* Mark non-secret leaking module options with no_log=False (#2001)
* Mark non-secret leaking module options with no_log=False.
* Add changelog fragment.
(cherry picked from commit 1ea080762b)
* Add one more.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix: nmcli - Ensure slave-type for bond-slave
Hello 🙂
When using bond-slave type, by default command sent to nmcl is:
['/usr/bin/nmcli', 'con', 'add', 'type', 'bond-slave', 'con-name', 'enp129s0f0', 'connection.interface-name', 'enp129s0f0', 'connection.autoconnect', 'yes', 'connection.master', 'bond0']
Which is not enough, nmcli will complain that connection.slave-type is missing. This small fix solve this issue.
If this change is approved, I will add the changelog fragment.
* Fix: nmcli - Adding changelog fragment for 1882
* Update changelogs/fragments/1882-fix-nmcli-ensure-slave-type-for-bond-slave.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit dec345b818)
Co-authored-by: Ox <oxedions@gmail.com>
* fixed validation-modules for plugins/modules/storage/netapp/na_ontap_gather_facts.py
* fixed validation-modules for plugins/modules/source_control/gitlab/gitlab_runner.py
* fixed validation-modules for plugins/modules/packaging/os/redhat_subscription.py
* fixed validation-modules for plugins/modules/notification/twilio.py
* fixed validation-modules for plugins/modules/notification/slack.py
* fixed validation-modules for plugins/modules/notification/sendgrid.py
* fixed validation-modules for plugins/modules/notification/rocketchat.py
* fixed validation-modules for plugins/modules/notification/office_365_connector_card.py
* fixed validation-modules for plugins/modules/notification/nexmo.py
* fixed validation-modules for plugins/modules/notification/mail.py
* fixed validation-modules for plugins/modules/net_tools/omapi_host.py
* fixed validation-modules for plugins/modules/net_tools/nsupdate.py
* fixed validation-modules for plugins/modules/net_tools/dnsimple.py
* fixed validation-modules for plugins/modules/monitoring/pagerduty.py
* fixed validation-modules for plugins/modules/monitoring/librato_annotation.py
* fixed validation-modules for plugins/modules/identity/onepassword_info.py
* fixed validation-modules for plugins/modules/identity/keycloak/keycloak_client.py
* fixed validation-modules for plugins/modules/files/xml.py
* fixed validation-modules for plugins/modules/cloud/softlayer/sl_vm.py
* fixed validation-modules for plugins/modules/cloud/smartos/vmadm.py
* fixed validation-modules for plugins/modules/cloud/pubnub/pubnub_blocks.py
* fixed validation-modules for plugins/modules/cloud/packet/packet_device.py
* fixed validation-modules for plugins/modules/cloud/lxd/lxd_container.py
* fixed validation-modules for plugins/module_utils/oracle/oci_utils.py
* fixed validation-modules for plugins/doc_fragments/oracle_creatable_resource.py
* Tidy up validate-modules:parameter-list-no-elements for some modules
* fixed validation-modules for plugins/modules/monitoring/statusio_maintenance.py
* Fixed pending issues from CI validation
* Fixed xml module elements for add_children & set_children
* added changelog fragment
* typo
* fix wording in changelog frag
(cherry picked from commit f33323ca89)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Update CI (#1782)
* Update targets for CI for devel branch; move some targets to stable-2.10.
* Skipping test on RHEL 8.3 (it is already skipped on RHEL 8.2).
* Linting.
* Shut 2.9/2.10 pylint complaints up.
* More sanity.
* Bump CI to FreeBSD 11.4, 12.2. (#1657)
* Bump CI to FreeBSD 11.4, 12.2.
* Make FreeBSD Python package selection more future-proof.
(cherry picked from commit c1eb0a232c)
* Add macOS 11.1 tests (#1619)
* Add macOS 11.1 tests.
* Hopefully fix virtualenv.sh problems.
(cherry picked from commit 74174f11ff)
* Skip all postgresql tests on FreeBSD.
* Skip kubevirt inventory tests on macOS.
* Fix a bunch of potential security issues (secret leaking).
* oneandone_server was already ok.
* Add more parameters for pagerduty_alert.
* Add more no_log=True.
(cherry picked from commit 29bd5a9486)
Co-authored-by: Felix Fontein <felix@fontein.de>
* dnsmadeeasy: Fix HTTP 400 errors when creating a TXT record
* When creating a record the module fails on monitor API call
* TXT records are surrounded by quotes in the API response
Fixes: #1237
* dnsmadeeasy: Add changelog fragment
* dnsmadeeasy: Fix pylint error
* Update changelogs/fragments/1654-dnsmadeeasy-http-400-fixes.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/net_tools/dnsmadeeasy.py
The dictionary might be empty
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit ebaa17f59f)
Co-authored-by: Orosz Dávid <idawko@gmail.com>
* lldp - use get_bin_path to locate the lldpctl executable
* This prevents failed executions
FAILED! => {"changed": false, "cmd": "lldpctl -f keyvalue",
"msg": "[Errno 2] No such file or directory", "rc": 2}
on hosts (servers and switches) with lldpd installed and running.
* Update changelogs/fragments/lldp-use-get_bin_path-to-locate-the-lldpctl-executable.yaml
Specify pull request id and minor formatting tweaks
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/lldp-use-get_bin_path-to-locate-the-lldpctl-executable.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 1dd5e71cff)
Co-authored-by: José Pedro Oliveira <jose.p.oliveira.oss@gmail.com>
**SECURITY** - CVE-2021-20178
Hide user sensitive information like `privkey` and `authkey`
while logging in console.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 3560aeb12f)
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* Removed the bridge-slave from list of ip based connections since nmcli does not accept IP options for bridge-slave connections.
* Update changelogs/fragments/1517-bridge-slave-from-list-of-ip-based-connections.yml
Thanks for the tip.
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit fd741ed663)
Co-authored-by: momcilo78 <momcilo@majic.rs>
* Ensured ``changed`` returns ``False``.
- Added small improvement on the ``_load_scope()`` method.
* yamllint caught it
* Rephrased changelog fragment
(cherry picked from commit 1faf8ef08b)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Some adjustments/improvements
- Added doc details for parameters ``description`` and ``objectClass``
- Added type details to argument_spec of parameters ``description`` and ``objectClass``.
- Removed unused import
- Simplified logic of ``LdapEntry._load_attrs()``
- Replaced parameter validation test with ``required_if``.
* Added changelog frag
(cherry picked from commit 5ee5c004b4)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Fixed validate-modules:mutually_exclusive-unknown for plugins/modules/packaging/os/redhat_subscription.py
* fixed validation-modules for plugins/modules/cloud/lxd/lxd_container.py
* fixed validation-modules for plugins/modules/web_infrastructure/sophos_utm/utm_network_interface_address.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_host.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_image_info.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_image.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_service.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_vm.py
* fixed validation-modules for plugins/modules/net_tools/cloudflare_dns.py
* fixed validation-modules for plugins/modules/net_tools/ip_netns.py
* fixed validation-modules for plugins/modules/net_tools/ipinfoio_facts.py
* fixed validation-modules for plugins/modules/net_tools/netcup_dns.py
* fixed validation-modules for plugins/modules/remote_management/wakeonlan.py
* added types to plugins/modules/remote_management/stacki/stacki_host.py but still cannot remove ignore line
* added a couple of FIXME comments
* fixed validation-modules for plugins/modules/remote_management/manageiq/manageiq_provider.py
* fixed validation-modules for plugins/modules/notification/rocketchat.py
* fixed validation-modules for plugins/modules/monitoring/bigpanda.py
* fixed validation-modules for plugins/modules/identity/keycloak/keycloak_client.py
* fixed validation-modules for plugins/modules/identity/keycloak/keycloak_clienttemplate.py
* fixed validation-modules for plugins/modules/cloud/univention/udm_user.py
* fixed validation-modules for plugins/modules/cloud/univention/udm_group.py
* fixed validation-modules for plugins/modules/cloud/spotinst/spotinst_aws_elastigroup.py
* fixed validation-modules for plugins/modules/cloud/smartos/imgadm.py
* fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks_nic.py
* fixed validation-modules for plugins/modules/cloud/ovirt/ovirt_external_provider_facts.py
* Tidy up validate-modules ignores no-default-for-required-parameter + couple of other cases
* Added changelog frag
* fixed validation-modules for plugins/modules/cloud/centurylink/clc_alert_policy.py
* fixed validation-modules for plugins/modules/cloud/centurylink/clc_firewall_policy.py
* fixed validation-modules for plugins/modules/cloud/lxd/lxd_profile.py
* Typos and small fixes
* fixed validation-modules for plugins/modules/net_tools/ldap/ldap_passwd.py
* Typos and small fixes, part 2
* Fixes from PR comments
* Update plugins/modules/cloud/profitbricks/profitbricks_nic.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Rolled back the mutually-exclusive-unknown in redhat_subscription
* Update changelogs/fragments/1423-valmod_multiple_cases.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit ae0d3cb090)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Tidy up validate-modules ignores doc-required-mismatch
* Tidy up validate-modules ignores doc-required-mismatch - update on 2.11
* Fixed chengelog frag
* rolledback removal of parameter from cloud/smartos/vmadm.py
* removed changelog frag for the rollback
* Update plugins/modules/cloud/smartos/vmadm.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Revert "removed changelog frag for the rollback"
This reverts commit 56a02ead3b.
* suggestion from PR
* yet another PR suggestion
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit b69ea1dfd9)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* fixed validation-modules for plugins/modules/cloud/spotinst/spotinst_aws_elastigroup.py
* fixed validation-modules for plugins/modules/cloud/univention/udm_share.py
* fixed validation-modules for plugins/modules/net_tools/nios/nios_host_record.py
* fixed validation-modules for plugins/modules/storage/zfs/zfs_facts.py
* fixed validation-modules for plugins/modules/storage/zfs/zpool_facts.py
* Tidy up validate-modules ignores nonexistent-parameter-documented
* Adjustments per the PR
* Removed no longer needed ignore line for udm_share.py
(cherry picked from commit 7f890c4645)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* * Refactor `nmcli` module to use consistent parameters when creating/modifying connections and detecting changes.
* Keep DNS list arguments as lists internally.
* Remove duplicated code where practical.
* DBus and GObject dependencies are not necessary.
* Update changelog fragment.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelog fragment.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Use identity operator instead of equality for type comparison.
* Don't start changelog notes with a capital letter.
* * Have `settings_type` return `str` by default instead of `None`.
* Improve variable naming, use `convert_func` instead of `type_cast`.
* Revert new feature of allowing ethernet types as slaves.
* Bring back `list_connection_info` to list all connections with `nmcli con show`.
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 7722800561)
Co-authored-by: Justin Bronn <jbronn@gmail.com>
* Type: Wrong package names
In Red Hat systems, python packages are preceeded by `python3-`
* Use Python 2 packages on CentOS 7 and Fedora <= 28.
Co-authored-by: Frank Brütting <fbruetting@users.noreply.github.com>
* Enable/disable health and agent checks
Health and agent checks can cause a disabled service to re-enable
itself. This adds "health" and "agent" options that will also
enable or disable those checks, matching if the service is to be
enabled/disabled.
* Update plugins/modules/net_tools/haproxy.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/net_tools/haproxy.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/net_tools/haproxy.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/net_tools/haproxy.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Changes to documentation and changelog.
Changes for the haproxy documentation to resolve issues with
the CI/CD, and adding a changelog fragment.
* Update changelogs/fragments/689-haproxy_agent_and_health.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/689-haproxy_agent_and_health.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/net_tools/haproxy.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add an example of health/agent disable.
* Update plugins/modules/net_tools/haproxy.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* nmcli: add idemptent support for any kinds of connections
Fixes#481: nmcli reports changed status even if nothing needs to change
- Implement show_connection() to retrieve connection profile from command line
- Parse integer enumeration values in show_connection()
- Convert 'bond.options' to alias shortcuts
- Modify connection only if changes are detected
- Support generic alias in during the property comparison
* nmcli: add idemptent support for any kinds of connections
Add mock object for modification cases when connection state changes
* nmcli: add idempotent support for any kinds of connections
- Add more test cases to check idempotent for each type of connections
- Verify 'changed' and 'failed' in the result of each test
- Append prefixlen for 'ip4' values in test data
- Fix the incorrect 'return_value' of execute_command() in previous mockers
- Ignore the empty string in _compare_conn_params()
- Fix the property key mapping of 'bridge-port.hairpin-mode' for bridge-slave
- Add 'override_options' in the result output for playboot debug
* nmcli: add idempotent support for any kinds of connections
Fix pep8 issues in test_nmcli.py: Comparison to False should be 'not expr'
* nmcli: add idempotent support for any kinds of connections
Support setting 'ipv4.method' or 'ipv6.method' via nmcli if the configuration method changes
* nmcli: add idempotent support for any kinds of connections
Simplify the if statements in show_connection() according to vlours's advice
* nmcli: add idempotent support for any kinds of connections
Fix the list argument comparison method with multiple values.
* nmcli: add idempotent support for any kinds of connections
Use ansible --diff option output to show detailed changes instead of a private return value.
* nmcli: add idempotent support for any kinds of connections
Add changelog fragment for bugfix.
* Adjust deprecation versions.
* Remove redirects that are already made in ansible/ansible's ansible_builtin_runtime.yml
* Remove modules that were moved to the google.cloud collection according to ansible/ansible's ansible_builtin_runtime.yml.
* The _info module is in google.cloud.
* The gcp doc_fragment is a copy of the one in google.cloud and is only used by one lookup. Mark as deprecated/internal.
* Remove entries of modules that no longer exist.
* Update ignore.txt.
* Try to fix test.
* Remove debug output.
I spent some time debugging an error, where the unexpected HTTP return code was
reported to be -1. Digging deeper, I found the cause using this patch:
"An unknown error occurred: ~/.netrc access too permissive: access permissions
must restrict access to only the owner"
* Add version_added: 1.0.0 for all new features added before pre-ansible-base.
* Add version_added: 1.0.0 for all new features.
* Next release will be 0.2.0
* Fix error.
* Remove unnecessary warnings.
* ip_netns: fix module name in example
Was referenced as 'namespace' while it should have been 'ip_netns'.
Closes: #203
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
* Update plugins/modules/net_tools/ip_netns.py
* Update plugins/modules/net_tools/ip_netns.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* fix CI
* Added ldap_search module for searching in LDAP servers
* Fixes from pipeline
* Fixed second script as well
* fix DOCUMENTATION block
* fix DOCUMENTATION block
* fix DOCUMENTATION block
* fix examples and remove changelog fragment
* Added integration tests for ldap_search
* fixes
Co-authored-by: Sebastian Pfahl <sebastian.pfahl@dcso.de>
* Remove the params module option from ldap_attr and ldap_entry
Module options that circumvent Ansible's option handling were disallowed
in:
https://meetbot.fedoraproject.org/ansible-meeting/2017-09-28/ansible_dev_meeting.2017-09-28-15.00.log.html
Additionally, this particular usage can be insecure if bind_pw is set
this way as the password could end up in a logfile or displayed on
stdout.
Fixes CVE-2020-1746
* Remove checking the version of Ansible
Fix fail_json
* Apply suggestions from code review
Co-Authored-By: Felix Fontein <felix@fontein.de>
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add copy of ipaddress.py from ansible.netcommon, use that one in non-network modules.
* Copy required functions from ansible.netcommon. Simpler than using compat.ipaddress to do this.