1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Commit graph

1449 commits

Author SHA1 Message Date
Adrian Likins
934b645191 Support multiple vault passwords (#22756)
Fixes #13243

** Add --vault-id to name/identify multiple vault passwords

Use --vault-id to indicate id and path/type

 --vault-id=prompt  # prompt for default vault id password
 --vault-id=myorg@prompt  # prompt for a vault_id named 'myorg'
 --vault-id=a_password_file  # load ./a_password_file for default id
 --vault-id=myorg@a_password_file # load file for 'myorg' vault id

vault_id's are created implicitly for existing --vault-password-file
and --ask-vault-pass options.

Vault ids are just for UX purposes and bookkeeping. Only the vault
payload and the password bytestring is needed to decrypt a
vault blob.

Replace passing password around everywhere with
a VaultSecrets object.

If we specify a vault_id, mention that in password prompts

Specifying multiple -vault-password-files will
now try each until one works

** Rev vault format in a backwards compatible way

The 1.2 vault format adds the vault_id to the header line
of the vault text. This is backwards compatible with older
versions of ansible. Old versions will just ignore it and
treat it as the default (and only) vault id.

Note: only 2.4+ supports multiple vault passwords, so while
earlier ansible versions can read the vault-1.2 format, it
does not make them magically support multiple vault passwords.

use 1.1 format for 'default' vault_id

Vaulted items that need to include a vault_id will be
written in 1.2 format.

If we set a new DEFAULT_VAULT_IDENTITY, then the default will
use version 1.2

vault will only use a vault_id if one is specified. So if none
is specified and C.DEFAULT_VAULT_IDENTITY is 'default'
we use the old format.

** Changes/refactors needed to implement multiple vault passwords

raise exceptions on decrypt fail, check vault id early

split out parsing the vault plaintext envelope (with the
sha/original plaintext) to _split_plaintext_envelope()

some cli fixups for specifying multiple paths in
the unfrack_paths optparse callback

fix py3 dict.keys() 'dict_keys object is not indexable' error

pluralize cli.options.vault_password_file -> vault_password_files
pluralize cli.options.new_vault_password_file -> new_vault_password_files
pluralize cli.options.vault_id -> cli.options.vault_ids

** Add a config option (vault_id_match) to force vault id matching.

With 'vault_id_match=True' and an ansible
vault that provides a vault_id, then decryption will require
that a matching vault_id is required. (via
--vault-id=my_vault_id@password_file, for ex).

In other words, if the config option is true, then only
the vault secrets with matching vault ids are candidates for
decrypting a vault. If option is false (the default), then
all of the provided vault secrets will be selected.

If a user doesn't want all vault secrets to be tried to
decrypt any vault content, they can enable this option.

Note: The vault id used for the match is not encrypted or
cryptographically signed. It is just a label/id/nickname used
for referencing a specific vault secret.
2017-07-28 15:20:58 -04:00
Matt Clay
d83129f0d1 Fix integration test aliases. 2017-07-28 10:57:16 -07:00
Mike Wiebe
07b097af7c Fix nxos portchannel force option (#27190)
* Add integration tests

* Fix force option

* Enable nxos_portchannel test

* Satisfy ansibot demands
2017-07-28 13:06:41 -04:00
David Newswanger
c594f1e1c9 fixed nontype error (#27428) 2017-07-28 21:50:09 +05:30
David Newswanger
3b1f2aeb16 Iosxr attribute error #27122 (#27425)
* WIP fixing iosxr_logging idempotency

* remove debug stuff from module, add teardown section to start of test
2017-07-28 20:07:34 +05:30
Martin Krizek
36c6d0f748 fetch: fail if flat=yes and dest=existing-dir w/o trailing slash 2017-07-28 09:53:50 -04:00
Trishna Guha
6d1bd33aa5 fix iosxr_banner (#27378)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-07-28 17:09:04 +05:30
Matt Clay
51bd07204b Revert "Revert "Allow ini plugin to load file using other encoding than utf8." (#27407)"
This reverts commit 520696fb39.
2017-07-27 18:15:56 -07:00
Toshio Kuratomi
520696fb39 Revert "Allow ini plugin to load file using other encoding than utf8." (#27407)
* Revert "Update conventions in azure modules"

This reverts commit 30a688d8d3.

* Revert "Allow specific __future__ imports in modules"

This reverts commit 3a2670e0fd.

* Revert "Fix wildcard import in galaxy/token.py"

This reverts commit 6456891053.

* Revert "Fix one name in module error due to rewritten VariableManager"

This reverts commit 87a192fe66.

* Revert "Disable pylint check for names existing in modules for test data"

This reverts commit 6ac683ca19.

* Revert "Allow ini plugin to load file using other encoding than utf8."

This reverts commit 6a57ad34c0.
2017-07-27 17:08:31 -07:00
Toshio Kuratomi
6ac683ca19 Disable pylint check for names existing in modules for test data
This test data imports from modules which are only available via
PluginLoader for this test case.  So pylint doesn't know anything about
them
2017-07-27 15:37:26 -07:00
Yannig Perré
6a57ad34c0 Allow ini plugin to load file using other encoding than utf8.
- New option for ini plugins: encoding
  - Add a new option encoding to _get_file_contents
  - Use replace option in test/runner/lib/util.py when calling decode on stdout/err
    output when diff have non-utf8 sequences
2017-07-27 14:20:18 -07:00
David Newswanger
81151ef02c Remove Deprecated Template network modules (#27076)
* removed deprecated networking template modules

* update changelog

* update changelog
2017-07-27 19:40:11 +01:00
mesk41in
0fb64214a4 add support of nested groups in group_by 2017-07-27 11:37:34 -04:00
saichint
9b9a8749da Add integration tests and fix nxos providers (#26913)
* fix issues with python3.x

* Add integration testa and fix for nxos_evpn_vni

* add nxos_evpn_vni to nxos.yaml

* fix get_vtp_config()

* add new integration tests

* fix rollback

* add integration test files
2017-07-27 09:32:35 -04:00
David Newswanger
8643e9cb34 changed collection arg to argregate on 2.4 network modules (#26649)
* changed collection arg to argregate on 2.4 network modules

* replace users with aggregate in eos_user, junos_user, nxos_user

* added version_added to places where we replaced users with aggregate in the docs

* fix ios_static_route test

* update tests to reference aggregate instead of collection/users
2017-07-26 10:09:17 -04:00
Abhijeet Kasurde
b2d609b6f1 Add testcase for ipify_facts (#26421)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2017-07-26 12:16:10 +02:00
Rene Moser
50a24cc9d7 cloudstack: tests: add test facts in check mode 2017-07-26 11:55:53 +02:00
Toshio Kuratomi
225fa5d092 Fix undefined variables, basestring usage, and some associated python3 issues 2017-07-25 15:58:23 -07:00
René Moser
a566a7ea2e cloud: cs_user: add feature keys handling (#27285) 2017-07-25 18:07:58 +02:00
Ricardo Carrillo Cruz
3a3bdde869 Fix multiple code and test issues on iosxr (#27267)
* Fix multiple code and test issues on iosxr

It passes the integration tests now.
Fixes #27123

* Fix pep8 issue

* Fix unit tests
2017-07-25 17:21:53 +02:00
Trishna Guha
703eea3da2 eos_logging implementation module (#27093)
* eos_logging implementation module

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* eos_logging integration test

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* modify aggregate args logic

* changed collection to aggregate

* add blankline

* handle size value outside method
2017-07-25 18:16:04 +05:30
Philippe Dellaert
c00554735f New module: management of the Nuage Networks VSP SDN solution (network/nuage/nuage_vspk) (#24895)
* Nuage module and unit tests with requested changes

* Cleanup of imports

* Adding check on python version

* Adding import try and catch wrappers

* Cleanup of requirements and adding integration tests

* Using pypi package for simulator

* Cleanup of requirements and adding integration tests

* Adding aliases for integration tests

* Adding module to import sanity test skip list

* Revert "Adding module to import sanity test skip list"

This reverts commit eab23af8c5ca7c503af63c05610b5db66d31fae4.

* Adding check for importlib and cleanup of requirements
2017-07-25 12:35:03 +01:00
Trishna Guha
e37e736ddb nxos_logging implementation module (#26949)
* nxos_logging implementation module

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* pep8 fixes

* nxos_logging integration test

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* test typo fix

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* idempotent fix

* rename feature to facility

* make dest_group global var

* remove str from arg_spec
2017-07-25 17:03:54 +05:30
Yanis Guenane
8b22c45a45 Enable integration tests for the crypto/ namespace (#26684)
Crypto namespace contains the openssl modules. It has no integration
testing as of now.

This commits aims to add integration tests for the crypto namespace.
This will make it easier to spot breaking changes in the future.

This tests currently apply to:

  * openssl_privatekey
  * openssl_publickey
  * openssl_csr
2017-07-25 12:18:18 +01:00
Dag Wieers
a5eea9042e vmware_host: Small fixes and docs updates (#25144)
* vmware_host: Small fixes and docs updates

This PR includes:
- A fix to no longer require a datacenter folder for adding a host
- Documentation improvements
- Ensure imports are specific

* Update vmware_host

Fix adds following:
* Update logic in vmware_host
* Update example documentation
* Added test case for vmware_host

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2017-07-24 13:02:58 -04:00
Matt Clay
d031ff8aec Disable zypper* tests which are timing out. 2017-07-24 07:50:15 -07:00
Ricardo Carrillo Cruz
66f90d1401 Add update_password always and update_password on_create tests to iosxr_user (#27230)
* Add idempotency test to delete aggregate of iosxr users

* Add update_password always and on_create asserts to iosxr_user
2017-07-24 14:13:51 +02:00
Ricardo Carrillo Cruz
4ad022b622 Add idempotency test to delete aggregate of iosxr users (#27228) 2017-07-24 13:50:34 +02:00
Ricardo Carrillo Cruz
2dc5066f83 Test idempotency after one iosxr user is created (#27227) 2017-07-24 13:44:52 +02:00
Ricardo Carrillo Cruz
ec323514ef Remove first all users tested on iosxr_user (#27226) 2017-07-24 13:16:59 +02:00
Ricardo Carrillo Cruz
e9a0411059 Assert username and secret is within first element of results (#27219) 2017-07-24 10:10:47 +02:00
Toshio Kuratomi
6a41a4f311 Expand the result from pwd to make the test more robust
Sometimes MacOSX's pwd doesn't return an expanded path.  Not sure why
but this test is still valid if we expand it via a playbook filter so
go ahead and do that.
2017-07-21 12:20:30 -07:00
David Newswanger
362f43c996 added mssing testcas variable (#27125) 2017-07-21 13:13:48 -06:00
Abhijeet Kasurde
ede82e2130 Implement vmware_argument_spec for required params (#25731)
Without the fix hostname, username and password params
used to skip required check.

Fixes #25696

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2017-07-21 12:12:43 -04:00
Jordan Borean
5c6e5d4841 win_domain_group: new module (#26682)
* win_domain_group: new module
2017-07-20 17:08:08 -07:00
Matt Clay
1c611a85ab Disable failing dpkg_selections test. 2017-07-20 14:56:16 -07:00
Matt Clay
5617d68c3e Disable failing apt test. 2017-07-20 14:10:09 -07:00
Toshio Kuratomi
f86ce0975d Add a directory walker to copy
* We need a directory walker that can handle symlinks, empty directories,
  and some other odd needs.  This commit contains a directory walker that
  can do all that.  The walker returns information about the files in the
  directories that we can then use to implement different strategies for
  copying the files to the remote machines.
* Add local_follow parameter to copy that follows local symlinks (follow
  is for remote symlinks)
* Refactor the copying of files out of run into its own method
* Add new integration tests for copy

Fixes #24949
Fixes #21513
2017-07-20 08:01:29 -07:00
Toshio Kuratomi
753a3a03d0 Revert "Fix for recursive copy slowness"
This reverts commit 78ced5318f.

The fix for copy slowness did not handle circular symlinks.
2017-07-20 08:01:29 -07:00
Pilou
556a1daa33 fix searched paths in DataLoader.path_dwim_relative (avoid AnsibleFileNotFound) (#26729)
* add unit test: nested dynamic includes

* nested dynamic includes: avoid AnsibleFileNotFound error

Error was:
Unable to retrieve file contents
Could not find or access 'include2.yml'

Before 8f758204cf, at the end of
'path_dwim_relative' method, the 'search' variable contained amongst
others paths:
'/tmp/roles/testrole/tasks/tasks/included.yml' and
'/tmp/roles/testrole/tasks/included.yml'.
The commit mentioned before removed the last one despite the method
docstrings specify 'with or without explicitly named dirname subdirs'.

* add integration test: nested includes
2017-07-20 10:26:13 -04:00
Ganesh Nalawade
5ab8d30d10 Add net_vrf implementation for junos (#27055)
*  junos_vrf implementation
*  junos_vrf integration test
*  net_vrf integration test for junos
2017-07-20 11:20:18 +05:30
Jordan Borean
a260063ffd Added function to convert camelCase to snake_case for powershell (#26203)
* Added camel case to snake case converters

* removed uneeded shebang

* renamed util to remove PowerShell from the name
2017-07-19 16:57:05 -07:00
Will Thames
ef8c9798d3 include_role handlers bug fix (#26335)
* Ensure that include_role properly fires handlers

include_role needs to ensure that any handlers included
with the role are added to the _notified_handler and
_listening_handler lists of the TaskQueueManager, otherwise
it fails when trying to run the handler.

Additionally, the handler needs to be added to the
PlayIterator's `_uuid_cache` or it fails after running
the handler

Add more uuid debug statements - this code was hard
to debug with existing debug statements, so add more
uuid information at little additional output cost.

Fixes #18411

* Add tests for include_role handlers

Tests for #18411
2017-07-19 15:02:32 -05:00
Nathaniel Case
56a0b988a9 nxos integration fix part 1 (#27069)
* Assorted Python 3 fixes

* Fix `testcase` definition in integration tests

* Fix nxos_acl_interface

* clean up nxapi after nxos_nxapi
2017-07-19 14:00:05 -04:00
Andreas Olsson
593297d7a2 Only use git verify-tag when verifying annotated tags (#26414)
* Only use `git verify-tag` when verifying annotated tags

The command `git verify-tag` only applies to annotated tags. When
verifying lightweight tags, which are more similar to non-moving
branches, one has to use `git verify-commit` instead.

Using ':' as a separator is appropriate since that is one of the
characters not allowed in a Git reference name.

See also https://www.kernel.org/pub/software/scm/git/docs/git-check-ref-format.html

* Improve testing of the Git module's gpg verification
2017-07-19 11:30:12 -04:00
Abhijeet Kasurde
cf34cefbdc Add FindByUUID testcase for vmware_guest_facts (#27022)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2017-07-19 06:43:51 -04:00
Ganesh Nalawade
abb4361990 Add vyos_interface default description (#27029)
* Add default description string to vyos_interface

* If `state=up` it should remove the `disable` configuration
  for interface. However, if no other interface parameter is configured
  this ends up deleting the interface itself which is not the desired
  behaviour. Hence adding a default description field to avoid such
  scenario's.

* Minor changes

* Add default description to aggregate
2017-07-19 13:01:56 +05:30
Matt Davis
907b662dc6 Powershell module_utils loader and tests (#26932)
* supports custom module_utils loads (anything in module prefaced with `#Requires -Module Ansible.ModuleUtils.*`)
* supports all usual PluginLoader module_utils locations (built-in lib/ansible/module_utils/, custom path from config, playbook module_utils/, ~/.ansible/module_utils, role module_utils, etc), 
* moves Powershell module_utils from module_utils/powershell.ps1 to module_utils/powershell/Ansible.ModuleUtils.PowerShellLegacy.psm1
2017-07-18 20:44:01 -07:00
Dag Wieers
636f8737c9 win_unzip: Add integration tests, check-mode, various (#25335) 2017-07-19 09:54:57 +10:00
Matt Davis
9d3494eb87 add generated password to win_owner test user (#26826)
* previous test without a password failed on hosts that had strict password policy
2017-07-18 16:46:35 -07:00