Fix composites comparison for role in is_struct_included keycloak.py … (#6688)
* Fix composites comparison for role in is_struct_included keycloak.py function
* Add changelog fragment and unit tests
* Update changelogs/fragments/6688-is-struct-included-bug-in-keycloak-py.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 032996e005)
Co-authored-by: Philippe Gauthier <philippe.gauthier@inspq.qc.ca>
CI: restrict to python-nomad < 2.0.0 for Python < 3.7 (#6578)
Restrict to python-nomad < 2.0.0 for Python < 3.7.
(cherry picked from commit ab046755bb)
Co-authored-by: Felix Fontein <felix@fontein.de>
Switch to Ansible Galaxy compatible requirements files for tests (#6549)
Switch to Ansible Galaxy compatible requirements files for tests.
(cherry picked from commit d643bd5794)
Co-authored-by: Felix Fontein <felix@fontein.de>
CI: include has finally been removed in ansible-core devel (#6535)
include: → include_tasks:.
(cherry picked from commit ddca52ee15)
Co-authored-by: Felix Fontein <felix@fontein.de>
CI: Add FreeBSD 13.2 (#6478)
* Add FreeBSD 13.2.
* Skip FreeBSD 13.2 for iso_extract tests.
* Fix autoremove test: m4 is no longer a dependency, or it was already installed beforehand.
* Also disable the jail tests for FreeBSD 13.2.
(cherry picked from commit c740f89df3)
Co-authored-by: Felix Fontein <felix@fontein.de>
Fixes#5143: xfs_quota fails to initialize new project quotas (#6387)
This fix ensures that in case of a project quota, the corresponding project gets initialized, if required.
Signed-off-by: Christoph Fiehe <c.fiehe@eurodata.de>
Co-authored-by: Christoph Fiehe <c.fiehe@eurodata.de>
(cherry picked from commit 9c11230824)
Co-authored-by: cfiehe <cfiehe@users.noreply.github.com>
Make sure that plugins/module_utils/deps.py is cleaned up before every test (#6459)
Make sure that plugins/module_utils/deps.py is cleaned up before every test.
ci_complete
(cherry picked from commit 24efe6b9db)
Co-authored-by: Felix Fontein <felix@fontein.de>
dnsimple_info: remove extraneous importorskip from test (#6439)
* dnsimple_info: remove extraneous importorskip from test
* remove yet another extraneous importorskip from test
(cherry picked from commit 6e913a3b28)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Restrict jail tests for sysrc to certain FreeBSD versions (#6414)
Restrict jail tests for sysrc to certain FreeBSD versions.
(cherry picked from commit 69d7f19c74)
Co-authored-by: Felix Fontein <felix@fontein.de>
Add keycloak_authz_authorization scope module (#6256)
* Add keycloak_authz_authorization scope module
This module allows managing Keycloak client authorization scopes. The client has
to have authorization enable for this to work.
* botmeta: make mattock maintainer of keycloak_authz_authorization_scope
* botmeta: add mattock to team_keycloak
* keycloak_authz_authorization_scope: documentation and code layout fixes
* keycloak_authz_authorization_scope: do not fail on names with whitespace
* keycloak_authz_authorization_scope: use url quote method
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_authz_authorization_scope: style fixes to documentation
* keycloak_authz_authorization_scope: do not claim check/diff mode support
* keycloak_authz_authorization_scope: fix documentation
* keycloak_authz_authorization_scope: support check_mode and diff_mode
* keycloak_authz_authorization_scope: use more common terminology
Most keycloak modules use before_<object_type> and desired_<object_type> to
designate current and desired states of objects. Do the same for authorization
scopes.
* keycloak_authz_authorization_scope: fixes to check_mode and docs
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit bc228d82be)
Co-authored-by: Samuli Seppänen <samuli.seppanen@gmail.com>
Add a module to set the keycloak client scope type (#6322)
The module keycloak_clientscope_type allows to set the client scope
types (optional/default) either on realm or client level.
(cherry picked from commit 1f2c7b1731)
Co-authored-by: Simon Pahl <simpahl@gmail.com>
pipx: fix state=latest w/ install_deps=true (#6303)
* pipx and pipx_info: Document that modules require pipx 0.16.2.1 or above
Since their introduction, these modules rely on 'pipx list --json' to
return machine-readable output about installed pipx applications. That
functionality was introduced in 0.16.2, along with a critical bug fix
(invalid json) in 0.16.2.1.
* pipx: fix state=latest with install_deps=true
"pipx upgrade" stopped supporting the "--include-deps" option
("install_deps" in the ansible module) in pipx 0.15
(https://pypa.github.io/pipx/changelog/#01500).
The lack of support causes the pipx module to fail if attempting to use
state=latest with install_deps, since the parameter is passed to both
pipx install (fine) and pipx upgrade (fails).
* Add changelog fragment
(cherry picked from commit 996fc8c18e)
Co-authored-by: Paul Aurich <paul@darkrain42.org>
New modules btrfs_subvolume / btrfs_info (#5832)
* Initial implementation for new modules btrfs_subvolume and btrfs_info
* Improve/flesh out documentation. Add ability to target filesystem by uuid, label or device. Update tests to test targeting filesystem by each supported parameter and when only mountpoint.
* Updates for btrfs modules. Add missing copyright notices. Switch options to contains in return documentation. Update btrfs_subvolume to always use closest parent mount.
* Add maintainers for btrfs module(s) and remove unused class member cause lint failure.
* Add changelog fragment. Attempt to only run against the VMs as part of CI.
* Updates per code review. Remove changelog fragment. Switch use of map to list comprehension. Add trailing comma to last item in multi-line dicts. Clean up documentation with complete senstences for descriptions and correct/consistent use of macros.
* Improved error handling in btrfs_subvolume module: add custom exception type, favor exceptions over immediate call to fail_json and add single top level return for failure scenarios. Normalize name and snapshot_source parameters early in module execution and remove unecessary duplicate normalization throughout processing.
* Add azp/posix/3 to aliases per feedback
* Clean up automatic mounting. Prevent automount when check_mode=True. Immediately fail if a mount is identified as required and automount=True. Identify the minimal subset of subvolumes that need to be mounted instead of just finding a single common root.
* Skip btrfs_subvolume integration tests if btrfs-progs isn't successfully installed.
* Bump version_added for btrfs modules to 6.6.0. Ensure consistent trailing punctuation for module descriptions and document check_mode behavior as attribute description rather than a module level note.
* Remove unused imports from btrfs_subvolume module.
* Fix import.
* Docs improvements.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit ae5090d90e)
Co-authored-by: Gregory Furlong <50386272+gnfzdz@users.noreply.github.com>
Do extra docs validation; explicitly disallow semantic markup in docs (#6345)
* Do extra docs validation. Explicitly disallow semantic markup in docs.
* Forgot to add new requirement.
* Fix prefixes.
* Remove superfluous condition.
* TEMP - make CI fail.
* Revert "TEMP - make CI fail."
This reverts commit 14f4d6b503.
* Remove unnecessary import.
* Make sure ANSIBLE_COLLECTIONS_PATH is set.
* Make sure sanity tests from older Ansible versions don't complain.
(cherry picked from commit ee11847c7e)
Co-authored-by: Felix Fontein <felix@fontein.de>
one_vm: fix syntax error when creating VMs with a more complex template (#6294)
* one_vm: fix syntax error when creating VMs with a more complex template
with more complex templates that make use of quoted strings the new
"render" method fails to produce a template that is accepted by
OpenNebula. ==> escape double quotes in strings to make OpenNebula
happy again.
I also tested whether newlines need to be escaped, looks like they are
fine as they are.
Fixes#6225
* module_utils/opennebula: skip empty values in render
(cherry picked from commit cb3ca05bd1)
Co-authored-by: Georg Gadinger <nilsding@nilsding.org>
nmcli: Add macvlan connection type support (#6312)
* add nmcli macvlan type
* changelog
* improve docs
* macvlan params
* fix linter and improve module params
* improve_docs
* raise error if type macvlan and macvlan options not set
(cherry picked from commit 29a7d24d75)
Co-authored-by: Sergey Putko <mail@psvlan.com>
snap: add tests for multiple commands (#5488)
* snap: add tests for multiple commands
* snap: add tests + become
* remove packages again for idempotency
* roll back become=true in tests
(cherry picked from commit d7340945a4)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
pkgng: skip jail tests also on FreeBSD 12.3 (#6313)
Skip jail tests also on FreeBSD 12.3.
(cherry picked from commit aa77a88f4b)
Co-authored-by: Felix Fontein <felix@fontein.de>
pipx: Add support for system_site_packages (#6308)
* pipx: Add support for system_site_packages
* Add changelog fragment
(cherry picked from commit f93a1bf5ec)
Co-authored-by: Paul Aurich <paul@darkrain42.org>
pids tests: 'some-' is not that a unique pattern. (#6304)
* 'some-' is not that a unique pattern.
* Add debugging help.
* Avoid passing the name as a parameter to obtainpid.sh.
(cherry picked from commit 08f14f3eb0)
Co-authored-by: Felix Fontein <felix@fontein.de>
Add module to manipulate KDE config files using kwriteconfig (#6182)
* Add module to manipulate KDE config files using kwriteconfig
* Fix license issues
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add smeso as kdeconfig.py maintainer
* Fix attributes fragment name
* Fix test
* Do not use shutil.chown
It isn't available on old Python versions
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 997761878c)
Co-authored-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
nmcli: add runner_fast_rate option (#6148)
* add runner_fast_rate option
* unset default value for runner_fast_rate parameter
* add some commas
* Remove default in copy of argspec.
Co-authored-by: Sam Potekhin <eax24@ya.ru>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Sam Potekhin <eax24@ya.ru>
(cherry picked from commit d4f272ba52)
Co-authored-by: Alex Groshev <38885591+haddystuff@users.noreply.github.com>
pipx: Allow injected modules to add apps (#6198)
* pipx: Allow injected modules to add apps
Add support for pipx inject's "--include-apps" parameter.
* add changelog fragment
* fix pipx test ("install_apps", not "include_apps")
* fix pipx test -- add a second invocation for install_apps
* Update changelogs/fragments/6198-pipx-inject-install-apps.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/pipx.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 6fa833feed)
Co-authored-by: Paul Aurich <paul@darkrain42.org>
Add Gitlab group runners support (#3935)
(cherry picked from commit f3be0076af)
Co-authored-by: Léo GATELLIER <26511053+lgatellier@users.noreply.github.com>
redhat_subscription: require credentials only when needed (#5664)
The module currently has a static 'required_if' statement for its
parameters that forces any of 'username' or 'activationkey' or 'token'
in case state=present; while this is generally a good idea, it can be
an extra requirements in some cases. In particular, if the system is
already registered, there is no need for credentials -- some of the
operations of the module, such as manipulating pools, can be done
perfectly without credentials.
Hence:
- change the static 'required_if' to require credentials only when
forcing the registration
- check for credentials manually when a registration is needed, i.e.
on an unregistered system; the fail message is the same as the one
shown by 'required_if'
Adapt the tests to this new situation:
- test_without_required_parameters now needs to mock an unregistered
system
- add a new version of test_without_required_parameters to test an
already registered system
- add a simple test case for only state=present usable on an already
registered system
- remove the credentials from a test case for pool attachment that
mocks an already registered system
(cherry picked from commit bbd68e26a2)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
rhsm modules: cleanly fail when not run as root (#6211)
subscription-manager on RHEL installs a symlink in /usr/bin to
console-helper (part of usermode), which triggers an interactive prompt
for root credentials when run as user. It seems that console-helper
does not handle well non-interactive contexts (e.g. without a TTY for
input), and thus it will hang waiting for input when run as user in an
Ansible task.
Since subscription-manager requires root already anyway (and it will
fail when explicitly run as user), then apply the same logic locally on
all the modules that interact with it: redhat_subscription,
rhsm_release, and rhsm_repository.
(cherry picked from commit 9f67cbbe36)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
redhat_subscription: use D-Bus for registration if possible (#6122)
subscription-manager currently does not have a way to get credentials
(username, password, activation keys, organization ID) in a secure way:
the existing command line parameters can be easily spotted when running
a process listing while 'subscription-manager register' runs.
There is a D-Bus service, which is used by e.g. cockpit and Anaconda to
interface with RHSM (at least for registration and common queries).
Try to perform the registration using D-Bus, in a way very similar to
the work done in convert2rhel [1] (with my help):
- try to do a simple signal test to check whether the system bus works;
inspired by the login in the dconf module
- pass most of the options as registration options; for the few that are
not part of the registration, execute 'subscription-manager' manually
- add quirks for differently working (or not) registration options for
the D-Bus Register*() methods depending on the version of RHEL
- 'subscription-manager register' is used only in case the signal test
is not working; silent fallback in case of D-Bus errors during the
registration is not done on purpose to avoid silent fallback to a less
secure registration
[1] https://github.com/oamg/convert2rhel/pull/540/
(cherry picked from commit e939cd07ef)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
Mark monit integration tests as unstable (#6175)
Mark monit integration tests as unstable.
(cherry picked from commit 1ddcdc63ff)
Co-authored-by: Felix Fontein <felix@fontein.de>