* Add expand_user_and_vars flag to write
Closes#5234
* Add changelog
* Update changelogs/fragments/5243-osx-defaults-expand-user-flags.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit f929422dac)
Co-authored-by: Pavel Zwerschke <pavelzw@gmail.com>
* The EnvironmentError is now handled in the splid_pid_name function.
The error also had a wrong indentation. See previous setup with correct setup: 6a7811f696/plugins/modules/system/listen_ports_facts.py
* Add changelog fragment
* Sanity Check failed before
* Update changelogs/fragments/5202-bugfix-environmentError-wrong-indentation.yaml
Co-authored-by: Paul-Kehnel <paul.kehnel@ocean.ibm.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 36a7939962)
Co-authored-by: PKehnel <ga65coy@mytum.de>
Using `local: true` users can enforce to work only with local policy
modifications. i.e.
# Without `local`, no new modification is added when port already exists
$ sudo ansible -m seport -a 'ports=22 state=present setype=ssh_port_t proto=tcp' localhost
localhost | SUCCESS => {
"changed": false,
"ports": [
"22"
],
"proto": "tcp",
"setype": "ssh_port_t",
"state": "present"
}
$ sudo semanage port -l -C
# With `local`, a port is always added/changed in local modification list
$ sudo ansible -m seport -a 'ports=22 state=present setype=ssh_port_t proto=tcp local=true' localhost
localhost | CHANGED => {
"changed": true,
"ports": [
"22"
],
"proto": "tcp",
"setype": "ssh_port_t",
"state": "present"
}
$ sudo semanage port -l -C
SELinux Port Type Proto Port Number
ssh_port_t tcp 22
# With `local`, seport removes the port only from local modifications
$ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp local=true' localhost
localhost | CHANGED => {
"changed": true,
"ports": [
"22"
],
"proto": "tcp",
"setype": "ssh_port_t",
"state": "absent"
}
$ sudo semanage port -l -C
# Even though the port is still defined in system policy, the module
# result is success as there's no port local modification
$ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp local=true' localhost
localhost | SUCCESS => {
"changed": false,
"ports": [
"22"
],
"proto": "tcp",
"setype": "ssh_port_t",
"state": "absent"
}
# But it fails without `local` as it tries to remove port defined in
# system policy
$ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp' localhost
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: Port tcp/22 is defined in policy, cannot be deleted
localhost | FAILED! => {
"changed": false,
"msg": "ValueError: Port tcp/22 is defined in policy, cannot be deleted\n"
}
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
(cherry picked from commit 4c52fdb9d9)
Co-authored-by: Petr Lautrbach <plautrba@redhat.com>
* Adjust booleans in system modules.
* Fix some IP addresses
Co-authored-by: Sandra McCann <samccann@redhat.com>
Co-authored-by: Sandra McCann <samccann@redhat.com>
(cherry picked from commit be2de15c66)
* Move licenses to LICENSES/, run add-license.py, add LICENSES/MIT.txt.
* Replace 'Copyright:' with 'Copyright'
sed -i 's|Copyright:\(.*\)|Copyright\1|' $(rg -l 'Copyright:')
Co-authored-by: Maxwell G <gotmax@e.email>
(cherry picked from commit 123c7efe5e)
Co-authored-by: Felix Fontein <felix@fontein.de>
`community.general.filesystem` is not a valid argument to
aix_filesystem.
(cherry picked from commit 8f37638480)
Co-authored-by: Maxwell G <9920591+gotmax23@users.noreply.github.com>
* Initial Rework of netstat and ss to include additional information.
State, foreign address, process.
* Fixed sanity tests. Python 2 compatible code. pylint errors resolved.
* Sanity tests. ss_parse fix minor error I created before.
* Rename variable for clarity
* Python2 rsplit takes no keyword argument. -> remove keyword argument
* Generic improvments for split_pid_name. Added changelog
* Sanity Test (no type hints for python2.7)
* add include_non_listening param. Add param to test. Add documentation. Only return state and foreign_address when include_non_listening
* Update changelogs/fragments/4953-listen-ports-facts-extend-output.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add info to changelog fragment. Clarify documentation.
* The case where we have multiple entries in pids for udp eg: users:(("rpcbind",pid=733,fd=5),("systemd",pid=1,fd=30)) is not in the tests. So roll back to previous approach where this is covered. Fix wrong if condition for include_non_listening.
* Rewrite documentation and formatting.
* Last small documentation adjustments.
* Update parameters to match description.
* added test cases to check if include_non_listening is set to no by default. And test if ports and foreign_address exists if set to yes
* undo rename from address to local_address -> breaking change
* Replace choice with bool, as it is the correct fit here
* nestat distinguishes between tcp6 and tcp output should always be tcp
* Minor adjustments in the docs (no -> false, is set to yes -> true)
Co-authored-by: Paul-Kehnel <paul.kehnel@ocean.ibm.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit c273498a03)
Co-authored-by: PKehnel <ga65coy@mytum.de>
* remove redundant XfConfException class
* adjusted indentation in the documentaiton blocks
* add changelog fragment
(cherry picked from commit 31ef6c914b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Fix keyring_info when using keyring library
This line used to always clobber the passphrase retrieved via the `keyring` library, making it useless on everything except gnome-keyring. After this change, it'll only use the alternate method if the default one didn't work.
* delete whitespace
* add changelog fragment
* Update changelogs/fragments/4964-fix-keyring-info.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit e2426707e2)
Co-authored-by: Sargun Vohra <sargun.vohra@gmail.com>
* Use visudo to validate sudoers rules before use
* Replace use of subprocess.Popen with module.run_command
* Switch out apt for package
* Check file mode when verifying file to determine whether something needs to change
* Only install sudo package for debian and redhat environments (when testing)
* Attempt to install sudo on FreeBSD too
* Try just installing sudo for non-darwin machines
* Don't validate file ownership
* Attempt to install sudo on all platforms
* Revert "Attempt to install sudo on all platforms"
This reverts commit b9562a8916.
* Remove file permissions changes from this PR
* Add changelog fragment for 4794 sudoers validation
* Add option to control when sudoers validation is used
* Update changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add version_added to validation property
Co-authored-by: Felix Fontein <felix@fontein.de>
* Also validate failed sudoers validation error message
Co-authored-by: Felix Fontein <felix@fontein.de>
* Make visudo not executable instead of trying to delete it
* Update edge case validation
* Write invalid sudoers file to alternative path to avoid breaking sudo
* Don't try to remove or otherwise modify visudo on Darwin
* Update plugins/modules/system/sudoers.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove trailing extra empty line to appease sanity checker
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 97c72f88b7)
Co-authored-by: Jon Ellis <ellis.jp@gmail.com>
* cmd_runner: add __call__ method to invoke context
* change xfconf to use the callable form
* add changelog fragment
* Update changelogs/fragments/4791-cmd-runner-callable.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 739ca737f1)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Only pass subcommands when they are specified as module arguments.
* When 'subcommands' is specified, 'link' must be given for every subcommand.
* Extend subcommand tests.
(cherry picked from commit 84d8ca9234)
Co-authored-by: Felix Fontein <felix@fontein.de>
* alternatives: Fix bug with priority default
If neigther the priority nor the subcommands where specified the module decided to update the priority with the default value anyway. This resulted in bug #4803 and #4804
* Add changelog fragment.
* Distinguish None from 0.
* Address review comments.
* Update plugins/modules/system/alternatives.py
Co-authored-by: Pilou <pierre-louis@libregerbil.fr>
* Remove unrelated issues from changelog.
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Pilou <pierre-louis@libregerbil.fr>
(cherry picked from commit 57e83ac80b)
Co-authored-by: Marius Rieder <marius.rieder@durchmesser.ch>
* Ensure sudoers config files are created with 0440 permissions to appease visudo validation
* Remove change not required by the bugfix
* Add changelog fragment for 4814 sudoers file permissions
* Update changelogs/fragments/4814-sudoers-file-permissions.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Have less oct casting
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 2d1e58663c)
Co-authored-by: Jon Ellis <ellis.jp@gmail.com>
* xfconf: changed implementation to use cmd_runner
* added module_utils/xfconf.py
* xfconf_info: using cmd_runner
* added module_utils to BOTMETA.yml
* added changelog fragment
* use cmd_runner_fmt instead of deprecated form
(cherry picked from commit 8ba3d94740)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Add slaves parameter for module alternatives.
* alternatives: Improve documentation abous slaves parameter
* alternatives: Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* alternatives: Add schangelog for slaves parameter
* alernatives: Add integration tests
* alternatives: Improv tests
* alternatives: Update tests/integration/targets/alternatives/tasks/slaves.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* alternatives: Rework logic to support updating priority and subcommands
* alternatives: Use more inclusive naming
* alternatives: Fix linter warnings
* alternatives: Dont fail if link is absent
* alternatives: Update changelog fragment
* alternatives: Add tests for prio change and removing
* alternatives: Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* alternatives: Add `state=auto`to reset mode to auto
* alternatives: Fix linter warnings
* alternatives: Fix documentation.
* alternatives: Combine multiple messages.
* alternatives: Set command env for all commands.
* alternatives: Do not update subcommands if parameter is omited
* alternatives: Fix a bug with python 2.7 var scoping
* alternatives: Improce diff before generation
* alternatives: Fix linter warnings
* alternatives: Fix test names
* alternatives: Simplify subcommands handling and improve diffs
* aliases: Only test for subcommand changes if subcommands parameter is set.
* Update plugins/modules/system/alternatives.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 373da56b5b)
Co-authored-by: Marius Rieder <marius.rieder@durchmesser.ch>
* Multiple modules using ModuleHelper
Replaced raising exception with calling method do_raise() in MH.
Removed the importing of the exception class.
* added changelog fragment
(cherry picked from commit 6052776de1)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Add RHEL 9.0 and FreeBSD 13.1 to CI.
* RHEL 9 has no pyOpenSSL apparently.
* Adjust URL for EPEL.
* Fix cargo install on FreeBSD 13.1.
* Add Ubuntu 22.04 and Fedora 36 to CI.
* Fix logic.
* filesystem: do not die output line does not contain ':'
* Skip django_manage tests on RHEL 9 as well.
* homectl tests don't work with RHEL 9.0.
* Improve error handling, improve fatresize output handling.
* Skip Fedora 36.
* Skip filesystem vfat tests on Ubuntu 22.04.
There, resizing fails with a bug:
Bug: Assertion (disk != NULL) at ../../libparted/disk.c:1620 in function ped_disk_get_partition_by_sector() failed.
* 'trusty' is 14.04. Adding 22.04 to skip list.
* Skip jail tests for FreeBSD 13.1.
* Add config for postgres on Ubuntu 22.04.
* Make CentOS 6 happy.
* Adjust postgres version.
* Try installing EPEL a bit differently.
* Skip ufw and iso_extract tests on RHEL 9.
* Skip odbc tests on RHEL 9.
* Skip RHEL 9.0 for snap tests.
* Add changelog fragment for filesystem code changes.
(cherry picked from commit 319c29c2a2)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add 'activate' parameter for alternatives
Allow alternatives to be installed without being set as the current
selection.
* add changelog fragment
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* rename 'activate' -> 'selected'
* rework 'selected' parameter -> 'state'
* handle unsetting of currently selected alternative
* add integration tests for 'state' parameter
* fix linting issues
* fix for Python 2.7 compatibility
* Remove alternatives file.
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat: sudoers module supports runas parameter with default of root
* fix: sudoers tests now pass
* chore: add changelog fragment for 4380
* fix: runas feature now a non-breaking change wh no def with no default
* fix: no trailing space in sudoers.py
* Update plugins/modules/system/sudoers.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>