commit f79beaa3b3b642c370552d63b0848195358bccd0
Author: James Cammarata <jimi@sngx.net>
Date: Wed Jun 28 17:00:57 2017 -0500
Add example for iptables using the policy option
commit 1a0f9debdb526bef9d8d469a84a8cc55ef68da03
Author: James Cammarata <jimi@sngx.net>
Date: Wed Jun 28 16:59:52 2017 -0500
Fix missing re import for iptables after merging #19476
commit 084479d21d5bdf751a94c787b6644d4f330c5f8a
Author: Alexey Solodkiy <work@x1.by>
Date: Sun Dec 18 12:07:05 2016 +0300
fix#19476
* win_say: Fix issue, add integration test
This PR includes:
- Make speed_speech an integer parameter
- Test for empty parameters too
- Add integration tests
* Improve the $speech_speed parameter handling
As requested
include_vars will now also return a key 'ansible_included_var_files'
which contains the list of files that were successfully loaded.
This is useful information and, amongst other things, a way for users
to know exactly what files were included when debugging their
playbooks.
This also allows us to improve the integration tests around
include_vars.
So in an effort to verify if Windows modules are feature complete
compared to the python equivalent, I stumbled upon these differences.
This PR includes:
- Add missing 'data' option from documentation
- Simplify ping module
- Update integration tests to test exception
As we can see in
9537453586
:
CN used to be without whitespaces around the `=` but OpenSSL 1.1 introduced
whitespaces:
1.0.1: subject=/CN=example.com
1.1.0: subject=CN = example.com
This commit makes them optional.
OpenSSL 1.1 is present on the newly-released Debian Stretch, so absence
of this fix makes us not being able to use this module on this distro.
If target_group_arns is an empty list, then return
an empty target_group_names list.
If a connection to elbv2 is not obtainable, then it is
not possible to return target_group_names
* Fix logical flaw (update when diff), use string ports everywhere
* Change port comparison to integer vs. string
The comparison works either way as long as it's consistent. Boto docs
state that it takes in an integer, but if given a string apparently
keeps it as such. This change just ensures that when we compare, we
specifically deal with integers.
So I thought I fixed it before, but there's still one location where
the `rc` value is influential to decide whether a task failed or not.
We already established in #24867 that it is up to the module to decide
what the return code actually means, not the task executor. We modified
the existing modules to move that logic into the module (eg. for
command, shell, etc.)
This relates to the integration tests of win_robocopy, where different
return codes have different meanings:
- 0 -- No files copied.
- 1 -- Files copied successfully! (changed)
- 2 -- Some Extra files or directories were detected. No files were copied. (warning)
- 3 -- (2+1) Some files were copied. Additional files were present. (changed)
- 4 -- Some mismatched files or directories were detected. Housekeeping might be required! (changed + warning)
- 5 -- (4+1) Some files were copied. Some files were mismatched. (changed + warning)
- 6 -- (4+2) Additional files and mismatched files exist. No files were copied. (warning)
- 7 -- (4+1+2) Files were copied, a file mismatch was present, and additional files were present. (changed + warning)
- 8 -- Some files or directories could not be copied! (changed + failed)
- 9 - 15 -- Fatal error. Check log message! (failed)
- 16 -- Serious Error! No files were copied! Do you have permissions to access $src and $dest? (failed)
This also fixes#24652
Make pyca/cryptography the preferred backend for cryptographic needs (mainly vault) falling back to pycrypto
pyca/cryptography is already implicitly a dependency in many cases
through paramiko (2.0+) as well as the new openssl_publickey module,
which requires pyOpenSSL 16.0+. Additionally, pyca/cryptography is
an optional dep for better performance with vault already.
This commit leverages cryptography's padding, constant time comparisons,
and CBC/CTR modes to reduce the amount of code ansible needs to
maintain.
* Handle wrong password given for VaultAES format
* Do not display deprecation warning for cryptography on python-2.6
* Namespace all of the pycrypto imports and always import them
Makes unittests better and the code less likely to get stupid mistakes
(like using HMAC from cryptogrpahy when the one from pycrypto is needed)
* Add back in atfork since we need pycrypto to reinitialize its RNG just in case we're being used with old paramiko
* contrib/inventory/gce: Remove spurious require on pycrypto
(cherry picked from commit 9e16b9db275263b3ea8d1b124966fdebfc9ab271)
* Add cryptography to ec2_win_password module requirements
* Fix python3 bug which would pass text strings to a function which
requires byte strings.
* Attempt to add pycrypto version to setup deps
* Change hacking README for dual pycrypto/cryptography
* update dependencies for various CI scripts
* additional CI dockerfile/script updates
* add paramiko to the windows and sanity requirement set
This is needed because ansible lists it as a requirement. Previously
the missing dep wasn't enforced, but cryptography imports pkg_resources
so you can't ignore a requirement any more
* Add integration test cases for old vault and for wrong passwords
* helper script for manual testing of pycrypto/cryptography
* Skip the pycrypto tests so that users without it installed can still run the unittests
* Run unittests for vault with both cryptography and pycrypto backend
* Add new windows module win_psmodule
* Add checkmode, allow_clobber parameter, integration tests
* Add aliases, replace win_raw with win_shell
* restore original test_win_group1.yml, add powershel version test
* fix var type
* add conditional on assert
* integration tests conditional tasks review
* documentation fix, test fix, adds result.change
* fix yml
* fix railing whitespace
* add nuget_changed and repository_changed in result
There are too many possible special cases for Ansible to be able to
precheck known_hosts files without introducing all kinds of false
failures.
* Alternative known_hosts paths
* Alternative host name aliases
* ssh host certificates
* SSHFP + DNSSEC
Fixes#24860
Fix adds support for adding VMWare vSwitch without
any physical NICs (uplinks). This makes nic_name as
an optional parameter. Also, updated documentation and
examples to reflect these changes.
Fixes#25632
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Mutually reference Windows and non-Windows modules
To make it easier for Windows or non-Windows users to find the relevant
module information, we are mutually referencing both variants in their
documentation.
We are also adding a special note if a module works on both Windows and
non-Windows targets.
* Mutually reference Windows and non-Windows modules
To make it easier for Windows or non-Windows users to find the relevant
module information, we are mutually referencing both variants in their
documentation.
We are also adding a special note if a module works on both Windows and
non-Windows targets.
* Replace 'look at' with 'use', as requested
ci_complete
So I noticed this when doing integration tests:
Failed to copy file Could not find a part of the path
and this change turns it into:
Failed to copy file: Could not find a part of the path
I also moved something out of the exception handling.
* openbsd_pkg: Handle versionless names with branch.
This makes package names such as "openldap-server--%openldap" work.
Problem reported by Landry Breuil.
While here fix cornercase check for versionless packages and add some
more debug output to packet parsing.
Fixes#25910.
* openbsd_pkg: Split up lines to pass build checks.
===
The test ansible-test sanity --test pep8 failed with the following errors:
lib/ansible/modules/packaging/os/openbsd_pkg.py:383:161: E501 line too long (292 > 160 characters)
lib/ansible/modules/packaging/os/openbsd_pkg.py:398:161: E501 line too long (198 > 160 characters)
===
* cisco_imc_xml: New module to manage Cisco IMC hardware
This module provides direct access to the Cisco IMC API.
See the included examples for a glimpse of what it can do.
* Rename cisco_imc_xml to imc_xml
After discussion with Peter Sprygada renamed from cisco_imc to imc.
As Cisco ACI is named aci as well.
The dependency chain should not include roles below the parent, as it
can introduce very weird things like conditionals from child deps impacting
non-related roles.
Fixes#25136
* Add junos_system declartive module and other related change
* junos_system declartive module
* integration test for junos_system
* integration test for net_system (junos platform)
* pep8 fixes for junos modules
* move to lxml from elementree for xml parsing as it support
complete set of xpath api's
* other minor changes
* Fix CI and doc changes
* Fix unit test failures
* Fix typo in import
* Fix import issue for py2.6
* Add missed Element in import
Fix adds support for Red Hat Enterprise Linux Atomic Host.
RHEL Atomic host uses same RHEL Server strategy for
modifying hostname.
Fixes#25903
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* New facts module for AWS EC2 VPC Endpoints
* ec2_vpc_endpoint_facts - meet latest Ansible standards
Fix exception syntax and use of `iteritems` for python3
Fix undefined `ec2` variable (should have been `connection`
Address various flake8 issues
Use `ansible_dict_to_boto3_filter_list` rather than
duplicating its implementation
* Remove max_items and next_token from vpc_endpoint_facts
max_items and next_token should be a module concern, not
a caller concern. It would be very difficult for a module
consumer to use next_token properly, whereas it's easy for
the module to handle it.
* ec2_vpc_endpoint_facts trivially supports check mode
Add supports_check_mode=True to the argument spec.
* Improve RETURN documentation for ec2_vpc_endpoint_facts
Fix bug in EXAMPLE documentation too
* fix return type for validate-modules
* iam_cert.py Fix duplicate certificate detection with included chains.
The iam_cert module would fail to detect certificates as duplicates
if the certificate body included the authority chain directly.
This commit fixes the problem by checking if a given certificate
matches the start of the data returned by AWS, since in all cases
where they would match the certificate will come first.
* iam_cert.py Return certificate ARN in all success cases.
When uploading certificates or interacting with IAM, the certificate ARN
is needed for other operations with AWS such as provisioning elastic load
balancers.
This commit returns the certificate ARN in all success cases, which allows
it to be used to idempotently provision other Amazon services depending on
it (ELBs being an immediate example).
ansible_host can be pulled from inventory and not match inventory_hostname,
this can "loose" vars to a new host named by ansible_host vs the delegated host
fixes#25770
This is a cleanup of the win_uri module to make it feature-complete.
This PR includes:
- Added check-mode support
- Add as many options from the uri module as possible
- Added creates
- Added follow_redirects
- Added maximum_redirection
- Added password
- Added removes
- Added return_content
- Added status_code
- Added timeout
- Added user
- Added validate_certs
- Fixed list-handling for comma-separated strings
- Added basic integration tests (should come from uri module)
As per documentation and code, external_user_name is
required parameter is case of type 'chat'.
Fix corrects error message displayed to user.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* add aws dynamo_ttl module, small parameter setter
- New Module Pull Request
`dynamodb_ttl`
2.3.0/devel
Very self-contained TTL setter. This is independent of the dynamodb_table module
as it's really designed to be a helper for tables that may be created in other
ways (say, CloudFormation, which doesn't support setting TTL).
* committer is no longer a valid value
* bump version_added, catch common exceptions
* pep8 fixes
* one more pep8
Previously, we used StrictVersion which failed to parse some passlib
version strings. For example, Debian currently ship passlib with a
__version__ of '1.7.0.post20161128115349'
StrictVersion throws an exception when parsing this version string.
Change to using LooseVersion which successfully parses version strings
such as this.
Fixes#20199
* Added new module: github_deploy_key
added a new module for managing deploy keys for GitHub repositories
* Updated github_deploy_key module based on feedback
- added GPL header
- switched to using fetch_url instead of requests
- changed version to 2.4
- set no_log for otp and token arguments
- implemented check mode
* made github_deploy_key module PEP8 compliant
Now that remote-to-remote copies are supported in the copy module,
the module documentation has been updated to indicate this in the
synopsis and examples to make the capability obvious for someone
skimming the documentation.
refactors the Connection class to use the top level function. This will
make the request_builder() function useful for other components such as
action handlers.
* Add junos_banner declartive module
* junos_banner implementation
* Integration test for junos_banner
* Integration test for net_banner (junos)
* Minor fixes
* Minor doc change
The method name was missing a 'd'. The method was not used anywhere
however, so no other code needs to be changed. Neither 'has_chilren'
nor 'has_children' are used in the codebase.
* Add net_interface declartive module
* Add net_interface module
* Add junos_interface implementation module
* Other minor changes
* Add integration test
* Integration test for net_interface
* Integration test for junos_interface
* Fix CI failures
* Documentation changes
* adds new common functions for declarative intent modules
* adds Entity and EntityCollection
* adds dict_diff and dict_combine
* update for CI PEP8 compliance
* more CI PEP8 fixes
* more PEP8 CI clean up
* refactors the lambda assignments into top level classes
this is to be in compliant the PEP8 CI sanity checks
* one last pep8 ci fix
* Add nxos_nxapi tests
* Simple changes to nxos_nxapi
* Move validation to check_args
* Don't mark protocol change unless change is requested
* Add different regex to handle HTTP{,S} ports on a different version of nxos
* Updating ufw.py to support comments
* Revert "Updating ufw.py to support comments"
This reverts commit 54a42de97c77004d4755543bf310f0ec6e1b4d14.
* Support ufw v0.35 in ufw.py
* Add ufw version check to ufw module
* Initial commit for Pure Storage Ansible module
* Initial commit for Pure Storage Ansible module
* Initial commit for Pure Storage Ansible module
* Fix import issues as required by post-2.2
* Move last import to top
* Follow suggestions and only implement one module per PR
Fix documentation changes requested
* Documentation and formatting changes
Setting default values for FieldAttribute values created in the Base class
prevents the _get_parent_attribute() code from working correctly, as the value
is always non-None.
Related to #22924
The boto Route53 get_all_rrsets method will return the record set
matching the name, type, and identifier specified, followed by ALL
subsequent sets in alphabetical order based on name. If the specified
set does not exist, the method will still return all the sets that
_would_ have come after it. Searching through sets we know will not
match is not just a waste of resources but, more importantly, often
triggers AWS API throttling when used on zones with large numbers of
records.
finished normalizing of path handling
removed overloaded '-p' from init_paths option, it is for role_paths
removed expand_tilde and get_opt methods as both were redundant, adjusted rest of code
updated tests to match
* Add vyos_user implementation module
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Integration test for vyos_user
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Make state absent work
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Unit test for vyos_user
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Standardize user names
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Modify integration test with idempotent case
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Add role as alias to level
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Allow EC2-VPC instances to update SG
make ec2 pep8
* use sets instead of loop and a break
* bring things in an indentation level
* Use to_text instead of str, text_type instead of basestring, - instead of difference
* basestrings not unicode
* simplifying syntax
* Start of ansible config project
moved configuration definitions to external yaml file vs hardcoded
* updated constants to be a data strcutures that are looped over and also return origin of setting
changed to manager/data scheme for base classes
new cli ansible-config to view/manage ansible configuration settings
* prints green for default/unchanged and yellow for those that have been overriden
* added list action to show all configurable settings and their associated ini and env var names
* allows specifying config file to see what result would look like
* TBD update, edit and view options
removed test for functions that have been removed
env_Vars are now list of dicts
allows for version_added and deprecation in future
added a couple of descriptions for future doc autogeneration
ensure test does not fail if delete_me exists
normalized 'path expansion'
added yaml config to setup packaging
removed unused imports
better encoding handling
updated as per feedback
* pep8
* allows win_scheduled_task to support adding and removing task paths
* fix line length for documentation
* added integration tests for path creation and removal
* removing ability to remove TaskPath if a task isn't removed. also removed superfluous line of code in Invoke-TaskPathCheck function
* Various fixes to VM customizations (from template)
This patch implements:
- New find_obj() function from vmware.py replacing get_obj()
- Implement proper resource_pool selection
- Fix productId implementation (was not working)
- Ensure that we are not changing anything that is not mandatory (hostName, orgName, fullName)
This is an alternative proposal to #24283
This does not fix#19860 yet though.
For our use-case, we do not want to customize the network information (or any information in fact).
What is used in the template should remain intact.
* Added find_obj() function
* Fix the returned object-list (unused yet)
* Small improvement
* Support DHCP type and fix customizations
* Small fix
* Support resource_pool also for reconfiguring VM
* Remove redundant
* Fix short hostname, specific resource_pool, PEP8
* Improve docs and examples
* Fix missing hostsystem
* Make folder absolute path
* Improve docs, add missing 'mac'
At present, the available facts around block devices are not sufficient to be able to find stable names guaranteed to work across reboots, or to identify block devices by label (UUID, etc).
This patch provides a list of observed links for each device. It relies on functionality specific to Linux (as does the existing sysfs-based code which it extends), but should not cause issues on other platforms.
Moreover, it prevents virtual devices from being excluded, and links such devices to the physical devices to which they are attached.
* Add more mount point statvfs info including sizes
Based on https://github.com/ansible/ansible/pull/12073
facts.utils.get_mount_size() now returns a dict of most
of the posix statvfs data, including block_size and inode
counts.
Update the facts.hardware classes that use get_mount_size() to
use the new info by mount_info.update(mount_statvfs_inof) to merge.
* add back unit tests for LinuxHardware mount/fs facts
* add test cases for facts.utils.get_mount_size
* region isn't required for ec2.py; allow endpoints to be used
* move where aws_connect_kwargs is set
* remove camel_dict_to_snake_dict and display error message
warnings and deprecations were only returned for the top level of a task, this now deals with them in loop
deduplication still occurs so only unique ones will be shown to user.
fixes#25258
According to the redis-py docs, zrank will return the 0 based index for
the value in the sorted set. So the logic here wasn't right to begin
with (It just means that a value at the 0-th position would never show
up as cached). Need to compare against None to know if the value
exists in the cache.
https://redis-py.readthedocs.io/en/latest/#redis.StrictRedis.zrankFixes#25590
Fix added to fail module instead of returning boolean value
which raises AttributeError.
Fixes#21770
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Call initctl version based on initctl's retrieved location
* Remove the use of start/stop/restart in favor of initctl
* Provide correct argument order for initctl usage
* trying to delete a nonexistent bucket should not fail
* Improve error handling for deleting s3 bucket
* Allow successful deletion
* Add test for deleting a nonexistent bucket
rename integration test target from s3 to aws_s3
* ec2_asg and ec2_asg_facts module improvements
Return target group information for both ec2_asg and ec2_asg_facts
modules
Provide RETURN documentation for ec2_asg module
PEP8 fixes for ec2_asg_facts
* ec2_asg: use pagination when describing target groups
In case an ASG has 100s of target groups, ensure that
we get the full result using build_full_result
* Factorize tests related to no_password_change using an include task
* Refactor: deduplicate tasks
* postgresql_user: test 'expires' parameter
* Change 'valid until' even it's the only updated field
* value is changed when another value is provided
* value isn't returned when unset
* Remove unused variable
* psycopg2.extras.DictRow is able to handle comparison
* postgresql_user: simplify helper method
* postgresql_user: define variable just before using it
* Fix comparison between user input and applied configuration
* new test: adding an invalid attribute
* Refactor, add cleaning task
* Check that using same attribute a 2nd time does nothing
* Always try to remove created user
* postgresql_user: fix pep8
* show original exception for yaml (and other) errors
In places where we need to catch a yaml error and raise
an AnsibleError, add the orig yaml exc to the AnsibleError
via the orig_exc arg.
When the AnsibleError is displayed it will now include the
AnsibleError (AnsibleParserError for example) and the type
and message from the original yaml exception.
This provides more detail to the error messages related to
yaml errors.
This also improves errors from dataloader (for example,
previously if a wrong password was used for a vault encrypted
yaml file, the error was very vague and suggested yaml errors,
but now the message includes the original exception from vault
indicating the password was incorrect or missing).
Add a text note to playbook helper asserts. For playbook
syntax/layout errors that aren't yaml errors, but errors
indicating invalid data structures for a playbook/task/role/block,
we now include some info about where the assert was and
why it was raised.
In places we raise an AnsibleParserError in an except
clause, pass the original exception to AnsibleParserError via
orig_exc arg.
Make assorted error messages a little more specific (like
the playbook helper load methods)
* Revert "Include the original YAML error in syntax error messages"
This reverts commit 781bb44b02.
* Allow cert and private pem information to be passed in via string, eg when obtaining sensitive key details from anisble-vault at runtime
* Allow cert chain body to be passed as a string
* Ensure the new options are set in parameters
* Dont publish the private key in logs
* Set the version_added documentation
* Update documentation inline with review
* Removes file based certificates in favour of string only as suggested in feature review
* Documentation changes as suggested by review
* Make access_token type str, remove alias, and make validate_certs default value true
* Remove comma
* Add bcf switch module
* Remove white space in blank line
* Fix yaml
* Try removing the RETURN just like in the other modules
Given parent include path "{{ var | default('path/file.yml') }}"
os.path.dirname(parent_include_path) yields {{ var | default('path/
which is incorrect in itself but also causes templating errors
due to unbalanced quotes. Fix both problems by templating
parent include path before finding its dirname.
* Support NetBSD 7.1+ style ifconfig -a output
network facts on NetBSD after 7.1 cvs would fail
because of format changes in 'ifconfig -a' output.
update code to support new and old format.
add unit tests for both based on
examples from Bruce V Chiarelli.
* wrap use of interfaces.keys() in list() for py3 compat
* sort interface ids for stability
When creatinf a new VM from template, you can specify the storage domain
name and disk format where to copy all the template disks
For example if you want to create a VM from template into specific
storage domain you can do the following:
ovirt_vms:
name: vm_on_my_storage_domain
cluster: my_cluster
template: my_template
operating_system: other_linux
type: server
cpu_cores: 1
cpu_sockets: 1
state: stopped
clone: True
storage_domain: my_nfs_storage
format: COW
before this change adding nic was allowed only to a vm. Now it is
possible to add it to template.
example:
- name: test add nic to template
ovirt_nics:
auth: "{{ ovirt_auth }}"
state: present
template: mytemplate
name: nic1
interface: virtio
profile: ovirtmgmt
network: ovirtmgmt
* Fix ansible_cmdline initrd fact for UEFI
UEFI cmdline paths use \ path sep which would
get munged by cmdline fact collection.
* Make CmdLineFactCollector easier to test
extract the parsing of the /proc/cmdline content to
_parse_proc_cmdline()
add a wrapper method for get_file_content _get_proc_cmdline()
Add unit tests of _parse_proc_cmdline based on examples
from issue #23647Fixes#23647
* win_environment: Added tests and return info in document
* fixing up some yaml issues
* some more things I should have detected
* fixing up test tag name
* Implemented dconf module for manipulating and reading the dconf database.
* Fixed remote execution for the dconf module when state=present by wrapping the invocation with dbus-launch (dconf requires a running DBus user session). Updated documentation to mention external module dependencies.
* Fixed remote execution for the dconf module when state=absent by wrapping the invocation with dbus-launch (dconf requires a running DBus user session).
* Updated dconf module implementation to make it more robust:
- Detect running D-Bus session, and reuse that one if possible.
- If detection fails, try launching process via dbus-run-session to avoid
left-over D-Bus processes.
- As last resort run dbus-launch, and clean-up after the changes have been
made.
- Updated documentation to mention new dependencies and to be more explicit
about module limitations.
* Fixed PEP8 errors reported by ansibot in dconf module.
* Updated dconf module implementation:
- Fail early if psutil library is not available on the system.
- Go through all of user's processes to locate a running D-Bus daemon.
- Test potential D-Bus session bus address before deciding to (re)use it.
- Added a couple of debug statements.
- Updated documentation to include dbus-send as requirement.
* Updated dconf module implementation:
- Simplified module, removing all code for handling dbus-daemon, as discussed in
a community meeting.
- Module user must ensure that D-Bus user session is available and specified
either via module parameter or environment variable.
- Updated documentation for the change.
* Updated dconf module implementation:
- Add back ability to detect running D-Bus user session.
- Fail-back to using dbus-run-session if running session could not be detected.
* PEP8 fix for dconf module.
* Updated dconf module implementation:
- Introduce correct examples for Gnome DE.
- Rename existing examples to mark them as Cinnamon-specific.
- Use self.module.get_bin_path instead of custom check for dbus-run-session.
- Fixed typo in method documentation for DconfPreference.reset().
* netscaler_service initial implementation
* Changes as requested by reviewers
* Skip some tests if under python2.6 and importing requests library
* Change option "operation" to "state"
* Remove print statements from netscaler module utils
* Catch all exceptions during login
* Fix fail message
* Add common option save_config