Restrict jail tests for sysrc to certain FreeBSD versions (#6414)
Restrict jail tests for sysrc to certain FreeBSD versions.
(cherry picked from commit 69d7f19c74)
Co-authored-by: Felix Fontein <felix@fontein.de>
Add keycloak_authz_authorization scope module (#6256)
* Add keycloak_authz_authorization scope module
This module allows managing Keycloak client authorization scopes. The client has
to have authorization enable for this to work.
* botmeta: make mattock maintainer of keycloak_authz_authorization_scope
* botmeta: add mattock to team_keycloak
* keycloak_authz_authorization_scope: documentation and code layout fixes
* keycloak_authz_authorization_scope: do not fail on names with whitespace
* keycloak_authz_authorization_scope: use url quote method
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_authz_authorization_scope: style fixes to documentation
* keycloak_authz_authorization_scope: do not claim check/diff mode support
* keycloak_authz_authorization_scope: fix documentation
* keycloak_authz_authorization_scope: support check_mode and diff_mode
* keycloak_authz_authorization_scope: use more common terminology
Most keycloak modules use before_<object_type> and desired_<object_type> to
designate current and desired states of objects. Do the same for authorization
scopes.
* keycloak_authz_authorization_scope: fixes to check_mode and docs
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit bc228d82be)
Co-authored-by: Samuli Seppänen <samuli.seppanen@gmail.com>
Add a module to set the keycloak client scope type (#6322)
The module keycloak_clientscope_type allows to set the client scope
types (optional/default) either on realm or client level.
(cherry picked from commit 1f2c7b1731)
Co-authored-by: Simon Pahl <simpahl@gmail.com>
pipx: fix state=latest w/ install_deps=true (#6303)
* pipx and pipx_info: Document that modules require pipx 0.16.2.1 or above
Since their introduction, these modules rely on 'pipx list --json' to
return machine-readable output about installed pipx applications. That
functionality was introduced in 0.16.2, along with a critical bug fix
(invalid json) in 0.16.2.1.
* pipx: fix state=latest with install_deps=true
"pipx upgrade" stopped supporting the "--include-deps" option
("install_deps" in the ansible module) in pipx 0.15
(https://pypa.github.io/pipx/changelog/#01500).
The lack of support causes the pipx module to fail if attempting to use
state=latest with install_deps, since the parameter is passed to both
pipx install (fine) and pipx upgrade (fails).
* Add changelog fragment
(cherry picked from commit 996fc8c18e)
Co-authored-by: Paul Aurich <paul@darkrain42.org>
New modules btrfs_subvolume / btrfs_info (#5832)
* Initial implementation for new modules btrfs_subvolume and btrfs_info
* Improve/flesh out documentation. Add ability to target filesystem by uuid, label or device. Update tests to test targeting filesystem by each supported parameter and when only mountpoint.
* Updates for btrfs modules. Add missing copyright notices. Switch options to contains in return documentation. Update btrfs_subvolume to always use closest parent mount.
* Add maintainers for btrfs module(s) and remove unused class member cause lint failure.
* Add changelog fragment. Attempt to only run against the VMs as part of CI.
* Updates per code review. Remove changelog fragment. Switch use of map to list comprehension. Add trailing comma to last item in multi-line dicts. Clean up documentation with complete senstences for descriptions and correct/consistent use of macros.
* Improved error handling in btrfs_subvolume module: add custom exception type, favor exceptions over immediate call to fail_json and add single top level return for failure scenarios. Normalize name and snapshot_source parameters early in module execution and remove unecessary duplicate normalization throughout processing.
* Add azp/posix/3 to aliases per feedback
* Clean up automatic mounting. Prevent automount when check_mode=True. Immediately fail if a mount is identified as required and automount=True. Identify the minimal subset of subvolumes that need to be mounted instead of just finding a single common root.
* Skip btrfs_subvolume integration tests if btrfs-progs isn't successfully installed.
* Bump version_added for btrfs modules to 6.6.0. Ensure consistent trailing punctuation for module descriptions and document check_mode behavior as attribute description rather than a module level note.
* Remove unused imports from btrfs_subvolume module.
* Fix import.
* Docs improvements.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit ae5090d90e)
Co-authored-by: Gregory Furlong <50386272+gnfzdz@users.noreply.github.com>
Do extra docs validation; explicitly disallow semantic markup in docs (#6345)
* Do extra docs validation. Explicitly disallow semantic markup in docs.
* Forgot to add new requirement.
* Fix prefixes.
* Remove superfluous condition.
* TEMP - make CI fail.
* Revert "TEMP - make CI fail."
This reverts commit 14f4d6b503.
* Remove unnecessary import.
* Make sure ANSIBLE_COLLECTIONS_PATH is set.
* Make sure sanity tests from older Ansible versions don't complain.
(cherry picked from commit ee11847c7e)
Co-authored-by: Felix Fontein <felix@fontein.de>
one_vm: fix syntax error when creating VMs with a more complex template (#6294)
* one_vm: fix syntax error when creating VMs with a more complex template
with more complex templates that make use of quoted strings the new
"render" method fails to produce a template that is accepted by
OpenNebula. ==> escape double quotes in strings to make OpenNebula
happy again.
I also tested whether newlines need to be escaped, looks like they are
fine as they are.
Fixes#6225
* module_utils/opennebula: skip empty values in render
(cherry picked from commit cb3ca05bd1)
Co-authored-by: Georg Gadinger <nilsding@nilsding.org>
nmcli: Add macvlan connection type support (#6312)
* add nmcli macvlan type
* changelog
* improve docs
* macvlan params
* fix linter and improve module params
* improve_docs
* raise error if type macvlan and macvlan options not set
(cherry picked from commit 29a7d24d75)
Co-authored-by: Sergey Putko <mail@psvlan.com>
snap: add tests for multiple commands (#5488)
* snap: add tests for multiple commands
* snap: add tests + become
* remove packages again for idempotency
* roll back become=true in tests
(cherry picked from commit d7340945a4)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
pkgng: skip jail tests also on FreeBSD 12.3 (#6313)
Skip jail tests also on FreeBSD 12.3.
(cherry picked from commit aa77a88f4b)
Co-authored-by: Felix Fontein <felix@fontein.de>
pipx: Add support for system_site_packages (#6308)
* pipx: Add support for system_site_packages
* Add changelog fragment
(cherry picked from commit f93a1bf5ec)
Co-authored-by: Paul Aurich <paul@darkrain42.org>
pids tests: 'some-' is not that a unique pattern. (#6304)
* 'some-' is not that a unique pattern.
* Add debugging help.
* Avoid passing the name as a parameter to obtainpid.sh.
(cherry picked from commit 08f14f3eb0)
Co-authored-by: Felix Fontein <felix@fontein.de>
Add module to manipulate KDE config files using kwriteconfig (#6182)
* Add module to manipulate KDE config files using kwriteconfig
* Fix license issues
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add smeso as kdeconfig.py maintainer
* Fix attributes fragment name
* Fix test
* Do not use shutil.chown
It isn't available on old Python versions
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 997761878c)
Co-authored-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
nmcli: add runner_fast_rate option (#6148)
* add runner_fast_rate option
* unset default value for runner_fast_rate parameter
* add some commas
* Remove default in copy of argspec.
Co-authored-by: Sam Potekhin <eax24@ya.ru>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Sam Potekhin <eax24@ya.ru>
(cherry picked from commit d4f272ba52)
Co-authored-by: Alex Groshev <38885591+haddystuff@users.noreply.github.com>
pipx: Allow injected modules to add apps (#6198)
* pipx: Allow injected modules to add apps
Add support for pipx inject's "--include-apps" parameter.
* add changelog fragment
* fix pipx test ("install_apps", not "include_apps")
* fix pipx test -- add a second invocation for install_apps
* Update changelogs/fragments/6198-pipx-inject-install-apps.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/pipx.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 6fa833feed)
Co-authored-by: Paul Aurich <paul@darkrain42.org>
Add Gitlab group runners support (#3935)
(cherry picked from commit f3be0076af)
Co-authored-by: Léo GATELLIER <26511053+lgatellier@users.noreply.github.com>
redhat_subscription: require credentials only when needed (#5664)
The module currently has a static 'required_if' statement for its
parameters that forces any of 'username' or 'activationkey' or 'token'
in case state=present; while this is generally a good idea, it can be
an extra requirements in some cases. In particular, if the system is
already registered, there is no need for credentials -- some of the
operations of the module, such as manipulating pools, can be done
perfectly without credentials.
Hence:
- change the static 'required_if' to require credentials only when
forcing the registration
- check for credentials manually when a registration is needed, i.e.
on an unregistered system; the fail message is the same as the one
shown by 'required_if'
Adapt the tests to this new situation:
- test_without_required_parameters now needs to mock an unregistered
system
- add a new version of test_without_required_parameters to test an
already registered system
- add a simple test case for only state=present usable on an already
registered system
- remove the credentials from a test case for pool attachment that
mocks an already registered system
(cherry picked from commit bbd68e26a2)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
rhsm modules: cleanly fail when not run as root (#6211)
subscription-manager on RHEL installs a symlink in /usr/bin to
console-helper (part of usermode), which triggers an interactive prompt
for root credentials when run as user. It seems that console-helper
does not handle well non-interactive contexts (e.g. without a TTY for
input), and thus it will hang waiting for input when run as user in an
Ansible task.
Since subscription-manager requires root already anyway (and it will
fail when explicitly run as user), then apply the same logic locally on
all the modules that interact with it: redhat_subscription,
rhsm_release, and rhsm_repository.
(cherry picked from commit 9f67cbbe36)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
redhat_subscription: use D-Bus for registration if possible (#6122)
subscription-manager currently does not have a way to get credentials
(username, password, activation keys, organization ID) in a secure way:
the existing command line parameters can be easily spotted when running
a process listing while 'subscription-manager register' runs.
There is a D-Bus service, which is used by e.g. cockpit and Anaconda to
interface with RHSM (at least for registration and common queries).
Try to perform the registration using D-Bus, in a way very similar to
the work done in convert2rhel [1] (with my help):
- try to do a simple signal test to check whether the system bus works;
inspired by the login in the dconf module
- pass most of the options as registration options; for the few that are
not part of the registration, execute 'subscription-manager' manually
- add quirks for differently working (or not) registration options for
the D-Bus Register*() methods depending on the version of RHEL
- 'subscription-manager register' is used only in case the signal test
is not working; silent fallback in case of D-Bus errors during the
registration is not done on purpose to avoid silent fallback to a less
secure registration
[1] https://github.com/oamg/convert2rhel/pull/540/
(cherry picked from commit e939cd07ef)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
Mark monit integration tests as unstable (#6175)
Mark monit integration tests as unstable.
(cherry picked from commit 1ddcdc63ff)
Co-authored-by: Felix Fontein <felix@fontein.de>
More true/false normalization (#6152)
* More true/false normalization.
* Boolean do not need explicit choices.
* One more.
* Fix type argument.
(cherry picked from commit 11c7611ced)
Co-authored-by: Felix Fontein <felix@fontein.de>
dconf: Check for changes properly despite style of quotes used by user (#6049)
dconf: parse GVariant values to check for equality whenever possible
Direct string comparisons are an inaccurate way to compare two
GVariant representations. For example, 'foo' and "foo" (including the
quote marks, which are part of the representation) are equal GVariants
but if you just do a string compare (remember, including the quotes)
they'll be interpreted.
We therefore want to use the `gi.repository` Python library to parse
GVariant representations before comparing them whenever possible.
However, we don't want to assume that this library will always be
available or require it for Ansible to function, so we use a straight
string comparison as a fallback when the library isn't available. This
may result in some false positives, i.e., Ansible thinking a value is
changing when it actually isn't, but will not result in incorrect
values being written into `dconf`.
Co-authored-by: Jonathan Kamens <jik@jik5.kamens.us>
(cherry picked from commit 627371e2d8)
Co-authored-by: Jonathan Kamens <jik@kamens.us>
nmcli: fixed inability to change mtu on vlan connection (#6104)
* tests updated
Co-authored-by: Sam Potekhin <heaveaxy@gmail.com>
(cherry picked from commit 2dee3464dd)
Co-authored-by: Sam Potekhin <24751685+heaveaxy@users.noreply.github.com>
Fix Yarn global not working without explicit executable path (#6138)
* Fix Yarn global not working without explicit executable path
* changelog fragment
* fix formatting and add test
* oops
(cherry picked from commit 3d67f51824)
Co-authored-by: Sargun Vohra <sargun.vohra@gmail.com>
add persistent option for modprobe (#5424)
* add persistent option for modprobe
* add suggested changes + fix broken test
* change modprobe module path in tests due to rebase
* change persistent option type from bool to str with choices
* fix unused import
* add example with persistent option
* fix some minor issues after review
- move regexps compiling to __init__
- move AnsibleModule to build_module function and use this function in tests instead of AnsibleModule
- fix terminlogy issue in documentation
* fix unused-import
(cherry picked from commit 29f5033737)
Co-authored-by: Alex Groshev <38885591+haddystuff@users.noreply.github.com>
sefcontext: add support for path substitutions (#5830)
* sefcontext: add path substitution support (#1193)
First commit for feedback, missing docs and tests.
* sefcontext: add documentation
* Add changelog fragment
* Documentation formatting
* Delete extra newline
* pep8 fixes
Fix indentation
* Add version_added to arg docs
* Add examples
* Don't delete non-matching path substitutions
* Add integration tests
* Delete only substitutions if such arg passed
Don't delete existing regular file context mappings if deletion of
a path substitution was requested with the presence of the
`equal` arg - delete only path substitutions in such case.
Path substitutions and regular mappings may overlap.
* Can only add args in minor releases
:(
* Cleanup before tests
* Fix deletion using substitution
Was comparing wrong var.
* Fix test checking wrong var
* Improve args documentation and examples
List the default values for selevel, seuser.
Add example for deleting path substitutions only.
* Add attributes documentation block
Not sure if should add become/delegate/async,
shouldn't those work just like that without any
specific code added for them?
* and fix indentation on attribute block
* Consistent indentation for attributes
Confusing, most plugins indent with 4 spaces.
But some use 2 like the rest of the code, so use 2.
* Add missing ref for attribute block
* Use correct c.g version in doc block
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add full stop to changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Streamline documentation
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Support limiting deletion to setype
Deleting file context mappings may be limited by
passing setype or equal, if neither arg is passed
then delete either setype/equal mappings that match.
* Change arg name, diff mode output fix
Change arg name from equal to substitute.
Print target = subsitute in diff mode same way as
semanage does.
Also put back platform attribute, try to improve
clumsy language in the substitute arg docs.
* Delete even if arg setype not match existing
Test 5 indicates that deletion is supposed to not check that
the arg setype passed when deleting matches the setype
of the mapping to delete.
Delete any mapping that matches target, regardless of
setype arg value.
* Update arg name in tests
* Too eager replacing
Accidentally replaced seobject function names so fix them back
* 4564: Fix invalid setype in doc example
Change from httpd_git_rw_content_t which
does not exist to httpd_sys_rw_content_t
Fixes#4564
* Fix documentation attributes
Additional fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update version_added in docs
Bumping minor to 6.4.0 since it didn't make 6.3.0.
* Add more description to the new arg docs
Try to improve discoverability of the new feature and make it easier to understand without deep SELinux understanding.
* Update platform to Linux in documentation
* Add equal as alias for the new argument
Improve discoverability of the new feature by adding an alias to the new module argument. The argument name "equal" will be easy to find for users who are not familiar with SELinux and who just try to match to the CLI tool `semanage`.
* And add alias argument properly
Previous commit missed actually adding the alias (added to docs only).
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
(cherry picked from commit c8a2ac3a47)
Co-authored-by: bluikko <14869000+bluikko@users.noreply.github.com>
keycloak_group: support keycloak subgroups (#5814)
* feat(module/keycloak_group): add support for ...
... handling subgroups
* added changelog fragment and fixing sanity ...
... test issues
* more sanity fixes
* fix missing version and review issues
* added missing licence header
* fix docu
* fix line beeing too long
* replaced suboptimal string type prefixing ...
... with better subdict based approach
* fix sanity issues
* more sanity fixing
* fixed more review issues
* fix argument list too long
* why is it failing? something wrong with the docu?
* is it this line then?
* undid group attribute removing, it does not ...
... belong into this PR
* fix version_added for parents parameter
---------
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
(cherry picked from commit 7d3e6d1bb7)
Co-authored-by: morco <thegreatwiper@web.de>
Consolidate onepassword unit tests so that ansible-test will find them when the plugin is modified (#6075)
Consolidate onepassword unit tests so that ansible-test will find them when the plugin is modified.
(cherry picked from commit de1f0ff419)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Run tests with EOL ansible-core versions in GHA (#6044)
Run tests with EOL ansible-core versions in GHA.
(cherry picked from commit b72b7d4936)
* Re-schedule cron.