Add new project features to API (#5986)
* Add new project features to API
* add changelog fragment
* remove extra line from changelog
* Update changelog formatting
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 617be6e124)
Co-authored-by: Hemant Zope <42613258+zhemant@users.noreply.github.com>
sefcontext: add support for path substitutions (#5830)
* sefcontext: add path substitution support (#1193)
First commit for feedback, missing docs and tests.
* sefcontext: add documentation
* Add changelog fragment
* Documentation formatting
* Delete extra newline
* pep8 fixes
Fix indentation
* Add version_added to arg docs
* Add examples
* Don't delete non-matching path substitutions
* Add integration tests
* Delete only substitutions if such arg passed
Don't delete existing regular file context mappings if deletion of
a path substitution was requested with the presence of the
`equal` arg - delete only path substitutions in such case.
Path substitutions and regular mappings may overlap.
* Can only add args in minor releases
:(
* Cleanup before tests
* Fix deletion using substitution
Was comparing wrong var.
* Fix test checking wrong var
* Improve args documentation and examples
List the default values for selevel, seuser.
Add example for deleting path substitutions only.
* Add attributes documentation block
Not sure if should add become/delegate/async,
shouldn't those work just like that without any
specific code added for them?
* and fix indentation on attribute block
* Consistent indentation for attributes
Confusing, most plugins indent with 4 spaces.
But some use 2 like the rest of the code, so use 2.
* Add missing ref for attribute block
* Use correct c.g version in doc block
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add full stop to changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Streamline documentation
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Support limiting deletion to setype
Deleting file context mappings may be limited by
passing setype or equal, if neither arg is passed
then delete either setype/equal mappings that match.
* Change arg name, diff mode output fix
Change arg name from equal to substitute.
Print target = subsitute in diff mode same way as
semanage does.
Also put back platform attribute, try to improve
clumsy language in the substitute arg docs.
* Delete even if arg setype not match existing
Test 5 indicates that deletion is supposed to not check that
the arg setype passed when deleting matches the setype
of the mapping to delete.
Delete any mapping that matches target, regardless of
setype arg value.
* Update arg name in tests
* Too eager replacing
Accidentally replaced seobject function names so fix them back
* 4564: Fix invalid setype in doc example
Change from httpd_git_rw_content_t which
does not exist to httpd_sys_rw_content_t
Fixes#4564
* Fix documentation attributes
Additional fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update version_added in docs
Bumping minor to 6.4.0 since it didn't make 6.3.0.
* Add more description to the new arg docs
Try to improve discoverability of the new feature and make it easier to understand without deep SELinux understanding.
* Update platform to Linux in documentation
* Add equal as alias for the new argument
Improve discoverability of the new feature by adding an alias to the new module argument. The argument name "equal" will be easy to find for users who are not familiar with SELinux and who just try to match to the CLI tool `semanage`.
* And add alias argument properly
Previous commit missed actually adding the alias (added to docs only).
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
(cherry picked from commit c8a2ac3a47)
Co-authored-by: bluikko <14869000+bluikko@users.noreply.github.com>
cloudflare_dns: Fix setting SRV records with a root level entry (#5972)
* cloudflare_dns: Fix setting SRV records with a root level entry
* cloudflare_dns: Remove the part which deletes the zone from the SRV record name
The cloudflare API accepts the record name + zone name to be sent. Removing that, will guarantee the module to be idempotent even though that line was added ~7 years ago for that specific reason: 7477fe5141
It seems the most logical explanition is that Cloudflare changed their API response somewhere over the last 7 years.
* cloudflare_dns: Update the changelog fragment
(cherry picked from commit 094dc6b69c)
Co-authored-by: Roy Lenferink <lenferinkroy@gmail.com>
stop passing loader/dataloader since it has been deprecated by ansible (#6074)
* stop passing loader/dataloader since it has been deprecated by ansible
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* add changelog fragment
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* explicitly pass None to keep compatibility to older Ansible versions
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* use try/except to keep things compatible
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
* Update plugins/lookup/cartesian.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/flattened.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/flattened.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/cartesian.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/6074-loader_in_listify.yml.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit b64929118e)
Co-authored-by: schurzi <github@drachen-server.de>
keycloak_group: support keycloak subgroups (#5814)
* feat(module/keycloak_group): add support for ...
... handling subgroups
* added changelog fragment and fixing sanity ...
... test issues
* more sanity fixes
* fix missing version and review issues
* added missing licence header
* fix docu
* fix line beeing too long
* replaced suboptimal string type prefixing ...
... with better subdict based approach
* fix sanity issues
* more sanity fixing
* fixed more review issues
* fix argument list too long
* why is it failing? something wrong with the docu?
* is it this line then?
* undid group attribute removing, it does not ...
... belong into this PR
* fix version_added for parents parameter
---------
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
(cherry picked from commit 7d3e6d1bb7)
Co-authored-by: morco <thegreatwiper@web.de>
github_webhook: Don't include secret in the config if it's absent (#5994)
* github_webhook: Don't include secret in the config if it's absent
* Add changelogs
* Fix indentation
* Apply suggestion to simplify the check
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: dima1206 <32818228+dima1206@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 1877ef1510)
Co-authored-by: dima1206 <32818228+dima1206@users.noreply.github.com>
zfs_delegate_admin: fix: zfs allow cannot parse unknown uid/gid (#5943)
When setting allow permissions for particular users or groups
there will be circumstances when that user is not known to the
host system.
In that case the output of `zfs allow <pool/dataset>`
looks similar to this:
$ sudo zfs allow tank/test
---- Permissions on tank/test ---------------------------------------
Local+Descendent permissions:
user (unknown: 1002) hold
user zfsuser receive
The fix in this commit removes ' (unknown: '+')' from the output
leaving only the uid/gid.
This allows the current parser to continue even if the uid/gid
is not known.
This situation occurs most often when moving a zpool from one system
to another that may not have the same users/groups. Simply adding
permissions to a user/group and then deleting the user/group
from the system will cause this situation to occur.
(cherry picked from commit 53f729730b)
Co-authored-by: Phil Kauffman <philip@kauffman.me>
nmcli: Treat order as significant when comparing address lists (#6048)
* nmcli: Treat order as significant when comparing address lists
Don't sort the old and new values for ipv4.addresses and
ipv6.addresses before comparing them, because order matters in these
parameters: the first address specified is the default source address
for outbound connections.
* Changelog fragment for #6048
* Update changelogs/fragments/6048-nmcli-addres-order.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 682c6fc967)
Co-authored-by: Jonathan Kamens <jik@kamens.us>
community.general.osx_defaults: Include stderr in error messages (#6011)
* Update osx_defaults documentation examples
* Include stderr in errors from osx_defaults
* Add Changelog Fragment
* Update changelogs/fragments/6011-osx-defaults-errors.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Change format of examples
* Update plugins/modules/osx_defaults.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 92544993c0)
Co-authored-by: Joseph Shanak <josephshanak@protonmail.com>
Added support for openSUSE MicroOS (#5998)
* fix(zypper): Added condition to check for transactional-update binary to support microos
closes#5615
* style(changelog): Made zypper-change uppercase
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(zypper): Removed check for /var/lib/misc/transactional-update.state
* feat(zypper): Aligned transactional-update checks with zypper's
* refactor(zypper): Removed dependency to psutil and made use of parsing /proc/mount
* refactor(zypper): Removed need for regex, plus small refactoring
---------
Co-authored-by: André Dörscheln <ad@itesign.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 2c762c4753)
Co-authored-by: andre161292 <andre161292@users.noreply.github.com>
providerType should be defaulted for keycloak_user_federation mappers (#5863)
* feat(modules/keycloak_user_federation): mapper ...
... provider type should have a default value
* add changelog fragment
---------
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
(cherry picked from commit 95b8afdea3)
Co-authored-by: morco <thegreatwiper@web.de>
nmcli: two fixes needed to make wifi.wake-on-wlan settings work properly (#5431)
* nmcli: Convert current value of wifi.wake-on-wlan before comparing
The new value of wifi.wake-on-wlan is specified as an integer, but in
the nmcli output it's specified as a hex string followed by a textual
description of it. Therefore, to determine properly whether it's being
changed we need to pull the hex string out of the current value,
convert it into an integer, and finally convert the integer back to a
string so that we can compare it to the new specified value. Without
this change, whenever wifi.wake-on-wlan is specified in the module
arguments the module will think the value is being changed even when
it isn't.
* nmcli: Handle wifi options correctly when connection type not specified
When an nmcli task does not specify the connection type and the module
ask nmcli for it, the module needs to convert nmcli's
`802-11-wireless` to `wifi`, the term for this connection type used by
the module.
* nmcli: Correctly detect values changed to the integer 0
If the user specifies a value of 0 (without quotes) in a task, we
should interpret that as an actual value, not empty, when comparing
the new value to the old one. Otherwise we incorrectly conclude that
there was no change.
* Changelog fragment for #5431
(cherry picked from commit 490899f87f)
Co-authored-by: Jonathan Kamens <jik@kamens.us>
JC: Add plugin parser functionality to JC Filter Plugin (#6043)
* Add plugin parser functionality to JC Filter Plugin
The parse function was added in jc v1.18.0 which allows plugin parsers to be used. This change will try the new API if available, else fallback to the old API so there is no change in behavior.
* remove whitespace from blank line
* Add changelog fragment for JC plugin parser support
* add .yml extension to file name
* Formatting
* add period at end
(cherry picked from commit c168f9c3be)
Co-authored-by: Kelly Brazil <kellyjonbrazil@gmail.com>
Set User-Agent for API requests to DNSimple (#5927)
* Set the user-agent for API requests to DNSimple
* Update user agent format
* Add changelog fragment
* Update changelogs/fragments/5927-set-user-agent-dnsimple.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 33df7b61c0)
Co-authored-by: Ivan Bakalov <ibbakalov@gmail.com>
yarn: Fix state=latest not working with global=true (#5829)
* Yarn module: fix state=latest not working with global=true
* fix whitespace
* add changelog fragment
* add integration test cases
* add only tests for this PR (install+upgrade)
* fix assuming default global dir
* fix list() not working when global=true and name a package with no binary
* remove ignores
* whitespace
* Update changelogs/fragments/5829-fix-yarn-global.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/5829-fix-yarn-global.yml
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
(cherry picked from commit 4c4ef80ca9)
Co-authored-by: Sargun Vohra <sargun.vohra@gmail.com>
Suppress urllib3 InsecureRequestWarnings when `validate_certs` option is false (#5931)
* Suppress urllib3 InsecureRequestWarnings when validate_certs option is false
Suppress urllib3 InsecureRequestWarnings when `validate_certs` option is false.
It's clear that the user would know the possible risk when he or she chose to turn off the option, so the warning message could be ignored and make the output clean.
* Create 5915-suppress-urllib3-insecure-request-warnings.yml
* Update changelogs/fragments/5915-suppress-urllib3-insecure-request-warnings.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove extra whitespaces
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit f0fd6aa97d)
Co-authored-by: Boik <qazbnm456@gmail.com>
Redfish: Removed basic auth header when performing a GET on the service root and POST to the session collection (#5903)
* Redfish: Removed basic auth header when performing a GET on the service root and POST to the session collection
* Update changelogs/fragments/5886-redfish-correct-basic-auth-usage-on-session-creation.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit ea5cbe2553)
Co-authored-by: Mike Raineri <mraineri@gmail.com>
Fixes#5907: gitlab_runner is not idempotent on first run after runner creation (#5908)
This fix introduces the new boolean option 'access_level_on_creation'. It controls, whether the value of 'access_level' is used for runner registration or not. The option 'access_level' has been ignored on registration so far and was only used on updates. The user is informed by a deprecation warning, if the option is unspecified. For reasons of compatibility 'false' is assumed in that case. The option 'access_level_on_creation' will switch to 'true' for the next major release (community.general 7.0.0)
Signed-off-by: Christoph Fiehe <c.fiehe@eurodata.de>
Co-authored-by: Christoph Fiehe <c.fiehe@eurodata.de>
(cherry picked from commit 31ff3f662d)
Co-authored-by: cfiehe <cfiehe@users.noreply.github.com>
dig lookup: support CAA record type (#5913)
* Support CAA record type.
* Update return docs.
(cherry picked from commit 451c90251a)
Co-authored-by: Felix Fontein <felix@fontein.de>
OpenNebula/one_vm implement the one.vm.updateconf API call (#5812)
* opennebula: Add template manipulation helpers
* one_vm: Use 'updateconf' API call to modify running VMs
* one_vm: Emulate 'updateconf' API call for newly created VMs
* opennebula/one_vm: Satisfy linter checks
* opennebula/one_vm: Apply suggestions from code review
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* opennebula/one_vm: Drop 'extend' function, use 'dict_merge' instead
* Add changelog fragment
* one_vm: Refactor 'parse_updateconf' function
* opennebula/one_vm: Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* one_vm: Allow for using updateconf in all scenarios
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 8818a6f242)
Co-authored-by: Michal Opala <mopala@opennebula.io>
Add support to Bitwarden Lookup for filtering results by collection (#5849) (#5851)
* Add support to Bitwarden Lookup for filtering results by collection id (#5849)
* Debug
* Add support to Bitwarden Lookup for filtering results by collection id (#5849)
* Update comments
* Fix blank line issue
* Fix unit tests for bitwarden lookup plugin. Add changelog fragment file.
* Change collectionId to collection_id parameter on bitwarden plugin
* Fix collection id parameter name when used in bw cli
(cherry picked from commit 7b8b73f17f)
Co-authored-by: Piotr <skc.peter@gmail.com>
Gem: Support force flag when uninstalling (#5822)
* Gem: Support force flag when uninstalling
* Improve docs' syntax
* Add changelog fragment
(cherry picked from commit fe520a6b09)
Co-authored-by: Juan Vela <juan.vela.bcn@gmail.com>
Bugfix: proxmox_disk - read time out on import (#5803)
* Use async calls and fix docs
* Add changelog fragment
(cherry picked from commit f38bfaddf0)
Co-authored-by: castorsky <csky57@gmail.com>
Clarify Error message when bitwarden vault not unlocked (#5811)
* Clarify Error message when vault not unlocked
You can be logged into the Bitwarden-CLI, but it can still be locked. This took me several hours to debug, since every time I ran 'bw login' it told me, that I am already logged in.
If you run 'bw unlock' without being logged in, you are prompted to log in.
This clarifies the Error occurring and can drastically reduce debugging time, since you don't have to look into the source code to get an understanding of whats wrong.
* RM: negation
Nobody needs negation
* Update function name
* FIX: tests
* ADD: changelog
* Update changelogs/fragments/5811-clarify-bitwarden-error.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit bf117c839c)
Co-authored-by: Christoph <29735603+Chr1s70ph@users.noreply.github.com>
bugfixing keycloak user federation failing when updating default mapper simultaneously (#5750)
* fix(modules/keycloak_user_federation): fixes ...
... user federation creation failing when also updating/changing default
mappers at the same time
* add changelog fragment for pr
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
(cherry picked from commit 6781dd1918)
Co-authored-by: morco <thegreatwiper@web.de>
Bugfix/keycloak userfed idempotency (#5732)
* fix(modules/keycloak_user_federation): fixes ...
... federation read call not finding already existing federations
properly because of bad parametrisation
* fix(modules/keycloak_user_federation): added ...
... new integration test for module idempotency bugfix
* added changelog fragment for pr
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
(cherry picked from commit 0ca41dedce)
Co-authored-by: morco <thegreatwiper@web.de>
nsupdate: fix zone lookup (#5818)
The SOA record for an existing zone is returned as an answer RR and not
as an authority RR. It can be returned as an authority RR for subdomains
of a zone.
$ dig -t SOA example.com
;; ANSWER SECTION:
example.com. 3530 IN SOA ns.icann.org. noc.dns.icann.org. 2022091184 7200 3600 1209600 3600
$ dig -t SOA www.example.com
;; AUTHORITY SECTION:
example.com. 3600 IN SOA ns.icann.org. noc.dns.icann.org. 2022091184 7200 3600 1209600 3600
(cherry picked from commit 5ad703ac64)
Co-authored-by: n0p90 <36303164+n0p90@users.noreply.github.com>
xml children module parameter does not exist (#5808)
* Add changelog
* Add integration tests
* Rename children to set_children
* Add PR information
* Update changelogs/fragments/5808-xml-children-parameter-does-not-exist.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 6ec049734e)
Co-authored-by: Cédric Servais <cedric.servais@outlook.com>
Fixes#5691. Support gitlab forking_access_level, builds_access_level and container_registry_access_level fields (#5706)
* Fixes#5691. Support gitlab forking_access_level, builds_access_level and container_registry_access_level fields
* Add changelog fragment
* Fix revision issues
(cherry picked from commit 58eb495797)
Co-authored-by: Juan Antonio Valiño García <juanval@edu.xunta.es>
snap_alias: using CmdRunner (#5486)
* snap_alias: using CmdRunner
* add changelog fragment
* fix changelog fragment
* invert order of initialization in __init_module__()
* comment extra changed=True from code
* add extra info when verbose
* add extra info when verbose - fix blank line
* handle check_mode the old way
* fix logical test
* fix error when using multiple aliases
* fix error when using multiple aliases, part 2
* revert to using check_mode_skip=True again
(cherry picked from commit 4caa6574de)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
alternatives: make work with Fedora 37 (#5794)
* alternatives in Fedora 37 uses follower instead of slave.
* Add changelog fragment.
(cherry picked from commit 3b73e7ed2a)
Co-authored-by: Felix Fontein <felix@fontein.de>
Add Support to Bitwarden Lookup for Custom Fields (#5694)
* Add Support to Bitwarden Lookup for Custom Fields
This adds support to the Bitwarden lookup for retrieving values from
custom fields, such as api keys.
* Need to Return Whole Record if Field is Not Defined
* whitespace
* Add Changelog Fragment
* Need to Make Sure All Login Fields are Represented
We need to make sure that all login fields are accounted for, since
there will be no other way to retrieve them with this change, and we
don't want to break backwards compatibility. Looking at this code from
the official client,
https://github.com/bitwarden/clients/blob/master/libs/common/spec/models/domain/login.spec.ts,
autofillOnPageLoad might be another login field.
* Update changelogs/fragments/5694-add-custom-fields-to-bitwarden.yml
Clarify changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/bitwarden.py
Fix logic. Should only error if matches were found, but are missing the custom field.
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit e3f02cb161)
Co-authored-by: reverendj1 <reverendj1@users.noreply.github.com>
Fix gem.py, hang on uninstall specific gem version (#5751)
* Update gem.py
move 'cmd.append('--executable')' to all uninstalls rather than only all versions
* Create 5751-gem-fix-uninstall-hang
* Rename 5751-gem-fix-uninstall-hang to 5751-gem-fix-uninstall-hang.yml
(cherry picked from commit 2670215c8a)
Co-authored-by: rietvelde <99407273+rietvelde@users.noreply.github.com>
redhat_subscription: Add support for Red Hat API token (#5725)
Add support for Red Hat API token
fix mixed up
fix version
(cherry picked from commit 4dc897d559)
Co-authored-by: Eric C Chong <ecchong@gmail.com>
opkg module: allow installing a package in a certain version (#5688)
* opkg: allow installing a package in a certain version
example:
- name: Install foo in version 1.2
community.general.opkg:
name: foo=1.2
state: present
Signed-off-by: Joerg Hofrichter <joerg.hofrichter@ni.com>
* opkg: use list for passing arguments to run_command
Signed-off-by: Joerg Hofrichter <joerg.hofrichter@ni.com>
Signed-off-by: Joerg Hofrichter <joerg.hofrichter@ni.com>
(cherry picked from commit b3485b8fca)
Co-authored-by: joergho <48011876+joergho@users.noreply.github.com>
manageiq_policies: deprecate list state (#5721)
* manageiq_policies: deprecate list state
* add changelog fragment
(cherry picked from commit 28969c61ad)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
ansible_galaxy_install: use locale C tentatively, else en_US (#5680)
* ansible_galaxy_install: use locale C tentatively, else en_US
* use custom exception to signal unsupported locale
* add step to remove artefacts at the end of the test
* add step to remove artefacts at the beginning of the test
* comment out context controller
* trying with temporary dir as destination
* remove collection before test with reqs file
* ensure collections are installed in temp dir in tests + check_force
* simplified the change
* added extra condition for failing locale
* improved exception handling
* add changelog fragment
(cherry picked from commit 488e828f9b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Add support for host restriction in sudoers module (#5703)
* Add support to restrict privileges by host
* Missing comma
* Making linter happy.
* Add version 6.2.0 as when sudoers host parameter added
Co-authored-by: Felix Fontein <felix@fontein.de>
* Changelog fragment for PR #5703
* Test for sudoers host-based restriction
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 77fde030cd)
Co-authored-by: Laurence <laurence+github@entek.org.uk>
opkg: fix issue that force=reinstall would not reinstall an existing package (#5705)
* opkg: fix issue that force=reinstall would not reinstall an existing package
Signed-off-by: Joerg Hofrichter <joerg.hofrichter@ni.com>
* changelog fragment
Signed-off-by: Joerg Hofrichter <joerg.hofrichter@ni.com>
(cherry picked from commit 2b39470a77)
Co-authored-by: joergho <48011876+joergho@users.noreply.github.com>
lxc_container: fix lxc argument when executing lxc command (#5659)
lxc_container fails when executing the lxc command (e.g. when creating
a new container) because PR#5358 broke the module argument
parsing. The resulting argument dict contained only the module argument name
and the argument flag but not the value. E.g.
```
- lxc_container:
template: debian
```
would result in lxc command arguments `lxc template --template` instead of
`lxc --template debian`.
Fixes: 6f88426cf1 ("lxc_container: minor refactor (#5358)")
Fixes#5578
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit af53271c41)
Co-authored-by: Alexander Couzens <lynxis@fe80.eu>
puppet: refactored to use CmdRunner (#5612)
* puppet: refactored to use CmdRunner
* add changelog fragment
* add more tests
(cherry picked from commit f95e0d775d)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
respect new variable property in gitlab_group_variable and gitlab_project_variable (#5667)
* draft
* add changelog fragment
* rework
* rework group variables
* add new line at end of file
* Update plugins/module_utils/gitlab.py
Co-authored-by: Nejc Habjan <hab.nejc@gmail.com>
* rename
* revert
* return a copy
* Update plugins/modules/gitlab_project_variable.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Nejc Habjan <hab.nejc@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit c3bc172bf6)
Co-authored-by: Markus Bergholz <git@osuv.de>
redhat_subscription: add `server_proxy_scheme` parameter (#5662)
Add the `server_proxy_scheme` parameter to configure the scheme used for
the proxy server. This completes the configuration parameters for the
proxy server.
(cherry picked from commit 471f523f53)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
Fix keycloak_client_rolemapping role removal and diff (#5619)
* Keycloak: Fix client rolemapping removal
Keycloak's delete_group_rolemapping API wrapper didn't pass data about
the roles to remove to keycloak, resulting in removal of all roles.
Follow the intended behaviour and delete only the roles listed in the
module invocation.
Signed-off-by: Florian Achleitner <flo@fopen.at>
* Keycloak: Fix client_rolemapping diff
The module's diff output wrongly showed the changed roles list as
'after' state. This is obviously wrong for role removal and also
wrong for role addition, if there are other roles assigned.
Use the result of the API query for 'end_state' for 'diff' as well.
Signed-off-by: Florian Achleitner <flo@fopen.at>
* Keycloak: Calculate client_rolemapping proposed state properly
Signed-off-by: Florian Achleitner <flo@fopen.at>
* Add changelog fragment
Signed-off-by: Florian Achleitner <flo@fopen.at>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix for python2 unit test
Signed-off-by: Florian Achleitner <flo@fopen.at>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit f0b3bba030)
Co-authored-by: fachleitner <flo@fopen.at>
feat(ssh_config): host_key_algorithms option (#5605)
* feat(ssh_config): host_key_algorithms option
* chore: add changelog fragment
* chore(ssh_config): add version info to option and update fragment
(cherry picked from commit fb2833d34d)
Co-authored-by: Arek Kalandyk <36413794+koralowiec@users.noreply.github.com>
Updated tags delimiter (#5602)
* Updated tags delimiter
Starting from Proxmox 7.3 tags are delimited by semicolon. For backward compatibility it needs to be splitted by both commas and semicolons.
* Added missing space
* Add changelog fragment.
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 632fc07e65)
Co-authored-by: domelek <40233039+domelek@users.noreply.github.com>
cmd_runner: allow bool format to pass alternate (false) value (#5647)
* allow bool format to pass alternate (false) value
* add changelog fragment
(cherry picked from commit be22ca0633)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Remove automatically adding # symbol to channel names (#5629)
* Add regex to match all channel ids
* Add changelog fragment
* Allow matching of channel ids with 9-11 characters
* Fix file name
* Update changelogs/fragments/5629-add-channel-prefix-regex.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove channel auto prepend #
* Update changelog fragment
* Add prepend_hash option
* Add version_added to prepend_hash doc string
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add description of possible values for the prepend_hash option
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove old channel assign statement
* Update changelogs/fragments/5629-add-prepend-hash-option-for-channel-id.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelog fragment tag
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 03039a56c0)
Co-authored-by: William McBroom <william.mcbroom@draft2digital.com>
* Fix for vmadm get_vm_uuid out of range
* Fix for vmadm get_vm_uuid out of range
* Update changelogs/fragments/5628-fix-vmadm-off-by-one.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit b8545d10e6)
Co-authored-by: Carlos Neira <cneirabustos@gmail.com>
* vdo: Use yaml.safe_load() instead of yaml.load()
yaml.load() without specifying a Loader= is deprecated and unsafe.
For details, see
https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
* Update changelogs/fragments/5632-vdo-Use-yaml-safe-load-instead-of-yaml-load.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Lee Garrett <lgarrett@rocketjump.eu>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 428e181440)
Co-authored-by: Lee Garrett <leegarrett@users.noreply.github.com>
Fixes#3486. From the man-pages of subscription-manager, none of the
parameters used are tied to the activationkey except the two that remain
in its else-clause.
Note that type is not mentioned in the man-pages on 7.6 (at least), but
is still present and available.
Co-authored-by: Thor K. H <thor@roht.no>
(cherry picked from commit f7fa54eed9)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
Stop passing all the "rhsm_", and "server_" module arguments to
"Rhsm.register()", and thus as arguments for
"subscription-manager register":
- right before calling "Rhsm.register()", "Rhsm.configure()" is called
to configure subscription-manager with all the "rhsm_", and "server_"
arguments; hence, they are already configured
- the passed argument to "--serverurl" is partially wrong:
"Rhsm.register()" passes only the hostname, whereas the other bits
(port and prefix) are supported too; this "works" because port and
prefix were already configured previously, and the lax parsing that
subscription-manager does allows for missing bits
- the parsing done by subscription-manager for "--baseurl" strips out
the URL scheme and always uses https: this means that specifying
"rhsm_baseurl: http://server" as module parameter will be taken as
"https://server" by subscription-manager; since "rhsm_baseurl" is
already configured by "Rhsm.configure()", this issue is gone
(cherry picked from commit 101c957631)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
* unixy Callback: Use Ansible's config manager
In ansible-core 2.14 deprecated support was removed[1] for accessing options
of the DefaultCallback via class attributes. Use the "new" config system
instead.
[1]: dbdbfe845aFixes#5600.
Signed-off-by: Fabian P. Schmidt <kerel@mailbox.org>
* Update changelog fragment.
Signed-off-by: Fabian P. Schmidt <kerel@mailbox.org>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 53da86c1a5)
Co-authored-by: Fabian P. Schmidt <kerel@mailbox.org>
* java_certs : Not enough info on error
Just bumped into an issue when the message was "Internal module failure, cannot extract public certificate from pkcs12, error: "
Seems that the issue #2560 doesn't cover all cases. To make debugging easier, I propose to add error output on json return instead of only expose standard output.
* java_certs - add missing fragment message
* Word-smithing.
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 1ca775248f)
Co-authored-by: Naewis <Naewis@users.noreply.github.com>
* Redfish: Expanded SimpleUpdate command to allow for users to monitor the progress of an update and perform follow-up operations
* Update changelogs/fragments/3910-redfish-add-operation-apply-time-to-simple-update.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/redfish_command.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/4276-redfish-command-updates-for-full-simple-update-workflow.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Updated based on feedback and CI results
* Update plugins/modules/redfish_command.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/redfish_command.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/redfish_info.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 5c1c8152ec)
Co-authored-by: Mike Raineri <mraineri@gmail.com>
* gconftool2: refactored to use ModuleHelper + CmdRunner
* add changelog fragment
* removed old code commented out
(cherry picked from commit 6c7e9116e1)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* cmd_runner module utils: fix case for as_fixed() format
* add changelog fragment
* simplified test_cmd_runner
* fix handling empty default for `as_map()`
* add changelog fragment
* MissingArgumentValue is reraised in run()
(cherry picked from commit e87ca10b61)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Fix the logical flaw when deleting a build in the jenkins_build module.
* Fix the logical flaw when deleting a Jenkins build in the jenkins_build module.
* Adding changelogs.
* Update tests/unit/plugins/modules/test_jenkins_build.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Attempt to mock the exception classes.
* Remedy the CI issues when mocking the exception classes.
* Assuming a way to mock the get_build_status function.
* Near to the feasible approach.
* Calls the correct class when unit testing.
* Fix sending wrong arguments when unit testing.
* Directly assign the argument value in the unit testing.
* Fix errors calling different classes.
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 7610501c66)
Co-authored-by: Tong He <68936428+unnecessary-username@users.noreply.github.com>
* Fix for 'NoneType' object has no attribute 'split'
* Added changelog to fix
* Update changelogs/fragments/5489-nonetype-in-get-vm-by-label.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix line ending in changelog
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 621fb6a619)
Co-authored-by: wh1t3 r4bb1t <16529603+d34d5p4rr0w@users.noreply.github.com>
* mksysb: using CmdRunner
* add changelog fragment
* adjust code when check_mode true
* Update plugins/modules/mksysb.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Begin building out separate classes to support different op cli versions
Create separet base classes for each major version.
Define the main interface in the base class.
Create methods for getting the current version and instantiating the
appropriate class based on the found version.
* First pass at mostly working CLI version classes
* Correct mismathched parameters
* Update _run() method to allow updating enviroment
This allows passing in the app secret as an env var, which is more
secure than using a command line arg.
* Continuing to improve the interface
* Tear existing tests down to the studs
These tests were based off of the LastPass unit tests. I’m going to
just start from scratch given the new plugin code is vastly diffenent.
* Fix sanity test
* CLI config file path can be None
* Improve required param checking
- only report missing params
- use proper grammer based on number of missing params
* Change assert_logged_in() method return value
Return a boolean value indicating whether or not account is signed in
* Improve full login for v2
Have to do a bit of a dance to avoid hitting the interactive prompt
if there are no accounts configured.
* Remove unused methods
* Add some tests
* Fix linting errors
* Move fixtures to separate file
* Restructure mock test data and add more tests
* Add boilerplate
* Add test scenario for op v2 and increase coverage
* Fix up copyright statements
* Test v1 and v2 in all cases
* Use a more descriptive variable name
* Use docstrings rather than pass in abstract class
This adds coverage to abstract methods with the least amount of hackery.
* Increase test coverage for CLI classes
* Sort test parameters to avoid collection errors
* Update version tested in docs
* Revere test parameter sorting for now
The parameters need to be sorted to avoid the issue in older Python
versions in CI, but I’m having trouble working out how to do that
currently.
* Allow passing kwargs to the lookup module under test
* Favor label over id for v2 when looking for values
Add tests
* Display a warning for section on op v2 or greater
There is no “value” in section fields. If we wanted to support sections
in v2, we would also have to allow specifying the field name in
order to override “value”.
* Move test cases to their own file
Getting a bit unwieldy having it in the test file
* Move output into JSON files fore easier reuse
* Switch to using get_options()
* Add licenses for fixture files
* Use get_option() since get_options() was added in Ansible Core 2.12
* Rearrange fixtures
* Add changelog
* Move common classes to module_utils
* Move common classes back to lookup
The plugin relies on AnsibleLookupError() quite a bit which is not available
in module code.
Remove use of display for errors since section isn’t actually deprecated.
* Properly handle sections
Still room for improvement, but this is at least a start.
* Remove some comments that won’t be addressed
* Make test gathering more deterministic to avoid failures
* Update changelog fragment
* Simple fix for making tests reliable
* Allow for DN's to have {x} prefix on first RDN
* Update changelogs/fragments/5450-allow-for-xordered-dns.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Assign attrs to throw-away var
* Update plugins/module_utils/ldap.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Escape DN before creating filter
Co-authored-by: Felix Fontein <felix@fontein.de>
* Clearer error logging in passwordstore lookup
* Add changelog fragment for passwordstore errmsgs
Co-authored-by: Sylvia van Os <sylvia@hackerchick.me>
* Redfish: centralize payload checking when performing modification requests to a Redfish service
* CI fixes
* Updates based on unit testing
* CI fix
* Modified vendor-specific logic to establish common pattern for workarounds
* Start using Ansible's config manager to handle options.
* Docs improvements.
* Fix documentation, make options actual lookup options.
* The cyberarkpassword lookup does too strange things.
* The onepassword lookups are converted in #4728, let's not interfere.
* Improve docs.
* Skip shelvefile as well.
* Convert lmdb_kv.
* Convert and fix credstash.
* Convert manifold.
* Drop chef_databag.
* Convert dig.
* Update examples.
* Forgot the most important part.
* Fix lmdb_kv docs.
* Python 2.6 compatibility.
* Convert AnsibleUnicode to str.
* Load lookup with lookup loader.
* Fix environment handling and error message checking.
* Improve docs formatting.
* remove redundant and simplify code
we already have a templar from base class
loop reuses code instead of X copies of it
* whitey
* no need to import templar again
* Add changelog fragment.
Co-authored-by: Felix Fontein <felix@fontein.de>
* remove redundant
templar is already in base class
env var is already consulted in via config resolution
* more whites
* no need to import templar again
* Add changelog fragment.
* Try to update tests.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Bump version to 6.0.0.
* sender option is now required.
* Default of want_proxmox_nodes_ansible_host changed from true to false.
* username is now an alias of user, and no longer of workspace.
* Remove deprecated return values in favor of end_state.
* Remove debug option.
* Change default of ignore_volatile_options from true to false.
* gitlab_group must now always contain the full path.
* Change default of norc from false to ture.
* Remove deprecated property.
* Add PR URL.
* Adjust bitbucket unit tests.
* Adjust module_helper integration test.
* search_s based _is_value_present
* Fix formatted string and ldap import
* Add changelog fragment
* Remove superfluous import ldap
* Improve fragment
* Code format {x} prefix
* Lower-case fixes
* Fix suggestions to changelog
* Break with the past and let bools be bools
* Let ldap_attrs break on invalid DN's
* deprecate venv creation when missing
* add changelog fragment
* fix sanity checks
* Update changelogs/fragments/5404-django-manage-venv-deprecation.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/web_infrastructure/django_manage.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/web_infrastructure/django_manage.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* minor change to help future removal of feature
Co-authored-by: Felix Fontein <felix@fontein.de>