* Add keycloak_authz_authorization scope module
This module allows managing Keycloak client authorization scopes. The client has
to have authorization enable for this to work.
* botmeta: make mattock maintainer of keycloak_authz_authorization_scope
* botmeta: add mattock to team_keycloak
* keycloak_authz_authorization_scope: documentation and code layout fixes
* keycloak_authz_authorization_scope: do not fail on names with whitespace
* keycloak_authz_authorization_scope: use url quote method
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_authz_authorization_scope: style fixes to documentation
* keycloak_authz_authorization_scope: do not claim check/diff mode support
* keycloak_authz_authorization_scope: fix documentation
* keycloak_authz_authorization_scope: support check_mode and diff_mode
* keycloak_authz_authorization_scope: use more common terminology
Most keycloak modules use before_<object_type> and desired_<object_type> to
designate current and desired states of objects. Do the same for authorization
scopes.
* keycloak_authz_authorization_scope: fixes to check_mode and docs
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* pipx and pipx_info: Document that modules require pipx 0.16.2.1 or above
Since their introduction, these modules rely on 'pipx list --json' to
return machine-readable output about installed pipx applications. That
functionality was introduced in 0.16.2, along with a critical bug fix
(invalid json) in 0.16.2.1.
* pipx: fix state=latest with install_deps=true
"pipx upgrade" stopped supporting the "--include-deps" option
("install_deps" in the ansible module) in pipx 0.15
(https://pypa.github.io/pipx/changelog/#01500).
The lack of support causes the pipx module to fail if attempting to use
state=latest with install_deps, since the parameter is passed to both
pipx install (fine) and pipx upgrade (fails).
* Add changelog fragment
* Initial implementation for new modules btrfs_subvolume and btrfs_info
* Improve/flesh out documentation. Add ability to target filesystem by uuid, label or device. Update tests to test targeting filesystem by each supported parameter and when only mountpoint.
* Updates for btrfs modules. Add missing copyright notices. Switch options to contains in return documentation. Update btrfs_subvolume to always use closest parent mount.
* Add maintainers for btrfs module(s) and remove unused class member cause lint failure.
* Add changelog fragment. Attempt to only run against the VMs as part of CI.
* Updates per code review. Remove changelog fragment. Switch use of map to list comprehension. Add trailing comma to last item in multi-line dicts. Clean up documentation with complete senstences for descriptions and correct/consistent use of macros.
* Improved error handling in btrfs_subvolume module: add custom exception type, favor exceptions over immediate call to fail_json and add single top level return for failure scenarios. Normalize name and snapshot_source parameters early in module execution and remove unecessary duplicate normalization throughout processing.
* Add azp/posix/3 to aliases per feedback
* Clean up automatic mounting. Prevent automount when check_mode=True. Immediately fail if a mount is identified as required and automount=True. Identify the minimal subset of subvolumes that need to be mounted instead of just finding a single common root.
* Skip btrfs_subvolume integration tests if btrfs-progs isn't successfully installed.
* Bump version_added for btrfs modules to 6.6.0. Ensure consistent trailing punctuation for module descriptions and document check_mode behavior as attribute description rather than a module level note.
* Remove unused imports from btrfs_subvolume module.
* Fix import.
* Docs improvements.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Do extra docs validation. Explicitly disallow semantic markup in docs.
* Forgot to add new requirement.
* Fix prefixes.
* Remove superfluous condition.
* TEMP - make CI fail.
* Revert "TEMP - make CI fail."
This reverts commit 14f4d6b503.
* Remove unnecessary import.
* Make sure ANSIBLE_COLLECTIONS_PATH is set.
* Make sure sanity tests from older Ansible versions don't complain.
* one_vm: fix syntax error when creating VMs with a more complex template
with more complex templates that make use of quoted strings the new
"render" method fails to produce a template that is accepted by
OpenNebula. ==> escape double quotes in strings to make OpenNebula
happy again.
I also tested whether newlines need to be escaped, looks like they are
fine as they are.
Fixes#6225
* module_utils/opennebula: skip empty values in render
* add nmcli macvlan type
* changelog
* improve docs
* macvlan params
* fix linter and improve module params
* improve_docs
* raise error if type macvlan and macvlan options not set
* Add Puppet skip_tags option
* Include changelog fragment
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add module to manipulate KDE config files using kwriteconfig
* Fix license issues
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add smeso as kdeconfig.py maintainer
* Fix attributes fragment name
* Fix test
* Do not use shutil.chown
It isn't available on old Python versions
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* add runner_fast_rate option
* unset default value for runner_fast_rate parameter
* add some commas
* Remove default in copy of argspec.
Co-authored-by: Sam Potekhin <eax24@ya.ru>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Sam Potekhin <eax24@ya.ru>
* pipx: Allow injected modules to add apps
Add support for pipx inject's "--include-apps" parameter.
* add changelog fragment
* fix pipx test ("install_apps", not "include_apps")
* fix pipx test -- add a second invocation for install_apps
* Update changelogs/fragments/6198-pipx-inject-install-apps.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/pipx.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat(ssh_config): proxyjump option
* feat(ssh_config: add proxyjump test
* CamelCase ProxyJump
* add changelog fragment
* Update plugins/modules/ssh_config.py
add version_added
Co-authored-by: Felix Fontein <felix@fontein.de>
* update task name to include new proxyjump option
* adding tests for proxyjump option
* fixing assert variable name
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
The module currently has a static 'required_if' statement for its
parameters that forces any of 'username' or 'activationkey' or 'token'
in case state=present; while this is generally a good idea, it can be
an extra requirements in some cases. In particular, if the system is
already registered, there is no need for credentials -- some of the
operations of the module, such as manipulating pools, can be done
perfectly without credentials.
Hence:
- change the static 'required_if' to require credentials only when
forcing the registration
- check for credentials manually when a registration is needed, i.e.
on an unregistered system; the fail message is the same as the one
shown by 'required_if'
Adapt the tests to this new situation:
- test_without_required_parameters now needs to mock an unregistered
system
- add a new version of test_without_required_parameters to test an
already registered system
- add a simple test case for only state=present usable on an already
registered system
- remove the credentials from a test case for pool attachment that
mocks an already registered system
subscription-manager on RHEL installs a symlink in /usr/bin to
console-helper (part of usermode), which triggers an interactive prompt
for root credentials when run as user. It seems that console-helper
does not handle well non-interactive contexts (e.g. without a TTY for
input), and thus it will hang waiting for input when run as user in an
Ansible task.
Since subscription-manager requires root already anyway (and it will
fail when explicitly run as user), then apply the same logic locally on
all the modules that interact with it: redhat_subscription,
rhsm_release, and rhsm_repository.
subscription-manager currently does not have a way to get credentials
(username, password, activation keys, organization ID) in a secure way:
the existing command line parameters can be easily spotted when running
a process listing while 'subscription-manager register' runs.
There is a D-Bus service, which is used by e.g. cockpit and Anaconda to
interface with RHSM (at least for registration and common queries).
Try to perform the registration using D-Bus, in a way very similar to
the work done in convert2rhel [1] (with my help):
- try to do a simple signal test to check whether the system bus works;
inspired by the login in the dconf module
- pass most of the options as registration options; for the few that are
not part of the registration, execute 'subscription-manager' manually
- add quirks for differently working (or not) registration options for
the D-Bus Register*() methods depending on the version of RHEL
- 'subscription-manager register' is used only in case the signal test
is not working; silent fallback in case of D-Bus errors during the
registration is not done on purpose to avoid silent fallback to a less
secure registration
[1] https://github.com/oamg/convert2rhel/pull/540/
dconf: parse GVariant values to check for equality whenever possible
Direct string comparisons are an inaccurate way to compare two
GVariant representations. For example, 'foo' and "foo" (including the
quote marks, which are part of the representation) are equal GVariants
but if you just do a string compare (remember, including the quotes)
they'll be interpreted.
We therefore want to use the `gi.repository` Python library to parse
GVariant representations before comparing them whenever possible.
However, we don't want to assume that this library will always be
available or require it for Ansible to function, so we use a straight
string comparison as a fallback when the library isn't available. This
may result in some false positives, i.e., Ansible thinking a value is
changing when it actually isn't, but will not result in incorrect
values being written into `dconf`.
Co-authored-by: Jonathan Kamens <jik@jik5.kamens.us>
* add persistent option for modprobe
* add suggested changes + fix broken test
* change modprobe module path in tests due to rebase
* change persistent option type from bool to str with choices
* fix unused import
* add example with persistent option
* fix some minor issues after review
- move regexps compiling to __init__
- move AnsibleModule to build_module function and use this function in tests instead of AnsibleModule
- fix terminlogy issue in documentation
* fix unused-import
* sefcontext: add path substitution support (#1193)
First commit for feedback, missing docs and tests.
* sefcontext: add documentation
* Add changelog fragment
* Documentation formatting
* Delete extra newline
* pep8 fixes
Fix indentation
* Add version_added to arg docs
* Add examples
* Don't delete non-matching path substitutions
* Add integration tests
* Delete only substitutions if such arg passed
Don't delete existing regular file context mappings if deletion of
a path substitution was requested with the presence of the
`equal` arg - delete only path substitutions in such case.
Path substitutions and regular mappings may overlap.
* Can only add args in minor releases
:(
* Cleanup before tests
* Fix deletion using substitution
Was comparing wrong var.
* Fix test checking wrong var
* Improve args documentation and examples
List the default values for selevel, seuser.
Add example for deleting path substitutions only.
* Add attributes documentation block
Not sure if should add become/delegate/async,
shouldn't those work just like that without any
specific code added for them?
* and fix indentation on attribute block
* Consistent indentation for attributes
Confusing, most plugins indent with 4 spaces.
But some use 2 like the rest of the code, so use 2.
* Add missing ref for attribute block
* Use correct c.g version in doc block
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add full stop to changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Streamline documentation
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Support limiting deletion to setype
Deleting file context mappings may be limited by
passing setype or equal, if neither arg is passed
then delete either setype/equal mappings that match.
* Change arg name, diff mode output fix
Change arg name from equal to substitute.
Print target = subsitute in diff mode same way as
semanage does.
Also put back platform attribute, try to improve
clumsy language in the substitute arg docs.
* Delete even if arg setype not match existing
Test 5 indicates that deletion is supposed to not check that
the arg setype passed when deleting matches the setype
of the mapping to delete.
Delete any mapping that matches target, regardless of
setype arg value.
* Update arg name in tests
* Too eager replacing
Accidentally replaced seobject function names so fix them back
* 4564: Fix invalid setype in doc example
Change from httpd_git_rw_content_t which
does not exist to httpd_sys_rw_content_t
Fixes#4564
* Fix documentation attributes
Additional fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update version_added in docs
Bumping minor to 6.4.0 since it didn't make 6.3.0.
* Add more description to the new arg docs
Try to improve discoverability of the new feature and make it easier to understand without deep SELinux understanding.
* Update platform to Linux in documentation
* Add equal as alias for the new argument
Improve discoverability of the new feature by adding an alias to the new module argument. The argument name "equal" will be easy to find for users who are not familiar with SELinux and who just try to match to the CLI tool `semanage`.
* And add alias argument properly
Previous commit missed actually adding the alias (added to docs only).
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* feat(module/keycloak_group): add support for ...
... handling subgroups
* added changelog fragment and fixing sanity ...
... test issues
* more sanity fixes
* fix missing version and review issues
* added missing licence header
* fix docu
* fix line beeing too long
* replaced suboptimal string type prefixing ...
... with better subdict based approach
* fix sanity issues
* more sanity fixing
* fixed more review issues
* fix argument list too long
* why is it failing? something wrong with the docu?
* is it this line then?
* undid group attribute removing, it does not ...
... belong into this PR
* fix version_added for parents parameter
---------
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
* Yarn module: fix state=latest not working with global=true
* fix whitespace
* add changelog fragment
* add integration test cases
* add only tests for this PR (install+upgrade)
* fix assuming default global dir
* fix list() not working when global=true and name a package with no binary
* remove ignores
* whitespace
* Update changelogs/fragments/5829-fix-yarn-global.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/5829-fix-yarn-global.yml
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* replace missing default favicon with docs.ansible.com
* create changelog fragment for PR 5928
* move changelog fragment
* fix parameter description
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix parameter description
Co-authored-by: Felix Fontein <felix@fontein.de>
* add affected modules in changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Lars Krahl <lkr@mms-dresden.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* opennebula: Add template manipulation helpers
* one_vm: Use 'updateconf' API call to modify running VMs
* one_vm: Emulate 'updateconf' API call for newly created VMs
* opennebula/one_vm: Satisfy linter checks
* opennebula/one_vm: Apply suggestions from code review
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* opennebula/one_vm: Drop 'extend' function, use 'dict_merge' instead
* Add changelog fragment
* one_vm: Refactor 'parse_updateconf' function
* opennebula/one_vm: Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* one_vm: Allow for using updateconf in all scenarios
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add support to Bitwarden Lookup for filtering results by collection id (#5849)
* Debug
* Add support to Bitwarden Lookup for filtering results by collection id (#5849)
* Update comments
* Fix blank line issue
* Fix unit tests for bitwarden lookup plugin. Add changelog fragment file.
* Change collectionId to collection_id parameter on bitwarden plugin
* Fix collection id parameter name when used in bw cli
* Clarify Error message when vault not unlocked
You can be logged into the Bitwarden-CLI, but it can still be locked. This took me several hours to debug, since every time I ran 'bw login' it told me, that I am already logged in.
If you run 'bw unlock' without being logged in, you are prompted to log in.
This clarifies the Error occurring and can drastically reduce debugging time, since you don't have to look into the source code to get an understanding of whats wrong.
* RM: negation
Nobody needs negation
* Update function name
* FIX: tests
* ADD: changelog
* Update changelogs/fragments/5811-clarify-bitwarden-error.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix(modules/keycloak_user_federation): fixes ...
... user federation creation failing when also updating/changing default
mappers at the same time
* add changelog fragment for pr
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
* fix(modules/keycloak_user_federation): fixes ...
... federation read call not finding already existing federations
properly because of bad parametrisation
* fix(modules/keycloak_user_federation): added ...
... new integration test for module idempotency bugfix
* added changelog fragment for pr
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
* Remote management modules for OCAPI-based devices.
Open Composable API (OCAPI) is a REST-based API designed for data center composability. For more information, see https://www.opencompute.org/documents/open-composable-api-for-ocp-2019-06-24-pdf
This PR introduces ocapi_command and ocapi_info modules. These are based on the existing redfish_command and redfish_info modules and follow similar patterns. This initial implementation includes support for the folowing operations:
- Indicator LED toggling
- Power state toggling
- Enclosure reset (reboot)
- Firmware upload
- Firmware update
- Firmware activate
- Job deletion
- Job status
These modules have been tested against Western Digital OpenFlex(tm) Data24 storage enclosures. API reference is at https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/product/platforms/openflex/reference-architecture-open-composable-api.pdf
* Fix licensing issue for ocapi_utils.py
* PR Feedback
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/ocapi_utils.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/ocapi_info.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* PR Feedback
Use six module for urlparse
* Apply suggestions from code review
Documentation fixes.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix sanity test line too long error.
Co-authored-by: Felix Fontein <felix@fontein.de>
* pipx: add testcase w/ env vars PIPX_xxxx
* add note to the docs about env vars
* add note to the docs about env vars
* Apply suggestions from code review
* Update plugins/modules/pipx.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/pipx_info.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* break long lines into smaller ones
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add parameter warn_mpm_module to control when warning are raised
* Remoe whitespace
* Add changelog fragment
* Add missing license
* Update changelogs/fragments/5793-apache2-module-npm-warnings.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/apache2_module.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/apache2_module.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update tests/integration/targets/apache2_module/tasks/635-apache2-misleading-warning.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Refining integration test - previous was invalid
* False to false
* refactor assertion for suse
* Revert "refactor assertion for suse"
This reverts commit 61b86e7493.
* Excluding test on Suse
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update CI matrix.
* Disable RHEL 9.1 for tests where RHEL 9.0 was disabled as well.
* Skip iso_extract on FreeBSD 12.4.
* Fix cloud_init_data_facts test for Fedora 37.
* Do not try to install snap on RHEL 9.1.
* Skip pkgng jail tests on FreeBSD 12.4 as well.
* ansible_galaxy_install: use locale C tentatively, else en_US
* use custom exception to signal unsupported locale
* add step to remove artefacts at the end of the test
* add step to remove artefacts at the beginning of the test
* comment out context controller
* trying with temporary dir as destination
* remove collection before test with reqs file
* ensure collections are installed in temp dir in tests + check_force
* simplified the change
* added extra condition for failing locale
* improved exception handling
* add changelog fragment
* Remove superfluous VM.
* Add extra VM group.
* More platforms, add scripts.
* [REVERT THIS] Shrink matrix to only the tests we are interested in.
* Fix some tests.
* Skip snap tests on Ubuntu VMs for now.
* Skip xfs_quota tests on Alpine VMs due to ansible.posix.mount failing.
* Revert "[REVERT THIS] Shrink matrix to only the tests we are interested in."
This reverts commit 2e98e163db.
* Stick to Alpine and Ubuntu 22.04 for now.
* Add support to restrict privileges by host
* Missing comma
* Making linter happy.
* Add version 6.2.0 as when sudoers host parameter added
Co-authored-by: Felix Fontein <felix@fontein.de>
* Changelog fragment for PR #5703
* Test for sudoers host-based restriction
Co-authored-by: Felix Fontein <felix@fontein.de>
Add the `server_proxy_scheme` parameter to configure the scheme used for
the proxy server. This completes the configuration parameters for the
proxy server.
* Enhance `copr` integration tests
- Switch to a new test Copr repository. @copr/integration_tests was
removed which caused the tests to fail. I created a new one under my
account that I'll ensure stays around.
- Add basic testing to ensure that repo files are created in the correct
location and contain the correct baseurl and enabled status.
- Also run tests on Enterprise Linux.
- Test that packages from the Copr install. This has to be disabled on
EOL Fedoras that Copr does not allow building new packages for.
Resolves: https://github.com/ansible-collections/community.general/issues/5595
* copr tests: Fix ansible_python_interpreter on c8s
* copr: Don't test on alt Pythons on cs8
* Revert "copr tests: Fix ansible_python_interpreter on c8s"
This reverts commit 58e15a7ebf.
Stop passing all the "rhsm_", and "server_" module arguments to
"Rhsm.register()", and thus as arguments for
"subscription-manager register":
- right before calling "Rhsm.register()", "Rhsm.configure()" is called
to configure subscription-manager with all the "rhsm_", and "server_"
arguments; hence, they are already configured
- the passed argument to "--serverurl" is partially wrong:
"Rhsm.register()" passes only the hostname, whereas the other bits
(port and prefix) are supported too; this "works" because port and
prefix were already configured previously, and the lax parsing that
subscription-manager does allows for missing bits
- the parsing done by subscription-manager for "--baseurl" strips out
the URL scheme and always uses https: this means that specifying
"rhsm_baseurl: http://server" as module parameter will be taken as
"https://server" by subscription-manager; since "rhsm_baseurl" is
already configured by "Rhsm.configure()", this issue is gone
* cmd_runner module utils: fix case for as_fixed() format
* add changelog fragment
* simplified test_cmd_runner
* fix handling empty default for `as_map()`
* add changelog fragment
* MissingArgumentValue is reraised in run()