* Enable the pylint no-name-in-module check. Checks that identifiers in
imports actually exist. When we do this, we also have to ignore
_MovedItems used in our bundled six. This means pylint won't check
for bad imports below ansible.module_utils.six.moves but that's
something that pylint punts on with a system copy of six so this is
still an improvement.
* Remove automatic use of system six. The exec in the six code which
tried to use a system library if available destroyed pylint's ability
to check for imports of identifiers which did not exist (the
no-name-in-module check). That test is important enough that we
should sacrifice the bundling detection in favour of the test.
Distributions that want to unbundle six can replace the bundled six in
ansible/module_utils/six/__init__.py to unbundle. however, be aware
that six is tricky to unbundle. They may want to base their efforts
off the code we were using:
2fff690caa/lib/ansible/module_utils/six/__init__.py
* Update tests for new location of bundled six Several code-smell tests
whitelist the bundled six library. Update the path to the library so
that they work.
* Also check for basestring in modules as the enabled pylint tests will
also point out basestring usage for us.
* Stringify exception with a nicer error and include traceback
* Give a nice message if boto is not installed
* Fix undefined vars. Cleaning up all undefined variables so that we
can run static analysis on new commits.
References #27193
* allow paths to be specified so slurp is not necessary for remote hosts to use
* Make requested changes
remove unused parameters
* remove module used out of scope
check the potential filepath to be true before checking isfile
remove required: false
* rephrase documentation
* remove 'lookups' from example
* The canonical location of BOOLEANS has moved. Switch imports to use that.
* clean up argument_spec use of booleans.
* Clean up imports to not use wildcards
* Remove usage of get_exception
* New module - elb_application_lb_facts
* Make sure tags dont get snake cased
* Add listeners and listener rules to application facts
* python3 compat fix
* Rework how listeners and rules and handled. Fixes#25270
* Tidy up, documentation and add rules to returned output
* Remove required=False from argument_spec
* Remove unused functions. Add or [] in case of no elb
* Handle when listners is None in ensure_listeners_default_action_has_arn
* Use Boto3 for ec2_group
Currently boto doesn't support ipv6. To support ipv6 in ec2_group, we need boto3.
boto3 has significant API changes, which caused more re-factoring for ec2_group module.
Added additional integration test to test_ec2_group role.
* Follow the standard for boto3 ansible
Fixed imports. Use boto3 ansible exception with camel_dict_to_snake_dict.
Refactored the call to authorize/revoke ingress and egress.
* Removed dependancy with module ipaddress
Added new parameter called cidr_ipv6 for specifying
ipv6 addresses inline with how boto3 handles ipv6 addresses.
* Updated integration test
* Added ipv6 integration test for ec2_group
* Set purge_rules to false for integration test
* Fixed import statements
Added example for ipv6.
Removed defining HAS_BOTO3 variable and import HAS_BOTO3 from ec2.
Cleaned up import statements.
* Fixed exception handling
* Add IAM permissions for ec2_group tests
Missing AuthorizeSecurityGroupEgress necessary for latest tests
* Wrapped botocore import in try/except block
Import just botocore to be more similar to other modules
* Change iam_managed_policy to return snake case
Import module_utils.ec2 methods explicitly
* iam_managed_policy: tidy argument spec
Remove unnecessary specifications (`default=None`, `required=False`)
Use `required_if` to check for `policy` when `state` is `present`
* Provide exception handling in iam_managed_policy
Pretty much all AWS API calls can go wrong, and we should handle them.
Update line wrapping to improve readability of method calls
* Improve error handling when policy version limit exceeded
Better document policy version limit exceeded, and check
the error code to see that that's actually what happened
(rather than e.g. no permissions to add a new version)
* iam_managed_policy: better handle pagination and retry
In Python a function is always truthy, and the name of the
`create_changeset` function was being accidentally used instead of
`module.params['changeset']`.
* Fixed he exception handling logic for the delete_group function.
fixes issue #26100
* Removed the unnecessary del_meta variables and made some other adjustments to the delete_user function
check_mode should behave pretty similarly to non-check mode -
just don't actually create or delete subnets or change tags.
Using DryRun for check_mode behaves very differently and results
in the following module failure:
```
"msg": "Unable to update tags for subnet-abcd1234,
error: EC2ResponseError: 412 Precondition Failed
<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<Response><Errors><Error><Code>DryRunOperation</Code>
<Message>Request would have succeeded, but DryRun flag
is set.</Message></Error></Errors>
<RequestID>12345678-abcd-1234-abcd-abcd1234abcd</RequestID></Response>"
```
* Add support for EC2 dynamic data in ec2_facts
- Flattens out JSON in the instance identity document and IAM info/credentials for easy access to facts
- This changes region fact from ‘ansible_ec2_placement_region’ to ’ansible_ec2_instance_identity_document_region’
* Maintain backwards compatibility by putting the region into the old key
* Improve JSON parsing logic and split security group IDs
* Add documentation, backwards compatibility, fix bug and formatting
- Update documentation for ec2_facts with return values
- Preserve JSON value from the metadata service for backwards compatibility
- Fix bug in fix_invalid_varnames
- The keys in the dict were being modified in place; new dict now created to hold the sanitized keys
- Consolidate two replace calls with a regex substitution
- Move imports for ec2_facts to the top
* Add support for parsing the IAM instance profile role
This module can add, remove, update versions, and set default versions
of managed policies. It will cycle out old versions of policies if too
many are present. It will check and set the version of the policy that
matches the pased in policy document if one already exists.
Incorporating changes from PR
Descriptions now have full stops, and pep8 error has been
addressed. Also added requirements, author, and updated interface to
"preview"
Additional change to pass CI
Previous commit added in some whitespace errors. Additinoally added
correct value for version_added, added in a RETURN block for
documentation, and moved import to top of file
Fixed error detaching policy from users
Updates to pass 2.4 CI
Updating iam_managed_policy supporting feedback
If target_group_arns is an empty list, then return
an empty target_group_names list.
If a connection to elbv2 is not obtainable, then it is
not possible to return target_group_names
* Fix logical flaw (update when diff), use string ports everywhere
* Change port comparison to integer vs. string
The comparison works either way as long as it's consistent. Boto docs
state that it takes in an integer, but if given a string apparently
keeps it as such. This change just ensures that when we compare, we
specifically deal with integers.
Make pyca/cryptography the preferred backend for cryptographic needs (mainly vault) falling back to pycrypto
pyca/cryptography is already implicitly a dependency in many cases
through paramiko (2.0+) as well as the new openssl_publickey module,
which requires pyOpenSSL 16.0+. Additionally, pyca/cryptography is
an optional dep for better performance with vault already.
This commit leverages cryptography's padding, constant time comparisons,
and CBC/CTR modes to reduce the amount of code ansible needs to
maintain.
* Handle wrong password given for VaultAES format
* Do not display deprecation warning for cryptography on python-2.6
* Namespace all of the pycrypto imports and always import them
Makes unittests better and the code less likely to get stupid mistakes
(like using HMAC from cryptogrpahy when the one from pycrypto is needed)
* Add back in atfork since we need pycrypto to reinitialize its RNG just in case we're being used with old paramiko
* contrib/inventory/gce: Remove spurious require on pycrypto
(cherry picked from commit 9e16b9db275263b3ea8d1b124966fdebfc9ab271)
* Add cryptography to ec2_win_password module requirements
* Fix python3 bug which would pass text strings to a function which
requires byte strings.
* Attempt to add pycrypto version to setup deps
* Change hacking README for dual pycrypto/cryptography
* update dependencies for various CI scripts
* additional CI dockerfile/script updates
* add paramiko to the windows and sanity requirement set
This is needed because ansible lists it as a requirement. Previously
the missing dep wasn't enforced, but cryptography imports pkg_resources
so you can't ignore a requirement any more
* Add integration test cases for old vault and for wrong passwords
* helper script for manual testing of pycrypto/cryptography
* Skip the pycrypto tests so that users without it installed can still run the unittests
* Run unittests for vault with both cryptography and pycrypto backend
