New module by @tedder for handling granting/revoking access to KMS secrets.
For example:
```
- name: grant user-style access to production secrets
kms:
args:
mode: grant
key_alias: "alias/my_production_secrets"
role_name: "prod-appServerRole-1R5AQG2BSEL6L"
grant_types: "role,role grant"
```
* Add --installroot to YUM and DNF modules, issue #11310
This continues ansible-modules-core#1558, and
ansible-modules-core#1669
Allow specifying installroot for the yum and dnf modules
to install and remove packages in a location other than /.
* Remove empty aliases
* Simpler installroot set default logic
This allows the ios_* modules to take advantage of the new network_cli
connection plugin by refactoring the ios shared module. Individual modules
need to be udpated as well
* net_config now subclasses action plugin network
* net_template now subclasses action plugin network
This will break existing modules until those modules have been refactored.
* moves parse() into the instance
* removes old Config instance and supporting code
* adds net_common shared module
* minor tweaks to NetworkConfig class for parsing config files
This commit also adds the module to DEFAULT_SQUASH_ACTIONS which is
possible with this change.
The module still calls the pkg_* tools once per name internally, so the only
difference is less invocations of the module itself when using with_items.
Couldn't find any code that does this now but left a comment so that we
don't change something in the future without seeing that it could be
a problem.
A small collection of fixes and improvements:
- Simplify should_deploy_from_template()
- Bugfix for x.config that can be None
- Bugfix for mandatory guest_id (not when using templates)
- Simplify key testing and defaults
- Fix an incorrect reference to the last network
- Duplicate alias 'folder' removed
When becoming an unprivileged user using non-sudo on a platform where
getlogin() failed in our situation we were not able to detect that the
user had switched. This meant that all of our logic to use move vs copy
if the user had switched was attempting the wrong thing. This change
tries the to do the right thing but then falls back to an acceptable
second choice if it doesn't work.
The bug wasn't easily detected because:
* sudo was not affected because sudo records that the user's have been
switched so we were able to detect that.
* getlogin() works on most platforms. RHEL5 with python-2.4 seems to be
the only platform we still care about where getlogin() fails for this
case.
* It had to be becoming an unprivileged user. When becoming
a privileged user, the user would be able to successfully perform the
best case tasks.
* Issue #19575: Adding Dest Param to win_uri
Added `dest` param to win_uri. Outputs the response body to a specified
file.
Addresses Issue #19575
* Was setting the wrong attribute
* Add a encode() to AnsibleVaultEncryptedUnicode
Without it, calling encode() on it results in a bytestring
of the encrypted !vault-encrypted string.
ssh connection plugin triggers this if ansible_password
is from a var using !vault-encrypted. That path ends up
calling .encode() instead of using the __str__.
Fixes#19795
* Fix str.encode() errors on py2.6
py2.6 str.encode() does not take keyword arguments.
os.write() needs bytes objects on python3 while python2 can work with
either a byte or unicode string. Mark the DUMMY_CA_CERT string as
a byte string so it will work.
Fixes#19265Fixes#19266
Wrap the fh.write(str) in b() to ensure the string is of the proper type in py2/py3. Otherwise, the following error occurs when using its ssh_wrapper:
An exception occurred during task execution. The full traceback is:
Traceback (most recent call last):
File "/tmp/ansible_8r299r6t/ansible_module_git.py", line 1049, in <module>
main()
File "/tmp/ansible_8r299r6t/ansible_module_git.py", line 928, in main
ssh_wrapper = write_ssh_wrapper()
File "/tmp/ansible_8r299r6t/ansible_module_git.py", line 330, in write_ssh_wrapper
fh.write(template)
TypeError: 'str' does not support the buffer interface
In some cases it is desirable to have a send only function that doesn't
wait for the response from the CLI (such as reloading a device). This
adds a new key to the command json string sendonly that will
achieve this behavior.
When the same role is listed consecutively in a play, the previous role
completion detection failed to mark it as complete as it only checked to
see if the role changed.
This patch addresses that by also keeping track of which task in the role
we are on, so that even if the same role is encountered during later passes
the task number will be less than or equal to the last noted task position.
Related to #15409