* Fix win_nssm credentials quoting
Fix credential quoting for win_nssm after changes to the way nssm command is invoked in Ansible 2.7.1.
* Updating nssm command to update credentials to use Argv-ToString to properly escape password variable.
* Adding changelog fragment for fix of #48728.
dzdo is basically a drop-in replacement for sudo and supports the same
command line options.
There is no become_flags set for dzdo like there is for sudo, so users
will have to set that separately to have exactly the same functionality.
* Create python3and2
Adding tests to see if dnf still works when python-2 and python-3 are installed.
* Update main.yml
Include the tests that run on python 2 and python 3, based on the package manager.
* Update dnf.py
Use python3-dnf by default, otherwise python2-dnf.
* Rename python3and2 to python3and2.yml
Rename.
* Add error message for k=v and YAML in a single task
Find the correct line, column, and position for k=v errors since they are different than the position reported initially.
Document bug in quoting syntax check.
* Change tense or error message
Since the error still exists, switch to present tense rather than past tense.
* Remove double spaces after periods in error messages.
http://www.slate.com/articles/technology/technology/2011/01/space_invaders.html
* Add changelog fragment
* Add tests for new error message
* Fix tests
* Add clarifying comments to unit test
* VMware: Fix module usages in module_utils
* Skip test for Python 2.6 as SSL context is not available in Python 2.6
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Implement test case prefix to filter test cases
* Cut line to not exceed 160 chars
* Replace tabs with spaces
* Add version_added field
* Include changelog file
The config parser on NX-OS does not deal with configs that do not end
with a linefeed correctly which leads to various issues when the config
is loaded from startup-config upon reboot. Therefore, ensure that the
config returned is terminated by a linefeed.
* Support for pids_limit parameter in docker_container module
This add pids_limit parameter support in docker_container module
Fixes#43337
Signed-off-by: Akshay <akshay@localhost.localdomain>
* Add changelog for pids_limit parameter
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* Remove unnecessary lines of code
The map is needed if the names are different.
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* Update pids_limit option tests
It also run for docker-py < 1.10.0
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* add redshift_cross_region_snapshots module, unit tests.
* fix errors
* use ec2_argument_spec as the basis for the argument spec. fixed
metadata_version
* follow best practices by naming example tasks.
* code review changes
* fix linting errors
* Update version added
* Only one exit point.
* Refactoring account handling.
* Add diff support for acme_account.
* Insert public_account_key into acme_account_facts result and into acme_account diff.
* Add changelog.
* add new options for na_ontap_aggregate
* add gpl line
* remove dup option
* Put files in wrong directory
* change unit test to match the request from PR 48941
* Changed for review comments
* pep8
* Add WTI OOB and PDU Device status, control and configuration module
* removed accidental file inclusions
* removed accidental file
* remove unneeded legacy files
* Added the new module cpm_plugcontrol to control the plugs on WTI Power devices
* Add Windows example of raw command
Perform shutdown of Windows OS using Microsoft.PowerShell.Management module
* Capitalized cmdlet, remove quotes and improve description
This commit also cleans up some of the description sections.
* Use another example as suggested by jborean93
I was happy to merge this before I noticed jborean93 objected to the example :-/
* Fix whitespace issue
This change address a problem where the dict_merge function would fail
due to the value being a nested dict. This will now recursively pass
the value back through the dict_merge function.
os_server was trying to access `[sg.name for sg in
server.security_groups]`, but the items in `server.security_groups`
are dictionaries, so that should be `sg['name']`.
* lib/ansible/modules/identity/ipa/ipa_user.py:
- Check any existing `ipa_user` SSH public key fingerprints for the hash algorithm to use
- Generate `module_user` SSH public key fingerprint based on detected or default algorithm
* Pluribus Networks pn access list module
* Added shlex import which was missing and added correct author
* Added an extra space which is according to pep8
* templar: ensure that exceptions are handled
* Fix AttributeError: object has no attribute 'message'
'message' attribute is deprecated since Python 2.6 and not available
with Python 3.
Simple reproducer:
- hosts: localhost
vars:
not_json: "{{ 'test str' | from_json }}"
tasks:
- command: "echo {{ not_json }}"
* ignore empty lines in rabbitmqctl output
this fixes a bug with rabbitmq 3.7.5
rabbitmqctl can return empty lines, breaking the rabbitmq_parameter module
especially in a new vhost, the command rabbitmqctl list_parameters -q -p <vhost> will return an empty line
* Strip empty line in rabbitmqctl output
* Fix iosxr netconf plugin response namespace
* iosxr netconf plugin removes namespace by default
for all the responses as parsing of xml is easier
without namepsace in iosxr module. However to validate
the response received from device against yang model requires
namespace to be present in resposne.
* Add a parameter in iosxr netconf plugin to control if namespace
should be removed from response or not.
* Fix CI issues
* Fix review comment
* nxos_interface vlan and port-channel idempotence fix for mtu
* Fix MTU reconfiguration at each execution
* nxos_interface port-channel idempotence fix for mode (#44248)
* Fix trunk mode idempotence for port-channel
* Gather ethernet and port-channel code for mode management
* nxos_linkagg port-channel idempotence fix for channel-group's mode
The regex to retrieve channel-group's mode is not enough accurate.
Therefore, the swhitchport mode was matched instead of the
channel-group's mode.
* This fix add accuracy to match the right configuration command
* Add support for switchport mode dot1q-tunnel in nxos_interface
* Fix layer reconfiguration at each execution
* require git when trying to use it in ansible-galaxy cli
Previously we weren't setting `required=True` when calling
`get_bin_path` and the path would return `None`, this would cause
a traceback when attempting to ' '.join() to create a string
representation of the failed command for error output
Fixes#49200
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog
Signed-off-by: Adam Miller <admiller@redhat.com>
* Changes to redfish-based parameters
Corrected (potentially) small scope variable to 'id'
Review to see if this is problematic
* Updated doc information with "version_added"
* Corrected 'username' in redfish_config file
- The role name and instance profile name _can_ be different
- Change the delimiter to `:` for keys that are discovered through the JSON parsing (which is not a valid delimiter for AWS IAM role names), this delimiter is still converted to underscore
- Now checks for the existence of that delimiter to remove the cases where the JSON keys are appended to the role name to find the role name
Different connection plugins return different data when throwing exceptions. The Paramiko connection plugin does not return a text sting, which caused an exception.
The ssh connection plugin returns multi-line errors, which makes the debug logs harder to read. Only return the last line in that case in order to make the logs more readable.
When experiencing a connection failure, reset the connection.
Add reset() to paramiko_ssh
Indicate thet conection state is False when running close(). This is needed by the ensure_connected() decorator to work properly.
Co-authored-by: Matt Martz <matt@sivel.net>
* test for openstack inventory constructed functionality
this adds unit tests for the compose, groups, and keyed_var features
of the openstack inventory plugin
* fix constructed functionality in openstack inventory plugin
The compose, groups, and keyed_groups functionality of the openstack
inventory plugin was broken:
- the plugin was not passing the correct variables to the
Constructable methods for compose and groups
- the plugin was simply never calling the appropriate method for
implementing keyed_groups
This commit fixes both issues.
Network platforms that don't have cliconf plugin will fail when
sending rpc calls for the reset_history and disable_response_logging
functions because those are defined in cliconf exclusively at this
time.
This patch adds checks for those attributes before making the call
* Don't check options for idempotency which are not supported.
This check should be superfluous if every option would adhere to
the convention that options not specified should have value None.
Unfortunately, some options (such as init) which correspond to
container properties have an explicit default set.
Path and Port are mutually exclusive parameters but not documented.
This fix documents this requirement.
Fixes: #15732
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Added win_partition module
* Fixes sanity tests
* Requested changes minus changes in partition_size
* Removed trailing whitespace and fixed docstring
* Changes to parititon_size to allow variable units
* Stricter regex for partition_size
* Updated help to list all features
just to avoid searching powershell syntax Get-WindowsFeature
+label: docsite_pr
* added Linebreak
added Linebreak
* removed trailing whitespace
removed trailing whitespace
* slight modification of text
* Support UpdateService forceNewDeployment in ecs_service module
* Force update to be called if force_new_deployment set
* Fixes for review
* Add force_new_deployment option to ecs_service.py
cherrypicks changes from via/ansible
Adds tests for pull request #42518
fixes backwards compatability with boto<1.8.4
* change version_added to 2.8 for force_new_deployment
* remove extra lines from test
* remove more unnecessary whitespace
* Update docs with rhsm note
redhat_subscription is the module for handling registration of modern Red Hat systems. This commit adds a note indicating that unless people are using RHEL 5 etc, they probably want that module instead.
+label: docsite_pr
* Make redhat_subscription a link to the module docs
* Added feature health_check_grace_period_seconds to ecs_service, this time with a botocore version check and some initial testing
* Only set health_check_grace_period_seconds when loadbalancers are defined
* Removed leftover commas and fix in test
* Removed blank line
* Minor improvements for ecs_service module
* Removed default (30) for health_check_grace_period_seconds param
* Changed botocore version allowed to 1.8.20 for health check param.
* Fix empty healthcheck failure
* nxos_facts: Remove dead code
The commit e51964e made this redundant as the structured case is handled
elsewhere.
* nxos_facts: Do not gather neighbors redundantly
LLDP reports the neighbor using the abbreviated interface name, whereas
CDP reports the neighbor using the full interface name. Normalize the
local interface name in the LLDP case, so there is no redundant
information. Due to the order of the gathering, CDP neighbors are saved
in case both LLDP and CDP data is available on a certain interface.
Releases can be listed without logging in for public projects, so allow
`github_release` to be called without `token` or `password`.
Signed-off-by: Benoît Knecht <benoit.knecht@fsfe.org>
* Fixes#38174: Add remove-brick operation for gluster_volume
Existing gluster_volume module does not support removal of bricks
from a gluster volume. Also, operation remove-brick needs to be
followed by a commit operation.
Signed-off-by: Devyani Kota <dkota@redhat.com>
* Updates #38174: Add documentation for remove-brick operation
Signed-off-by: Devyani Kota <dkota@redhat.com>
* Updates #38174: Add support to reduce cluster configuration.
An exceptional scenario exists where the user might want to
reduce the gluster cluster configuration for replicated
volumes from replica 3 to replica 2 that need to be handled
in a different manner than the generic gluster commands,
where the user is expected to mention the replica count
of the new configuration in order to remove the bricks.
Signed-off-by: Devyani Kota <dkota@redhat.com>
* Updates #38174: Add checks for self-heal status prior remove operation.
While reducing the cluster configuration from replica 3
to 2, it needs to be checked for status of self-heal
prior remove-brick operation is executed.
Signed-off-by: Devyani Kota <dkota@redhat.com>
* Add append_hash functionality to k8s module
append_hash adds a hash based on the contents of a ConfigMap
or Secret to the name - this enables immutable ConfigMaps and
Secrets.
* Provide k8s_config_resource_name plugin
The k8s_config_resource_name filter plugin provides a means of determining
the name of ConfigMaps and Secrets created with append_hash
* Add changelog fragment
* fix failing tests
* Update openshift version needed for append_hash
* autostart cannot be used with command=define
autostart cannot be used with command=define. If it's used with state, it'll be silently ignored.
https://github.com/ansible/ansible/issues/41592
* guest name should not be used with xml
When both ```name``` and ```xml``` are specified, there might be a mismatch of domain names in
```name``` and inside ```xml```.
* Improved error handling and param deps for autostart-only tasks.
Standalone autostart tasks depend on ```name``` and need the domain to be present.
* Added handling of errors thrown by libvirt
* Updates to documentstion and examples
* Removed required flag from name. Added description on some option combinations.
Added a few examples.
* lint issues
* docs: note that name is optional
* Removing required from documentation of name parameter
* extra text to make clearer when name is required
* When defining a domain with xml, its name is taken directly from the xml definition.
This reverts commit 4ac14a622b38438d1385586683a9275e5905254a.
* win_mapped_drive - refactor module and docs
* Updated code to work with become and split tokens
* use win_credential_manager instead of cmdkey
* updated credential manager module name
* harden the system token impersonation process
* win_credential_manager: new module to manage credentials
* fix sanity issues and removed CredSSP references
* renamed module to win_credential
* fix typo on test variable
* fix sanity ignore line
* win_snmp: Initial commit
* win_snmp: Better handling of lists
* win_snmp: Documentation fixes
* win_snmp: Updated documentation to match parameters
* win_snmp: Added integration tests
* win_snmp: Fixed typo in test
* win_snmp: Adjusted parameter checks to match documentation
* win_snmp: Updated option descriptions to be full sentences
* win_snmp: Better type checking and output suppression
* win_snmp: Fixed unset managers and communities
* win_snmp: Fixed skipping default registry keys
* win_snmp: Migrated to using add/set/remove action from replace
* win_snmp: Fixed check mode
* win_snmp: Fixed setting action and documentation. Expanded tests.
* win_snmp: Efficiency changes and documentation cleanup
* Added example of explicitly setting an empty set of managers to
documentation
* Made sure set will only remove items if there is a list of items
provided. This list can be of length 0
* Improved efficiency in selecting next index for SNMP manager
* Updated tests
* win_snmp: Added output of permitted managers and community strings
* win_snmp: Documentation fix
* Initial Commit
* Initial Commit
* Initial Commit
* Fixing syntax errors
* After running sanity tests, fixed pylint and pep8 errors
* After running sanity tests, fixed pylint and pep8 errors
* Fixing more syntax issues
* Fixing more syntax issues
* Adding username to doc block
* PR candidate
* PR candidate
* fixed pep8 and docs issues
* fixed 2.6 function issues
* fixed 2.6 function issues part duex
* Initial commit for security profile group module
* Adding better playbook example to module
* Adding another commit to test shippable tests
* Fixing shippable errors, pep8 in unit test file and doc block problem in main module
* Fixing documentation module error
* Fixing pep8 line too long in unit test
* Fixing utility function with nested dictionaries
* Fixing utility function with pep8 issue
* Adding change to allow for multiple list of dictionaries to be submitted via a single playbook
* Fixing review changes
* Adding @ in author names per @Gundalow's request per Ansible's guidelines
* Initial Commit
* Initial Commit
* Initial Commit
* Fixing syntax errors
* After running sanity tests, fixed pylint and pep8 errors
* After running sanity tests, fixed pylint and pep8 errors
* Fixing more syntax issues
* Fixing more syntax issues
* Adding username to doc block
* PR candidate
* PR candidate
* fixed pep8 and docs issues
* fixed 2.6 function issues
* fixed 2.6 function issues part duex
* Initial commit for security profile group module
* Adding better playbook example to module
* Initial commit for FMG DNS security profile
* Fixing pep8 line too long in unit test
* Removing excess modules and unit tests
* Fixing trailing white space for dns module
* Fixing utility function with nested dictionaries
* Fixing utility function with pep8 issue
* Adding change to allow for multiple list of dictionaries to be submitted via a single playbook
* Fixing review changes
* Adding @ in author names per @Gundalow's request per Ansible's guidelines
* Needs unit test fix -- the "delete" calls a GET command and another function to get policy ID of a firewall policy before deleting it. Nested functions like this, where a GET occurs to determine a new call, breaks the unitTestGen output. Need to figure out what's going on, and adjust the generator.
* PR Candidate
* PR Candidate (fixes)
* Reverting
* Fixing Edits.
* Fixing Authors - Fixing Requested Changes
* Initial Commit
* Initial Commit
* Initial Commit
* Fixing syntax errors
* After running sanity tests, fixed pylint and pep8 errors
* After running sanity tests, fixed pylint and pep8 errors
* Fixing more syntax issues
* Fixing more syntax issues
* Adding username to doc block
* PR candidate
* PR candidate
* fixed pep8 and docs issues
* fixed 2.6 function issues
* fixed 2.6 function issues part duex
* Initial commit for security profile group module
* Adding better playbook example to module
* Adding another commit to test shippable tests
* Fixing shippable errors, pep8 in unit test file and doc block problem in main module
* Fixing documentation module error
* Fixing pep8 line too long in unit test
* Fixing utility function with nested dictionaries
* Fixing utility function with pep8 issue
* Adding change to allow for multiple list of dictionaries to be submitted via a single playbook
* Initial commit for FMG Security Profile Web Application Firewall
* adding extra line at bottom for pep8 conditions
* Adding descriptions to documentation
* Fixing more pep8 issues
* New commit for new PR
* Removing todo in documentation
* Changing module name in documentation to match actual module name
* Fixing yaml syntax for long choices list
* Fixing yaml syntax for long choices list
* Fixing review changes
* Adding @ in author names per @Gundalow's request per Ansible's guidelines
* Initial Commit
* Initial Commit
* Initial Commit
* Fixing syntax errors
* After running sanity tests, fixed pylint and pep8 errors
* After running sanity tests, fixed pylint and pep8 errors
* Fixing more syntax issues
* Fixing more syntax issues
* Adding username to doc block
* PR candidate
* PR candidate
* fixed pep8 and docs issues
* fixed 2.6 function issues
* fixed 2.6 function issues part duex
* Initial commit for security profile group module
* Adding better playbook example to module
* Adding another commit to test shippable tests
* Fixing shippable errors, pep8 in unit test file and doc block problem in main module
* Fixing documentation module error
* Fixing pep8 line too long in unit test
* Fixing utility function with nested dictionaries
* Fixing utility function with pep8 issue
* Adding change to allow for multiple list of dictionaries to be submitted via a single playbook
* Initial commit for FMG Security Profile Web Application Firewall
* adding extra line at bottom for pep8 conditions
* Adding descriptions to documentation
* Fixing more pep8 issues
* New commit for new PR
* Removing todo in documentation
* Changing module name in documentation to match actual module name
* Fixing yaml syntax for long choices list
* Fixing yaml syntax for long choices list
* Initial commit for fmgr web filter security profile
* Fixing pep8 syntax issues
* Fixing documentation yaml syntax errors with choices on new lines
* Fixing documentation yaml syntax errors, removing Todo comments
* Fixing choices additional tab
* Fixing choices on multiple lines
* Fixing choices on multiple lines
* Adding yaml block scalar for multiline choices
* Changing YAML syntax for multiline to YAML sequence for choices
* Fixing all sanity test errors
* Fixing review changes
* Adding @ in author names per @Gundalow's request per Ansible's guidelines
* Initial Commit
* Initial Commit
* Initial Commit
* Fixing syntax errors
* After running sanity tests, fixed pylint and pep8 errors
* After running sanity tests, fixed pylint and pep8 errors
* Fixing more syntax issues
* Fixing more syntax issues
* Adding username to doc block
* PR candidate
* PR candidate
* fixed pep8 and docs issues
* fixed 2.6 function issues
* fixed 2.6 function issues part duex
* Initial commit for security profile group module
* Adding better playbook example to module
* Adding another commit to test shippable tests
* Fixing shippable errors, pep8 in unit test file and doc block problem in main module
* Fixing documentation module error
* Fixing pep8 line too long in unit test
* Fixing utility function with nested dictionaries
* Fixing utility function with pep8 issue
* Adding change to allow for multiple list of dictionaries to be submitted via a single playbook
* Initial commit for FMG Security Profile Web Application Firewall
* adding extra line at bottom for pep8 conditions
* Adding descriptions to documentation
* Fixing more pep8 issues
* New commit for new PR
* Removing todo in documentation
* Changing module name in documentation to match actual module name
* Fixing yaml syntax for long choices list
* Fixing yaml syntax for long choices list
* Initial commit for fmgr web filter security profile
* Initial commit for SSL and SSH security profiles in FMG
* Fixing pep8 syntax issues
* Adding better playbook example
* Fixing review changes
* Adding @ in author names per @Gundalow's request per Ansible's guidelines
AWS uses rule type, protocol, port range, and source as an idempotent identifier.
There can only be one rule with that unique combination. Rules that differ only by description are allowed but overwritten by AWS.
Add a test
Co-authored-by: Will Thames <will@thames.id.au>
* Make wait_for return matched groups defined in search_regex. Closes#25020.
* Fix formatting issues.
* Fix issues raised in review.
- Use output_dir instead of hardcoded /tmp for temp files
- Sleep for only 3s instead of 10s
- Revert indent change
Handle exception in while querying hostzone details, for example
'NoSuchHostedZone' is raised when host zone id does not exists.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Add some extra information to an async failure message to reflect the
actually timeout value of the failure.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
* ucs_disk_group_policy module and integration tests
* Additional refactor based on review in other modules.
* Fix issue with automatic config and add virtual_drive config.
Integration tests added for automatic config and virtual_drive config.
* Code review updates (documentation items)
* update version added to 2.8
When there are spaces in command args passed as a list,
then run_command and underlying subprocess fails.
This can be overcome by passing command as string rather than list.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Use expect module to copy files
* Remove old and redundant upgrade files
* Return error message instead of code
* Cleanup copy command code
* Fix force issue in nxos_install_os
* new nxos_install_os integration tests
* Uncomment transport tests
* Revert negative test change
* Remove combined option that is no longer required
* Make shippable happy
* Add n5k test files
* Added support for L2 external domain association (l2dom).
Added support for L2 external domain association (l2dom).
* Update lib/ansible/modules/network/aci/aci_epg_to_domain.py
* Fix a few small items, restore earlier changes
Performed the necessary updates to fix this PR.
* Fix spaces
* One more miss
The 'gpg' command supports the '--no-tty' option, which disables any use
of a TTY during its execution. This parameter is sometimes required for
non-interactive operation to avoid any questions for the user.
The 'apt-key adv' command can pass additional parameters to the
underlying 'gpg' command. This patch adds the '--no-tty' option to avoid
issues with APT key imports when Ansible pipelining active, which
disables the use of a dedicated TTY.
* Check minimal API and docker-py versions for all docker_* tests.
* Improve docker_swarm creation/destruction for tests.
* Fail when conditions aren't met.
* Don't hardcode address for advertise_addr.
* Add difference tracking tool
* Improve --diff mode for docker_container.
* Improve diffs of sets by ordering the sets.
* Rewrite imports, get rid of HAS_DOCKER_PY_x variables and use docker_version instead.
* Rename container -> active (more generic).
* Add --diff for docker_volume. Change old diff output.
* Add --diff for docker_network. Change old diff output.
* Add --diff for docker_swarm_service.
* Add changelog.
* Add entry for porting guide on docker_network and docker_volume.
* XenServer related modules - initial commit
- New module_util: xenserver. Contains common module arguments, functions
and classes useful for future XenServer related modules.
- New module_docs_fragment: xenserver. Describes common module arguments.
- New module: xenserver_guest. Supports VM deployment, reconfiguration,
removal, detection of changes, state management, fact gathering and
Ansible check mode. Module is fully documented.
- Updated: developing_module_utilities.rst.
- Module params, workflow and some functions are based on or taken from
vmware_guest module.
* Implemented support for configuring custom VM params in xenserver_guest module
* Compatibility fixes and documentation update
- xenserver module_util: implemented support for XenAPI.py version older
than 7.2.
- xenserver module_util: PEP8 fixes.
- xenserver module_util: Added missing imports.
- xenserver module_util: Copyright notice fixes.
- xenserver_guest module: updated module documentation with notes regarding
module requirements and compatibility.
- xenserver_guest module: bumped version_added to 2.7.
- xenserver_guest module: minor fixes.
* VM power state management refactoring, subargument specs in xenserver_guest module, other fixes
- VM power state management code moved from xenserver_guest module to xenserver
module_util (set_vm_power_state function).
- Code for waiting for VM IP address moved from xenserver_guest module to
xenserver module_util (wait_for_vm_ip_address function).
- xenserver module_util: implemented get_object_ref function to clean up
a lot of repeated code in xenserver_guest module.
- xenserver module_util: added additional aliases 'host' and 'pool' for
'hostname' common module argument. They are more in line with what
XenServer users are familiar with.
- xenserver module_util: minor fixes.
- xenserver_guest module: removed VM state management other than 'present',
'absent' and 'poweredon'. Other states are to be managed by separate module.
- xenserver_guest module: added subargument specs and cleaned up custom code
for subargument validation.
- xenserver_guest module: reorganized code for disk and network reconfiguation
to minimize code duplication.
- xenserver_guest module: renamed 'cdrom.iso' module argument to
'cdrom.iso_name', avoids cryptic error message when parameter is
missing.
- xenserver_guest module: documentation update.
- xenserver_guest module: changes in error messages.
- xenserver_guest module: minor fixes.
* Implemented guest OS network parameter configuration and other
- xenserver module_util: moved code for validating MAC addresses from
xenserver_guest module and implemented a range of functions for validating
IP addresses and related entities and converting prefixes to netmasks and
vice versa.
- xenserver module_util: updated fact gathering code to support guest OS
network parameters.
- xenserver module_util: added docstrings.
- xenserver module_util: minor changes.
- xenserver_guest module: implemented support for guest OS network parameter
configuration.
- xenserver_guest module: changed CD-ROM handling code.
- xenserver_guest module: changed so that user friendly version of changes
list is always returned in module result.
- xenserver_guest module: error message changes.
- xenserver_guest module: added docstrings.
- xenserver_guest module: documentation update.
- xenserver_guest module: minor changes and fixes.
* Various fixes and code cleanup
- xenserver module_util: implemented get_xenserver_version function.
- xenserver module_util: moved customization agent detection code to
gather_vm_params function. customization_agent variable is now part of
vm_params. An exception in customization agent detection code that prevented
deployment of new VMs is also fixed.
- xenserver module_util: added support for alternative VM state names with
dash and underscore in set_power_state function.
- xenserver_guest module: removed customization agent detection code
as it is now implemented in xenserver module_util.
- xenserver_guest module: fixed a bug in xenserver_data update code that
occured when "networks.mac" was not specified in module params and
other fixes.
- xenserver_guest module: some code cleanup.
- xenserver_guest module: bumped version_added to 2.8.
* port win-say to use CSharpUtil AnsibleBasic and add warning when requested voice not found
* win_say: fixes following code review: use C# style properties consistently; prefix changelog fragments
* fix invalid yaml in change log fragment
* win_say: fixes following code review: use generic module parameter validation where possible
* remove redundant setting of Result.changed to false, simplified some logic for readability.
* fix serialisation issue when message text is drawn from a file; allows tests to be run not in check mode and fix up some test descriptions
* Add zabbix_map module
* Fix PEP8 complainments
* Fix dict comprehension incompatible with python 2.6
* Support Zabbix 3.4 API changes
* Fix documentation
* Minor fixes
* Move zabbix_map to zabbix namespace
* Fix compatibility issue with Zabbix >= 3.4
* Support maps and triggers as map elements
Add:
* extra_args
* update_cache_extra_args
* upgrade_extra_args
which add flexibility.
Deprecate `recurse` which is redundant with extra_args.
`force` is also redundant but is kept for module ergonomics.
* UCS managed objects module for direct control of any object and properties.
* Avoid checks for parent info or passwords in property compares
* Planned for 2.8
* try except for imports
* Provide Kubernetes resource validation to k8s module
Use kubernetes-validate to validate Kubernetes resource
definitions against the published schema
* Additional tests for kubernetes-validate
* Improve k8s error messages on exceptions
Parse the response body for the message rather than returning
a JSON blob
If we've validated and there are warnings, return those too - they
can be more helpful
```
"msg": "Failed to patch object: {\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},
\"status\":\"Failure\",\"message\":\"[pos 334]: json: decNum: got first char 'h'\",\"code\":500}\n",
```
vs
```
"msg": "Failed to patch object: [pos 334]: json: decNum: got first char 'h'\nresource
validation error at spec.replicas: 'hello' is not of type u'integer'",
```
* Update versions used
In particular openshift/origin:3.9.0
* Add changelog for k8s validate change
* FTD modules: bug fixes and upsert functionality
* Fix sanity checks
* Fix unit tests for Python 2.6
* Log status code for login/logout
* Use string formatting in logging
upgrade parameter is available only when command is one of the
following [ create, modify, replicate, restore ]
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* inventory now errors for invalid group/host names
also made yaml inventory slightly smarte
fixes#45493
* add some 'YAML protection' to ini plugin
* better msg
* avoid ranges as positive match
* pepe
* expand inherited instead of total override
* -Change: Include dependency role names in `role_names`.
-Add: `play_role_names` magic variable to include only explicitly named roles (formerly `role_names`).
-Add: `dependent_role_names` magic variable to include all dependency names for all roles.
* -Change: use the ansible_ prefix for new magic variables.
-Change: keep `role_names` as a deprecated variable, using the old functionality.
* -Add: changelog fragment for the role_names rework.
* -Add: Tests for the role_names (and ansible_*role_names) special variables
* -Fix: resolve erroneous documentation snippet that was introduced after rebasing.
* -Fix: explicitly sort to ensure list comparison works in test.
* Improve code structure
* Add author for module
* Now returns some values
* Update module's metadata
* Copy test case of rabbitmq_lookup
* Add test cases for rabbitmq_vhost_limits
* Minor fixes in documentation
* Fix module's return values
* Refactor module
* Improve test case
* Revise English in documentation
* Disable returning values because it's useless & unnecessary
* Work on failures: E261: match PEP8 styles
* Work on failures: E312: add RETURN section in documentation
From 4.6 version onwards, Kibana plugins are installed or removed using
'kibana-plugin' command. This fix updates module with respective syntax.
Fixes: #27722
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* RabbitMQ basic publisher
* Split out of a module_util. Preparing for binary posts.
* Can now send a file to the queue.
* Allowing an empty queue to be used so RabbitMQ returns a random queue.
* Added RETURN docstring.
* Updated and added tests. Now returns a dictionary with msg, content_type and queue published to.
* Extra tests and introduced a none url method of providing server host details.
* Added testing and errors for url/host parameters.
* Updating RETURN sample
* Added an image file for testing binary publishing.
* Minor changes to test.
* Added filename key/value to headers if a binary file is published.
* Adding ability to specify headers.
* Renaming to rabbitmq_publish
* Changed tests to reflect name, and, preparing for testing headers.
* Updated some documentation
* Minor pip install update
* Modifications after feedback.
* Updates based on feedback.
* Fixing pep8 issue.
* Updating module and module_util name to amqp.
* Reverting back to rabbitmq_publish naming.
* Minor addition to notes.
* Add module ses_rule_set for Amazon SES
* Update behaviours and naming to be consistent with other aws_ses_ modules.
* Add global lock around tests using active rule sets to prevent intermittent test failures.
* Fix deletion of rule sets so that we don't inactivate the active rule set
when force deleting an inactive rule set.
* make yum update_only option actually work
Fixes#40615
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix changlog fragment for sanity check
Signed-off-by: Adam Miller <admiller@redhat.com>
* only attempt an update when there are packages to update
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix logic to properly handle the precedent of operations
Signed-off-by: Adam Miller <admiller@redhat.com>
* remove q debug statements
Signed-off-by: Adam Miller <admiller@redhat.com>
* Fix tests: use same command if not testing command option.
* Fix idempotency of init option.
* Fix shm_size idempotency (it is included in inspect results from docker API version 1.22 on).
* Add changelog.
* add check mode support
* add assigned role to the output
* change output to match vmware_local_user_manager output
* change principal to user_name
* change full_name to user_description
* Code seems to have changed from 409 to 400, so let's not check the code.
* Unpause container before removing it.
* Improve code.
* Same for stop_container.
* win_shortcut: Rewrite using AnsibleModule
* Avoid using $args, fix issue
* Small review fixes, and use 'arguments' parameter
* Update doc with new alias version change
* clarify port.mode paramter requiremets, fail if unmet
* changelog fragment
* shorten too long line
* remove unnecessary indentation
* test version on docker_version for better maintainability
* normalize imports
* changelog fragment: minor_changes -> bugfixes
* rollback e96a7e57dfefd566fa47cf465a759637affd4795
* typo
Co-Authored-By: dariko <dariko@users.noreply.github.com>
* Updating argument_spec for docker_* modules.
* Adjust docker_network to work with new recursive argument_spec.
* Adjust device IO limits to recursive argument_spec.
* Improve test (test Ansible's cast from str to int).
* Adjust healthcheck options construction.
* Remove superfluous check.
* Make flake8 happy.
* Simplify comparison.
Device facts gets a time with a timezone back from the builddate.
Unfortunately, python cannot correctly parse timezones by default.
This hacks around the problem.
Have added some extra arguments to the postgresql_schema module to allow
configuring an SSL connection to the postgresql server. The arguments
and method used here for the connection are the same as used by the
postgresql_database module.
* support for iscsi vnics based on customer feature request
integration tests added for iscsi vnics and vnic state absent
* correct version_added for iscsi and vnic lists
* fix tagged implicit gathering
- None is not tHe default anymore, its an empty list
* Update changelogs/fragments/fix_taggged_gather.yml
Co-Authored-By: bcoca <bcoca@users.noreply.github.com>
* ebs_optimized is not suboption of 'network'
* Add Shaps as ec2_instance maintainer
* Added workaround-backward compatible check for ebs_optimized
* Added ebs_optimized test
* CI fixes, dynamic select of ENA-enabled AMI
* netbox_device module
* Add init.py to each directory
* Fixed a few of the shippable failed tests
* No need for import pynetbox in netbox_utils-removed, changed syntax for set
* A bit more cleanup
* Fixed the 'data' to have suboptions
* Fixed formatting for device_role
* Attempting to fix shippable errors
* Final testing and updated documentation
* Fixed return type and removed testing result files
* Updated some returns to be a list to keep 'meta' formatting consistent
* Updated module to standardize the meta return type
* Updated short_description and added David Gomez as author
* Updated short_description, added David Gomez as author, added module direcotry to BOTMETA.yml
* Updated data type to dict and removed JSON from netbox_utils
* Simplify logic and add FreeBSD & NetBSD
* Remove incorrect flag for lock and unlock on FreeBSD
* Add tests and changelog
Co-authored-by: Chris Gadd <gaddman@email.com>
PIP package names must be case insensitive, and must consider hyphens
and underscores to be equivalent
(https://www.python.org/dev/peps/pep-0426/#name), because of this the
module didn't work correctly in check mode. For example if the passed
package name had a different case or an underscore instead of a hyphen
(or the other way around) compared to the installed package, check mode
reported as changed, even though packages were installed. Now the module
ignores case and hyphens/underscores in package names, so check mode
works correctly.
IOS prepends a show running-config with lines that are not part of the
configuration, keeping the output from being an entirely valid configuration:
R1#show run
Building configuration...
Current configuration : 2045 bytes
...
In order to be able to use the config from ios_facts as-is, strip this
header.
* Always use /proc/sys/kernel/random/boot_id to confirm reboot on Linux
/proc/sys/kernel/random/boot_id is available since kernel 2.3.16 and
should be safe to rely on.
The previously used method by checking the system boot time using who -b
turned out to be unreliable: Some systems lacking an RTC report the Unix
epoch as boot time, but the code trying to detect that did't always
work.
Closes#46562
* Change DEFAULT_BOOT_TIME_COMMAND
- change to usinsg /proc by default
- add BOOT_TIME_COMMANDS for BSD, Solaris, and macOS
The PR adds new option "next_run" so that user can decide if the
configuration has to be applied on the VM immediately or it has
to be configured on next restart.
* Complie regular expressions for better performance
* Skip on empty lines
This fixes a bug where the previous repo would be inserted in the result twice since an empty line did not match any of the conditions that would exit the loop iteration.
The description of the `name` and `id` options are updated to highlight the fact that the `name` (which is required and leads to failures if several images exist with the same name) argument can also contain the image `id`.
+label: docsite_pr
* win_update: Add post search category matching to support product matching
* win_updates: Return categories of each update
* win_updates: Documentation fix-up
* win_updates: Adjusted documentation to reflect regex vs sub-string match of post-cat strings
* win_updates: Sped up post-category checking
* win_updates: Updated documentation to suggest querying post-category strings
* win_updates: Simplified saving and checking post-categories
* fixed some issues and added filtered categories to return value
* win_updates: Moved all category matching to occur after initial search
* win_updates: Adjustments to satisfy PowerShell lint checks
* win_updates: Dropped category validation from action plugin
* win_updates: Documentation updates
* win_updates: Fixed plugin unit tests
* Added basic equivalent to PowerShell modules
* changes based on latest review
* Added tests
* ignore sanity test due to how tests are set up
* Changes to work with PSCore
* Added documentation and change updated more modules
* Add some speed optimisations to AddType
* fix some issues in the doc changes
* doc changes
* yum also parse obsolete package output
This is a rebase of the patch originally proposed in
https://github.com/ansible/ansible/pull/40001 by machacekondra
Fixes#39978
Signed-off-by: Adam Miller <admiller@redhat.com>
* properly parse the obsoletes, provide a new output entry, add changelog
Signed-off-by: Adam Miller <admiller@redhat.com>
* make pep8 happy
Signed-off-by: Adam Miller <admiller@redhat.com>
* remove q debugging output
Signed-off-by: Adam Miller <admiller@redhat.com>
* First pass at a toml inventory
* Make EXAMPLES yaml
* Remove unnecessary comment
* Small formatting changes
* Add ansible-inventory option to list as TOML
* TOML inventory improvements, to allow a more simple inventory, specifically related to children
* changelog
* Simplify logic
* Dedupe _expand_hostpattern, making it available to all inventory plugins
* Don't make the TOML inventory dependent on the YAML inventory
* Quote IP address values
* Add more TOML examples
* Further cleanups
* Enable the toml inventory to run by default
* Create toml specific dumper
* 2.8
* Clean up imports
* No toml pygments lexer
* Don't raise an exception early when toml isn't present, and move toml to the end, since it requires an external dep
* Require toml>=0.10.0
* Further clean up of empty data
* Don't require toml>=0.10.0, but prefer it, add code for fallback in older versions
* Ensure we actually pass an encoder to toml.dumps
* Simplify recursive data converter
* Appease tests, since we haven't limited controller testing to 2.7+
* Update docstring for convert_yaml_objects_to_native
* remove outdated catching of AttributeError
* We don't need to catch ImportError when import ansible.plugins.inventory.toml
* Add note about what self.dump_funcs.update is doing
* Address some things
* A little extra comment
* Fix toml availability check
* Don't create an intermediate list
* Require toml file extension
* Add metadata
* Remove TOML docs from intro_inventory to prevent people from getting the wrong idea
* It's in defaults, remove note
* core supported, indicate very clearly that this is preview status
The host argument is a Host object, and is used as such by
group.remove_host. However, self.hosts is a dictionary of host name to
Host object. Thus, the existing code is checking to see if the Host
object is one of the keys.
Use host.name to interact with the keys of the dictionary.
The change to add sshpass support for rsync broke synchronize when
a password was provided at all. Have to convert an int into a string to
make it work.
* Allow bang and exclamation without warning
Allow the password field to be ! or * without warning when using this feature to create accounts that are locked.
Add documentation and tests to cover this.
* Use set() rather than braces for Python 2.6
* Correct yum and dnf autoremove behavior
Sanity check args passed to autoremove
Fixes#47184
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix docs
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix(tasks: synchronize): wrap in sshpass if ssh password was provided
Closes#16616
* fix(tasks: synchronize): pass rsync password to sshpass via fd
* fix(tasks: synchronize): use fail_json instead of AnsibleError
* fixup! fix(tasks: synchronize): use fail_json instead of AnsibleError
fix python2 handling
* feat(module_utils: basic: run_command): add optional arguments `pass_fds` and `before_communicate_callback`
* fix(tasks: synchronize): use module.run_command instead of subprocess.Popen
* fixup! fix(tasks: synchronize): use module.run_command instead of subprocess.Popen
remove unused import
* fixup! fixup! fix(tasks: synchronize): use module.run_command instead of subprocess.Popen
pass_fds only if they passed to run_command()
The current doc of k8s_raw_module contain a copy paste of the env var name :
```
host :
Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.
key_file : Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_HOST environment variable.
```
* Removed deprecated ANSIBLE_HOSTS
* Bump sudo/su configs to match deprecation version for cli and playbook args
* Bump include configs to match deprecation version for 'include'
* Fix lvg module idempotency
In [1] changes were made to ensure that the physical
devices were appropriately filtered, but the dev_list
which is used to prepare the filter is modified from
the original arguments to resolve any symlinks. This
results in the existing devices given in the module
args to be left out of the filter, resulting
in the module trying to add the same device again
every time the task is executed.
In this PR we change dev_list to be a copy of the
module arguments so that we're able to add the given
pv list from the module arguments into the filter
as well, ensuring that there is idempotence when
running the task again.
[1] https://github.com/ansible/ansible/pull/38446
* Add lvg module idempotence test
To ensure that the lvg module is tested for idempotency,
we add a basic integration test.
Support for MacOS and FreeBSD are skipped because the
module does not currently support those platforms.
* Store parsed docker-py / docker API versions in client.
* Began refactoring 'minimal required version' for docker_container options.
* Removing some fake defaults.
* Added changelog.
* Improve tests (check older docker versions).
* Fix comparison. The breaking point is not docker-py 2.0.0, but 1.10.0.
(Verified by testing with these versions.)
* Move docker-py/API version detection to setup_docker.
* Add YAML document starter.
* docker_network requirement for docker-py was bumped to 1.10.0 in #47492.
* Docs: Clean up of 'acl' module docs
This is part of a series of module doc cleanups.
* Changes influenced by review coments
* Changes based on review
* issue-47881 making udp calls an option
* squash! issue-47881 making udp calls an option
* squash! issue-47881 making udp calls an option
* squash! issue-47881 making udp calls an option
* --squash
* squash! Merge branch 'issue-47881' of github.com:ckyriakidou/ansible into issue-47881
Handle exception when there is no snapshot available in virtual machine or template while cloning using vmware_guest.
Fixes: #47920
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Support for device read write limit parameters
* Add following options in docker_container module
- device_read_bps
- device_write_bps
- device_read_iops
- device_write_iops
Fixes#36831
* test for device_read_iops
* combined test for device_write_bps and device_write_iops
Don't fail when policy, requestPayment, tagging or versioning API is not
implemented by the endpoint and if related parameters policy, requester_pays,
tags or versioning are None.
You typically want the lineinfile module to operate in an indempotent way, similar to using "sed -i", so your regexp needs to match the line to edit both before and after the edit, otherwise on a second run the regexp will no longer match the original text line and you will end up with a second copy of the replacement line at the top/bottom of the file.
* cleanup is already tested.
* Add test for paused.
* Add recreate and restart tests.
* timeout is a common docker option
* Implement paused and fix paused test.
* Add changelog.
* Improve paused test.
* There will always be metadata returned so no need to check for its
existence first.
* There won't be version or metadata_version as those are being removed
by the api. So all checks for those need to be removed.
migration is disabled. The PR adds new option to force migrate
the VMs. This is required for hosted engine migration since
automatic migration is disabled for HE VM by default.
shade is not used anymore by the `os_*` modules.
PR #40532 replaces `shade` library by `openstacksdk`. This commit clean
up some references to the old library. It's similiar to what has been
done in PR #40784.
* add filters variable to allow servers to be selected based on arbitrary nova properties
* update docs to fix yaml
* add required info for filters variable in the docs
* bump version number
* clean up documentation
* New v2_runner_on_start callback added to indicate the start of execution for a host in a specific task
* Add changelog fragment
* Minor docstring clarification
* Modify yum/tasks/proxy.yml to usernames that expose regex bug
* Fix bad regex backref/interpolation w/yum proxy username
A yum proxy username that begins with a number was being
interpolated as part of the backref, resulting in an error:
"sre_constants.error: invalid group reference"
Closes#47797
Description for the name and description was vague. I didn't get the first time reading that it was talking about a character limit.
+label: docsite_pr
* Remove message suggesting that state: absent is not implemented for queues
* Remove message suggesting that state: absent is not implemented for exchanges
* Providing fix for #47083 in pamd.py
* Providing fix for #47197
* Fixing pep8 errors
* update regex to account for leading dash and VALID_TYPES with dashes as well
* use a results dictionary and clean up unnecessary items
* remove unnessecary return value. action is already reported in invocation output
* make naming consistent across action returns
* fix comparison so it checks equality instead of identity and indentation in update_rule()
* make sure file always has EOF newline
* updated regex to skip spacing between path and args and add rule arg regex to capture complex args
* new module argument parsing code in function and DRY changes
* remove unused has_rule method on PamdService class
* fix error in parse_module_arguments()
* updated args_present action to make it handle key value args and fail on complex bracketed arguments
* pep8 and other fixes so units still work
* suggested change - make version removed 2.8
Co-Authored-By: shepdelacreme <shepdelacreme@users.noreply.github.com>
* add more error proof test to if statement
* Parsing plugin filter may raise TypeError, gracefully handle this exception
and let user know about the syntax error in plugin filter file.
* Test for plugin_filtering
Fixes: #46658
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* ManageIQ module to manage groups
* Fixed typos, more examples on managed_filters.
* Simplified the input if managed_filters
Change return values role_name and tenant_name to role and tenant to macht input params
* Return managed_filters and belongsto_filters instead of filters to better mach the input params
* More generic comparison code from docker_container to docker_common.
* More flexibility if a is None and method is allow_to_present.
Note that this odes not affect docker_container, as there a is never None.
* Update docker_secret and docker_config: simplify labels comparison.
* Added unit tests.
* Use proper subsequence test for allow_more_present for lists.
Note that this does not affect existing code in docker_container, since lists
don't use allow_more_present. Using allow_more_present will only be possible
in Ansible 2.8.
* pep8
* docker_image: Fix up 'changed' event in force mode
This is the same as https://github.com/ansible/ansible/pull/19235 except it applies to all image-building modes (building the image locally, loading the image from an archive, or pulling the image), rather than only when pulling the image.
* Use 'dummy' rather than '_' as unused variable name.
* Add changelog fragment for pull request #33754
Due to refactoring of task_error and wait_for_task method,
SSL thumbprint was lost in error message. This fixes the
retry mechanism of AddHost task.
Fixes: #47563
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* initial commit of facts module for Memset VPS/dedicated server products
* add missing brace
* add integration tests (disabled until we have a mock API to test against)
* bump ansible release version to 2.8
* initial commit of facts module to return usage of a Memstore cloudstorage product
* switch API wrapper to use basic auth instead of passing the api_key in the body
* add integration tests (disabled until we have a mock API to test against)
* bump ansible release version to 2.8
* Controlled params within no section
* Added tests to control params within no section
* Cleaning output_file before creating no-section params and check the content
* addresses comment in PR "s/hate/beverage/g"
* integration test for docker_swarm_service
* ensure stack de-initialization
* Set default value for 'configs' parameter to None
Docker-py uses None as a default value for configs.
Using the same default here allows to create services on older docker
setups (docker_api<1.30).
* Set default value for 'update_order' parameter to None
Docker-py uses None as a default value for update_order.
Using the same default here allows to create services on older docker
setups (docker_api<1.29)
* Set default value for 'publish.mode' parameter to None
Docker-py uses None as a default value for publish_mode.
Using the same default here allows to create services on older docker
setups (docker_api<1.32)
* Allow tests to run on older version of docker.
* remove workarounds for old docker versions
* test correct swarm cleanup
* changelog fragment for docker_swarm_service defaults change
* Add support for POST-as-GET if GET fails with 405.
* Bumping ACME test container version to 1.4. This includes letsencrypt/pebble#162 and letsencrypt/pebble#168.
* Also use POST-as-GET for account data retrival.
This is not yet supported by any ACME server (see letsencrypt/pebble#171),
so we fall back to a regular empty update if a 'malformedRequest' error is
returned.
* Using newest ACME test container image.
Includes letsencrypt/pebble#171 and letsencrypt/pebble#172, which make Pebble behave closer to the current specs.
* Remove workaround for old Pebble version.
* Add changelog entry.
* First try POST-as-GET, then fall back to unauthenticated GET.
* Don't die when get_container is called for container which is terminating during get_container call.
If it terminates between client.containers() and client.inspect_container(),
the module will fail with an error such as
Error inspecting container: 404 Client Error: Not Found ("No such container: xxx")
* Add changelog.
This reverts commit c649d0ea32.
The change results in deadlock in network_cli while it is
waiting to check the return value of recv_ready() which
was added in this commit to improve performance
* Add to k8s_raw docs re: vault-encrypted files
I didn't read the examples far enough and maybe would not have tried all the examples so I ended up creating https://github.com/ansible/ansible/issues/47259 and learned that definition key with lookup works well and we agreed the docs should say something. :)
+label: docsite_pr
* Add note about ansible vault-encrypted files to src: param
* Remove trailing whitespace
* Make changes from feedback
* Make feedback changes