Using `local: true` users can enforce to work only with local policy
modifications. i.e.
# Without `local`, no new modification is added when port already exists
$ sudo ansible -m seport -a 'ports=22 state=present setype=ssh_port_t proto=tcp' localhost
localhost | SUCCESS => {
"changed": false,
"ports": [
"22"
],
"proto": "tcp",
"setype": "ssh_port_t",
"state": "present"
}
$ sudo semanage port -l -C
# With `local`, a port is always added/changed in local modification list
$ sudo ansible -m seport -a 'ports=22 state=present setype=ssh_port_t proto=tcp local=true' localhost
localhost | CHANGED => {
"changed": true,
"ports": [
"22"
],
"proto": "tcp",
"setype": "ssh_port_t",
"state": "present"
}
$ sudo semanage port -l -C
SELinux Port Type Proto Port Number
ssh_port_t tcp 22
# With `local`, seport removes the port only from local modifications
$ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp local=true' localhost
localhost | CHANGED => {
"changed": true,
"ports": [
"22"
],
"proto": "tcp",
"setype": "ssh_port_t",
"state": "absent"
}
$ sudo semanage port -l -C
# Even though the port is still defined in system policy, the module
# result is success as there's no port local modification
$ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp local=true' localhost
localhost | SUCCESS => {
"changed": false,
"ports": [
"22"
],
"proto": "tcp",
"setype": "ssh_port_t",
"state": "absent"
}
# But it fails without `local` as it tries to remove port defined in
# system policy
$ sudo ansible -m seport -a 'ports=22 state=absent setype=ssh_port_t proto=tcp' localhost
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: Port tcp/22 is defined in policy, cannot be deleted
localhost | FAILED! => {
"changed": false,
"msg": "ValueError: Port tcp/22 is defined in policy, cannot be deleted\n"
}
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
* Update redfish module for compatibility with VirtualMedia resource location from Manager to Systems
* Add changelogs fragments for PR 5124
* Update some issue according to the suggestions
* update changelogs fragment to list new features in the minor_changes catagory
Co-authored-by: Tami YY3 Pan <panyy3@lenovo.com>
* Adjust booleans in system modules.
* Fix some IP addresses
Co-authored-by: Sandra McCann <samccann@redhat.com>
Co-authored-by: Sandra McCann <samccann@redhat.com>
* Fix nsupdate when updating NS record
* Changelog fragment
* Update changelogs/fragments/5112-fix-nsupdate-ns-entry.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Switch to fallback to AUTHORITY instead of using with NS type.
* Update plugins/modules/net_tools/nsupdate.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/net_tools/nsupdate.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: jonathan lung <lungj@heresjono.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* pipx: add state latest
* add changelog fragment
* Update plugins/modules/packaging/language/pipx.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add sanity test (currently fails).
* doc_fragments can also be non-GPLv3+.
* Replace 'Author:' by 'Copyright:' in some specific cases.
* Avoid matching string for license checkers.
* Reformulate not to throw license detection off.
* Add PSF copyright notice for plugins/module_utils/_mount.py.
* Add generic copyright notices.
* Update changelog fragment.
* WDC Redfish support for chassis indicator LED toggling.
* Added changelog fragment.
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Move licenses to LICENSES/, run add-license.py, add LICENSES/MIT.txt.
* Replace 'Copyright:' with 'Copyright'
sed -i 's|Copyright:\(.*\)|Copyright\1|' $(rg -l 'Copyright:')
Co-authored-by: Maxwell G <gotmax@e.email>
* xfconf: add command output to results
* add changelog fragment
* add docs for return value cmd
* Update plugins/modules/system/xfconf.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Slack: Add support for (some) groups
Some of the older private channels in the workspace I'm working in have channel ID's starting with `G0` and `GF` and this resulted to false positive `channel_not_found` errors.
I've added these prefixes to the list to maintain as much backwards compatibility as possible.
Ideally the auto-prefix of the channel name with `#` is dropped entirely, given the Channel ID's have become more dominant in the Slack API over the past years.
* Add changelog fragment for slack channel prefix fix
* Update changelogs/fragments/5019-slack-support-more-groups.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Initial Rework of netstat and ss to include additional information.
State, foreign address, process.
* Fixed sanity tests. Python 2 compatible code. pylint errors resolved.
* Sanity tests. ss_parse fix minor error I created before.
* Rename variable for clarity
* Python2 rsplit takes no keyword argument. -> remove keyword argument
* Generic improvments for split_pid_name. Added changelog
* Sanity Test (no type hints for python2.7)
* add include_non_listening param. Add param to test. Add documentation. Only return state and foreign_address when include_non_listening
* Update changelogs/fragments/4953-listen-ports-facts-extend-output.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add info to changelog fragment. Clarify documentation.
* The case where we have multiple entries in pids for udp eg: users:(("rpcbind",pid=733,fd=5),("systemd",pid=1,fd=30)) is not in the tests. So roll back to previous approach where this is covered. Fix wrong if condition for include_non_listening.
* Rewrite documentation and formatting.
* Last small documentation adjustments.
* Update parameters to match description.
* added test cases to check if include_non_listening is set to no by default. And test if ports and foreign_address exists if set to yes
* undo rename from address to local_address -> breaking change
* Replace choice with bool, as it is the correct fit here
* nestat distinguishes between tcp6 and tcp output should always be tcp
* Minor adjustments in the docs (no -> false, is set to yes -> true)
Co-authored-by: Paul-Kehnel <paul.kehnel@ocean.ibm.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Pacman: Add support for setting install reason
* Improved description
* Fix documentation
* Add changelog fragment
* Use source for installation
* Get all reasons at once
* Removed default for reason
* Added version info to documentation
* Fix NameError
* Moved determination of reason to _build_inventory
* Fix duplication and sanity errors
* adjust tests for changed inventory
* Documentation: remove empty default for reason
* mention packages with changed reason in exit params/info
* Added integration tests for reason and reason_for
Inspired by the integration tests for url packages
* Correct indentation
* Fix indentation
* Also sort changed packages in normal mode
* Also sort result in unit test
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* gconftool2: deprecate state get
* added changelog fragment
* Update plugins/modules/system/gconftool2.py
* Update plugins/modules/system/gconftool2.py
* Expose unredirected_headers to module
In some cases, when the initial request returns a redirect and we want
to follow it to get the artifact, we might not want to include certain
headers in the redirection request. Specially headers like
Authorization and Cookies.
Or perhaps the redirect server returns a 400 because it included some
unexpected headers.
Fetch url already supports this feature, but it was being shadowed by
maven_artifact. In here we just expose it.
* Fix Linting errors
* Applied Comments
- Specified version added
- Changed description of unredirected_headers
* Check for ansible version
If it's 2.11 or older, we ignore unredirected_headers, otherwise we use
it, as fetch_url has them
* Applied comments
- Removed duplicated code in the call of fetch_url. Used kwargs instead
- Added check if unredirected_params is not empty and the fetch_url
function does not support it
- Changed function that checks for ansible version
- Removed unused import
* Remove 2.11 breaking change
Made default only for ansible-core version 2.12 and above, but for keep
it empty for ansible-core version 2.11 and below.
Also include the following changes:
- change doc to use C() on the function description
- changed doc to use ansible-core instead of Ansible
* Changes in description for readability
* Add changelog fragment
* Change description changelog fragment
* Fix keyring_info when using keyring library
This line used to always clobber the passphrase retrieved via the `keyring` library, making it useless on everything except gnome-keyring. After this change, it'll only use the alternate method if the default one didn't work.
* delete whitespace
* add changelog fragment
* Update changelogs/fragments/4964-fix-keyring-info.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Strip downloading... of unseen URLs
* Added changelog fragment
* Added integration tests for reason and reason_for
Inspired by the integration tests for url packages
* Revert "Added integration tests for reason and reason_for"
This reverts commit f60d92f0d7.
Accidentally commited to the wrong branch.
* add int parse handling
* Revert "add int parse handling"
This reverts commit db2aac4254.
* fix: vmid check if state is absent
* add changelogs fragments
* Update changelogs/fragments/4945-fix-get_vm-int-parse-handling.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* WDC Redfish Info / Command modules for Western Digital Ultrastar Data102 storage enclosures.
Initial commands include:
* FWActivate
* UpdateAndActivate
* SimpleUpdateStatus
* delete unnecessary __init__.py modules
* PR Feedback
Notes list not guaranteed to be sorted
Use EXAMPLES tos how specifying ioms/basuri
Import missing_required_lib
* Apply suggestions from code review
Suggestions that could be auto-committed.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove DNSCacheBypass
It is now the caller's responsibility to deal with stale IP addresses.
* Remove dnspython dependency.
Fix bug that this uncovered.
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* PR Feedback
* Documentation, simple update status output format, unit tests.
Add docs showing how to use SimpleUpdateStatus
Change the format of SimpleUpateStatus format, put the results in a sub-object.
Fix unit tests whose asserts weren't actually running.
* PR Feedback
register: result on the 2nd example
* Final adjustments for merging for 5.4.0
Co-authored-by: Felix Fontein <felix@fontein.de>
* Use syntax that works in both Python 2 and 3 when iterating through a
dict that's going to be mutated during iteration
* Fixes `dictionary changed size during iteration` error
* Fixes#4932
* Add GetManagerInventory command to redfish_info
Adding GetManagerInventory command to redfish_info, similar to
GetSystemInventory to report Manager specific information like:
- FirmwareVersion
- Model
- ManagerType
Fixes#4899
* Update changelogs/fragments/4899-add-GetManagerInventory-for-redfish_info.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Use visudo to validate sudoers rules before use
* Replace use of subprocess.Popen with module.run_command
* Switch out apt for package
* Check file mode when verifying file to determine whether something needs to change
* Only install sudo package for debian and redhat environments (when testing)
* Attempt to install sudo on FreeBSD too
* Try just installing sudo for non-darwin machines
* Don't validate file ownership
* Attempt to install sudo on all platforms
* Revert "Attempt to install sudo on all platforms"
This reverts commit b9562a8916.
* Remove file permissions changes from this PR
* Add changelog fragment for 4794 sudoers validation
* Add option to control when sudoers validation is used
* Update changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add version_added to validation property
Co-authored-by: Felix Fontein <felix@fontein.de>
* Also validate failed sudoers validation error message
Co-authored-by: Felix Fontein <felix@fontein.de>
* Make visudo not executable instead of trying to delete it
* Update edge case validation
* Write invalid sudoers file to alternative path to avoid breaking sudo
* Don't try to remove or otherwise modify visudo on Darwin
* Update plugins/modules/system/sudoers.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove trailing extra empty line to appease sanity checker
Co-authored-by: Felix Fontein <felix@fontein.de>
