* [proxmox_template] Fix error while uploading big ISO to Proxmox VE cluster
* Fix pep8 test
* Add changelog fragment
* Add notes about requests_toolbelt
* Check versions and file size
* Fix typo in notes
* Add unit test. Move try inside of each function.
* Fix sanity tests
* Add proxmoxer in requirements file
* Update integration tests
* Add proxmoxer into constraints.txt
* Address review comments
* Don't run tests on 2.6 python
* Disable Python 2.6 tests for other proxmox modules
Create a small helper class Rhsm, so all the logic related to the
interaction with subscription-manager is grouped there:
- create the Rhsm object in main(), once the initial checks are done
- search subscription-manager as required (so there is no need to
manually check it), and store its path for reuse
- store the common arguments for running subscription-manager
- move run_subscription_manager() to Rhsm as run_repos()
- get rid of the different list parameters: we list only all the
repositories, so the other cases are not needed (and can be added
easily, if needed)
- move get_repository_list() to Rhsm as list_repositories()
The execution of subscription-manager is improved as well:
- pass the arguments to run_command() directly as list, rather than
joining the arguments to string, which run_command() will need to
split again
- move the "repos" parameter directly in run_repos()
- explicitly disable the shell, already off by default
- disable the expansions of variables, as there are none
Adapt the unit test to the different way run_command() is called.
There should be no behaviour changes.
* locale_gen: fix
* test working with C.UTF-8
* working with locale eo
* handle C.UTF-8 edge cases
* grammatic pedantism
* add changelog frag
* add doc about specific OS support
* update changelog frag
So far there are no tests for the rhsm_repository module, which makes it
difficult to do even basic changes. Hence, add an initial version of
unit tests, heavily based on the approach of the redhat_subscription
unit tests.
Needs some special requirements on Python 2.6 so that it can contact the server.
These seem to be installed when running all tests. I don't want to figure out what exactly
is missing, so let's just skip the tests on Python 2.6 for now.
* filesystem: add UUID change feature
* Add changelog fragment for 6680
* Do not test XFS filesystem UUID reset on FreeBSD
FreeBSD error: xfs_admin: only 'rewrite' supported on V5 fs
* Apply suggestions from code review #1
Co-authored-by: Felix Fontein <felix@fontein.de>
* Set filesystem UUID on FS creation
* Fix tests - switch to ansible.builtion.to_uuid
* Fix tests - Refactor to avoid FS remove tasks
* Fail if uuid option not yet supported for fstype
* Set resizefs and uuid options mutually exclusive
* Apply suggestions from code review no 2.
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* proxmox_kvm - Allow creation of VM with existing name but new vmid
* Fix pylint and pep8 errors
* Add changelog fragment
* Move status variable outside of try block
* Add assertion for calling get_vm_node function
* Use try/catch for module_utils functions
* Update changelogs/fragments/6709-proxmox-create-vm-with-existing-name.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* ini_file: make inactive options as active if they exist, instead of creating a new option entry
Add changelog fragment
* Update changelogs/fragments/ini_file-use-inactive-options-when-possible.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix test
* Update tests
* Fix spelling
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_client_rolemapping.py: add support for subgroups
* Add PR number after creating a PR to 6687-support-subgroups-for-keycloak-client-rolemapping.yml
* Update changelogs/fragments/6687-support-subgroups-for-keycloak-client-rolemapping.yml
Add missing URL
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_client_rolemapping.py
Set a correct version_added (previously it was a copy-paste)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_client_rolemapping.py
Fix typo after copy-paste
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_client_rolemapping.py
Fix typo after copy-paste
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_client_rolemapping.py
Fix typo after copy-paste
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Mikhail Putilov <Mikhail.Putilov@dimoco.eu>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Use semantic markup.
* Use 'ignore:' for alias reference.
* Ignore sanity errors for older ansible-core versions.
* Improve markup for RHSM modules.
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
* 'ignore:' is no longer needed.
* E() now works better.
---------
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
* Add more integration tests for ldap_search
* Add new page_size option to ldap_search
* Add changelog fragment
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Simplify if statement to reduce negatives
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Set up secure ldap server
* ldap: Added client cert options
Shamelessly copied from https://github.com/andrewshulgin/ldap_search
* Added tests for ldap client authentication
* Add changelog fragment
* Make sure the openssl commands work on older versions of openssl
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove aliases for new arguments
* Add required_together to ldap module declerations
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add composites to keycloak_role module
* Add composites support for realm role in keycloak module_utils
* Clean f.write from keycloak_role module
* keycloak_role support state for realm role composites
* Add support for composites in client role for keycloak_role module
* Add changelog fragment for keycloak role composites PR
* Fix pep8 and validate-modules tests errors
* Update changelogs/fragments/6469-add-composites-support-for-keycloak-role.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
I will try it
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix test_keycloak_role assertion
* Fix role composite compare before update in keycloak_role module
* Fix realm problem with update_role_composites in keycloak.py module_utils
* Add units tests for composites and client roles in keycloak_role module
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Change try in is_struct_included and add unit tests for keycloak.py module_utils
* Add integration tests for composites roles and fix bug with non master roles in keycloak_role module
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* is_struct_included refactor
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix composites comparison for role in is_struct_included keycloak.py function
* Add changelog fragment and unit tests
* Update changelogs/fragments/6688-is-struct-included-bug-in-keycloak-py.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
- pass the arguments to run_command() directly as list, rather than
joining the arguments to string, which run_command() will need to
split again
- disable the expansions of variables, as there are none
Adapt the unit test to the different way run_command() is called,
factorizing the kwargs for run_command() so there is less repetition.
There should be no behaviour changes.
The two RegistrationBase & Rhsm classes were copied from the ones in the
shared module_utils.redhat module; that said:
- the versions here got improvements over the years
- the RegistrationBase in module_utils.redhat is used only by the RHN
modules, which are deprecated and slated for removal
Hence, the classes here can be kept and simplified a bit:
- fold the non-dummy content of RegistrationBase into Rhsm: there is no
more need for the separate RegistrationBase base class
- drop the init arguments "username", "password", and "token": the
instance variables of them are not used anywhere, as the needed
credentials (together with other variables) are passed to the
register() method
- create the Rhsm object later in main(), after the AnsibleModule
creation and the uid check: this avoids the creation of Rhsm with a
null module variable, changing it later
There should be no behaviour change.
* MH mh/mixins/deps.py: prevent deprecation warning when no deps are specified
* rollback empty "patch" on license markers to prevent test error
* disable test in ansible 2.12
* add changelog frag
* [WIP] snap: aware of channel in installed snaps
* parse snap list output and assert whether channel matches
* undo test
* fail rightfully when install with different channel does not work
* transparetent refresh
* rollback comment in integration test
* rollback comment in integration test
* add changelog frag
* Update plugins/modules/snap.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* New Proxmox VE modules to handle pools and their membership
* Fix pep8 linting errors
* Fix pep8 and compatibility errors
* Add required fields in the documentation
* Typo fix
* Fix pylint errors
* Fix the last one error
* Address review comments
* Fix linting error
* Add integration tests playbook
* Add assert for the diff mode
* Address review comments
* Fix typo in the word
* Fail for non-empty pool even in check_mode
* ini_file: Don't creates new file instead of following symlink
This is a bug fix that address a situation where `community.general.ini_file`
was destroying symlinks instead of updating of updating their targets.
Closes: #6470
* ini_file: add the follow parameter
If `poth` points on a symlink and `follow` is true, the `ini_file` plugin
will preserve the symlink and modify the target file.
* adjust the documentation of the new key
- yes/no -> true/false.
- new key will be introduced in 7.1.0.
- clean up the `state=link` part.
* vardict: easy hadling of module variables
* fix copyright year
* initial tests passing
* small adjustments
* add tests
* add to BOTMETA
* remove unused import pytest
* Update plugins/module_utils/vardict.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* minor refactor and documentation
* minor adjustments
* rename VarDict.var() to VarDict._var()
- plus add more docs
* fix method name in tests
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add FreeBSD 13.2.
* Skip FreeBSD 13.2 for iso_extract tests.
* Fix autoremove test: m4 is no longer a dependency, or it was already installed beforehand.
* Also disable the jail tests for FreeBSD 13.2.
* nmcli: added new module option 'slave_type' to allow create non-ethernet slave connections
* argument specs updated
* documentation updated
* examples updated
* added warning message when using type='bridge-slave'
* remove trailing whitespace
* Added warnings about rewrite 'slave-type' property when using type one of 'bond-slave', 'bridge-slave', 'team-slave'.
Added module fails when user sets contradicting values of 'slave-type' for types 'bond-slave', 'bridge-slave', 'team-slave'.
Returned back checking for types that can be a slave to assign 'master' and 'slave-type' properties.
* Extending list of slave-conn-types
* Update plugins/modules/nmcli.py
Version updated
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Update plugins/modules/nmcli.py
Updated documentation for `slave_type`
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Updated argspec's 'required_by' for 'master' property.
* Fixed mistake in property naming in module argspec.
* changelog fragment and module docs updated
* Validation of 'master', 'slave_type' options improved. (rebased)
* Validation of 'master' and 'slave_type' separated to special method.
* Wrote 6 tests for slave_type option behaviour
* Removed erroneously added property 'hairpin'
* Update version_added for 'slave_type'
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Update changelogs/fragments/473-nmcli-slave-type-implemented.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/nmcli.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Let master be without slave_type
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat: Allow non-returning SQL statements
- The current implementation fails out when certain statements or
batches do not have resultsets - this limits the usefulness of the
module
- Instead, it is known that statements without resultsets return then
OperationalError exception with text "Statement not executed or
executed statement has no resultset". We will utilize these facts to
accept these statements
- The implementation also assumes that users will always use best-
practices for the script syntax; that is, "GO" will always be
capitalized but this is not strictly required -- update to allow "GO"
to be any mixed-case
Signed-off-by: Lesley Kimmel <lesley.j.kimmel@gmail.com>
* feat: Add changelog fragment for change
- Add changelog fragment for PR 6192
Signed-off-by: Lesley Kimmel <lesley.j.kimmel@gmail.com>
* feat: Improve batching
- Previous batching had shortcomings like making strict assumptions
about the format of the incoming script and did not handle Windows-
based scripts (e.g. \r characters). It also did not handle cases where
there were trailing or leading whitespace characters round the 'GO'
- Added a special case for removing the Byte Order Mark (BOM) character
that may come as part of a script when slurped from some hosts.
Signed-off-by: Lesley Kimmel <lesley.j.kimmel@gmail.com>
* feat: Use str.splitlines()
- Use of this method is cleaner
Signed-off-by: Lesley Kimmel <lesley.j.kimmel@gmail.com>
* Update changelogs/fragments/6192-allow-empty-resultsets.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix: Update transcribing errors
- Replace local namespace with project namespace
- Remove 'return' statement from the module.fail_json call
Signed-off-by: Lesley Kimmel <lesley.j.kimmel@gmail.com>
---------
Signed-off-by: Lesley Kimmel <lesley.j.kimmel@gmail.com>
Co-authored-by: Lesley Kimmel <lesleyk@vmware.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
This fix ensures that in case of a project quota, the corresponding project gets initialized, if required.
Signed-off-by: Christoph Fiehe <c.fiehe@eurodata.de>
Co-authored-by: Christoph Fiehe <c.fiehe@eurodata.de>
* gconftool2: fix change output
* add changelog frag
* gconftool2: improve visibility on the output
* fix obtaining updated value after `set`
* use issue URL in the changelog fragment
* fix further issues
* fix return value docs + changelog frag
* Update plugins/modules/gconftool2.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix return value doc
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add keycloak_authz_authorization scope module
This module allows managing Keycloak client authorization scopes. The client has
to have authorization enable for this to work.
* botmeta: make mattock maintainer of keycloak_authz_authorization_scope
* botmeta: add mattock to team_keycloak
* keycloak_authz_authorization_scope: documentation and code layout fixes
* keycloak_authz_authorization_scope: do not fail on names with whitespace
* keycloak_authz_authorization_scope: use url quote method
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_authz_authorization_scope: style fixes to documentation
* keycloak_authz_authorization_scope: do not claim check/diff mode support
* keycloak_authz_authorization_scope: fix documentation
* keycloak_authz_authorization_scope: support check_mode and diff_mode
* keycloak_authz_authorization_scope: use more common terminology
Most keycloak modules use before_<object_type> and desired_<object_type> to
designate current and desired states of objects. Do the same for authorization
scopes.
* keycloak_authz_authorization_scope: fixes to check_mode and docs
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* pipx and pipx_info: Document that modules require pipx 0.16.2.1 or above
Since their introduction, these modules rely on 'pipx list --json' to
return machine-readable output about installed pipx applications. That
functionality was introduced in 0.16.2, along with a critical bug fix
(invalid json) in 0.16.2.1.
* pipx: fix state=latest with install_deps=true
"pipx upgrade" stopped supporting the "--include-deps" option
("install_deps" in the ansible module) in pipx 0.15
(https://pypa.github.io/pipx/changelog/#01500).
The lack of support causes the pipx module to fail if attempting to use
state=latest with install_deps, since the parameter is passed to both
pipx install (fine) and pipx upgrade (fails).
* Add changelog fragment
* Initial implementation for new modules btrfs_subvolume and btrfs_info
* Improve/flesh out documentation. Add ability to target filesystem by uuid, label or device. Update tests to test targeting filesystem by each supported parameter and when only mountpoint.
* Updates for btrfs modules. Add missing copyright notices. Switch options to contains in return documentation. Update btrfs_subvolume to always use closest parent mount.
* Add maintainers for btrfs module(s) and remove unused class member cause lint failure.
* Add changelog fragment. Attempt to only run against the VMs as part of CI.
* Updates per code review. Remove changelog fragment. Switch use of map to list comprehension. Add trailing comma to last item in multi-line dicts. Clean up documentation with complete senstences for descriptions and correct/consistent use of macros.
* Improved error handling in btrfs_subvolume module: add custom exception type, favor exceptions over immediate call to fail_json and add single top level return for failure scenarios. Normalize name and snapshot_source parameters early in module execution and remove unecessary duplicate normalization throughout processing.
* Add azp/posix/3 to aliases per feedback
* Clean up automatic mounting. Prevent automount when check_mode=True. Immediately fail if a mount is identified as required and automount=True. Identify the minimal subset of subvolumes that need to be mounted instead of just finding a single common root.
* Skip btrfs_subvolume integration tests if btrfs-progs isn't successfully installed.
* Bump version_added for btrfs modules to 6.6.0. Ensure consistent trailing punctuation for module descriptions and document check_mode behavior as attribute description rather than a module level note.
* Remove unused imports from btrfs_subvolume module.
* Fix import.
* Docs improvements.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Do extra docs validation. Explicitly disallow semantic markup in docs.
* Forgot to add new requirement.
* Fix prefixes.
* Remove superfluous condition.
* TEMP - make CI fail.
* Revert "TEMP - make CI fail."
This reverts commit 14f4d6b503.
* Remove unnecessary import.
* Make sure ANSIBLE_COLLECTIONS_PATH is set.
* Make sure sanity tests from older Ansible versions don't complain.
* one_vm: fix syntax error when creating VMs with a more complex template
with more complex templates that make use of quoted strings the new
"render" method fails to produce a template that is accepted by
OpenNebula. ==> escape double quotes in strings to make OpenNebula
happy again.
I also tested whether newlines need to be escaped, looks like they are
fine as they are.
Fixes#6225
* module_utils/opennebula: skip empty values in render
* add nmcli macvlan type
* changelog
* improve docs
* macvlan params
* fix linter and improve module params
* improve_docs
* raise error if type macvlan and macvlan options not set
* Add Puppet skip_tags option
* Include changelog fragment
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add module to manipulate KDE config files using kwriteconfig
* Fix license issues
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add smeso as kdeconfig.py maintainer
* Fix attributes fragment name
* Fix test
* Do not use shutil.chown
It isn't available on old Python versions
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* add runner_fast_rate option
* unset default value for runner_fast_rate parameter
* add some commas
* Remove default in copy of argspec.
Co-authored-by: Sam Potekhin <eax24@ya.ru>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Sam Potekhin <eax24@ya.ru>
* pipx: Allow injected modules to add apps
Add support for pipx inject's "--include-apps" parameter.
* add changelog fragment
* fix pipx test ("install_apps", not "include_apps")
* fix pipx test -- add a second invocation for install_apps
* Update changelogs/fragments/6198-pipx-inject-install-apps.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/pipx.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat(ssh_config): proxyjump option
* feat(ssh_config: add proxyjump test
* CamelCase ProxyJump
* add changelog fragment
* Update plugins/modules/ssh_config.py
add version_added
Co-authored-by: Felix Fontein <felix@fontein.de>
* update task name to include new proxyjump option
* adding tests for proxyjump option
* fixing assert variable name
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
The module currently has a static 'required_if' statement for its
parameters that forces any of 'username' or 'activationkey' or 'token'
in case state=present; while this is generally a good idea, it can be
an extra requirements in some cases. In particular, if the system is
already registered, there is no need for credentials -- some of the
operations of the module, such as manipulating pools, can be done
perfectly without credentials.
Hence:
- change the static 'required_if' to require credentials only when
forcing the registration
- check for credentials manually when a registration is needed, i.e.
on an unregistered system; the fail message is the same as the one
shown by 'required_if'
Adapt the tests to this new situation:
- test_without_required_parameters now needs to mock an unregistered
system
- add a new version of test_without_required_parameters to test an
already registered system
- add a simple test case for only state=present usable on an already
registered system
- remove the credentials from a test case for pool attachment that
mocks an already registered system
subscription-manager on RHEL installs a symlink in /usr/bin to
console-helper (part of usermode), which triggers an interactive prompt
for root credentials when run as user. It seems that console-helper
does not handle well non-interactive contexts (e.g. without a TTY for
input), and thus it will hang waiting for input when run as user in an
Ansible task.
Since subscription-manager requires root already anyway (and it will
fail when explicitly run as user), then apply the same logic locally on
all the modules that interact with it: redhat_subscription,
rhsm_release, and rhsm_repository.
subscription-manager currently does not have a way to get credentials
(username, password, activation keys, organization ID) in a secure way:
the existing command line parameters can be easily spotted when running
a process listing while 'subscription-manager register' runs.
There is a D-Bus service, which is used by e.g. cockpit and Anaconda to
interface with RHSM (at least for registration and common queries).
Try to perform the registration using D-Bus, in a way very similar to
the work done in convert2rhel [1] (with my help):
- try to do a simple signal test to check whether the system bus works;
inspired by the login in the dconf module
- pass most of the options as registration options; for the few that are
not part of the registration, execute 'subscription-manager' manually
- add quirks for differently working (or not) registration options for
the D-Bus Register*() methods depending on the version of RHEL
- 'subscription-manager register' is used only in case the signal test
is not working; silent fallback in case of D-Bus errors during the
registration is not done on purpose to avoid silent fallback to a less
secure registration
[1] https://github.com/oamg/convert2rhel/pull/540/
dconf: parse GVariant values to check for equality whenever possible
Direct string comparisons are an inaccurate way to compare two
GVariant representations. For example, 'foo' and "foo" (including the
quote marks, which are part of the representation) are equal GVariants
but if you just do a string compare (remember, including the quotes)
they'll be interpreted.
We therefore want to use the `gi.repository` Python library to parse
GVariant representations before comparing them whenever possible.
However, we don't want to assume that this library will always be
available or require it for Ansible to function, so we use a straight
string comparison as a fallback when the library isn't available. This
may result in some false positives, i.e., Ansible thinking a value is
changing when it actually isn't, but will not result in incorrect
values being written into `dconf`.
Co-authored-by: Jonathan Kamens <jik@jik5.kamens.us>
* add persistent option for modprobe
* add suggested changes + fix broken test
* change modprobe module path in tests due to rebase
* change persistent option type from bool to str with choices
* fix unused import
* add example with persistent option
* fix some minor issues after review
- move regexps compiling to __init__
- move AnsibleModule to build_module function and use this function in tests instead of AnsibleModule
- fix terminlogy issue in documentation
* fix unused-import
* sefcontext: add path substitution support (#1193)
First commit for feedback, missing docs and tests.
* sefcontext: add documentation
* Add changelog fragment
* Documentation formatting
* Delete extra newline
* pep8 fixes
Fix indentation
* Add version_added to arg docs
* Add examples
* Don't delete non-matching path substitutions
* Add integration tests
* Delete only substitutions if such arg passed
Don't delete existing regular file context mappings if deletion of
a path substitution was requested with the presence of the
`equal` arg - delete only path substitutions in such case.
Path substitutions and regular mappings may overlap.
* Can only add args in minor releases
:(
* Cleanup before tests
* Fix deletion using substitution
Was comparing wrong var.
* Fix test checking wrong var
* Improve args documentation and examples
List the default values for selevel, seuser.
Add example for deleting path substitutions only.
* Add attributes documentation block
Not sure if should add become/delegate/async,
shouldn't those work just like that without any
specific code added for them?
* and fix indentation on attribute block
* Consistent indentation for attributes
Confusing, most plugins indent with 4 spaces.
But some use 2 like the rest of the code, so use 2.
* Add missing ref for attribute block
* Use correct c.g version in doc block
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add full stop to changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Streamline documentation
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Support limiting deletion to setype
Deleting file context mappings may be limited by
passing setype or equal, if neither arg is passed
then delete either setype/equal mappings that match.
* Change arg name, diff mode output fix
Change arg name from equal to substitute.
Print target = subsitute in diff mode same way as
semanage does.
Also put back platform attribute, try to improve
clumsy language in the substitute arg docs.
* Delete even if arg setype not match existing
Test 5 indicates that deletion is supposed to not check that
the arg setype passed when deleting matches the setype
of the mapping to delete.
Delete any mapping that matches target, regardless of
setype arg value.
* Update arg name in tests
* Too eager replacing
Accidentally replaced seobject function names so fix them back
* 4564: Fix invalid setype in doc example
Change from httpd_git_rw_content_t which
does not exist to httpd_sys_rw_content_t
Fixes#4564
* Fix documentation attributes
Additional fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update version_added in docs
Bumping minor to 6.4.0 since it didn't make 6.3.0.
* Add more description to the new arg docs
Try to improve discoverability of the new feature and make it easier to understand without deep SELinux understanding.
* Update platform to Linux in documentation
* Add equal as alias for the new argument
Improve discoverability of the new feature by adding an alias to the new module argument. The argument name "equal" will be easy to find for users who are not familiar with SELinux and who just try to match to the CLI tool `semanage`.
* And add alias argument properly
Previous commit missed actually adding the alias (added to docs only).
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>