* Added idempotency logic to openssl_pkcs12
Also decoupled the 'parse' and 'generate' function from the file write
as they are now used in different places that do not need the file to be
written to disk.
* Added idempotency tests for openssl_pkcs12
Also adds a new test for pkcs12 files with multiple certificates
* Regenerate if parsed file is invalid
* pkcs12_other_certificates check was wrong
* Updated ca_certificates to other_certificates
ca_certificates is left as an alias to other_certificates;
friendlyname depends on private key, so it will be ignored while
checking for idempotency if the pkey is not set;
idempotency check only checks for correct certs in the stack
* use different keys for different certs
* Added other_certificates in module docs
* Added changelog and porting guide
* removed unrelated porting guide entry
* renamed ca_cert* occurrence with other_cert
Check allows vmware_dvs_portgroup to fail early if user
specified invalid range in VLAN id(s).
Fixes: #54927
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* win_firewall_rule only changes specified arguments
defaults are controlled by com object
integration test for built in rule
* removed ignore psaliases for win_firewall_rule
* direction and action are no longer required
program and service respect default values
documentation updated to reflect that defaults apply to rule creation
added test to disable a rule and verify other values have not changed
* fixed extra whitespace
* Move each description sentance to a new entry
This reverts commit 85d836171b.
As discussed in WWG IRC meeting, we don't want Get-ADObject to be a dependency of win_domain_membership, and we need to be able to authenticate to the DC in some configs. We can revisit this change a different way for 2.9.
* Use six from ansible.module_utils for inventory scripts
Remove skips from sanity test
* Change all imports of ConfigParser to use module_utils.six.moves
* Remove commented out lines
* Fix six imports
* Don't pollute include_variables. Fixes#51667. Fixes#54618.
* Rename include_variables to include_args, so we can make the distinction about what they are
* Track args and vars separately
* oops
* oops again
* linting fix
* Add test
- Fixed issue #25017,#37567
- Add example for prompt on launch
- Add integration test for prompt on launch
Signed-off-by: Hideki Saito <saito@fgrep.org>
* updated tests and changelog for 54516
* Handle errors if PG does not support partitioning.
* Check for PG > 10 in tasks
* Show changes for partitioned tables in ansible
* Added documentation in the tests
* Update test/integration/targets/postgresql/tasks/postgresql_privs.yml
Co-Authored-By: raymondroelands <raymondroelands@users.noreply.github.com>
* Update test/integration/targets/postgresql/tasks/postgresql_privs.yml
Co-Authored-By: raymondroelands <raymondroelands@users.noreply.github.com>
* Added check for 0 tables after revoking rights
* Added test and moved tests
Added check mode test and moved test right after the change.
* Rebased postgresql_privs.py
* Add win_format
* Some doc changes were missed
* Fixes for ansible-test, additional assertion for check mode
* Fix -WhatIf issues
* Support for idempotency and changes to integration tests
* Fix trailing whitespace
* Fixes from review, and added check for non-empty volumes
* Remove an extra line
* Structural changes
* Minor fixes for CI
Remove test comparing output to platform.linux_distribution() since we are relying on distro.id() and are not concerned about matching the output of platform.linux_distribution()
* Correct behavior so that direction isn't required for default.
* Add more tests.
* 'disabled' values cannot be changed.
* Include 'not specified' in messages.
* netbox_device: Allow device modification
* Add ability to update and existing device
* Allow check_mode
* Fail when device name is missing
* Fail when cannot resolve ID instead of taking ID 1 by default
* netbox_device: Add diff output
* netbox: Some refactoring
* Add diff output and check_mode to netbox_ip_address
* Deduplicate redundant code into netbox_utils
* netbox_utils: A few unit tests
* Update the default test container to 1.7.0.
* Run `pip check` after installing test requirements.
* Support older versions of pip.
* Remove obsolete pip error handler.
* fix missing attribs with dirct module execution
* also make remote tmp handling smarter
update tests
* set default if attrib does not exist
* add simple test
* Remove default use of paramiko connection plugin on macOS
This fix was originally to work around a bug that caused a kernel panic on macOS
that has since been fixed.
* Remove paramiko from requirements.txt
* Move paramiko checking to common place
* Drop the warnings obfiscation code
* Update pip installation instructions to reflect upstream instructions
* Fix tests on CentOS 6 (Python 2.6) that now show Python deprecation warnings
* Add changelog fragment
* add asa_og module
* add test
* fix pep8
* fix some sanity pylint
* fix import error order
* fix import
* replace cmd() method
* rename file and class
* add mock for connection
* fix commands in replace test function
* fix lines list
* update unit test
* fix 'and' logic for port-object command
* restore previous unit test; fix pep8 and remove debug
* other unit tests
* Add state present, absent, replace
* Update doc; add default for state
* update unit test with state present/absent
* fix typo in unit test
* fix pep8 too many blank lines
* fix show run for service object ASA Ver 8.x
* Add description field; fix bug for state present and absent
* Re-designed module structure for network, service and port objects
* update integration test for new module structure
* fix pep8
* update EXAMPLES and RETURN
* update units tests
* fix module typos in unit test
* removed provider from examples
* fix missing comma in replace test
* fix module name and remove provider
* update license
* remove register; update license; change import order; chage def state
* remove shebang
* fix doc default state
* change import order
* Update year in banner
* fix integration test as set of tasks
* remove arg_spec
* remove extends_documentation_fragment: asa
* Update DOC, remove unused import, change import order
The controller's fixup_perms2 uses filesystem acls to make the temporary
file for copy readable by an unprivileged become user. On Python3, the
acls are then copied to the destination filename so we have to remove
them from there.
We can't remove them prior to the copy because we may not have
permission to read the file if the acls are not present. We can't
remove them in atomic_move() because the move function shouldn't know
anything about controller features. We may want to generalize this into
a helper function, though.
Fixes#44412
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
* Add latest updates from FTD Ansible downstream repository.
- add a better implementation of the upsert operation;
- add API version lookup functionality;
- add filter which remove duplicated references from the list of references;
- fix minor bugs.
* fix issues outlined by ansibot
* fix argument name for _check_enum_method
* Return UnlockKey
* Add changelog fragment
* Add method to check if a parameter exists in diffs
* Add method to get swarm unlock key
* Add option unlock_key
* Only return unlock key when created or changed
* Rename difference check
* Extend unlock key example
* Assert that unlock_key is a string
* Fix docker_swarm_info authors
* Don’t silence APIErrors
* Test unlock_key on unlocked swarm
* Catch APIError when retrieving unlock key
* Better return value description
* Lint
* Fix UnlockKey return value documentation
Co-Authored-By: hannseman <hannes@5monkeys.se>
* Get unlock key safely
Co-Authored-By: hannseman <hannes@5monkeys.se>
* Return None on empty UnlockKey
* Assert swarm_unlock_key is undefined if unqueried
* Add documentation about swarm_info unlock_key
* Add change log fragment for unlock_key option
* Revert "Add change log fragment for unlock_key option"
This reverts commit e3cb2325b552e5d14cc3f42b33a86bf3ee84d3b9.
* Use generator expression instead
* Restart docker more decisively
* Use systemctl kill
Co-Authored-By: hannseman <hannes@5monkeys.se>
* Try to restart docker daemon
* [openssh_cert] cleanup the returned certificate info
- Drop the certificate path - it is already present in rc.filename.
- Drop the leading whitespace for all lines.
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [openssh_cert] add support for a certificate serial number
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [openssh_cert] fix lint error
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [openssh_cert] drop explicit default value
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [openssh_cert] enforce the specified or missing serial number
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [openssh_cert] passing no explicit serial number ignores any present one
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* cloudstack: remove choice list for hypervisor param
* cloudstack: streamline network_type with returned value by the API
* cloudstack: remove E326
* add changelog fragment
* Add win_hosts module
added win_hosts module for easier manipulation of hosts entries in "%windir%\system32\drivers\etc\hosts" for windows systems
* Update win_hosts.py
* Add alias support to win_hosts module (#1)
* win_hosts supports aliases
added support for adding / removing aliases from a host entry, rather than adding a new entry
added ability for win_hosts to detect aliases:
`192.168.1.1 alias1 alias2 alias3`
```
win_hosts:
host_name: alias2
ip_address: 192.168.1.1
```
will result in `192.168.1.1 alias1 alias3`
also includes `replace` and `add` as options for `ip_action` (`replace` is default)
for example:
```
192.168.1.1 my_reused_alias
192.168.1.2 my_reused_alias
```
with
```
win_hosts:
host_name: my_reused_alias
ip_address: 192.168.1.3
ip_action: add
```
the result will be
```
192.168.1.1 my_reused_alias
192.168.1.2 my_reused_alias
```
but with `ip_action=replace` the result would be
```
192.168.1.3 my_reused_alias
```
* fixed metadata version and version added
* fix line endings
* upload fixed line endings
try to upload the file with the fixed line endings
* aliases and canonical names are separate entities. added IPv4 and IPv6 validation
* only makes changes if "check_mode" is false
* improved behavior for duplicate aliases/entries.
* adding tests
* missing aliases file
* fix trailing whitespace and uses explicit paths
* Tweak tests to copy and restore original hosts file
* win_nssm: rename cmdlets to use approved verbs, rename service name parameters
* win_nssm: improve code style and cmdlets ordering
* win_nssm: always escape all command line parameters with Argv-ToString
fix error when the service name contains quotes
* win_nssm: use Fail-Json instead of exceptions and remove global try/catch
* win_nssm: small refactoring, inline some functions
* win_nssm: refactoring - add a generic cmdlet to idempotently set any nssm service parameter
* win_nssm: refactoring - inline some functions
To make the code more malleable for future changes
* win_nssm: change application, stdout_file and stderr_file options type to path
* win_nssm: deprecates app_parameters, rename app_parameters_free_form to arguments, and add support for list of parameters
* win_nssm: add support of check mode
* win_nssm: add working_directory option
* win_nssm: add display_name and description options
* win_nssm: minor changes
* win_nssm: remove some sanity exclusions
* win_nssm: avoid using aliases and minor style fixes
* win_nssm: doc and ui improvements
* win_nssm: remove sanity exclusions
* win_nssm: minor revision
* win_nssm: deprecates dependencies, start_mode, user and password parameters and some choices of state in favor of win_service
* win_nssm: fix style
* win_nssm: add executable option to specify the location of the NSSM utility
* win_nssm: add missing parameter types
* win_nssm: add diff mode support
* win_nssm: avoid displaying depreciation warning if default value is assigned
* win_nssm: fix variable scope
* win_nssm: use the explicit -LiteralPath parameter name instead of -Path
* win_nssm: fix documentation
* win_nssm: add porting guide entries
* win_nssm: add changelog fragment
* Enable ec2_transit_gateway test in CI.
* Mark the test unstable.
The test sometimes attempts to delete the transit gateway while it
is in the pending state, which is not permitted.
* Fix wrong example, remove strictness and fix tests
It was obvious that (because of an incorrect example) people were using
the **xml** module incorrectly, specifying the `attribute` parameter
where it was not supported (i.e. ignored).
While this functionality would have been useful, it currently returns as
if the information was requested from the parent, so we cannot simply
make it to what would be expected.
Therefor the real solution is to provide a warning when we find
incorrect use, and deprecate this use. Then later we could implement
this functionality correctly.
While troubleshooting this issue, I found that in some cases our
integration tests were not being run when we expected it.
This fixes#53459
* Change warning
* Fix weird sanity test error
* Add a comment to the deprecate-test
* Initial commit for static route module
- Create and query functionality in place today
* Enabled querying both all routes and single route
* Bug fixes and idempotency check
- Requires new idempotency code to validate, blocking on that
* Enabled test cases
* Documentation fixes
* Whitespace fix
* Major improvements based on Dag's commments
- Improved documentation and examples
- Fixed fixed IP assignments and reserved range parameters
- Improved integration tests
- Made check mode work
* Rename str to string in documentation
* Move back to str
* Fix indentation
* Fix documentation for example of fixed_ip_assignments
- Removed default=None for args
* Add support for notes
* Add test for notes
* Device notes changes
- Renamed from notes to note
- Modified tests to work
* Comment device test since it only works once
* Remove assertion stanza and move assertion to existing one
* Add version_added to note documentation
* Converted from tabs to spaces
* Added changelog fragment
* Remove changelog file since it's a feature
* Add changelog fragment
* basic plugin loading working (with many hacks)
* task collections working
* play/block-level collection module/action working
* implement PEP302 loader
* implicit package support (no need for __init.py__ in collections)
* provides future options for secure loading of content that shouldn't execute inside controller (eg, actively ignore __init__.py on content/module paths)
* provide hook for synthetic collection setup (eg ansible.core pseudo-collection for specifying built-in plugins without legacy path, etc)
* synthetic package support
* ansible.core.plugins mapping works, others don't
* synthetic collections working for modules/actions
* fix direct-load legacy
* change base package name to ansible_collections
* note
* collection role loading
* expand paths from installed content root vars
* feature complete?
* rename ansible.core to ansible.builtin
* and various sanity fixes
* sanity tweaks
* unittest fixes
* less grabby error handler on has_plugin
* probably need to replace with a or harden callers
* fix win_ping test
* disable module test with explicit file extension; might be able to support in some scenarios, but can't see any other tests that verify that behavior...
* fix unicode conversion issues on py2
* attempt to keep things working-ish on py2.6
* python2.6 test fun round 2
* rename dirs/configs to "collections"
* add wrapper dir for content-adjacent
* fix pythoncheck to use localhost
* unicode tweaks, native/bytes string prefixing
* rename COLLECTION_PATHS to COLLECTIONS_PATHS
* switch to pathspec
* path handling cleanup
* change expensive `all` back to or chain
* unused import cleanup
* quotes tweak
* use wrapped iter/len in Jinja proxy
* var name expansion
* comment seemingly overcomplicated playbook_paths resolution
* drop unnecessary conditional nesting
* eliminate extraneous local
* zap superfluous validation function
* use slice for rolespec NS assembly
* misc naming/unicode fixes
* collection callback loader asks if valid FQ name instead of just '.'
* switch collection role resolution behavior to be internally `text` as much as possible
* misc fixmes
* to_native in exception constructor
* (slightly) detangle tuple accumulation mess in module_utils __init__ walker
* more misc fixmes
* tighten up action dispatch, add unqualified action test
* rename Collection mixin to CollectionSearch
* (attempt to) avoid potential confusion/conflict with builtin collections, etc
* stale fixmes
* tighten up pluginloader collections determination
* sanity test fixes
* ditch regex escape
* clarify comment
* update default collections paths config entry
* use PATH format instead of list
* skip integration tests on Python 2.6
ci_complete
Currently, if we try to stop or start a network two time in a row, the
second call will fail. With this patch:
- we don't recreate a network, if it exists
- we only stop a network if it's active, and so we avoid an exception
saying the network is not active
* test: mock libvirt
* add integration tests for virt_net
* test: enable virt_net test on RedHat 7 and 8
* ci: use the unsupported alias
* tests that require privileged mode are run in VM
* virt_net/create raise unexpected libvirt exception
* import mock from units.compat
* virt_net: do not call create() on "active" network
* virt_net func test: only clean up the libvirt packages
* test: virt_net: don't use assert_called()
* virt_net: add the destructive alias
* move the test in virt_net dir
* test/virt_net: clean up the network at the end
* Add a force_replace_host flag to win_domain_membership
Satisfies https://github.com/ansible/ansible/issues/53539
* Rework backticks
* Bump version_added
* Check for existence of current hostname as well; use LDAPFilter during search
* Rename $force_replace_host to $allow_existing_computer_account
* Added docs, porting guide and minor nit in code
* win_shell: Implement option 'profile', allowing the user to control powershell profile sourcing before running a command
* Set version_added to 2.8
* Make sure profile directory exists before writing profile file
* Changes to make tests immutable and align with ps args
* Use locking for concurrent file access
This implements locking to be used for modules that are used for
concurrent file access, like lineinfile or known_hosts.
* Reinstate lock_timeout
This commit includes:
- New file locking infrastructure for modules
- Enable timeout tests
- Madifications to support concurrency with lineinfile
* Rebase, update changelog and tests
We need to specify ansible_python_interpreter to avoid running interpreter discovery and selecting the incorrect interpreter.
Remove the import of lock in known_hosts since it is not used.
* Fix service integration test python selection.
* Clean up source in ansible_test_service.
* Rename script to include in python tests.
* Make shebang templating sanity friendly.
* Fix checksum.
* Use realpath of python to avoid selinux issues.
* Add to_ipv6_subnet function
* Use the correct function for subnet
* Corrected code style and tests
* Corrected testcase assertion
64 bits make 8 octets, or 4 hextets
* Import from correct module directly
* Added support for types parameter
- Parameter is used to specify multiple network types
* Fix documentation
* Apply suggestions from code review
Co-Authored-By: kbreit <kevin.breit@kevinbreit.net>
* Reworked type parameter to be a list so types isn't needed
* Re-add tags documentation
* Fix documentation around compatibility
* Convert tags to list from string
* Add changelog fragment
* Add support for multiple IPv6 addresses in nxos_l3_interface module
Cisco support multiple IPv6 addresses on each interface but only the first
IPv6 is considered by this module. There is no impact on the configuration
but the module is not idempotent.
* Add internal support for IPv6 list
* Fix module idempotency
* Initialize tests for nxos_l3_interface
* Fix IPv4 removal idempotency
* Fix data extraction from nxos config
* Fix silently ignored interfaces in nxos_l3_interface
* Add warning when interface does not exist in nxos config
* Adding cnos_user module to Ansible
* Update cnos_user.py
* Adding Functional test cases and unit test cases.
* Fixing Bug found in testing with Lenovo Mars.
* Review comments incorporated
* Review comments implemented.
* Copy paste mistake
* Modify EXOS module utils to utilize 'httpapi' or 'network-cli' connection
* Changes to cliconf plugin to support 'json' or 'text' output for compatibility between network-cli and httpapi
* Add HTTPAPI plugin supportng JSONRPC and RESTCONF for EXOS
* exos_facts modify commands with run script cli2json.py to command dictionary specifying 'json' output
Load appropriate fixtures
* Update exos_config module to utilize the get_diff and get_default_flag functionality.
JSONRPC doesn't work well with pipes, regex MULTILINE
* Support for NOS agnostic 'cli_config' module by implementing 'get_default_flag' and 'get_diff' functionality
* Update Ansible Documentation regarding the connections available for EXOS
* Only update sshd_config for FreeBSD tests.
* Also skip service restart unless config changed.
* Only pip install virtualenv for macOS tests.
* Also add retries and disable pip version check.
* Fix indentation.
* Reduce noise during remote instance setup.
* Refactor and clean up pip install.
* Decrease verbosity of commands.
* Remove unnecessary package install.
* nxos_interfaces_ospf: fix passive-interface states & check_mode
This fix addresses issues #41704 and #45343.
The crux of the problem is that `passive-interface` should have been treated as a tri-state value instead of a boolean.
The `no` form of the command disables the passive state on an interface (allows it to form adjacencies and send routing updates). It's essentially an override for `passive-interface default` which enables passive state on all OSPF interfaces.\*
This `no` config will be present in `running-config`.
\**See `router ospf` configuration.*
Since both enable and disable states are explicit configs, the proper way to remove either of these is with the `default` syntax.
Passive-interface config syntax:
```
ip ospf passive-interface # enable (nvgens)
no ip ospf passive-interface # disable (nvgens)
default ip ospf passive-interface # default (removes config, does not nvgen)
```
Code changes:
* `passive_interface` param changed from boolean to string, restricted to `true`,`false`,`default`.
* Several passive-interface specific checks were added because the existing module logic tends to test for true or false and doesn't handle the None case.
* Fixed `check_mode`.
Sanity verified on: N9K,N7K,N3K,N6K
* Fix doc header
* Unit tests for passive-interface
* doc fix#2
* Fix indent for SA
* Remove 'default' keyword, restore bool behavior
* remove changes to sanity
When using before and after in combination, the opposite behavior was induced. This PR makes the the replacement happen between the specified patterns as intended.
* Added integration tests
* Add changelog, porting guide entry, and minor doc fixes
* Removed required_together, updated tests
Since required_together: privatekey_path -> friendly_name, is not always
required it has been removed.
Updated openssl_pkcs12 integration tests to be in line with other
openssl_* modules, and added a test for export with no privatekey_path.
* linter fixes
* Removed cryptography from tests
* Added changelog fragment
* Removed non-necessary select_crypto_backend