Do extra docs validation; explicitly disallow semantic markup in docs (#6345)
* Do extra docs validation. Explicitly disallow semantic markup in docs.
* Forgot to add new requirement.
* Fix prefixes.
* Remove superfluous condition.
* TEMP - make CI fail.
* Revert "TEMP - make CI fail."
This reverts commit 14f4d6b503.
* Remove unnecessary import.
* Make sure ANSIBLE_COLLECTIONS_PATH is set.
* Make sure sanity tests from older Ansible versions don't complain.
(cherry picked from commit ee11847c7e)
Co-authored-by: Felix Fontein <felix@fontein.de>
one_vm: fix syntax error when creating VMs with a more complex template (#6294)
* one_vm: fix syntax error when creating VMs with a more complex template
with more complex templates that make use of quoted strings the new
"render" method fails to produce a template that is accepted by
OpenNebula. ==> escape double quotes in strings to make OpenNebula
happy again.
I also tested whether newlines need to be escaped, looks like they are
fine as they are.
Fixes#6225
* module_utils/opennebula: skip empty values in render
(cherry picked from commit cb3ca05bd1)
Co-authored-by: Georg Gadinger <nilsding@nilsding.org>
nmcli: Add macvlan connection type support (#6312)
* add nmcli macvlan type
* changelog
* improve docs
* macvlan params
* fix linter and improve module params
* improve_docs
* raise error if type macvlan and macvlan options not set
(cherry picked from commit 29a7d24d75)
Co-authored-by: Sergey Putko <mail@psvlan.com>
snap: add tests for multiple commands (#5488)
* snap: add tests for multiple commands
* snap: add tests + become
* remove packages again for idempotency
* roll back become=true in tests
(cherry picked from commit d7340945a4)
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
pkgng: skip jail tests also on FreeBSD 12.3 (#6313)
Skip jail tests also on FreeBSD 12.3.
(cherry picked from commit aa77a88f4b)
Co-authored-by: Felix Fontein <felix@fontein.de>
pipx: Add support for system_site_packages (#6308)
* pipx: Add support for system_site_packages
* Add changelog fragment
(cherry picked from commit f93a1bf5ec)
Co-authored-by: Paul Aurich <paul@darkrain42.org>
pids tests: 'some-' is not that a unique pattern. (#6304)
* 'some-' is not that a unique pattern.
* Add debugging help.
* Avoid passing the name as a parameter to obtainpid.sh.
(cherry picked from commit 08f14f3eb0)
Co-authored-by: Felix Fontein <felix@fontein.de>
Add module to manipulate KDE config files using kwriteconfig (#6182)
* Add module to manipulate KDE config files using kwriteconfig
* Fix license issues
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add smeso as kdeconfig.py maintainer
* Fix attributes fragment name
* Fix test
* Do not use shutil.chown
It isn't available on old Python versions
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 997761878c)
Co-authored-by: Salvatore Mesoraca <s.mesoraca16@gmail.com>
nmcli: add runner_fast_rate option (#6148)
* add runner_fast_rate option
* unset default value for runner_fast_rate parameter
* add some commas
* Remove default in copy of argspec.
Co-authored-by: Sam Potekhin <eax24@ya.ru>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Sam Potekhin <eax24@ya.ru>
(cherry picked from commit d4f272ba52)
Co-authored-by: Alex Groshev <38885591+haddystuff@users.noreply.github.com>
pipx: Allow injected modules to add apps (#6198)
* pipx: Allow injected modules to add apps
Add support for pipx inject's "--include-apps" parameter.
* add changelog fragment
* fix pipx test ("install_apps", not "include_apps")
* fix pipx test -- add a second invocation for install_apps
* Update changelogs/fragments/6198-pipx-inject-install-apps.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/pipx.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 6fa833feed)
Co-authored-by: Paul Aurich <paul@darkrain42.org>
Add Gitlab group runners support (#3935)
(cherry picked from commit f3be0076af)
Co-authored-by: Léo GATELLIER <26511053+lgatellier@users.noreply.github.com>
redhat_subscription: require credentials only when needed (#5664)
The module currently has a static 'required_if' statement for its
parameters that forces any of 'username' or 'activationkey' or 'token'
in case state=present; while this is generally a good idea, it can be
an extra requirements in some cases. In particular, if the system is
already registered, there is no need for credentials -- some of the
operations of the module, such as manipulating pools, can be done
perfectly without credentials.
Hence:
- change the static 'required_if' to require credentials only when
forcing the registration
- check for credentials manually when a registration is needed, i.e.
on an unregistered system; the fail message is the same as the one
shown by 'required_if'
Adapt the tests to this new situation:
- test_without_required_parameters now needs to mock an unregistered
system
- add a new version of test_without_required_parameters to test an
already registered system
- add a simple test case for only state=present usable on an already
registered system
- remove the credentials from a test case for pool attachment that
mocks an already registered system
(cherry picked from commit bbd68e26a2)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
rhsm modules: cleanly fail when not run as root (#6211)
subscription-manager on RHEL installs a symlink in /usr/bin to
console-helper (part of usermode), which triggers an interactive prompt
for root credentials when run as user. It seems that console-helper
does not handle well non-interactive contexts (e.g. without a TTY for
input), and thus it will hang waiting for input when run as user in an
Ansible task.
Since subscription-manager requires root already anyway (and it will
fail when explicitly run as user), then apply the same logic locally on
all the modules that interact with it: redhat_subscription,
rhsm_release, and rhsm_repository.
(cherry picked from commit 9f67cbbe36)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
redhat_subscription: use D-Bus for registration if possible (#6122)
subscription-manager currently does not have a way to get credentials
(username, password, activation keys, organization ID) in a secure way:
the existing command line parameters can be easily spotted when running
a process listing while 'subscription-manager register' runs.
There is a D-Bus service, which is used by e.g. cockpit and Anaconda to
interface with RHSM (at least for registration and common queries).
Try to perform the registration using D-Bus, in a way very similar to
the work done in convert2rhel [1] (with my help):
- try to do a simple signal test to check whether the system bus works;
inspired by the login in the dconf module
- pass most of the options as registration options; for the few that are
not part of the registration, execute 'subscription-manager' manually
- add quirks for differently working (or not) registration options for
the D-Bus Register*() methods depending on the version of RHEL
- 'subscription-manager register' is used only in case the signal test
is not working; silent fallback in case of D-Bus errors during the
registration is not done on purpose to avoid silent fallback to a less
secure registration
[1] https://github.com/oamg/convert2rhel/pull/540/
(cherry picked from commit e939cd07ef)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
Mark monit integration tests as unstable (#6175)
Mark monit integration tests as unstable.
(cherry picked from commit 1ddcdc63ff)
Co-authored-by: Felix Fontein <felix@fontein.de>
More true/false normalization (#6152)
* More true/false normalization.
* Boolean do not need explicit choices.
* One more.
* Fix type argument.
(cherry picked from commit 11c7611ced)
Co-authored-by: Felix Fontein <felix@fontein.de>
dconf: Check for changes properly despite style of quotes used by user (#6049)
dconf: parse GVariant values to check for equality whenever possible
Direct string comparisons are an inaccurate way to compare two
GVariant representations. For example, 'foo' and "foo" (including the
quote marks, which are part of the representation) are equal GVariants
but if you just do a string compare (remember, including the quotes)
they'll be interpreted.
We therefore want to use the `gi.repository` Python library to parse
GVariant representations before comparing them whenever possible.
However, we don't want to assume that this library will always be
available or require it for Ansible to function, so we use a straight
string comparison as a fallback when the library isn't available. This
may result in some false positives, i.e., Ansible thinking a value is
changing when it actually isn't, but will not result in incorrect
values being written into `dconf`.
Co-authored-by: Jonathan Kamens <jik@jik5.kamens.us>
(cherry picked from commit 627371e2d8)
Co-authored-by: Jonathan Kamens <jik@kamens.us>
nmcli: fixed inability to change mtu on vlan connection (#6104)
* tests updated
Co-authored-by: Sam Potekhin <heaveaxy@gmail.com>
(cherry picked from commit 2dee3464dd)
Co-authored-by: Sam Potekhin <24751685+heaveaxy@users.noreply.github.com>
Fix Yarn global not working without explicit executable path (#6138)
* Fix Yarn global not working without explicit executable path
* changelog fragment
* fix formatting and add test
* oops
(cherry picked from commit 3d67f51824)
Co-authored-by: Sargun Vohra <sargun.vohra@gmail.com>
add persistent option for modprobe (#5424)
* add persistent option for modprobe
* add suggested changes + fix broken test
* change modprobe module path in tests due to rebase
* change persistent option type from bool to str with choices
* fix unused import
* add example with persistent option
* fix some minor issues after review
- move regexps compiling to __init__
- move AnsibleModule to build_module function and use this function in tests instead of AnsibleModule
- fix terminlogy issue in documentation
* fix unused-import
(cherry picked from commit 29f5033737)
Co-authored-by: Alex Groshev <38885591+haddystuff@users.noreply.github.com>
sefcontext: add support for path substitutions (#5830)
* sefcontext: add path substitution support (#1193)
First commit for feedback, missing docs and tests.
* sefcontext: add documentation
* Add changelog fragment
* Documentation formatting
* Delete extra newline
* pep8 fixes
Fix indentation
* Add version_added to arg docs
* Add examples
* Don't delete non-matching path substitutions
* Add integration tests
* Delete only substitutions if such arg passed
Don't delete existing regular file context mappings if deletion of
a path substitution was requested with the presence of the
`equal` arg - delete only path substitutions in such case.
Path substitutions and regular mappings may overlap.
* Can only add args in minor releases
:(
* Cleanup before tests
* Fix deletion using substitution
Was comparing wrong var.
* Fix test checking wrong var
* Improve args documentation and examples
List the default values for selevel, seuser.
Add example for deleting path substitutions only.
* Add attributes documentation block
Not sure if should add become/delegate/async,
shouldn't those work just like that without any
specific code added for them?
* and fix indentation on attribute block
* Consistent indentation for attributes
Confusing, most plugins indent with 4 spaces.
But some use 2 like the rest of the code, so use 2.
* Add missing ref for attribute block
* Use correct c.g version in doc block
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add full stop to changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Streamline documentation
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Support limiting deletion to setype
Deleting file context mappings may be limited by
passing setype or equal, if neither arg is passed
then delete either setype/equal mappings that match.
* Change arg name, diff mode output fix
Change arg name from equal to substitute.
Print target = subsitute in diff mode same way as
semanage does.
Also put back platform attribute, try to improve
clumsy language in the substitute arg docs.
* Delete even if arg setype not match existing
Test 5 indicates that deletion is supposed to not check that
the arg setype passed when deleting matches the setype
of the mapping to delete.
Delete any mapping that matches target, regardless of
setype arg value.
* Update arg name in tests
* Too eager replacing
Accidentally replaced seobject function names so fix them back
* 4564: Fix invalid setype in doc example
Change from httpd_git_rw_content_t which
does not exist to httpd_sys_rw_content_t
Fixes#4564
* Fix documentation attributes
Additional fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update version_added in docs
Bumping minor to 6.4.0 since it didn't make 6.3.0.
* Add more description to the new arg docs
Try to improve discoverability of the new feature and make it easier to understand without deep SELinux understanding.
* Update platform to Linux in documentation
* Add equal as alias for the new argument
Improve discoverability of the new feature by adding an alias to the new module argument. The argument name "equal" will be easy to find for users who are not familiar with SELinux and who just try to match to the CLI tool `semanage`.
* And add alias argument properly
Previous commit missed actually adding the alias (added to docs only).
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
(cherry picked from commit c8a2ac3a47)
Co-authored-by: bluikko <14869000+bluikko@users.noreply.github.com>
keycloak_group: support keycloak subgroups (#5814)
* feat(module/keycloak_group): add support for ...
... handling subgroups
* added changelog fragment and fixing sanity ...
... test issues
* more sanity fixes
* fix missing version and review issues
* added missing licence header
* fix docu
* fix line beeing too long
* replaced suboptimal string type prefixing ...
... with better subdict based approach
* fix sanity issues
* more sanity fixing
* fixed more review issues
* fix argument list too long
* why is it failing? something wrong with the docu?
* is it this line then?
* undid group attribute removing, it does not ...
... belong into this PR
* fix version_added for parents parameter
---------
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
(cherry picked from commit 7d3e6d1bb7)
Co-authored-by: morco <thegreatwiper@web.de>
Consolidate onepassword unit tests so that ansible-test will find them when the plugin is modified (#6075)
Consolidate onepassword unit tests so that ansible-test will find them when the plugin is modified.
(cherry picked from commit de1f0ff419)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Run tests with EOL ansible-core versions in GHA (#6044)
Run tests with EOL ansible-core versions in GHA.
(cherry picked from commit b72b7d4936)
* Re-schedule cron.
yarn: Fix state=latest not working with global=true (#5829)
* Yarn module: fix state=latest not working with global=true
* fix whitespace
* add changelog fragment
* add integration test cases
* add only tests for this PR (install+upgrade)
* fix assuming default global dir
* fix list() not working when global=true and name a package with no binary
* remove ignores
* whitespace
* Update changelogs/fragments/5829-fix-yarn-global.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/5829-fix-yarn-global.yml
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
(cherry picked from commit 4c4ef80ca9)
Co-authored-by: Sargun Vohra <sargun.vohra@gmail.com>
Remove unnecessary test imports (#5978)
Remove unnecessary test imports.
(cherry picked from commit 9f87989e7f)
Co-authored-by: Felix Fontein <felix@fontein.de>
OpenNebula/one_vm implement the one.vm.updateconf API call (#5812)
* opennebula: Add template manipulation helpers
* one_vm: Use 'updateconf' API call to modify running VMs
* one_vm: Emulate 'updateconf' API call for newly created VMs
* opennebula/one_vm: Satisfy linter checks
* opennebula/one_vm: Apply suggestions from code review
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* opennebula/one_vm: Drop 'extend' function, use 'dict_merge' instead
* Add changelog fragment
* one_vm: Refactor 'parse_updateconf' function
* opennebula/one_vm: Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* one_vm: Allow for using updateconf in all scenarios
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 8818a6f242)
Co-authored-by: Michal Opala <mopala@opennebula.io>
Add support to Bitwarden Lookup for filtering results by collection (#5849) (#5851)
* Add support to Bitwarden Lookup for filtering results by collection id (#5849)
* Debug
* Add support to Bitwarden Lookup for filtering results by collection id (#5849)
* Update comments
* Fix blank line issue
* Fix unit tests for bitwarden lookup plugin. Add changelog fragment file.
* Change collectionId to collection_id parameter on bitwarden plugin
* Fix collection id parameter name when used in bw cli
(cherry picked from commit 7b8b73f17f)
Co-authored-by: Piotr <skc.peter@gmail.com>
stormssh tests: do not install newer cryptography (#5868)
Do not install newer cryptography.
ci_complete
(cherry picked from commit 098912c229)
Co-authored-by: Felix Fontein <felix@fontein.de>
Clarify Error message when bitwarden vault not unlocked (#5811)
* Clarify Error message when vault not unlocked
You can be logged into the Bitwarden-CLI, but it can still be locked. This took me several hours to debug, since every time I ran 'bw login' it told me, that I am already logged in.
If you run 'bw unlock' without being logged in, you are prompted to log in.
This clarifies the Error occurring and can drastically reduce debugging time, since you don't have to look into the source code to get an understanding of whats wrong.
* RM: negation
Nobody needs negation
* Update function name
* FIX: tests
* ADD: changelog
* Update changelogs/fragments/5811-clarify-bitwarden-error.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit bf117c839c)
Co-authored-by: Christoph <29735603+Chr1s70ph@users.noreply.github.com>
bugfixing keycloak user federation failing when updating default mapper simultaneously (#5750)
* fix(modules/keycloak_user_federation): fixes ...
... user federation creation failing when also updating/changing default
mappers at the same time
* add changelog fragment for pr
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
(cherry picked from commit 6781dd1918)
Co-authored-by: morco <thegreatwiper@web.de>
Bugfix/keycloak userfed idempotency (#5732)
* fix(modules/keycloak_user_federation): fixes ...
... federation read call not finding already existing federations
properly because of bad parametrisation
* fix(modules/keycloak_user_federation): added ...
... new integration test for module idempotency bugfix
* added changelog fragment for pr
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
(cherry picked from commit 0ca41dedce)
Co-authored-by: morco <thegreatwiper@web.de>
Remote management modules for OCAPI-based devices. (#5754)
* Remote management modules for OCAPI-based devices.
Open Composable API (OCAPI) is a REST-based API designed for data center composability. For more information, see https://www.opencompute.org/documents/open-composable-api-for-ocp-2019-06-24-pdf
This PR introduces ocapi_command and ocapi_info modules. These are based on the existing redfish_command and redfish_info modules and follow similar patterns. This initial implementation includes support for the folowing operations:
- Indicator LED toggling
- Power state toggling
- Enclosure reset (reboot)
- Firmware upload
- Firmware update
- Firmware activate
- Job deletion
- Job status
These modules have been tested against Western Digital OpenFlex(tm) Data24 storage enclosures. API reference is at https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/product/platforms/openflex/reference-architecture-open-composable-api.pdf
* Fix licensing issue for ocapi_utils.py
* PR Feedback
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/ocapi_utils.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/ocapi_info.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* PR Feedback
Use six module for urlparse
* Apply suggestions from code review
Documentation fixes.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix sanity test line too long error.
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 59a9d34250)
Co-authored-by: Mike Moerk <michael.moerk@wdc.com>