variables are managed: no comment line is added, but, when the module + - When environment variables are managed, no comment line is added, but, when the module needs to find/check the state, it uses the "name" parameter to find the environment - variable definition line.' - - 'When using symbols such as %, they must be properly escaped.' + variable definition line. + - When using symbols such as %, they must be properly escaped. version_added: "0.9" options: name: description: - Description of a crontab entry or, if env is set, the name of environment variable. - Required if state=absent. Note that if name is not set and state=present, then a + - Required if C(state=absent). + - Note that if name is not set and C(state=present), then a new crontab entry will always be created, regardless of existing ones. - This parameter will always be required in future releases. + - This parameter will always be required in future releases. + type: str user: description: - The specific user whose crontab should be modified. - default: root + - When unset, this parameter defaults to using C(root). + type: str job: description: - The command to execute or, if env is set, the value of environment variable. - The command should not contain line breaks. - Required if state=present. + - The command should not contain line breaks. + - Required if C(state=present). + type: str aliases: [ value ] state: description: - Whether to ensure the job or environment variable is present or absent. + type: str choices: [ absent, present ] default: present cron_file: description: - If specified, uses this file instead of an individual user's crontab. - If this is a relative path, it is interpreted with respect to - /etc/cron.d. (If it is absolute, it will typically be /etc/crontab). - Many linux distros expect (and some require) the filename portion to consist solely + - If this is a relative path, it is interpreted with respect to I(/etc/cron.d). + - If it is absolute, it will typically be I(/etc/crontab). + - Many linux distros expect (and some require) the filename portion to consist solely of upper- and lower-case letters, digits, underscores, and hyphens. - To use the C(cron_file) parameter you must specify the C(user) as well. + - To use the C(cron_file) parameter you must specify the C(user) as well. + type: str backup: description: - If set, create a backup of the crontab before it is modified. The location of the backup is returned in the C(backup_file) variable by this module. type: bool - default: 'no' + default: no minute: description: - Minute when the job should run ( 0-59, *, */2, etc ) + type: str default: "*" hour: description: - Hour when the job should run ( 0-23, *, */2, etc ) + type: str default: "*" day: description: - Day of the month the job should run ( 1-31, *, */2, etc ) + type: str default: "*" aliases: [ dom ] month: description: - Month of the year the job should run ( 1-12, *, */2, etc ) + type: str default: "*" weekday: description: - Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc ) + type: str default: "*" aliases: [ dow ] reboot: @@ -95,10 +106,11 @@ options: - If the job should be run at reboot. This option is deprecated. Users should use special_time. version_added: "1.0" type: bool - default: "no" + default: no special_time: description: - Special time specification nickname. + type: str choices: [ annually, daily, hourly, monthly, reboot, weekly, yearly ] version_added: "1.3" disabled: @@ -106,24 +118,27 @@ options: - If the job should be disabled (commented out) in the crontab. - Only has effect if C(state=present). type: bool - default: 'no' + default: no version_added: "2.0" env: description: - - If set, manages a crontab's environment variable. New variables are added on top of crontab. - "name" and "value" parameters are the name and the value of environment variable. + - If set, manages a crontab's environment variable. + - New variables are added on top of crontab. + - C(name) and C(value) parameters are the name and the value of environment variable. type: bool - default: "no" + default: no version_added: "2.1" insertafter: description: - - Used with C(state=present) and C(env). If specified, the environment variable will be - inserted after the declaration of specified environment variable. + - Used with C(state=present) and C(env). + - If specified, the environment variable will be inserted after the declaration of specified environment variable. + type: str version_added: "2.1" insertbefore: description: - - Used with C(state=present) and C(env). If specified, the environment variable will be - inserted before the declaration of specified environment variable. + - Used with C(state=present) and C(env). + - If specified, the environment variable will be inserted before the declaration of specified environment variable. + type: str version_added: "2.1" requirements: - cron @@ -133,9 +148,9 @@ author: - Patrick Callahan (@dirtyharrycallahan) - Evan Kaufman (@EvanK) - Luca Berruti (@lberruti) -""" +''' -EXAMPLES = ''' +EXAMPLES = r''' - name: Ensure a job that runs at 2 and 5 exists. Creates an entry like "0 5,2 * * ls -alh > /dev/null" cron: name: "check dirs" diff --git a/lib/ansible/modules/system/cronvar.py b/lib/ansible/modules/system/cronvar.py index 7d13a212f4..3fb1ab7e35 100644 --- a/lib/ansible/modules/system/cronvar.py +++ b/lib/ansible/modules/system/cronvar.py @@ -20,58 +20,65 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} -DOCUMENTATION = """ +DOCUMENTATION = r''' --- module: cronvar short_description: Manage variables in crontabs description: - - Use this module to manage crontab variables. This module allows - you to create, update, or delete cron variable definitions. + - Use this module to manage crontab variables. + - This module allows you to create, update, or delete cron variable definitions. version_added: "2.0" options: name: description: - Name of the crontab variable. + type: str required: yes value: description: - The value to set this variable to. - Required if C(state=present). + type: str insertafter: description: - If specified, the variable will be inserted after the variable specified. - Used with C(state=present). + type: str insertbefore: description: - Used with C(state=present). If specified, the variable will be inserted just before the variable specified. + type: str state: description: - Whether to ensure that the variable is present or absent. + type: str choices: [ absent, present ] default: present user: description: - The specific user whose crontab should be modified. - default: root + - This parameter defaults to C(root) when unset. + type: str cron_file: description: - If specified, uses this file instead of an individual user's crontab. - Without a leading /, this is assumed to be in /etc/cron.d. With a leading - /, this is taken as absolute. + - Without a leading C(/), this is assumed to be in I(/etc/cron.d). + - With a leading C(/), this is taken as absolute. + type: str backup: description: - If set, create a backup of the crontab before it is modified. The location of the backup is returned in the C(backup) variable by this module. type: bool - default: 'no' + default: no requirements: - cron author: - Doug Luce (@dougluce) -""" +''' -EXAMPLES = ''' +EXAMPLES = r''' - name: Ensure entry like "EMAIL=doug@ansibmod.con.com" exists cronvar: name: EMAIL diff --git a/lib/ansible/modules/system/crypttab.py b/lib/ansible/modules/system/crypttab.py index 92b95efe05..41dcf8829e 100644 --- a/lib/ansible/modules/system/crypttab.py +++ b/lib/ansible/modules/system/crypttab.py @@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: crypttab short_description: Encrypted Linux block devices @@ -24,38 +24,44 @@ options: - Name of the encrypted block device as it appears in the C(/etc/crypttab) file, or optionally prefixed with C(/dev/mapper/), as it appears in the filesystem. I(/dev/mapper/) will be stripped from I(name). + type: str required: yes state: description: - - Use I(present) to add a line to C(/etc/crypttab) or update it's definition - if already present. Use I(absent) to remove a line with matching I(name). - Use I(opts_present) to add options to those already present; options with - different values will be updated. Use I(opts_absent) to remove options from - the existing set. + - Use I(present) to add a line to C(/etc/crypttab) or update its definition + if already present. + - Use I(absent) to remove a line with matching I(name). + - Use I(opts_present) to add options to those already present; options with + different values will be updated. + - Use I(opts_absent) to remove options from the existing set. + type: str required: yes choices: [ absent, opts_absent, opts_present, present ] backing_device: description: - Path to the underlying block device or file, or the UUID of a block-device prefixed with I(UUID=). + type: str password: description: - Encryption password, the path to a file containing the password, or - C(none) or C(-) if the password should be entered at boot. - default: 'none' + C(-) or unset if the password should be entered at boot. + type: path opts: description: - A comma-delimited list of options. See C(crypttab(5) ) for details. + type: str path: description: - - Path to file to use instead of C(/etc/crypttab). This might be useful - in a chroot environment. + - Path to file to use instead of C(/etc/crypttab). + - This might be useful in a chroot environment. + type: path default: /etc/crypttab author: - Steve (@groks) ''' -EXAMPLES = ''' +EXAMPLES = r''' - name: Set the options explicitly a device which must already exist crypttab: name: luks-home diff --git a/lib/ansible/modules/system/debconf.py b/lib/ansible/modules/system/debconf.py index 1bdd49aab4..e241c61c56 100644 --- a/lib/ansible/modules/system/debconf.py +++ b/lib/ansible/modules/system/debconf.py @@ -11,12 +11,13 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['stableinterface'], 'supported_by': 'core'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: debconf short_description: Configure a .deb package description: - - Configure a .deb package using debconf-set-selections. Or just query existing selections. + - Configure a .deb package using debconf-set-selections. + - Or just query existing selections. version_added: "1.6" notes: - This module requires the command line debconf tools. @@ -24,37 +25,42 @@ notes: Use 'debconf-show ' on any Debian or derivative with the package installed to see questions/settings available. - Some distros will always record tasks involving the setting of passwords as changed. This is due to debconf-get-selections masking passwords. -requirements: [ debconf, debconf-utils ] +requirements: +- debconf +- debconf-utils options: name: description: - Name of package to configure. + type: str required: true aliases: [ pkg ] question: description: - A debconf configuration setting. + type: str aliases: [ selection, setting ] vtype: description: - The type of the value supplied. - - C(seen) was added in 2.2. - choices: [ boolean, error, multiselect, note, password, seen, select, string, text, title, text ] + - C(seen) was added in Ansible 2.2. + type: str + choices: [ boolean, error, multiselect, note, password, seen, select, string, text, title ] value: description: - Value to set the configuration to. + type: str aliases: [ answer ] unseen: description: - Do not set 'seen' flag when pre-seeding. type: bool - default: False + default: no author: - Brian Coca (@bcoca) - ''' -EXAMPLES = ''' +EXAMPLES = r''' - name: Set default locale to fr_FR.UTF-8 debconf: name: locales diff --git a/lib/ansible/modules/system/firewalld.py b/lib/ansible/modules/system/firewalld.py index 1eb0168b82..970f158d76 100644 --- a/lib/ansible/modules/system/firewalld.py +++ b/lib/ansible/modules/system/firewalld.py @@ -7,12 +7,10 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type - ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} - DOCUMENTATION = r''' --- module: firewalld @@ -57,12 +55,11 @@ options: version_added: "2.8" zone: description: - - > - The firewalld zone to add/remove to/from (NOTE: default zone can be configured per system but "public" is default from upstream. + - The firewalld zone to add/remove to/from. + - Note that the default zone can be configured per system but C(public) is default from upstream. - Available choices can be extended based on per-system configs, listed here are "out of the box" defaults). - Possible values include C(block), C(dmz), C(drop), C(external), C(home), C(internal), C(public), C(trusted), C(work) ] type: str - default: system-default(public) permanent: description: - Should this configuration be in the running firewalld configuration or persist across reboots. @@ -109,8 +106,10 @@ notes: The module will not take care of this for you implicitly because that would undo any previously performed immediate actions which were not permanent. Therefore, if you require immediate access to a newly created zone it is recommended you reload firewalld immediately after the zone creation returns with a changed state and before you perform any other immediate, non-permanent actions on that zone. -requirements: [ 'firewalld >= 0.2.11' ] -author: "Adam Miller (@maxamillion)" +requirements: +- firewalld >= 0.2.11 +author: +- Adam Miller (@maxamillion) ''' EXAMPLES = r''' diff --git a/lib/ansible/modules/system/iptables.py b/lib/ansible/modules/system/iptables.py index 72b002a078..6eeddd719c 100644 --- a/lib/ansible/modules/system/iptables.py +++ b/lib/ansible/modules/system/iptables.py @@ -1,6 +1,6 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# + # Copyright: (c) 2015, Linus Unnebäck # Copyright: (c) 2017, Sébastien DA ROCHA # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) @@ -12,7 +12,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'core'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: iptables short_description: Modify iptables rules @@ -28,60 +28,61 @@ description: same as the behaviour of the C(iptables) and C(ip6tables) command which this module uses internally. notes: - - This module just deals with individual rules. If you need advanced + - This module just deals with individual rules.If you need advanced chaining of rules the recommended way is to template the iptables restore file. options: table: description: - - This option specifies the packet matching table which the command - should operate on. If the kernel is configured with automatic module - loading, an attempt will be made to load the appropriate module for - that table if it is not already there. + - This option specifies the packet matching table which the command should operate on. + - If the kernel is configured with automatic module loading, an attempt will be made + to load the appropriate module for that table if it is not already there. + type: str choices: [ filter, nat, mangle, raw, security ] default: filter state: description: - Whether the rule should be absent or present. + type: str choices: [ absent, present ] default: present action: description: - Whether the rule should be appended at the bottom or inserted at the top. - - If the rule already exists the chain won't be modified. + - If the rule already exists the chain will not be modified. + type: str choices: [ append, insert ] default: append version_added: "2.2" rule_num: description: - - Insert the rule as the given rule number. This works only with - action = 'insert'. + - Insert the rule as the given rule number. + - This works only with C(action=insert). + type: str version_added: "2.5" ip_version: description: - Which version of the IP protocol this rule should apply to. + type: str choices: [ ipv4, ipv6 ] default: ipv4 chain: description: - - "Specify the iptables chain to modify. This could be a user-defined chain or one of the standard iptables chains:" - - C(INPUT) - - C(FORWARD) - - C(OUTPUT) - - C(PREROUTING) - - C(POSTROUTING) - - C(SECMARK) - - C(CONNSECMARK) + - Specify the iptables chain to modify. + - This could be a user-defined chain or one of the standard iptables chains, like + C(INPUT), C(FORWARD), C(OUTPUT), C(PREROUTING), C(POSTROUTING), C(SECMARK) or C(CONNSECMARK). + type: str protocol: description: - The protocol of the rule or of the packet to check. - - The specified protocol can be one of tcp, udp, udplite, icmp, esp, - ah, sctp or the special keyword "all", or it can be a numeric value, - representing one of these protocols or a different one. A protocol - name from /etc/protocols is also allowed. A "!" argument before the - protocol inverts the test. The number zero is equivalent to all. - "all" will match with all protocols and is taken as default when this - option is omitted. + - The specified protocol can be one of C(tcp), C(udp), C(udplite), C(icmp), C(esp), + C(ah), C(sctp) or the special keyword C(all), or it can be a numeric value, + representing one of these protocols or a different one. + - A protocol name from I(/etc/protocols) is also allowed. + - A C(!) argument before the protocol inverts the test. + - The number zero is equivalent to all. + - C(all) will match with all protocols and is taken as default when this option is omitted. + type: str source: description: - Source specification. @@ -92,8 +93,9 @@ options: a remote query such as DNS is a really bad idea. - The mask can be either a network mask or a plain number, specifying the number of 1's at the left side of the network mask. Thus, a mask - of 24 is equivalent to 255.255.255.0. A "!" argument before the + of 24 is equivalent to 255.255.255.0. A C(!) argument before the address specification inverts the sense of the address. + type: str destination: description: - Destination specification. @@ -104,82 +106,96 @@ options: a remote query such as DNS is a really bad idea. - The mask can be either a network mask or a plain number, specifying the number of 1's at the left side of the network mask. Thus, a mask - of 24 is equivalent to 255.255.255.0. A "!" argument before the + of 24 is equivalent to 255.255.255.0. A C(!) argument before the address specification inverts the sense of the address. + type: str tcp_flags: description: - TCP flags specification. - C(tcp_flags) expects a dict with the two keys C(flags) and C(flags_set). + type: dict default: {} version_added: "2.4" suboptions: flags: description: - List of flags you want to examine. + type: list flags_set: description: - Flags to be set. + type: list match: description: - Specifies a match to use, that is, an extension module that tests for - a specific property. The set of matches make up the condition under - which a target is invoked. Matches are evaluated first to last if - specified as an array and work in short-circuit fashion, i.e. if one - extension yields false, evaluation will stop. + a specific property. + - The set of matches make up the condition under which a target is invoked. + - Matches are evaluated first to last if specified as an array and work in short-circuit + fashion, i.e. if one extension yields false, evaluation will stop. + type: list default: [] jump: description: - - This specifies the target of the rule; i.e., what to do if the packet - matches it. The target can be a user-defined chain (other than the one + - This specifies the target of the rule; i.e., what to do if the packet matches it. + - The target can be a user-defined chain (other than the one this rule is in), one of the special builtin targets which decide the fate of the packet immediately, or an extension (see EXTENSIONS - below). If this option is omitted in a rule (and the goto parameter + below). + - If this option is omitted in a rule (and the goto parameter is not used), then matching the rule will have no effect on the packet's fate, but the counters on the rule will be incremented. + type: str log_prefix: description: - Specifies a log text for the rule. Only make sense with a LOG jump. + type: str version_added: "2.5" goto: description: - - This specifies that the processing should continue in a user specified - chain. Unlike the jump argument return will not continue processing in + - This specifies that the processing should continue in a user specified chain. + - Unlike the jump argument return will not continue processing in this chain but instead in the chain that called us via jump. + type: str in_interface: description: - Name of an interface via which a packet was received (only for packets - entering the INPUT, FORWARD and PREROUTING chains). When the "!" - argument is used before the interface name, the sense is inverted. If - the interface name ends in a "+", then any interface which begins with - this name will match. If this option is omitted, any interface name - will match. + entering the C(INPUT), C(FORWARD) and C(PREROUTING) chains). + - When the C(!) argument is used before the interface name, the sense is inverted. + - If the interface name ends in a C(+), then any interface which begins with + this name will match. + - If this option is omitted, any interface name will match. + type: str out_interface: description: - Name of an interface via which a packet is going to be sent (for - packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the - "!" argument is used before the interface name, the sense is inverted. - If the interface name ends in a "+", then any interface which begins - with this name will match. If this option is omitted, any interface - name will match. + packets entering the C(FORWARD), C(OUTPUT) and C(POSTROUTING) chains). + - When the C(!) argument is used before the interface name, the sense is inverted. + - If the interface name ends in a C(+), then any interface which begins + with this name will match. + - If this option is omitted, any interface name will match. + type: str fragment: description: - This means that the rule only refers to second and further fragments - of fragmented packets. Since there is no way to tell the source or - destination ports of such a packet (or ICMP type), such a packet will - not match any rules which specify them. When the "!" argument precedes - fragment argument, the rule will only match head fragments, or - unfragmented packets. + of fragmented packets. + - Since there is no way to tell the source or destination ports of such + a packet (or ICMP type), such a packet will not match any rules which specify them. + - When the "!" argument precedes fragment argument, the rule will only match head fragments, + or unfragmented packets. + type: str set_counters: description: - This enables the administrator to initialize the packet and byte - counters of a rule (during INSERT, APPEND, REPLACE operations). + counters of a rule (during C(INSERT), C(APPEND), C(REPLACE) operations). + type: str source_port: description: - - Source port or port range specification. This can either be a service - name or a port number. An inclusive range can also be specified, using - the format first:last. If the first port is omitted, '0' is assumed; - if the last is omitted, '65535' is assumed. If the first port is - greater than the second one they will be swapped. + - Source port or port range specification. + - This can either be a service name or a port number. + - An inclusive range can also be specified, using the format C(first:last). + - If the first port is omitted, C(0) is assumed; if the last is omitted, C(65535) is assumed. + - If the first port is greater than the second one they will be swapped. + type: str destination_port: description: - "Destination port or port range specification. This can either be @@ -189,27 +205,32 @@ options: first port is greater than the second one they will be swapped. This is only valid if the rule also specifies one of the following protocols: tcp, udp, dccp or sctp." + type: str to_ports: description: - - "This specifies a destination port or range of ports to use: without - this, the destination port is never altered. This is only valid if the - rule also specifies one of the following protocols: tcp, udp, dccp or - sctp." + - This specifies a destination port or range of ports to use, without + this, the destination port is never altered. + - This is only valid if the rule also specifies one of the protocol + C(tcp), C(udp), C(dccp) or C(sctp). + type: str to_destination: description: - - This specifies a destination address to use with DNAT. + - This specifies a destination address to use with C(DNAT). - Without this, the destination address is never altered. + type: str version_added: "2.1" to_source: description: - - This specifies a source address to use with SNAT. + - This specifies a source address to use with C(SNAT). - Without this, the source address is never altered. + type: str version_added: "2.2" syn: description: - This allows matching packets that have the SYN bit set and the ACK and RST bits unset. - When negated, this matches all packets with the RST or the ACK bits set. + type: str choices: [ ignore, match, negate ] default: ignore version_added: "2.5" @@ -218,28 +239,24 @@ options: - This allows specifying a DSCP mark to be added to packets. It takes either an integer or hex value. - Mutually exclusive with C(set_dscp_mark_class). + type: str version_added: "2.1" set_dscp_mark_class: description: - This allows specifying a predefined DiffServ class which will be translated to the corresponding DSCP mark. - Mutually exclusive with C(set_dscp_mark). + type: str version_added: "2.1" comment: description: - This specifies a comment that will be added to the rule. + type: str ctstate: description: - - "C(ctstate) is a list of the connection states to match in the conntrack - module. Possible states are:" - - C(INVALID) - - C(NEW) - - C(ESTABLISHED) - - C(RELATED) - - C(UNTRACKED) - - C(SNAT) - - C(DNAT) - choices: [ DNAT, ESTABLISHED, INVALID, NEW, RELATED, SNAT, UNTRACKED ] + - C(ctstate) is a list of the connection states to match in the conntrack module. + - Possible states are C(INVALID), C(NEW), C(ESTABLISHED), C(RELATED), C(UNTRACKED), C(SNAT), C(DNAT) + type: list default: [] limit: description: @@ -247,54 +264,60 @@ options: - The number can specify units explicitly, using `/second', `/minute', `/hour' or `/day', or parts of them (so `5/second' is the same as `5/s'). + type: str limit_burst: description: - Specifies the maximum burst before the above limit kicks in. + type: str version_added: "2.1" uid_owner: description: - - Specifies the UID or username to use in match by owner rule. From - Ansible 2.6 when the C(!) argument is prepended then the it inverts + - Specifies the UID or username to use in match by owner rule. + - From Ansible 2.6 when the C(!) argument is prepended then the it inverts the rule to apply instead to all users except that one specified. + type: str version_added: "2.1" reject_with: description: - 'Specifies the error packet type to return while rejecting. It implies "jump: REJECT"' + type: str version_added: "2.1" icmp_type: description: - This allows specification of the ICMP type, which can be a numeric ICMP type, type/code pair, or one of the ICMP type names shown by the command 'iptables -p icmp -h' + type: str version_added: "2.2" flush: description: - Flushes the specified table and chain of all rules. - If no chain is specified then the entire table is purged. - Ignores all other parameters. - version_added: "2.2" type: bool + version_added: "2.2" policy: description: - Set the policy for the chain to the given target. - Only built-in chains can have policies. - This parameter requires the C(chain) parameter. - Ignores all other parameters. + type: str choices: [ ACCEPT, DROP, QUEUE, RETURN ] version_added: "2.2" ''' -EXAMPLES = ''' -# Block specific IP -- iptables: +EXAMPLES = r''' +- name: Block specific IP + iptables: chain: INPUT source: 8.8.8.8 jump: DROP become: yes -# Forward port 80 to 8600 -- iptables: +- name: Forward port 80 to 8600 + iptables: table: nat chain: PREROUTING in_interface: eth0 @@ -306,15 +329,15 @@ EXAMPLES = ''' comment: Redirect web traffic to port 8600 become: yes -# Allow related and established connections -- iptables: +- name: Allow related and established connections + iptables: chain: INPUT ctstate: ESTABLISHED,RELATED jump: ACCEPT become: yes -# Allow new incoming SYN packets on TCP port 22 (SSH). -- iptables: +- name: Allow new incoming SYN packets on TCP port 22 (SSH). + iptables: chain: INPUT protocol: tcp destination_port: 22 @@ -323,44 +346,44 @@ EXAMPLES = ''' jump: ACCEPT comment: Accept new SSH connections. -# Tag all outbound tcp packets with DSCP mark 8 -- iptables: +- name: Tag all outbound tcp packets with DSCP mark 8 + iptables: chain: OUTPUT jump: DSCP table: mangle set_dscp_mark: 8 protocol: tcp -# Tag all outbound tcp packets with DSCP DiffServ class CS1 -- iptables: +- name: Tag all outbound tcp packets with DSCP DiffServ class CS1 + iptables: chain: OUTPUT jump: DSCP table: mangle set_dscp_mark_class: CS1 protocol: tcp -# Insert a rule on line 5 -- iptables: +- name: Insert a rule on line 5 + iptables: chain: INPUT protocol: tcp destination_port: 8080 jump: ACCEPT rule_num: 5 -# Set the policy for the INPUT chain to DROP -- iptables: +- name: Set the policy for the INPUT chain to DROP + iptables: chain: INPUT policy: DROP -# Reject tcp with tcp-reset -- iptables: +- name: Reject tcp with tcp-reset + iptables: chain: INPUT protocol: tcp reject_with: tcp-reset ip_version: ipv4 -# Set tcp flags -- iptables: +- name: Set tcp flags + iptables: chain: OUTPUT jump: DROP protocol: tcp @@ -381,7 +404,7 @@ EXAMPLES = ''' - name: iptables flush nat iptables: table: nat - chain: "{{ item }}" + chain: '{{ item }}' flush: yes with_items: [ 'INPUT', 'OUTPUT', 'PREROUTING', 'POSTROUTING' ] ''' diff --git a/lib/ansible/modules/system/java_cert.py b/lib/ansible/modules/system/java_cert.py index d076ddeed3..709d3f62cc 100644 --- a/lib/ansible/modules/system/java_cert.py +++ b/lib/ansible/modules/system/java_cert.py @@ -1,5 +1,6 @@ #!/usr/bin/python -# +# -*- coding: utf-8 -*- + # Copyright: (c) 2013, RSD Services S.A # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) @@ -10,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: java_cert version_added: '2.3' @@ -21,62 +22,75 @@ description: options: cert_url: description: - - Basic URL to fetch SSL certificate from. One of cert_url or cert_path is required to load certificate. + - Basic URL to fetch SSL certificate from. + - One of iC(cert_url) or C(cert_path) is required to load certificate. + type: str cert_port: description: - - Port to connect to URL. This will be used to create server URL:PORT + - Port to connect to URL. + - This will be used to create server URL:PORT. + type: int default: 443 cert_path: description: - - Local path to load certificate from. One of cert_url or cert_path is required to load certificate. + - Local path to load certificate from. + - One of cert_url or cert_path is required to load certificate. + type: path cert_alias: description: - - Imported certificate alias. The alias is used when checking for the - presence of a certificate in the keystore. + - Imported certificate alias. + - The alias is used when checking for the presence of a certificate in the keystore. + type: str pkcs12_path: description: - Local path to load PKCS12 keystore from. + type: path version_added: "2.4" pkcs12_password: description: - Password for importing from PKCS12 keystore. + type: str default: '' version_added: "2.4" pkcs12_alias: description: - Alias in the PKCS12 keystore. - default: 1 + type: str version_added: "2.4" keystore_path: description: - Path to keystore. + type: path keystore_pass: description: - Keystore password. + type: str required: true keystore_create: description: - - Create keystore if it doesn't exist + - Create keystore if it does not exist. type: bool keystore_type: description: - Keystore type (JCEKS, JKS). - default: None + type: str version_added: "2.8" executable: description: - Path to keytool binary if not used we search in PATH for it. + type: str default: keytool state: description: - Defines action which can be either certificate import or removal. + type: str choices: [ absent, present ] default: present author: - Adam Hamsik (@haad) ''' -EXAMPLES = ''' +EXAMPLES = r''' - name: Import SSL certificate from google.com to a given cacerts keystore java_cert: cert_url: google.com @@ -123,7 +137,7 @@ EXAMPLES = ''' state: present ''' -RETURN = ''' +RETURN = r''' msg: description: Output from stdout of keytool command after execution of given command. returned: success @@ -131,13 +145,13 @@ msg: sample: "Module require existing keystore at keystore_path '/tmp/test/cacerts'" rc: - description: Keytool command execution return value + description: Keytool command execution return value. returned: success type: int sample: "0" cmd: - description: Executed command to get action done + description: Executed command to get action done. returned: success type: str sample: "keytool -importcert -noprompt -keystore" @@ -310,11 +324,11 @@ def main(): pkcs12_password=dict(type='str', no_log=True), pkcs12_alias=dict(type='str'), cert_alias=dict(type='str'), - cert_port=dict(type='int', default='443'), + cert_port=dict(type='int', default=443), keystore_path=dict(type='path'), keystore_pass=dict(type='str', required=True, no_log=True), keystore_create=dict(type='bool', default=False), - keystore_type=dict(type='str', default=None), + keystore_type=dict(type='str'), executable=dict(type='str', default='keytool'), state=dict(type='str', default='present', choices=['absent', 'present']), ) diff --git a/lib/ansible/modules/system/make.py b/lib/ansible/modules/system/make.py index 31f99b353f..df26147c13 100644 --- a/lib/ansible/modules/system/make.py +++ b/lib/ansible/modules/system/make.py @@ -1,23 +1,22 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# (c) 2015, Linus Unnebäck +# Copyright: (c) 2015, Linus Unnebäck # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function __metaclass__ = type - ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} - -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: make short_description: Run targets in a Makefile -requirements: [ make ] +requirements: +- make version_added: "2.1" author: Linus Unnebäck (@LinusU) description: @@ -26,21 +25,25 @@ options: target: description: - The target to run. - - "Examples: C(install) or C(test)" + - Typically this would be something like C(install),C(test) or C(all)." + type: str params: description: - - Any extra parameters to pass to make + - Any extra parameters to pass to make. + type: dict chdir: description: - - Change to this directory before running make + - Change to this directory before running make. + type: path required: true file: description: - - Use a custom Makefile - version_added: 2.5 + - Use a custom Makefile. + type: path + version_added: '2.5' ''' -EXAMPLES = ''' +EXAMPLES = r''' - name: Build the default target make: chdir: /home/ubuntu/cool-project @@ -66,9 +69,7 @@ EXAMPLES = ''' file: /some-project/Makefile ''' -# TODO: Disabled the RETURN as it was breaking docs building. Someone needs to -# fix this -RETURN = '''# ''' +RETURN = r'''# ''' from ansible.module_utils.six import iteritems from ansible.module_utils.basic import AnsibleModule @@ -105,13 +106,13 @@ def sanitize_output(output): def main(): module = AnsibleModule( - supports_check_mode=True, argument_spec=dict( - target=dict(required=False, default=None, type='str'), - params=dict(required=False, default=None, type='dict'), - chdir=dict(required=True, default=None, type='path'), - file=dict(required=False, default=None, type='path') + target=dict(type='str'), + params=dict(type='dict'), + chdir=dict(type='path', required=True), + file=dict(type='path'), ), + supports_check_mode=True, ) # Build up the invocation of `make` we are going to use # For non-Linux OSes, prefer gmake (GNU make) over make diff --git a/lib/ansible/modules/system/mount.py b/lib/ansible/modules/system/mount.py index 8a8ac8587b..4313041ded 100644 --- a/lib/ansible/modules/system/mount.py +++ b/lib/ansible/modules/system/mount.py @@ -13,7 +13,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'core'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: mount short_description: Control active and configured mount points @@ -27,33 +27,41 @@ options: path: description: - Path to the mount point (e.g. C(/mnt/files)). - - Before 2.3 this option was only usable as I(dest), I(destfile) and - I(name). + - Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name). + type: path required: true aliases: [ name ] src: description: - - Device to be mounted on I(path). Required when I(state) set to - C(present) or C(mounted). + - Device to be mounted on I(path). + - Required when I(state) set to C(present) or C(mounted). + type: path fstype: description: - - Filesystem type. Required when I(state) is C(present) or C(mounted). + - Filesystem type. + - Required when I(state) is C(present) or C(mounted). + type: str opts: description: - Mount options (see fstab(5), or vfstab(4) on Solaris). + type: str dump: description: - - Dump (see fstab(5)). Note that if set to C(null) and I(state) set to - C(present), it will cease to work and duplicate entries will be made + - Dump (see fstab(5)). + - Note that if set to C(null) and I(state) set to C(present), + it will cease to work and duplicate entries will be made with subsequent runs. - Has no effect on Solaris systems. + type: str default: 0 passno: description: - - Passno (see fstab(5)). Note that if set to C(null) and I(state) set to - C(present), it will cease to work and duplicate entries will be made + - Passno (see fstab(5)). + - Note that if set to C(null) and I(state) set to C(present), + it will cease to work and duplicate entries will be made with subsequent runs. - Deprecated on Solaris systems. + type: str default: 0 state: description: @@ -66,38 +74,38 @@ options: - C(absent) specifies that the device mount's entry will be removed from I(fstab) and will also unmount the device and remove the mount point. + type: str required: true choices: [ absent, mounted, present, unmounted ] fstab: description: - - File to use instead of C(/etc/fstab). You shouldn't use this option - unless you really know what you are doing. This might be useful if - you need to configure mountpoints in a chroot environment. OpenBSD - does not allow specifying alternate fstab files with mount so do not - use this on OpenBSD with any state that operates on the live - filesystem. - default: /etc/fstab (/etc/vfstab on Solaris) + - File to use instead of C(/etc/fstab). + - You should npt use this option unless you really know what you are doing. + - This might be useful if you need to configure mountpoints in a chroot environment. + - OpenBSD does not allow specifying alternate fstab files with mount so do not + use this on OpenBSD with any state that operates on the live filesystem. + - This parameter defaults to /etc/fstab or /etc/vfstab on Solaris. + type: str boot: description: - Determines if the filesystem should be mounted on boot. - Only applies to Solaris systems. type: bool - default: 'yes' + default: yes version_added: '2.2' backup: description: - Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly. - required: false type: bool - default: "no" + default: no version_added: '2.5' notes: - As of Ansible 2.3, the I(name) option has been changed to I(path) as default, but I(name) still works as well. ''' -EXAMPLES = ''' +EXAMPLES = r''' # Before 2.3, option 'name' was used instead of 'path' - name: Mount DVD read-only mount: @@ -583,7 +591,7 @@ def main(): opts=dict(type='str'), passno=dict(type='str'), src=dict(type='path'), - backup=dict(default=False, type='bool'), + backup=dict(type='bool', default=False), state=dict(type='str', required=True, choices=['absent', 'mounted', 'present', 'unmounted']), ), supports_check_mode=True, diff --git a/lib/ansible/modules/system/open_iscsi.py b/lib/ansible/modules/system/open_iscsi.py index e7295f49fb..f4ddb686bb 100644 --- a/lib/ansible/modules/system/open_iscsi.py +++ b/lib/ansible/modules/system/open_iscsi.py @@ -1,23 +1,23 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# (c) 2013, Serge van Ginderachter +# Copyright: (c) 2013, Serge van Ginderachter # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function - __metaclass__ = type ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: open_iscsi -author: "Serge van Ginderachter (@srvg)" +author: +- Serge van Ginderachter (@srvg) version_added: "1.4" -short_description: Manage iscsi targets with open-iscsi +short_description: Manage iSCSI targets with Open-iSCSI description: - Discover targets on given portal, (dis)connect targets, mark targets to manually or auto start, return device nodes of connected targets. @@ -25,85 +25,80 @@ requirements: - open_iscsi library and tools (iscsiadm) options: portal: - required: false - aliases: [ip] description: - - the ip address of the iscsi target + - The IP address of the iSCSI target. + type: str + aliases: [ ip ] port: - required: false + description: + - The port on which the iSCSI target process listens. + type: str default: 3260 - description: - - the port on which the iscsi target process listens target: - required: false - aliases: [name, targetname] description: - - the iscsi target name + - The iSCSI target name. + type: str + aliases: [ name, targetname ] login: - required: false - type: bool description: - - whether the target node should be connected + - Whether the target node should be connected. + type: bool + aliases: [ state ] node_auth: - required: false + description: + - The value for C(discovery.sendtargets.auth.authmethod). + type: str default: CHAP - description: - - discovery.sendtargets.auth.authmethod node_user: - required: false description: - - discovery.sendtargets.auth.username + - The value for C(discovery.sendtargets.auth.username). + type: str node_pass: - required: false description: - - discovery.sendtargets.auth.password + - The value for C(discovery.sendtargets.auth.password). + type: str auto_node_startup: - aliases: [automatic] - required: false - type: bool description: - - whether the target node should be automatically connected at startup + - Whether the target node should be automatically connected at startup. + type: bool + aliases: [ automatic ] discover: - required: false - type: bool description: - - whether the list of target nodes on the portal should be - (re)discovered and added to the persistent iscsi database. - Keep in mind that iscsiadm discovery resets configurtion, like node.startup - to manual, hence combined with auto_node_startup=yes will always return + - Whether the list of target nodes on the portal should be + (re)discovered and added to the persistent iSCSI database. + - Keep in mind that C(iscsiadm) discovery resets configuration, like C(node.startup) + to manual, hence combined with C(auto_node_startup=yes) will always return a changed state. - show_nodes: - required: false type: bool + show_nodes: description: - - whether the list of nodes in the persistent iscsi database should be - returned by the module + - Whether the list of nodes in the persistent iSCSI database should be returned by the module. + type: bool ''' -EXAMPLES = ''' -# perform a discovery on 10.1.2.3 and show available target nodes -- open_iscsi: +EXAMPLES = r''' +- name: Perform a discovery on 10.1.2.3 and show available target nodes + open_iscsi: show_nodes: yes discover: yes portal: 10.1.2.3 -# discover targets on portal and login to the one available -# (only works if exactly one target is exported to the initiator) -- open_iscsi: +# NOTE: Only works if exactly one target is exported to the initiator +- name: Discover targets on portal and login to the one available + open_iscsi: portal: '{{ iscsi_target }}' login: yes discover: yes -# description: connect to the named target, after updating the local -# persistent database (cache) -- open_iscsi: +- name: Connect to the named target, after updating the local persistent database (cache) + open_iscsi: login: yes - target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d' + target: iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d -# description: discconnect from the cached named target -- open_iscsi: +- name: Discconnect from the cached named target + open_iscsi: login: no - target: 'iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d' + target: iqn.1986-03.com.sun:02:f8c1f9e0-c3ec-ec84-c9c9-8bfb0cd5de3d ''' import glob @@ -256,23 +251,23 @@ def main(): argument_spec=dict( # target - portal=dict(required=False, aliases=['ip']), - port=dict(required=False, default=3260), - target=dict(required=False, aliases=['name', 'targetname']), - node_auth=dict(required=False, default='CHAP'), - node_user=dict(required=False), - node_pass=dict(required=False, no_log=True), + portal=dict(type='str', aliases=['ip']), + port=dict(type='str', default=3260), + target=dict(type='str', aliases=['name', 'targetname']), + node_auth=dict(type='str', default='CHAP'), + node_user=dict(type='str'), + node_pass=dict(type='str', no_log=True), # actions login=dict(type='bool', aliases=['state']), auto_node_startup=dict(type='bool', aliases=['automatic']), discover=dict(type='bool', default=False), - show_nodes=dict(type='bool', default=False) + show_nodes=dict(type='bool', default=False), ), required_together=[['discover_user', 'discover_pass'], ['node_user', 'node_pass']], - supports_check_mode=True + supports_check_mode=True, ) global iscsiadm_cmd diff --git a/lib/ansible/modules/system/osx_defaults.py b/lib/ansible/modules/system/osx_defaults.py index e0c63adacf..a1c18fa96b 100644 --- a/lib/ansible/modules/system/osx_defaults.py +++ b/lib/ansible/modules/system/osx_defaults.py @@ -1,65 +1,77 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# (c) 2014, GeekChimp - Franck Nijhof +# Copyright: (c) 2014, GeekChimp - Franck Nijhof # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function - __metaclass__ = type ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['stableinterface'], 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: osx_defaults -author: Franck Nijhof (@frenck) -short_description: osx_defaults allows users to read, write, and delete macOS user defaults from Ansible +author: +- Franck Nijhof (@frenck) +short_description: Manage macOS user defaults description: - osx_defaults allows users to read, write, and delete macOS user defaults from Ansible scripts. - macOS applications and other programs use the defaults system to record user preferences and other - information that must be maintained when the applications aren't running (such as default font for new + - macOS applications and other programs use the defaults system to record user preferences and other + information that must be maintained when the applications are not running (such as default font for new documents, or the position of an Info panel). version_added: "2.0" options: domain: description: - - The domain is a domain name of the form com.companyname.appname. + - The domain is a domain name of the form C(com.companyname.appname). + type: str default: NSGlobalDomain host: description: - - The host on which the preference should apply. The special value "currentHost" corresponds to the - "-currentHost" switch of the defaults commandline tool. + - The host on which the preference should apply. + - The special value C(currentHost) corresponds to the C(-currentHost) switch of the defaults commandline tool. + type: str version_added: "2.1" key: description: - - The key of the user preference + - The key of the user preference. + type: str required: true type: description: - The type of value to write. + type: str + choices: [ array, bool, boolean, date, float, int, integer, string ] default: string - choices: [ "array", "bool", "boolean", "date", "float", "int", "integer", "string" ] array_add: description: - Add new elements to the array for a key which has an array as its value. type: bool - default: 'no' + default: no value: description: - - The value to write. Only required when state = present. + - The value to write. + - Only required when C(state=present). + type: raw state: description: - - The state of the user defaults + - The state of the user defaults. + type: str + choices: [ absent, present ] default: present - choices: [ "present", "absent" ] + path: + description: + - The path in which to search for C(osx_defaults). + type: str + default: /usr/bin:/usr/local/bin notes: - Apple Mac caches defaults. You may need to logout and login to apply the changes. ''' -EXAMPLES = ''' +EXAMPLES = r''' - osx_defaults: domain: com.apple.Safari key: IncludeInternalDebugMenu @@ -345,52 +357,14 @@ class OSXDefaults(object): def main(): module = AnsibleModule( argument_spec=dict( - domain=dict( - default="NSGlobalDomain", - required=False, - ), - host=dict( - default=None, - required=False, - ), - key=dict( - default=None, - ), - type=dict( - default="string", - required=False, - choices=[ - "array", - "bool", - "boolean", - "date", - "float", - "int", - "integer", - "string", - ], - ), - array_add=dict( - default=False, - required=False, - type='bool', - ), - value=dict( - default=None, - required=False, - type='raw' - ), - state=dict( - default="present", - required=False, - choices=[ - "absent", "present" - ], - ), - path=dict( - default="/usr/bin:/usr/local/bin", - required=False, - ) + domain=dict(type='str', default='NSGlobalDomain'), + host=dict(type='str'), + key=dict(type='str'), + type=dict(type='str', default='string', choices=['array', 'bool', 'boolean', 'date', 'float', 'int', 'integer', 'string']), + array_add=dict(type='bool', default=False), + value=dict(type='raw'), + state=dict(type='str', default='present', choices=['absent', 'present']), + path=dict(type='str', default='/usr/bin:/usr/local/bin'), ), supports_check_mode=True, ) diff --git a/lib/ansible/modules/system/pamd.py b/lib/ansible/modules/system/pamd.py index 1337c54fab..0179c9562e 100644 --- a/lib/ansible/modules/system/pamd.py +++ b/lib/ansible/modules/system/pamd.py @@ -36,6 +36,7 @@ options: - The C(type), C(control) and C(module_path) all must match a rule to be modified. type: str required: true + choices: [ account, -account, auth, -auth, password, -password, session, -session ] control: description: - The control of the PAM rule being modified. @@ -54,6 +55,7 @@ options: description: - The new type to assign to the new rule. type: str + choices: [ account, -account, auth, -auth, password, -password, session, -session ] new_control: description: - The new control to assign to the new rule. @@ -87,9 +89,9 @@ options: default: updated path: description: - - This is the path to the PAM service files + - This is the path to the PAM service files. type: path - default: /etc/pam.d/ + default: /etc/pam.d backup: description: - Create a backup file including the timestamp information so you can @@ -224,7 +226,7 @@ EXAMPLES = r''' RETURN = r''' change_count: - description: How many rules were changed + description: How many rules were changed. type: int sample: 1 returned: success @@ -791,9 +793,9 @@ def main(): ("state", "before", ["new_module_path"]), ("state", "after", ["new_control"]), ("state", "after", ["new_type"]), - ("state", "after", ["new_module_path"]) + ("state", "after", ["new_module_path"]), - ] + ], ) content = str() fname = os.path.join(module.params["path"], module.params["name"]) diff --git a/lib/ansible/modules/system/puppet.py b/lib/ansible/modules/system/puppet.py index 0c8161ee67..e1c1c6b926 100644 --- a/lib/ansible/modules/system/puppet.py +++ b/lib/ansible/modules/system/puppet.py @@ -1,4 +1,5 @@ #!/usr/bin/python +# -*- coding: utf-8 -*- # Copyright: (c) 2015, Hewlett-Packard Development Company, L.P. # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) @@ -10,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['stableinterface'], 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: puppet short_description: Runs puppet @@ -21,65 +22,80 @@ options: timeout: description: - How long to wait for I(puppet) to finish. + type: str default: 30m puppetmaster: description: - The hostname of the puppetmaster to contact. + type: str modulepath: description: - Path to an alternate location for puppet modules. + type: str version_added: "2.4" manifest: description: - Path to the manifest file to run puppet apply on. + type: str noop: description: - Override puppet.conf noop mode. - - Undefined, use default or puppet.conf value if defined. - - true, Run Puppet agent with C(--noop) switch set. - - false, Run Puppet agent with C(--no-noop) switch set. + - When C(yes), run Puppet agent with C(--noop) switch set. + - When C(no), run Puppet agent with C(--no-noop) switch set. + - When unset (default), use default or puppet.conf value if defined. + type: bool version_added: "2.8" facts: description: - A dict of values to pass in as persistent external facter facts. + type: dict facter_basename: description: - Basename of the facter output file. + type: str default: ansible environment: description: - Puppet environment to be used. + type: str logdest: - description: | - Where the puppet logs should go, if puppet apply is being used. C(all) - will go to both C(stdout) and C(syslog). - choices: [ stdout, syslog, all ] + description: + - Where the puppet logs should go, if puppet apply is being used. + - C(all) will go to both C(stdout) and C(syslog). + type: str + choices: [ all, stdout, syslog ] default: stdout version_added: "2.1" certname: description: - The name to use when handling certificates. + type: str version_added: "2.1" tags: description: - - A comma-separated list of puppet tags to be used. + - A list of puppet tags to be used. + type: list version_added: "2.1" execute: description: - Execute a specific piece of Puppet code. - It has no effect with a puppetmaster. + type: str version_added: "2.1" summarize: description: - - Whether to print a transaction summary + - Whether to print a transaction summary. + type: bool version_added: "2.7" verbose: description: - - Print extra information + - Print extra information. + type: bool version_added: "2.7" debug: description: - - Enable full debugging + - Enable full debugging. + type: bool version_added: "2.7" requirements: - puppet @@ -87,7 +103,7 @@ author: - Monty Taylor (@emonty) ''' -EXAMPLES = ''' +EXAMPLES = r''' - name: Run puppet agent and fail if anything goes wrong puppet: @@ -109,11 +125,13 @@ EXAMPLES = ''' - name: Run puppet using a specific tags puppet: - tags: update,nginx + tags: + - update + - nginx - name: Run puppet agent in noop mode puppet: - noop: true + noop: yes - name: Run a manifest with debug, log to both syslog and stdout, specify module path puppet: @@ -160,9 +178,9 @@ def main(): modulepath=dict(type='str'), manifest=dict(type='str'), noop=dict(required=False, type='bool'), - logdest=dict(type='str', default='stdout', choices=['stdout', - 'syslog', - 'all']), + logdest=dict(type='str', default='stdout', choices=['all', + 'stdout', + 'syslog']), # internal code to work with --diff, do not use show_diff=dict(type='bool', default=False, aliases=['show-diff']), facts=dict(type='dict'), @@ -179,7 +197,7 @@ def main(): mutually_exclusive=[ ('puppetmaster', 'manifest'), ('puppetmaster', 'manifest', 'execute'), - ('puppetmaster', 'modulepath') + ('puppetmaster', 'modulepath'), ], ) p = module.params diff --git a/lib/ansible/modules/system/runit.py b/lib/ansible/modules/system/runit.py index 18639b2079..c0d66ec474 100644 --- a/lib/ansible/modules/system/runit.py +++ b/lib/ansible/modules/system/runit.py @@ -1,6 +1,6 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# + # Copyright: (c) 2015, Brian Coca # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) @@ -13,19 +13,20 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', # This is a modification of @bcoca's `svc` module -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: runit author: - James Sumners (@jsumners) version_added: "2.3" -short_description: Manage runit services +short_description: Manage runit services description: - Controls runit services on remote hosts using the sv utility. options: name: description: - Name of the service to manage. + type: str required: yes state: description: @@ -35,6 +36,7 @@ options: C(reloaded) will send a HUP (sv reload). C(once) will run a normally downed sv once (sv once), not really an idempotent operation. + type: str choices: [ killed, once, reloaded, restarted, started, stopped ] enabled: description: @@ -43,14 +45,16 @@ options: service_dir: description: - directory runsv watches for services + type: str default: /var/service service_src: description: - directory where services are defined, the source of symlinks to service_dir. + type: str default: /etc/sv ''' -EXAMPLES = ''' +EXAMPLES = r''' - name: Start sv dnscache, if not running runit: name: dnscache @@ -85,7 +89,6 @@ EXAMPLES = ''' import os import re -import traceback from ansible.module_utils.basic import AnsibleModule from ansible.module_utils._text import to_native @@ -226,7 +229,7 @@ class Sv(object): try: (rc, out, err) = self.module.run_command(' '.join(cmd)) except Exception as e: - self.module.fail_json(msg="failed to execute: %s" % to_native(e), exception=traceback.format_exc()) + self.module.fail_json(msg="failed to execute: %s" % to_native(e)) return (rc, out, err) def report(self): @@ -268,7 +271,7 @@ def main(): else: sv.disable() except (OSError, IOError) as e: - module.fail_json(msg="Could not change service link: %s" % to_native(e), exception=traceback.format_exc()) + module.fail_json(msg="Could not change service link: %s" % to_native(e)) if state is not None and state != sv.state: changed = True diff --git a/lib/ansible/modules/system/sefcontext.py b/lib/ansible/modules/system/sefcontext.py index e2f20543f5..dfe846e7f2 100644 --- a/lib/ansible/modules/system/sefcontext.py +++ b/lib/ansible/modules/system/sefcontext.py @@ -1,4 +1,5 @@ #!/usr/bin/python +# -*- coding: utf-8 -*- # Copyright: (c) 2016, Dag Wieers (@dagwieers) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) @@ -38,10 +39,12 @@ options: - C(p) for named pipes, - C(s) for socket files. type: str + choices: [ a, b, c, d, f, l, p, s ] default: a setype: description: - SELinux type for the specified target. + type: str required: yes seuser: description: @@ -63,12 +66,12 @@ options: - Reload SELinux policy after commit. - Note that this does not apply SELinux file contexts to existing files. type: bool - default: 'yes' + default: yes ignore_selinux_state: description: - Useful for scenarios (chrooted environment) that you can't get the real SELinux state. type: bool - default: false + default: no version_added: '2.8' notes: - The changes are persistent across reboots. @@ -125,7 +128,7 @@ except ImportError: # Add missing entries (backward compatible) if HAVE_SEOBJECT: - seobject.file_types.update(dict( + seobject.file_types.update( a=seobject.SEMANAGE_FCONTEXT_ALL, b=seobject.SEMANAGE_FCONTEXT_BLOCK, c=seobject.SEMANAGE_FCONTEXT_CHAR, @@ -134,7 +137,7 @@ if HAVE_SEOBJECT: l=seobject.SEMANAGE_FCONTEXT_LINK, p=seobject.SEMANAGE_FCONTEXT_PIPE, s=seobject.SEMANAGE_FCONTEXT_SOCK, - )) + ) # Make backward compatible option_to_file_type_str = dict( @@ -252,7 +255,7 @@ def main(): module = AnsibleModule( argument_spec=dict( ignore_selinux_state=dict(type='bool', default=False), - target=dict(required=True, aliases=['path']), + target=dict(type='str', required=True, aliases=['path']), ftype=dict(type='str', default='a', choices=option_to_file_type_str.keys()), setype=dict(type='str', required=True), seuser=dict(type='str'), diff --git a/lib/ansible/modules/system/selinux.py b/lib/ansible/modules/system/selinux.py index ce824a4bf7..775c87104b 100644 --- a/lib/ansible/modules/system/selinux.py +++ b/lib/ansible/modules/system/selinux.py @@ -1,86 +1,85 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# (c) 2012, Derek Carter +# Copyright: (c) 2012, Derek Carter # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function __metaclass__ = type - ANSIBLE_METADATA = { 'metadata_version': '1.1', 'status': ['stableinterface'], 'supported_by': 'core' } - -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: selinux short_description: Change policy and state of SELinux description: - - Configures the SELinux mode and policy. A reboot may be required after usage. Ansible will not issue this reboot but will let you know when it is required. + - Configures the SELinux mode and policy. + - A reboot may be required after usage. + - Ansible will not issue this reboot but will let you know when it is required. version_added: "0.7" options: policy: description: - - "name of the SELinux policy to use (example: C(targeted)) will be required if state is not C(disabled)" + - The name of the SELinux policy to use (e.g. C(targeted)) will be required if state is not C(disabled). state: description: - - The SELinux mode + - The SELinux mode. required: true - choices: [ "enforcing", "permissive", "disabled" ] - conf: + choices: [ disabled, enforcing, permissive ] + configfile: description: - - path to the SELinux configuration file, if non-standard - default: "/etc/selinux/config" - aliases: ['configfile', 'file'] -notes: - - Not tested on any debian based system + - The path to the SELinux configuration file, if non-standard. + default: /etc/selinux/config + aliases: [ conf, file ] requirements: [ libselinux-python ] -author: "Derek Carter (@goozbach) " +author: +- Derek Carter (@goozbach) ''' -EXAMPLES = ''' -# Enable SELinux -- selinux: +EXAMPLES = r''' +- name: Enable SELinux + selinux: policy: targeted state: enforcing -# Put SELinux in permissive mode, logging actions that would be blocked. -- selinux: +- name: Put SELinux in permissive mode, logging actions that would be blocked. + selinux: policy: targeted state: permissive -# Disable SELinux -- selinux: +- name: Disable SELinux + selinux: state: disabled ''' -RETURN = ''' +RETURN = r''' msg: - description: Messages that describe changes that were made + description: Messages that describe changes that were made. returned: always type: str sample: Config SELinux state changed from 'disabled' to 'permissive' configfile: - description: Path to SELinux configuration file + description: Path to SELinux configuration file. returned: always type: str sample: /etc/selinux/config policy: - description: Name of the SELinux policy + description: Name of the SELinux policy. returned: always type: str sample: targeted state: - description: SELinux mode + description: SELinux mode. returned: always type: str sample: enforcing reboot_required: - description: Whether or not an reboot is required for the changes to take effect + description: Whether or not an reboot is required for the changes to take effect. returned: always type: bool sample: true @@ -171,11 +170,11 @@ def set_config_policy(module, policy, configfile): def main(): module = AnsibleModule( argument_spec=dict( - policy=dict(required=False), - state=dict(choices=['enforcing', 'permissive', 'disabled'], required=True), - configfile=dict(aliases=['conf', 'file'], default='/etc/selinux/config') + policy=dict(type='str'), + state=dict(type='str', required='True', choices=['enforcing', 'permissive', 'disabled']), + configfile=dict(type='str', default='/etc/selinux/config', aliases=['conf', 'file']), ), - supports_check_mode=True + supports_check_mode=True, ) if not HAS_SELINUX: @@ -210,7 +209,7 @@ def main(): # check to see if policy is set if state is not 'disabled' if state != 'disabled': if not policy: - module.fail_json(msg='Policy is required if state is not \'disabled\'') + module.fail_json(msg="Policy is required if state is not 'disabled'") else: if not policy: policy = config_policy @@ -220,14 +219,14 @@ def main(): if module.check_mode: module.exit_json(changed=True) # cannot change runtime policy - msgs.append('Running SELinux policy changed from \'%s\' to \'%s\'' % (runtime_policy, policy)) + msgs.append("Running SELinux policy changed from '%s' to '%s'" % (runtime_policy, policy)) changed = True if policy != config_policy: if module.check_mode: module.exit_json(changed=True) set_config_policy(module, policy, configfile) - msgs.append('SELinux policy configuration in \'%s\' changed from \'%s\' to \'%s\'' % (configfile, config_policy, policy)) + msgs.append("SELinux policy configuration in '%s' changed from '%s' to '%s'" % (configfile, config_policy, policy)) changed = True if state != runtime_state: @@ -237,7 +236,7 @@ def main(): # Temporarily set state to permissive if not module.check_mode: set_state(module, 'permissive') - module.warn('SELinux state temporarily changed from \'%s\' to \'permissive\'. State change will take effect next reboot.' % (runtime_state)) + module.warn("SELinux state temporarily changed from '%s' to 'permissive'. State change will take effect next reboot." % (runtime_state)) changed = True else: module.warn('SELinux state change will take effect next reboot') @@ -245,19 +244,19 @@ def main(): else: if not module.check_mode: set_state(module, state) - msgs.append('SELinux state changed from \'%s\' to \'%s\'' % (runtime_state, state)) + msgs.append("SELinux state changed from '%s' to '%s'" % (runtime_state, state)) # Only report changes if the file is changed. # This prevents the task from reporting changes every time the task is run. changed = True else: - module.warn("Reboot is required to set SELinux state to %s" % state) + module.warn("Reboot is required to set SELinux state to '%s'" % state) reboot_required = True if state != config_state: if not module.check_mode: set_config_state(module, state, configfile) - msgs.append('Config SELinux state changed from \'%s\' to \'%s\'' % (config_state, state)) + msgs.append("Config SELinux state changed from '%s' to '%s'" % (config_state, state)) changed = True module.exit_json(changed=changed, msg=', '.join(msgs), configfile=configfile, policy=policy, state=state, reboot_required=reboot_required) diff --git a/lib/ansible/modules/system/selinux_permissive.py b/lib/ansible/modules/system/selinux_permissive.py index f061d58b0d..ceefe4ab32 100644 --- a/lib/ansible/modules/system/selinux_permissive.py +++ b/lib/ansible/modules/system/selinux_permissive.py @@ -1,20 +1,18 @@ #!/usr/bin/python # -*- coding: utf-8 -*- -# (c) 2015, Michael Scherer +# Copyright: (c) 2015, Michael Scherer # inspired by code of github.com/dandiker/ # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function __metaclass__ = type - ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} - -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: selinux_permissive short_description: Change permissive domain in SELinux policy @@ -25,29 +23,34 @@ options: domain: description: - The domain that will be added or removed from the list of permissive domains. + type: str required: true + default: '' + aliases: [ name ] permissive: description: - Indicate if the domain should or should not be set as permissive. - required: true type: bool + required: true no_reload: description: - Disable reloading of the SELinux policy after making change to a domain's permissive setting. - The default is C(no), which causes policy to be reloaded when a domain changes state. - Reloading the policy does not work on older versions of the C(policycoreutils-python) library, for example in EL 6." type: bool - default: 'no' + default: no store: description: - - "Name of the SELinux policy store to use." + - Name of the SELinux policy store to use. + type: str notes: - Requires a recent version of SELinux and C(policycoreutils-python) (EL 6 or newer). requirements: [ policycoreutils-python ] -author: Michael Scherer (@mscherer) +author: +- Michael Scherer (@mscherer) ''' -EXAMPLES = ''' +EXAMPLES = r''' - name: Change the httpd_t domain to permissive selinux_permissive: name: httpd_t @@ -71,12 +74,12 @@ from ansible.module_utils._text import to_native def main(): module = AnsibleModule( argument_spec=dict( - domain=dict(aliases=['name'], required=True), - store=dict(required=False, default=''), + domain=dict(type='str', required=True, aliases=['name']), + store=dict(type='str', default=''), permissive=dict(type='bool', required=True), - no_reload=dict(type='bool', required=False, default=False), + no_reload=dict(type='bool', default=False), ), - supports_check_mode=True + supports_check_mode=True, ) # global vars diff --git a/lib/ansible/modules/system/seport.py b/lib/ansible/modules/system/seport.py index f3101ed56f..00a687c734 100644 --- a/lib/ansible/modules/system/seport.py +++ b/lib/ansible/modules/system/seport.py @@ -1,4 +1,5 @@ #!/usr/bin/python +# -*- coding: utf-8 -*- # Copyright: (c) 2014, Dan Keder # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) @@ -10,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: seport short_description: Manages SELinux network port type definitions @@ -20,33 +21,37 @@ version_added: "2.0" options: ports: description: - - Ports or port ranges. Can be a list (since 2.6) or comma separated string. + - Ports or port ranges. + - Can be a list (since 2.6) or comma separated string. + type: list required: true proto: description: - Protocol for the specified port. + type: str required: true choices: [ tcp, udp ] setype: description: - SELinux type for the specified port. + type: str required: true state: description: - Desired boolean value. - required: true + type: str choices: [ absent, present ] default: present reload: description: - Reload SELinux policy after commit. type: bool - default: 'yes' + default: yes ignore_selinux_state: description: - Run independent of selinux runtime state type: bool - default: false + default: no version_added: '2.8' notes: - The changes are persistent across reboots. @@ -58,7 +63,7 @@ author: - Dan Keder (@dankeder) ''' -EXAMPLES = ''' +EXAMPLES = r''' - name: Allow Apache to listen on tcp port 8888 seport: ports: 8888 @@ -258,7 +263,7 @@ def main(): ports=dict(type='list', required=True), proto=dict(type='str', required=True, choices=['tcp', 'udp']), setype=dict(type='str', required=True), - state=dict(type='str', required=True, choices=['absent', 'present']), + state=dict(type='str', default='present', choices=['absent', 'present']), reload=dict(type='bool', default=True), ), supports_check_mode=True, diff --git a/lib/ansible/modules/system/service.py b/lib/ansible/modules/system/service.py index 7be4449456..c1f1d3e905 100644 --- a/lib/ansible/modules/system/service.py +++ b/lib/ansible/modules/system/service.py @@ -72,8 +72,8 @@ options: aliases: [ args ] use: description: - - The service module actually uses system specific modules, normally through auto detection, this setting can force a specific module. - - Normally it uses the value of the 'ansible_service_mgr' fact and falls back to the old 'service' module when none matching is found. + - The service module actually uses system specific modules, normally through auto detection, this setting can force a specific module. + - Normally it uses the value of the 'ansible_service_mgr' fact and falls back to the old 'service' module when none matching is found. type: str default: auto version_added: 2.2 diff --git a/lib/ansible/modules/system/solaris_zone.py b/lib/ansible/modules/system/solaris_zone.py index 87c94674f2..da6fcc659e 100644 --- a/lib/ansible/modules/system/solaris_zone.py +++ b/lib/ansible/modules/system/solaris_zone.py @@ -1,6 +1,7 @@ #!/usr/bin/python +# -*- coding: utf-8 -*- -# (c) 2015, Paul Markham +# Copyright: (c) 2015, Paul Markham # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function @@ -10,13 +11,13 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: solaris_zone short_description: Manage Solaris zones description: - - Create, start, stop and delete Solaris zones. This module doesn't currently allow - changing of options for a zone that's already been created. + - Create, start, stop and delete Solaris zones. + - This module does not currently allow changing of options for a zone that is already been created. version_added: "2.0" author: - Paul Markham (@pmarkham) @@ -35,50 +36,59 @@ options: - C(configured), configure the ready so that it's to be attached. - C(attached), attach a zone, but do not boot it. - C(detached), shutdown and detach a zone + type: str choices: [ absent, attached, configured, detached, installed, present, running, started, stopped ] default: present required: true name: description: - Zone name. + type: str required: true path: description: - The path where the zone will be created. This is required when the zone is created, but not used otherwise. + type: str sparse: description: - Whether to create a sparse (C(true)) or whole root (C(false)) zone. type: bool - default: 'no' + default: no root_password: description: - The password hash for the root account. If not specified, the zone's root account will not have a password. + type: str config: description: - 'The zonecfg configuration commands for this zone. See zonecfg(1M) for the valid options and syntax. Typically this is a list of options separated by semi-colons or new lines, e.g. "set auto-boot=true;add net;set physical=bge0;set address=10.1.1.1;end"' - default: empty string + type: str + default: '' create_options: description: - 'Extra options to the zonecfg(1M) create command.' - default: empty string + type: str + default: '' install_options: description: - 'Extra options to the zoneadm(1M) install command. To automate Solaris 11 zone creation, use this to specify the profile XML file, e.g. install_options="-c sc_profile.xml"' - default: empty string + type: str + default: '' attach_options: description: - 'Extra options to the zoneadm attach command. For example, this can be used to specify whether a minimum or full update of packages is required and if any packages need to be deleted. For valid values, see zoneadm(1M)' - default: empty string + type: str + default: '' timeout: description: - Timeout, in seconds, for zone to boot. + type: int default: 600 ''' diff --git a/lib/ansible/modules/system/ufw.py b/lib/ansible/modules/system/ufw.py index d46c8385d1..41f57de4be 100644 --- a/lib/ansible/modules/system/ufw.py +++ b/lib/ansible/modules/system/ufw.py @@ -14,7 +14,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 'supported_by': 'community'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' --- module: ufw short_description: Manage firewall with UFW @@ -36,20 +36,24 @@ options: - C(disabled) unloads firewall and disables firewall on boot. - C(reloaded) reloads firewall. - C(reset) disables and resets firewall to installation defaults. + type: str choices: [ disabled, enabled, reloaded, reset ] - policy: + default: description: - Change the default policy for incoming or outgoing traffic. - aliases: [ default ] + type: str choices: [ allow, deny, reject ] + aliases: [ policy ] direction: description: - Select direction for a rule or default policy command. + type: str choices: [ in, incoming, out, outgoing, routed ] logging: description: - Toggles logging. Logged packets use the LOG_KERN syslog facility. - choices: [ on, off, low, medium, high, full ] + type: str + choices: [ 'on', 'off', low, medium, high, full ] insert: description: - Insert the corresponding rule as rule number NUM. @@ -72,18 +76,15 @@ options: - C(last-ipv6) interprets the rule number relative to the index of the last IPv6 rule, or relative to the position where the last IPv6 rule would be if there is currently none. - choices: - - zero - - first-ipv4 - - last-ipv4 - - first-ipv6 - - last-ipv6 + type: str + choices: [ first-ipv4, first-ipv6, last-ipv4, last-ipv6, zero ] default: zero version_added: "2.8" rule: description: - Add firewall rule - choices: ['allow', 'deny', 'limit', 'reject'] + type: str + choices: [ allow, deny, limit, reject ] log: description: - Log new connections matched to this rule @@ -91,27 +92,34 @@ options: from_ip: description: - Source IP address. - aliases: [ from, src ] + type: str default: any + aliases: [ from, src ] from_port: description: - Source port. + type: str to_ip: description: - Destination IP address. - aliases: [ dest, to] + type: str default: any + aliases: [ dest, to] to_port: description: - Destination port. + type: str aliases: [ port ] proto: description: - TCP/IP protocol. + type: str choices: [ any, tcp, udp, ipv6, esp, ah, gre, igmp ] + aliases: [ protocol ] name: description: - Use profile located in C(/etc/ufw/applications.d). + type: str aliases: [ app ] delete: description: @@ -120,6 +128,7 @@ options: interface: description: - Specify interface for rule. + type: str aliases: [ if ] route: description: @@ -128,10 +137,11 @@ options: comment: description: - Add a comment to the rule. Requires UFW version >=0.35. + type: str version_added: "2.4" ''' -EXAMPLES = ''' +EXAMPLES = r''' - name: Allow everything and enable UFW ufw: state: enabled diff --git a/lib/ansible/modules/system/user.py b/lib/ansible/modules/system/user.py index 753a8e67a0..d54ad2827c 100644 --- a/lib/ansible/modules/system/user.py +++ b/lib/ansible/modules/system/user.py @@ -11,7 +11,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['stableinterface'], 'supported_by': 'core'} -DOCUMENTATION = ''' +DOCUMENTATION = r''' module: user version_added: "0.2" short_description: Manage user accounts @@ -38,7 +38,6 @@ options: - macOS only, optionally hide the user from the login window and system preferences. - The default will be C(yes) if the I(system) option is used. type: bool - required: false version_added: "2.6" non_unique: description: @@ -163,8 +162,8 @@ options: description: - Optionally specify the SSH key filename. - If this is a relative filename then it will be relative to the user's home directory. + - This parameter defaults to I(.ssh/id_rsa). type: path - default: .ssh/id_rsa version_added: "0.9" ssh_key_comment: description: @@ -259,7 +258,7 @@ author: - Stephen Fromm (@sfromm) ''' -EXAMPLES = ''' +EXAMPLES = r''' - name: Add the user 'johnd' with a specific uid and a primary group of 'admin' user: name: johnd @@ -300,7 +299,7 @@ EXAMPLES = ''' expires: -1 ''' -RETURN = ''' +RETURN = r''' append: description: Whether or not to append the user to groups returned: When state is 'present' and the user exists diff --git a/lib/ansible/modules/system/vdo.py b/lib/ansible/modules/system/vdo.py index d5d53dd56f..9fe009c3f2 100644 --- a/lib/ansible/modules/system/vdo.py +++ b/lib/ansible/modules/system/vdo.py @@ -1,15 +1,11 @@ #!/usr/bin/python -# -# Copyright (c) 2018 Red Hat, Inc. -# +# Copyright: (c) 2018, Red Hat, Inc. # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -# from __future__ import absolute_import, division, print_function __metaclass__ = type - ANSIBLE_METADATA = { 'metadata_version': '1.1', 'status': ['preview'], @@ -214,6 +210,7 @@ options: is only available when creating a new volume, and cannot be changed for an existing volume. type: str + choices: [ dense, sparse ] ackthreads: description: - Specifies the number of threads to use for diff --git a/test/sanity/validate-modules/ignore.txt b/test/sanity/validate-modules/ignore.txt index 35e0f1b20c..fa23322d58 100644 --- a/test/sanity/validate-modules/ignore.txt +++ b/test/sanity/validate-modules/ignore.txt @@ -833,40 +833,15 @@ lib/ansible/modules/storage/zfs/zfs.py E322 lib/ansible/modules/storage/zfs/zfs.py E323 lib/ansible/modules/storage/zfs/zfs_facts.py E323 lib/ansible/modules/storage/zfs/zpool_facts.py E323 -lib/ansible/modules/system/aix_inittab.py E324 -lib/ansible/modules/system/aix_inittab.py E326 -lib/ansible/modules/system/capabilities.py E322 -lib/ansible/modules/system/cron.py E324 -lib/ansible/modules/system/cronvar.py E324 -lib/ansible/modules/system/crypttab.py E324 -lib/ansible/modules/system/debconf.py E326 -lib/ansible/modules/system/firewalld.py E324 -lib/ansible/modules/system/iptables.py E326 -lib/ansible/modules/system/java_cert.py E324 lib/ansible/modules/system/known_hosts.py E324 -lib/ansible/modules/system/make.py E317 -lib/ansible/modules/system/mount.py E324 -lib/ansible/modules/system/open_iscsi.py E322 -lib/ansible/modules/system/osx_defaults.py E322 -lib/ansible/modules/system/osx_defaults.py E324 -lib/ansible/modules/system/pamd.py E324 -lib/ansible/modules/system/pamd.py E326 lib/ansible/modules/system/puppet.py E322 lib/ansible/modules/system/runit.py E322 lib/ansible/modules/system/runit.py E324 -lib/ansible/modules/system/sefcontext.py E326 -lib/ansible/modules/system/selinux.py E324 -lib/ansible/modules/system/selinux_permissive.py E322 -lib/ansible/modules/system/seport.py E324 lib/ansible/modules/system/service.py E210 lib/ansible/modules/system/service.py E323 -lib/ansible/modules/system/solaris_zone.py E324 -lib/ansible/modules/system/ufw.py E322 -lib/ansible/modules/system/ufw.py E326 lib/ansible/modules/system/user.py E210 lib/ansible/modules/system/user.py E324 lib/ansible/modules/system/user.py E327 -lib/ansible/modules/system/vdo.py E326 lib/ansible/modules/web_infrastructure/ansible_tower/tower_credential.py E326 lib/ansible/modules/web_infrastructure/ansible_tower/tower_group.py E324 lib/ansible/modules/web_infrastructure/ansible_tower/tower_job_launch.py E323