* Mark non-secret leaking module options with no_log=False (#2001)
* Mark non-secret leaking module options with no_log=False.
* Add changelog fragment.
(cherry picked from commit 1ea080762b)
* Add one more.
Co-authored-by: Felix Fontein <felix@fontein.de>
* fixed validation-modules for plugins/modules/storage/netapp/na_ontap_gather_facts.py
* fixed validation-modules for plugins/modules/source_control/gitlab/gitlab_runner.py
* fixed validation-modules for plugins/modules/packaging/os/redhat_subscription.py
* fixed validation-modules for plugins/modules/notification/twilio.py
* fixed validation-modules for plugins/modules/notification/slack.py
* fixed validation-modules for plugins/modules/notification/sendgrid.py
* fixed validation-modules for plugins/modules/notification/rocketchat.py
* fixed validation-modules for plugins/modules/notification/office_365_connector_card.py
* fixed validation-modules for plugins/modules/notification/nexmo.py
* fixed validation-modules for plugins/modules/notification/mail.py
* fixed validation-modules for plugins/modules/net_tools/omapi_host.py
* fixed validation-modules for plugins/modules/net_tools/nsupdate.py
* fixed validation-modules for plugins/modules/net_tools/dnsimple.py
* fixed validation-modules for plugins/modules/monitoring/pagerduty.py
* fixed validation-modules for plugins/modules/monitoring/librato_annotation.py
* fixed validation-modules for plugins/modules/identity/onepassword_info.py
* fixed validation-modules for plugins/modules/identity/keycloak/keycloak_client.py
* fixed validation-modules for plugins/modules/files/xml.py
* fixed validation-modules for plugins/modules/cloud/softlayer/sl_vm.py
* fixed validation-modules for plugins/modules/cloud/smartos/vmadm.py
* fixed validation-modules for plugins/modules/cloud/pubnub/pubnub_blocks.py
* fixed validation-modules for plugins/modules/cloud/packet/packet_device.py
* fixed validation-modules for plugins/modules/cloud/lxd/lxd_container.py
* fixed validation-modules for plugins/module_utils/oracle/oci_utils.py
* fixed validation-modules for plugins/doc_fragments/oracle_creatable_resource.py
* Tidy up validate-modules:parameter-list-no-elements for some modules
* fixed validation-modules for plugins/modules/monitoring/statusio_maintenance.py
* Fixed pending issues from CI validation
* Fixed xml module elements for add_children & set_children
* added changelog fragment
* typo
* fix wording in changelog frag
(cherry picked from commit f33323ca89)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* ease limitation for nios_host_record DNS Bypass, the bypass should be allowed when configure_dns is disabled and view is set other than default
* add changelog fragment
Co-authored-by: Nils <ext-nils.haglund@elisa.fi>
(cherry picked from commit 8fae693d9c)
Co-authored-by: shieni <shieni@users.noreply.github.com>
* Update CI (#1782)
* Update targets for CI for devel branch; move some targets to stable-2.10.
* Skipping test on RHEL 8.3 (it is already skipped on RHEL 8.2).
* Linting.
* Shut 2.9/2.10 pylint complaints up.
* More sanity.
* Bump CI to FreeBSD 11.4, 12.2. (#1657)
* Bump CI to FreeBSD 11.4, 12.2.
* Make FreeBSD Python package selection more future-proof.
(cherry picked from commit c1eb0a232c)
* Add macOS 11.1 tests (#1619)
* Add macOS 11.1 tests.
* Hopefully fix virtualenv.sh problems.
(cherry picked from commit 74174f11ff)
* Skip all postgresql tests on FreeBSD.
* Skip kubevirt inventory tests on macOS.
* Add no_log to some module arguments
This will prevent potentially sensitive information from being printed to
the console.
See: CVE-2021-20191
* Update changelogs/fragments/CVE-2021-20191_no_log.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit ae8edc02e1)
Co-authored-by: David Moreau Simard <dmsimard@redhat.com>
* add Name and/or Id properties to resource inventory output
* add changelog fragment
(cherry picked from commit 00f5f7dfe7)
Co-authored-by: Bill Dodd <billdodd@gmail.com>
* nios_member: fix nios api member_normalize error with python 3
Force a copy of the key to allow change during iteration.
* Update - add changelog fragment
* Update - add changelog fragment
* Update changelogs/fragments/1527-fix-nios-api-member-normalize.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit c63f3f9956)
Co-authored-by: neatherweb <35084494+neatherweb@users.noreply.github.com>
* fix for https://github.com/ansible-collections/community.general/issues/1335
* added changelog fragment
* Update changelogs/fragments/nios_host_record-fix-aliases-removal.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* extend changelog to specify CNAMES
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 496be77a2b)
Co-authored-by: Pablo Escobar Lopez <pescobar001@gmail.com>
When user provides auth URL value which does not startswith
http or https protocol schema, provide a meaningful error message
stating so.
Fixes: #331
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit f37eb12580)
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
* proxmox: create a common base
Add a doc_fragment to share the documentation regarding authentication
parameters (api_host, api_user, api_password, api_token_id,
api_token_secret as well as the lone validate_certs).
Add a module_utils to hold common code such as the argument spec (again
related to authentication paramters), a helper function to convert from
Proxmox boolean representation to python and the base class
ProxmoxAnsible.
For now it only handles the connection to Proxmox VE API but more can be
added in the future.
To check if everything is well in place add three new modules:
proxmox_{domain,group,user}_info.
And finaly tests these new modules.
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add tests/integration/targets/proxmox/aliases
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 51a08ea398)
Co-authored-by: Tristan Le Guern <tleguern@bouledef.eu>
* Big revamp in xfconf.py
- added plugin/module_utils/module_helper.py
- scaffold class for writing modules, beyond standard AnsibleModule
- automatic capture of exceptions
- easier dependency testing
- StateMixin to easily handle different behaviours for 'state' param
- CmdMixin to easily run external commands
- adapted test_xfconf.py
- the args for run_command are now lists instead of a string
- value and previous_value were not being tested before (because xfconf wasn't filling results - see below)
- added more tests: setting value to previous_value, getting non-existent property
- rewritten xfconf module, keeping the same results
- original module posted results as ansible_facts, this version still does it for compatibility, but also adds to the module result
* Added suggestions from the PR
* Added russoz as maintainer for the module_utils/module_helper.py file
* Formatting using printf-style requires special treatment
Strings not containing substitution tokens must work as well.
* Tidied up variables in module definition
* Tests with ArgFormat and DependencyCtxMgr
* pytest parameters must be in the same order, it seems
* improved testing for the DependencyCtxMgr
* fixed test for older pythons
* Moved changed property to improve readability
* Added testcase for state: absent and adjusted xfconf after it
* Fixed param name environ_update in run_command()
* added changelog fragment
* fixed tests after run_command param change
(cherry picked from commit e3fcc7de2a)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Vendor plugins/module_utils/mount.py from ansible.posix, and drop ansible.posix dependency (except for testing).
* Add ignore.txt entries.
* Install test requirements conditionally.
* Apply suggestions from code review
Co-authored-by: John R Barker <john@johnrbarker.com>
* Bump to major changes.
Co-authored-by: John R Barker <john@johnrbarker.com>
(cherry picked from commit 20f470cc64)
Co-authored-by: Felix Fontein <felix@fontein.de>
* bring Manager power cmds to parity with System power commands
* add changelog fragment
* Update changelogs/fragments/903-enhance-redfish-manager-reset-actions.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit e382044e42)
Co-authored-by: Bill Dodd <billdodd@gmail.com>
Issue: 824
Co-authored-by: Scott Seekamp <sseekamp@digitalocean.com>
(cherry picked from commit d7ec65c19c)
Co-authored-by: Scott Seekamp <sylgeist@risei.net>
* migrate firewalld to ansible.posix
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix removal_version for runtime.yml
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog fragment
Signed-off-by: Adam Miller <admiller@redhat.com>
* Update meta/runtime.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/firewalld_migration.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* add module_util routing entry
Signed-off-by: Adam Miller <admiller@redhat.com>
* Update meta/runtime.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix the behavior of ipa modules in case IPA_HOST is empty
The expected behavior, when the env is empty, is to
fallback on DNS. Without this fix, if IPA_HOST is empty,
there are different errors, depending on urllib version,
which additionally confuses the user. Example errors:
* host_find: Request failed: <urlopen error no host given>
* Failed to connect to None at port 443: [Errno 111]
Connection refused", "status": -1, "url":
"https:///ipa/session/json
* Add a changelog fragment for IPA_HOST fix
* Update changelogs/fragments/241-fix-ipa-modules-when-ipa_host-empty.yml
Co-authored-by: Sandra McCann <samccann@redhat.com>
Co-authored-by: John R Barker <john@johnrbarker.com>
Co-authored-by: Sandra McCann <samccann@redhat.com>
* Adjust deprecation versions.
* Remove redirects that are already made in ansible/ansible's ansible_builtin_runtime.yml
* Remove modules that were moved to the google.cloud collection according to ansible/ansible's ansible_builtin_runtime.yml.
* The _info module is in google.cloud.
* The gcp doc_fragment is a copy of the one in google.cloud and is only used by one lookup. Mark as deprecated/internal.
* Remove entries of modules that no longer exist.
* Update ignore.txt.
* Try to fix test.
* Remove debug output.
* add sops lookup plugin
* fix pylint
* fix undefined encrypted_file variable
* decode sops output as text by default
* add variable to control decrypted content print in logs
* use Sops class decryption method
* lookup should return text, use appropriate ansible facility
* use ansible.module_utils._text.to_native
As required by Ansible documentation on [raising errors][raising-errors]
from plugins, use to_native to wrap errors to ensure string compatibility
between Python versions.
[raising-errors]: https://docs.ansible.com/ansible/latest/dev_guide/developing_plugins.html#id3
* use with_items instead of with_file in sops lookup documentation
[with_file][with-file], per Ansible documentation, returns the content of
the file. As sops is not able to decrypt a string by itself but requires
the file is passed as argument, passing the content breaks the lookup
plugin as reported by [here][bug-report].
[with_items][with-items] should be used instead.
[with-file]: https://docs.ansible.com/ansible/2.4/playbooks_loops.html#looping-over-files
[with-items]: https://docs.ansible.com/ansible/2.4/playbooks_loops.html#standard-loops
[bug-report]: https://github.com/ansible/ansible/pull/59639#issuecomment-540803722
* uniform sops exception handling between plugins
* Apply suggestions from code review
Co-Authored-By: Felix Fontein <felix@fontein.de>
* remove sops lookup plugin print option
Is no longer possible to print the decrypted secrets directly from this
plugin, but `debug` module can be used instead.
* add github handle to author
* add setup_sops integration target
* extract sops module
* add lookup_sops integration tests
* use sops module
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/tasks/ubuntu.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/files/simple.sops.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Adding aliases file
* Emtpy spaces
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/tasks/ubuntu.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/lookup/sops.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/tasks/ubuntu.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update test/integration/targets/lookup_sops/tasks/ubuntu.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* gpg -> gnupg2
* with_items -> loop
* Move error logic to module_utils.
* Make Sops.decrypt() also handle errors and decode output.
* Improve error handling.
* Improve example formatting.
* Reorganize tests.
* Add test.
* Remove version_added.
Co-authored-by: Edoardo Tenani <edoardo.tenani@protonmail.com>
Co-authored-by: Edoardo Tenani <edoardo.tenani@gmail.com>
Co-authored-by: Edoardo T <endorama@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
The common http api client class used by the scaleway modules only
enables automatic jsonification of the request body if the
"Content-Type" header is application/json. The client only included
"Content-type" in its default set of headers (notice the case
variation).
This caused a KeyError on send() if the caller relied on the default
content-type value.
* Un-remove wrongly removed ovirt modules and adjust deprecation to Ansible 2.14 (regular 4 version deprecation cycle).
* Update sanity-2.10.txt
* Vendor dependencies from ovirt.ovirt as deprecated, and remove dependency on ovirt.ovirt.
* Use ovirt_facts doc_fragment, and don't add _ovirt_info doc_fragment.
* Replace missing netapp parts with own copy.
* Localize final fragment.
* Mark netapps docs fragment as deprecated.
* Drop dependency on netapp.ontap.
* Remove all netapp_e_* modules.
* Remove docs fragment.
* Add copy of ipaddress.py from ansible.netcommon, use that one in non-network modules.
* Copy required functions from ansible.netcommon. Simpler than using compat.ipaddress to do this.
* Fix ovirt collection name (ovirt.ovirt_collection, not ovirt.ovirt).
* Fix kubernetes module_utils references.
* Fix broken f5 imports on community.general side. The imports in that collection are still broken and will still cause failures.
* Fix Cisco ACI and MSO modules imports.
* Fix check_point.mgmt dependency, fix imports.
* Fix fortimanager imports.
* Fix cisco intersight imports.
* Fix ovirt module docs fragments.
* Fix usage of _ in unit tests to avoid sanity failures.
* Fix Cisco module docs fragments.
* Fix netapp.ontap module docs fragment name.
* Fix documentation.
* Fix some boilerplate (the ones not mentioned in ignore.txt).