**SECURITY** - CVE-2021-20178
Hide user sensitive information like `privkey` and `authkey`
while logging in console.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Removed the bridge-slave from list of ip based connections since nmcli does not accept IP options for bridge-slave connections.
* Update changelogs/fragments/1517-bridge-slave-from-list-of-ip-based-connections.yml
Thanks for the tip.
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Ensured ``changed`` returns ``False``.
- Added small improvement on the ``_load_scope()`` method.
* yamllint caught it
* Rephrased changelog fragment
* Some adjustments/improvements
- Added doc details for parameters ``description`` and ``objectClass``
- Added type details to argument_spec of parameters ``description`` and ``objectClass``.
- Removed unused import
- Simplified logic of ``LdapEntry._load_attrs()``
- Replaced parameter validation test with ``required_if``.
* Added changelog frag
* Fixed validate-modules:mutually_exclusive-unknown for plugins/modules/packaging/os/redhat_subscription.py
* fixed validation-modules for plugins/modules/cloud/lxd/lxd_container.py
* fixed validation-modules for plugins/modules/web_infrastructure/sophos_utm/utm_network_interface_address.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_host.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_image_info.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_image.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_service.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_vm.py
* fixed validation-modules for plugins/modules/net_tools/cloudflare_dns.py
* fixed validation-modules for plugins/modules/net_tools/ip_netns.py
* fixed validation-modules for plugins/modules/net_tools/ipinfoio_facts.py
* fixed validation-modules for plugins/modules/net_tools/netcup_dns.py
* fixed validation-modules for plugins/modules/remote_management/wakeonlan.py
* added types to plugins/modules/remote_management/stacki/stacki_host.py but still cannot remove ignore line
* added a couple of FIXME comments
* fixed validation-modules for plugins/modules/remote_management/manageiq/manageiq_provider.py
* fixed validation-modules for plugins/modules/notification/rocketchat.py
* fixed validation-modules for plugins/modules/monitoring/bigpanda.py
* fixed validation-modules for plugins/modules/identity/keycloak/keycloak_client.py
* fixed validation-modules for plugins/modules/identity/keycloak/keycloak_clienttemplate.py
* fixed validation-modules for plugins/modules/cloud/univention/udm_user.py
* fixed validation-modules for plugins/modules/cloud/univention/udm_group.py
* fixed validation-modules for plugins/modules/cloud/spotinst/spotinst_aws_elastigroup.py
* fixed validation-modules for plugins/modules/cloud/smartos/imgadm.py
* fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks_nic.py
* fixed validation-modules for plugins/modules/cloud/ovirt/ovirt_external_provider_facts.py
* Tidy up validate-modules ignores no-default-for-required-parameter + couple of other cases
* Added changelog frag
* fixed validation-modules for plugins/modules/cloud/centurylink/clc_alert_policy.py
* fixed validation-modules for plugins/modules/cloud/centurylink/clc_firewall_policy.py
* fixed validation-modules for plugins/modules/cloud/lxd/lxd_profile.py
* Typos and small fixes
* fixed validation-modules for plugins/modules/net_tools/ldap/ldap_passwd.py
* Typos and small fixes, part 2
* Fixes from PR comments
* Update plugins/modules/cloud/profitbricks/profitbricks_nic.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Rolled back the mutually-exclusive-unknown in redhat_subscription
* Update changelogs/fragments/1423-valmod_multiple_cases.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Tidy up validate-modules ignores doc-required-mismatch
* Tidy up validate-modules ignores doc-required-mismatch - update on 2.11
* Fixed chengelog frag
* rolledback removal of parameter from cloud/smartos/vmadm.py
* removed changelog frag for the rollback
* Update plugins/modules/cloud/smartos/vmadm.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Revert "removed changelog frag for the rollback"
This reverts commit 56a02ead3b.
* suggestion from PR
* yet another PR suggestion
Co-authored-by: Felix Fontein <felix@fontein.de>
* fixed validation-modules for plugins/modules/cloud/spotinst/spotinst_aws_elastigroup.py
* fixed validation-modules for plugins/modules/cloud/univention/udm_share.py
* fixed validation-modules for plugins/modules/net_tools/nios/nios_host_record.py
* fixed validation-modules for plugins/modules/storage/zfs/zfs_facts.py
* fixed validation-modules for plugins/modules/storage/zfs/zpool_facts.py
* Tidy up validate-modules ignores nonexistent-parameter-documented
* Adjustments per the PR
* Removed no longer needed ignore line for udm_share.py
* * Refactor `nmcli` module to use consistent parameters when creating/modifying connections and detecting changes.
* Keep DNS list arguments as lists internally.
* Remove duplicated code where practical.
* DBus and GObject dependencies are not necessary.
* Update changelog fragment.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelog fragment.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Use identity operator instead of equality for type comparison.
* Don't start changelog notes with a capital letter.
* * Have `settings_type` return `str` by default instead of `None`.
* Improve variable naming, use `convert_func` instead of `type_cast`.
* Revert new feature of allowing ethernet types as slaves.
* Bring back `list_connection_info` to list all connections with `nmcli con show`.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Type: Wrong package names
In Red Hat systems, python packages are preceeded by `python3-`
* Use Python 2 packages on CentOS 7 and Fedora <= 28.
Co-authored-by: Frank Brütting <fbruetting@users.noreply.github.com>
* Enable/disable health and agent checks
Health and agent checks can cause a disabled service to re-enable
itself. This adds "health" and "agent" options that will also
enable or disable those checks, matching if the service is to be
enabled/disabled.
* Update plugins/modules/net_tools/haproxy.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/net_tools/haproxy.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/net_tools/haproxy.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/net_tools/haproxy.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Changes to documentation and changelog.
Changes for the haproxy documentation to resolve issues with
the CI/CD, and adding a changelog fragment.
* Update changelogs/fragments/689-haproxy_agent_and_health.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/689-haproxy_agent_and_health.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/net_tools/haproxy.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add an example of health/agent disable.
* Update plugins/modules/net_tools/haproxy.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* nmcli: add idemptent support for any kinds of connections
Fixes#481: nmcli reports changed status even if nothing needs to change
- Implement show_connection() to retrieve connection profile from command line
- Parse integer enumeration values in show_connection()
- Convert 'bond.options' to alias shortcuts
- Modify connection only if changes are detected
- Support generic alias in during the property comparison
* nmcli: add idemptent support for any kinds of connections
Add mock object for modification cases when connection state changes
* nmcli: add idempotent support for any kinds of connections
- Add more test cases to check idempotent for each type of connections
- Verify 'changed' and 'failed' in the result of each test
- Append prefixlen for 'ip4' values in test data
- Fix the incorrect 'return_value' of execute_command() in previous mockers
- Ignore the empty string in _compare_conn_params()
- Fix the property key mapping of 'bridge-port.hairpin-mode' for bridge-slave
- Add 'override_options' in the result output for playboot debug
* nmcli: add idempotent support for any kinds of connections
Fix pep8 issues in test_nmcli.py: Comparison to False should be 'not expr'
* nmcli: add idempotent support for any kinds of connections
Support setting 'ipv4.method' or 'ipv6.method' via nmcli if the configuration method changes
* nmcli: add idempotent support for any kinds of connections
Simplify the if statements in show_connection() according to vlours's advice
* nmcli: add idempotent support for any kinds of connections
Fix the list argument comparison method with multiple values.
* nmcli: add idempotent support for any kinds of connections
Use ansible --diff option output to show detailed changes instead of a private return value.
* nmcli: add idempotent support for any kinds of connections
Add changelog fragment for bugfix.
* Adjust deprecation versions.
* Remove redirects that are already made in ansible/ansible's ansible_builtin_runtime.yml
* Remove modules that were moved to the google.cloud collection according to ansible/ansible's ansible_builtin_runtime.yml.
* The _info module is in google.cloud.
* The gcp doc_fragment is a copy of the one in google.cloud and is only used by one lookup. Mark as deprecated/internal.
* Remove entries of modules that no longer exist.
* Update ignore.txt.
* Try to fix test.
* Remove debug output.
I spent some time debugging an error, where the unexpected HTTP return code was
reported to be -1. Digging deeper, I found the cause using this patch:
"An unknown error occurred: ~/.netrc access too permissive: access permissions
must restrict access to only the owner"
* Add version_added: 1.0.0 for all new features added before pre-ansible-base.
* Add version_added: 1.0.0 for all new features.
* Next release will be 0.2.0
* Fix error.
* Remove unnecessary warnings.
* ip_netns: fix module name in example
Was referenced as 'namespace' while it should have been 'ip_netns'.
Closes: #203
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
* Update plugins/modules/net_tools/ip_netns.py
* Update plugins/modules/net_tools/ip_netns.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* fix CI
* Added ldap_search module for searching in LDAP servers
* Fixes from pipeline
* Fixed second script as well
* fix DOCUMENTATION block
* fix DOCUMENTATION block
* fix DOCUMENTATION block
* fix examples and remove changelog fragment
* Added integration tests for ldap_search
* fixes
Co-authored-by: Sebastian Pfahl <sebastian.pfahl@dcso.de>
* Remove the params module option from ldap_attr and ldap_entry
Module options that circumvent Ansible's option handling were disallowed
in:
https://meetbot.fedoraproject.org/ansible-meeting/2017-09-28/ansible_dev_meeting.2017-09-28-15.00.log.html
Additionally, this particular usage can be insecure if bind_pw is set
this way as the password could end up in a logfile or displayed on
stdout.
Fixes CVE-2020-1746
* Remove checking the version of Ansible
Fix fail_json
* Apply suggestions from code review
Co-Authored-By: Felix Fontein <felix@fontein.de>
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add copy of ipaddress.py from ansible.netcommon, use that one in non-network modules.
* Copy required functions from ansible.netcommon. Simpler than using compat.ipaddress to do this.