* Adding networks_cli_compatible option.
* Move network tests into own test file.
* Extend tests (for networks_cli_compatible=no).
* Adding tests for networks_cli_compatible=yes.
* There seems to be no way to create a container without at least one network attached.
* Integrate networks / purge_networks with comparisons.
* Speed up tests.
* Removing double dot.
* Add changelog.
* Use comparisons value only if the networks option has been specified. purge_networks on the other hand also removes networks if it has not been specified.
* Add write helper.
* Adjust modules (except openssl_certificate).
* Adding tests for mode (with openssl_privatekey).
* Add openssl_certificate support.
* Never, ever remove the output file before actually trying to generate new content for it.
Removal is only allowed when state=absent, or when the object has been regenerated and the result needs to be written to that place.
* Add changelog.
* Extend test.
* New cryptography backend for openssl_certificate
load_* functions in module_utils/crypto.py now have a backend paramter
which when set to 'cryptography' will return cryptography objects so
they can be used for both pyopenssl and cryptography backends.
Added a select_message_digest function too returning a cryptography
digest hash from `cryptography.hazmat.primitives.hashes`
Added new classes for Cryptography backend
* Run test with various backends.
* Prefixing tests.
* Make sure we have the correct backend available.
* Linting (flake8).
* Moved cryptography import to separate try/except
* Make sure certificate is actually valid at some time in the past.
* Improve error handling.
* Trying to fix validation for cryptography backend.
* Fixed issue with keyUsage test in assertonly
* Fixed CI/Lint issues
* Fix private key problem for OwnCA.
* Cryptography backend doesn't support v2 certs.
* issue an expired cert with command when using cryptography backend
* Added warning when backend is auto and v2 cert is requested
* Bumped min cryptography version to 1.6
* Correctly check for failure when backend is cryptography and cert is v2
* Use self.backend where possible
* Use secp521r1 EC when testing on CentOS6
* Fixed pylint issue
* AcmeCertificate support for both backends
* Review fixes
* Fixed missing '(' when raising error
* Fixed date_fmt loop
* Updated docs and requirements with cryptography
* Add openssl_certificate to changelog.
Fixes#40060
* Fix coding style errors
* Use CONNECTION LIMIT (no underscore)
* From review done by amenonsen and bcoca - Set default at None, make the change detection less confusing
* Added EXAMPLE on how to apply a database specific connection limit
* Added some basic tests for conn_limit applied to a database
* Check that conn_limit has actually been set / updated to 200
* Add changelog fragment regarding postgresql_db conn_limit parameter
* cs_volume: add volumes extraction and upload features
* cs_volume: Update doc, remove deprecated code
* cs_volume: Add unit tests for extract and upload features
* Fixes flatpak module to work with flatpak >=1.2.0, fixes#51481
This keeps backwards-compatibility for flatpak versions before 1.2.0
* Fixes typeo
Co-Authored-By: oolongbrothers <oolongbrothers@zeibar.net>
* #50877:
* add support to postgresql_privs to use "FOR { ROLE | USER } target_role"
in "ALTER DEFAULT PRIVILEGES"
* fix sanity errors
* #50877: fix documentation and add a check for correct usage
of target_roles
* #50877: fix missing absent option for default privs with target_role
* #50877: add clear description, when target_roles can be used
* #50877: fix conflicts, formatting, and add a changelog fragment
* #50877: fix sanity error E335
* #50877: swap conditions and fix error to warning msg
* #50877: add tests for default privileges
* #50877: fix tests for default privileges
* #50877: fix tests for default privileges on centos 6
The output of pw.getpwnam() does not distinbuish between local and remote accounts. It will return a result if an account exists locally or in the directory. When local is set to True in the task parameters, look through the local password database explicitly.
* Ensure luseradd is present for tests
* Add docs and warnings about local mode
* Allow parent groups to be variables or literal, requires {{ }}
* Check strict before failing on templating errors
* Don't add a group if an invalid parent group was provided
* avoid using Postgres formatting function
* add tests for ALL FUNCTIONS IN SCHEMA
* documentation and changelog
* requested changes in tests
* fixed changelog
* Add source option.
* Split force parameter into force_source, force_absent and force_tag.
* Move all build-related options into a suboption called build.
* Add changelog.
In pyyaml versions before 5.1 the default_flow_style for yaml.dump
was None. Starting with 5.1 it is now False. This change explicitly
sets the value to None to maintain the original to_yaml behavior.
The change to pyyaml was made in the following commit:
507a464ce6
When user specifies the JUMP value to 'tee', gateway is required.
This fix adds new parameter 'gateway' to support this functionality.
Fixes: #53170
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Adding support for IP identifiers according to https://tools.ietf.org/html/draft-ietf-acme-ip-05.
* Add changelog.
* Make sure that the authorizations return value is unchanged for CSRs with DNS-only SANs.
* Remove unneeded import.
* type -> identifier_type
* Python 2.6 compatibility.
* Fix unit tests.
* Add IP address normalization.
* Extend tests.
* Move data into fixtures.
* Adjust BOTMETA.
function changed to do in place replacement, should be less expensive even with copy as it avoids 'sub copies', can compose with module_args_copy to create replacement for old behavior
attempt to fix#52910
* handle lists and subdicts correctly
* added missing exception case, which was not noticed since 'cleaning' was not working
* added comments to clarify exceptions
* create overridable sanitation function
* now used in aws, gce and azure plugins
* added new option to these plugins to work in conjunction with general toggle to make it easier
to emulate inventory script behavior.
* Don't raise AnsibleConnectionFailure if the ssh_process has already died. Fixes#53487
* Better support for file not found messages
* Add changelog fragment
* changelog
* combine provided variables and host vars inside of constructing groups to take into account composed variables
let composed variables "win"
* fix whitespace
* Allow user to control hash behavior
* Remove dependency to psycopg2 with dump/restore
'dump' and 'restore' state only need pg_dump and pg_restore. These tools
don't use psycopg2 so this change tries to avoid the use of it in these
cases.
The db_exists test was replaced with an error detection when piping to
compression program, using a FIFO file. This effectively reverts #39483,
that was a fix for #39412.
* Fix typo
* Add changelog fragment
* Add note for dump and restore not requiring psycopg2
* Fix YAML syntax
* Update lib/ansible/modules/database/postgresql/postgresql_db.py
Co-Authored-By: Glandos <bugs-github@antipoul.fr>
* Output warnings from docker daemon on container create and update.
* Accept warning for blkio_weight instead of idempotency.
* Value quoting.
* Avoid loop variable conflict.
* Add changelog.
* Make one test case faster.
* Add 'Docker warning: ' prefix.
* Add a generalized warning reporting function.
* Add rollback_config
* Add change log fragment
* Fix broken test
* Actually fix broken tests
* Add rollback_config example
* Default rollback_config as None
* Abort early if rollback_config does not exist
* Add mount options
* Remove mount readonly default
* Fix driver_config test
* Add documentation
* Add changelog fragment
* Properly indent tmpfs_ options
* Use correct service suffix for mount tests
* Check for None value on tmpfs usage check
* Document change of mounts.readonly return key
* Use correct change log type
* Really use correct change log type
* Revert changing mount.readonly to read_only
* Raise OpenSSLBadPassphraseError if passphrase is wrong.
* Improve handling of passphrase errors.
Current behavior for modules is: if passphrase is wrong (or wrongly specified), fail.
Current behavior for openssl_privatekey is: if passphrase is worng (or wrongly specified), regenerate.
* Add changelog.
* Add tests.
* Adjustments for some versions of PyOpenSSL.
* Update lib/ansible/modules/crypto/openssl_certificate.py
Improve text.
Co-Authored-By: felixfontein <felix@fontein.de>
Fixes a bug where parse_distribution_file_ClearLinux() was called on CoreOS (and probably many other distros) and it returned True since it successfully parses the distribution file. Since this file exists on many Linux distributions and they are a very similar format, add an additional check to make sure it is Clear Linux.
Change the order in which distribution files are processed so NA is last. This prevents a match on CoreOS hosts since they also have /etc/os-release and the called matching function for NA is very general and will match CoreOS.
* Add changelog
* Add unit tests
Only add tests for Clear Linux parsing since that was the cause of this issue.
* Support FOREIGN DATA WRAPPER and FOREIGN SERVER in postgresql_privs module
* Added available from note to fdw and fs object types
* Integration tests, examples in documentation
* Complete integration tests
* [docker_image] fix the changed state for tagging and pushing
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docker_image] add tests for (force) tagging and force pushing
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docker_image] add a news fragment for the fixed force tag/push behavior
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* Fix for "AttributeError: 'module' object has no attribute 'cursors'" (#49191) (#1)
* Fix for "AttributeError: 'module' object has no attribute 'cursors'" (#49191)
* Adding changelog fragment for issue #49191 and the following PR.
* Update lib/ansible/module_utils/mysql.py
Co-Authored-By: timorunge <timorunge@users.noreply.github.com>
* Fixed crash with hidden files
added "-force" parameter on "Get-Item" cmdlet. this is needed to get file info if the file is "hidden"
without this option modules like win_file, win_template, win_copy crashes on hidden files. this is because with "test-path" it sees that the file exists, but "get-item" can't get the file info.
for more information on "-force option": https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-item
* Add changelog and integration tests
* fix tests for older Windows versions
* Add dnsrecord_show method for supporting base domain record
* Replace dnsrecord_show with conditional in dnsrecord_find
* Added changelog entry for MX and SRV
Signed-off-by: synical <sjohnsondot@gmail.com>
* Add support for Windows hosts in the SSH connection plugin
* fix Python 2.6 unit test and sanity issues
* fix up connection tests in CI, disable SCP for now
* ensure we don't pollute the existing environment during the test
* Add connection_windows_ssh to classifier
* use test dir for inventory file
* Required powershell as default shell and fix tests
* Remove exlicit become_methods on connection
* clarify console encoding comment
* ignore recent SCP errors in integration tests
* Add cmd shell type and added more tests
* Fix some doc issues
* revises windows faq
* add anchors for windows links
* revises windows setup page
* Update changelogs/fragments/windows-ssh.yaml
Co-Authored-By: jborean93 <jborean93@gmail.com>
* Document and validate mode choices
* Update examples
* Test cpu float values
* Test correct option
* Fix module return sample
* Add secrets and user to module return value
* Order options alphabetically
* Add changelog
* yaml indentation
* Revert "Order options alphabetically"
This reverts commit 51dabccda7930b707d5683670af7f89a68aeb577.
* Be consistent with choices type
* win_domain: fix issue when running without credential delegation
* Add check for reboot is required to complete role e install
* Fix changelog sanity issue
* removed meta file accidentally committed
* Fix version checks in tests
* Set minimum version to 2.0.2
* Networks can only be updated >= docker-py 2.7
* Constraints require docker-py 2.4.0
* Healthchecks require docker-py 2.6.0
* Properly run tests different docker_py_versions
* Add changelog fragment
* Specify lowest version on placement.constraints
* Fix running new tests on older docker-py
* Handle different hosts formats returned by docker
* FIx test naming
* Quote str options
* secrets options require docker-py 2.4.0
* Replace InventoryFileCacheModule with a better developer-interface
Use new interface for inventory plugins with backwards compatibility
Auto-update the backing cache-plugin if the cache has changed after parsing the inventory plugin
* Update CacheModules to use the config system and add a deprecation warning if they are being imported directly rather than using cache_loader
* Fix foreman inventory caching
* Add tests
* Add integration test to check that fact caching works normally with cache plugins using ansible.constants and inventory caching provides a helpful error for non-compatible cache plugins
* Add some developer documentation for inventory and cache plugins
* Add user documentation for inventory caching
* Add deprecation docs
* Apply suggestions from docs review
* Add changelog
* made adding package managers easier
added portage support
* moar pkg mgrs and moar info
- added 'pkg' pkg manager (freebsd)
- added pip
- more apt info
* updated clgo
* Updates from feedback
Co-Authored-By: bcoca <bcoca@users.noreply.github.com>
* incorporated more feedback and added docstrings
* moar from feedback
- made manager list dynamic and names based on class
- better not found msg
- made abstract metaclass again
- test is now init exception
- module to global
- better dedupe comments
* more targetted errors/warnings
* added strategy, reordered to conserve priority
* rpm > apt
* move break to top
* fix trate
* piping it
* lines and meta
* refactored common functions
- moved pip into it's own module
- cleaned up base clases
- ensure 'lower' match in package_facts
* missing license
* avoid facts
* update clog
* addressed feedback
* fix clog
* cleanup
* upd
* removed pip as that was removed
* renamed cpan
* added a single line since 2 lines are needed to be
readabnle instead of just 1 line, it is a huge problem otherwise
* fix internal ref
* not intended in this round
* updated as per fb
* make add_group return proper name
* ensure central transform/check
* added 'silent' option to avoid spamming current users
those already using the plugins were used to the transformations, so no need to alert them
* centralized valid var names
* dont display dupes
* comment on regex
* added regex tests
ini and script will now warn about deprecation
* more complete errormsg
* Do not return 'instances' when wait is false
* Added integration tests for wait: false
* Added changelog fragment
* Fix test suite to work with ec2_instance
* Additional permissions
* Enforce boto3 version
* Fix broken tests
* Improve error messages
* fix linter issues
* adds fargate launch_type to ecs_task module
* White space changes
* fix documentation for running ecs task on fargate
* remove extraneous example from ecs_task
* White space changes
* Adds changelog fragment
* Pluralize minor_changes in changelog fragment
* Add Stop and Start task permissions
* set valid_until equal to current time + spot_wait_timeout
* Add checksum check for downloaded file.
* refactoring
* fix typo
* add fixes
* mart try,catch handling
* revert lib/ansible/modules/cloud/amazon/ec2.py from upstream
* refactoring
* remove empty lines
* add checksum verification for existing file
* fix current file check
* refactoring destination file check
* add handling exceptions
* refactoring
* Added download file hash data from url
* fix string aligning
* fix bug with uri
* Added get hash from multy-string file
* Added URI support for checksum file location
* refactoing
* Remove any non-alphanumeric characters for hash from url
* fix discussions; add support for PS3
* refactoring
* add size return value
* checkout from upstream for lib/ansible/modules/cloud/amazon/ec2.py
* add Ansible.ModuleUtils.Legacy support; refactoring
* Copyright added
* Checking files size before and after downloading added.
* remove unused code
* Corrected regexp for dotted slashed file name prefix in hash-file
* hotfix typo error; add int tests
* remove legacy module support; split checksum to checksum, checksum_algorithm, checksum_url
* changed default hash algorithm
* Fixed case for ContentLength = -1
* Old comment removed
* fix typo
* Remove file size check before downloading
* add alias to ; fix tests
* adjust tests; fix lint warnings from PSScritpAnalyzer
* workaround for bug in win_chocolatey module on win2008
* remove win_get_url.ps1 from /test/sanity/pslint/ignore.txt
* add checksum_algorithm as retuen value
* first normalise before return Result
* resolve discussions
Signed-off-by: Viktor Utkin <viktor.utkin7@yandex.ru>
* fix discussions
fix http tests as discussed
* fix last discussions
* Reduce code duplication and add idempotency check
* fix sanity issue and remove testing code
* move back to using tmp file for checksum comparison
* Decreasing docker_swarm requirements.
* Fixing docker-py / docker API version requirements, and some comments.
* Add changelog.
* Only send parameters specified by user to docker daemon.
* Extend labels test: not specifying == keep labels.
* Bump minimally required docker-py version for docker_node and docker_node_facts to 2.4.0.
* Prevent crashing when publish or healthcheck is not provided.
* Similarly to docker_swarm tests, only execute docker_node tests on real VMs and restart docker daemon when tests are done.
* replace uses of sort_json_policy_dict with compare_policies which is compatible with Python 3 and remove sort_json_policy_dict from the AWS guidelines since it only works on Python 2
* Sort any lists containing only strings
* Sort the original policy too
* Look in /lib/molly-guard for shutdown command
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add parameter for extra_search_paths
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Change option to search_paths
- Update docs
- Make the parameter replace the default values
- Add some sanity checking on the data type
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Correct parameter in tests, change conditional for molly-guard tasks
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Address feedback
* Simplify field validation
Needed the try except in case a non-iterable type is put in the search_paths field
* adding quiet option to assert (ansible#27124)
* adding doc for quiet to assert.py
* fixing PEP8 failure
* improving example
* improving docs
* adding changelog fragment
* adding . at end of descriptions
* removing trailing blank line
* adding integration test for assert
* fixing CI complaints
* disabling gather_facts in quiet.yml test
* rerunning to capture skip
* cleaning up python 2 vs 3
* following rebase
* fixing CI complaints
* fixing CI complaints
* fixing CI complaints
* fixing CI complaints
* fixing CI complaints
* Change the retry_files_enabled to False and modify the comments to reflect that
this has been disabled.
* Change the default action of retry_files_enabled to False
* Update porting guide to reflect change in default state of retry_files_enabled variable
* Change log documenting a change in default behaviour of retry_files_enabled
* Revert config change to comment out the retry_files_enabled line to let the user decided what is best.
Comment above still states how to change.
* postgresql_privs change fail to warn if role does not exists
* postgresql_privs change fail to warn if role does not exists: fix sanity
* postgresql_privs change fail to warn if role does not exists: add changelog fragment
* postgresql_privs change fail to warn if role does not exists: fixes
* postgresql_privs change fail to warn if role does not exists: added fail_on_role param
* Revert "use list instead of tuple and remove md5 on ValueError (#51357)" c459f040da.
* Modify the correct variable when determining available hashing algorithms
* Python interpreter discovery
* No longer blindly default to only `/usr/bin/python`
* `ansible_python_interpreter` defaults to `auto_legacy`, which will discover the platform Python interpreter on some platforms (but still favor `/usr/bin/python` if present for backward compatibility). Use `auto` to always use the discovered interpreter, append `_silent` to either value to suppress warnings.
* includes new doc utility method `get_versioned_doclink` to generate a major.minor versioned doclink against docs.ansible.com (or some other config-overridden URL)
* docs revisions for python interpreter discovery
(cherry picked from commit 5b53c0012ab7212304c28fdd24cb33fd8ff755c2)
* verify output on some distros, cleanup
* Ensure play order is obeyed
it was being ignored depending on other options
also added tests for each order (except shuffle) both serial and not
fixes#49846
All openSUSE distributions changed to the way they are returned from distro.id().
This patches fix the openSUSE Leap and SLES distro names, and adds one entry for Tumbleweed.
These descriptions are capitilized, as expected by Ansible's hostname module.
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
* add boto3_tag_list_to_ansible_dict to ec2_vpc_peering_facts.py
* Add parameter checking to ec2_vpc_peer and give helpful error message
* Fixed modules --> module typo in ec2_vpc_peer
* Added required_if logic and fixed incorrect boolean check for absent peering connection
* Changed error message to one of the following is
* Added changelog fragments for ec2_vpc_peer changes
* Changed changelog fragment as per request
* Support UpdateService forceNewDeployment in ecs_service module
* Fixes for review
* Add force_new_deployment option to ecs_service.py
cherrypicks changes from via/ansible
Adds tests for pull request #42518
fixes backwards compatability with boto<1.8.4
* WIP commit so I don't have to stash
* WIP commit for healthcheck grace period
* WIP commit; ecs_module handles service registries
* Fix bad check for desired_count
* Add scheduling strategy test, comment out service registry test
* Fix names in ecs_cluster role main task.
* move full test run back to the end
* Change botocore version for full test to support scheduling strategy
* fix bug with desired_count==0 in amazon/ecs_service
* Fix changed checking for scheduling strategy DAEMON in ecs_service
* Pass testS
* Fix some unhelpful comments
* Add changelog for ecs_service
* Add diff support to docker_swarm.
* Add changelog.
* Using diff mode for docker_swarm tests. This improves debugging, since the the module now outputs more information on *why* it did certain actions.
* Improve idempotency checking: only consider parameters which are part of the generated spec.
* Properly handle rotate_worker_token and rotate_manager_token.
* patch state 'planned' outputs and perform minor refactor
* reconcile with pep8 and pylint
* remove a space...
* update changed to only flip when >0 added, changed, or destroyed is detected
* add state dependecy to conditional change check
* fix typo
* reconcile with pep8[E317]
* add a changelog fragment
* Revert "Clear failed state in always only if we did rescue (#52829)"
This reverts commit f135960fc2.
* Add tests for failed scenario
* Set failed task with EXPECTED FAILURE
Leave it up to the module to return the state in the results.
I went through all the modules in files/ and only found one case where the module needed to return this. No other modules return paths that do not exists.
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Allow configuration templates when using net_id...for reals
- Didn't work before, I had bad code. I'm sorry.
- Cleaned up code and simplified functions
- Added integration tests to test for net_id actions
* Add changelog
* Add module name to changelog
* Fix indentation
* Add new module property to Windows modules
* Add brief pause to file tests to ensure the stat times are not equal, which was happening sometimes.
* Raise TypeError on error rather than fail_json()
* Rework error message to be less verbose
* Add porting guide entry
* #49664 Added npm ci command
* Update lib/ansible/modules/packaging/language/npm.py
Sure
Co-Authored-By: Bramzor <bramverdonck@telenet.be>
* Moved ci_install so it would work for specific packages
Would this work?
* Reverted last commit
npm ci will remove node_modules so cannot be used it to install a specific module.
* Update lib/ansible/modules/packaging/language/npm.py
Co-Authored-By: Bramzor <bramverdonck@telenet.be>
* Update lib/ansible/modules/packaging/language/npm.py
Co-Authored-By: Bramzor <bramverdonck@telenet.be>
* Update lib/ansible/modules/packaging/language/npm.py
Co-Authored-By: Bramzor <bramverdonck@telenet.be>
When no repos are defined, the `repo` variable is undefined. Therefore
append it only to the result if a repo was found. Otherwise Ansible will
fail with an UnboundLocalError.
* Filter DNSimple request by record name.
The request was not filtered and DNSimple returns only the first 100
records so if the number of records is larger the check could fail.
This patch fixes the issue and also makes the check to perform better.
* Add changelog fragment.
* Added product to the dict choices.
Following issue 48594 where product is not a recognised choice: https://github.com/ansible/ansible/issues/48594
* fixed doc
added - product to the doc
* split line 549
to correct ci test splitting line 549
* Create 49776-product_fix_katello_foreman_module.yaml
changelog fragment creation
* Don’t remove service when networks change
* Add changelog fragment
* Some more network integration tests
* Add hannseman as author
* Remove return on self.client.fail
* Facts parsing for cmdline can now handle multiple values for a single key.
* Unit tests for cmdline fact parsing
* Review comments
Fixes: #22766
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Fix bug when specifying SSID by number
- Migrated integration test to blocks with always
- Minor URL fixes
(cherry picked from commit ed79c294f2e3f82d4828226004c055dcd7ce9f63)
* Create changelog file
* Add new line
According to the OpenStack Networking API
the attribute provider:segmentation_id of a network has to be
an integer.
Even if neutron accepts provider:segmentation_id to be a
string, other implementations may not.
* Performance fixes for net and org lookups
- Both methods had duplicate lookups
- This should significantly improve performance
- Currently untested
* Add ChangeLog file
* Change from bugfix to bugfixes and change indent
* First pass at allowing unix socket with urls/uri. See #42341
* Only insert handler as needed
* Fix and add tests
* Add HTTPS functionality for unix sockets
* Additional test fixes
* Create context manager for monkey patching HTTPConnection.connect, de-dupe code, raise better errors
* doc
* Add a few more tests
* Fix __call__
* Remove unused import
* Patch HTTPConnection.connect with the functionality we want, instead of duplicating code and disabling
* Fix var name
* Remove unused var
* Add changelog fragment
* Update uri docs
* Fix rebase indentation issue
* Work around problem with Docker daemon that sometimes won't find image if prefixed with docker.io repo name.
* When tring library/xxx, docker-py also doesn't sometimes find the image.
* Add changelog.
* Fixing unexpected keyword argument 'cursorclass' error after migration from MySQLdb to PyMySQL
* Adoptions for mysql.py as suggested by felixfontein.
* Adding changelog fragment.
Previously the yum module would provide a `changes` dict when
executed in check mode but omit it when not in check mode in favor
of the `results` data which is raw output from the yum command. This
pull request makes that output uniform.
Fixes#51724
Signed-off-by: Adam Miller <admiller@redhat.com>
* Raise AnsibleConnectionError on winrm con errors
Currently all uncaught exceptions of the requests library that is used
in winrm will lead to an "Unexpected failure during module execution".
Instead of letting all exceptions bubble up we catch the connection
related errors (inkl. timeouts) and re-raise them as
AnsibleConnectionError so Ansible will mark the host as unreachable and
exit with the correct return code.
This is especially important for Zuul (https://zuul-ci.org) to
distinguish between failures and connection/host related errors.
* Update lib/ansible/plugins/connection/winrm.py
Co-Authored-By: westphahl <westphahl@gmail.com>
* Add changelog fragment
* identity: Add GSSAPI suport for FreeIPA authentication
This enables the usage of GSSAPI for authentication, instead of having
to pass the username and password as part of the playbook run.
If there is GSSAPI support, this makes the password optional, and will
be able to use the KRB5_CLIENT_KTNAME or the KRB5CCNAME environment
variables; which are standard when using kerberos authentication.
Note that this depends on the urllib_gssapi library, and will only
enable this if that library is available.
* identity: Add documentation for GSSAPI authentication for FreeIPA
This documentation describes how to use GSSAPI authentication with the
IPA identity modules.
* identity: Add changelog for GSSAPI support for IPA
This adds the changelog entry for the GSSAPI authentication feature for
the IPA identity module.
* Allow creation and deletion of keys (deletion just schedules for
deletion, recreating an old key is just cancelling its deletion)
* Allow grants to be set, thus enabling encryption contexts to be
used with keys
* Allow tags to be added and modified
* Add testing for KMS module
* Tidy up aws_kms module to latest standards
There are other chat systems with hook implementations more or less
compatible with Slack, such as Rocket.Chat. The latter requires the
Content-Type header to be set to "application/json" (the body is JSON).
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
* [WIP] become plugins
Move from hardcoded method to plugins for ease of use, expansion and overrides
- load into connection as it is going to be the main consumer
- play_context will also use to keep backwards compat API
- ensure shell is used to construct commands when needed
- migrate settings remove from base config in favor of plugin specific configs
- cleanup ansible-doc
- add become plugin docs
- remove deprecated sudo/su code and keywords
- adjust become options for cli
- set plugin options from context
- ensure config defs are avaialbe before instance
- refactored getting the shell plugin, fixed tests
- changed into regex as they were string matching, which does not work with random string generation
- explicitly set flags for play context tests
- moved plugin loading up front
- now loads for basedir also
- allow pyc/o for non m modules
- fixes to tests and some plugins
- migrate to play objects fro play_context
- simiplify gathering
- added utf8 headers
- moved option setting
- add fail msg to dzdo
- use tuple for multiple options on fail/missing
- fix relative plugin paths
- shift from play context to play
- all tasks already inherit this from play directly
- remove obsolete 'set play'
- correct environment handling
- add wrap_exe option to pfexec
- fix runas to noop
- fixed setting play context
- added password configs
- removed required false
- remove from doc building till they are ready
future development:
- deal with 'enable' and 'runas' which are not 'command wrappers' but 'state flags' and currently hardcoded in diff subsystems
* cleanup
remove callers to removed func
removed --sudo cli doc refs
remove runas become_exe
ensure keyerorr on plugin
also fix backwards compat, missing method is attributeerror, not ansible error
get remote_user consistently
ignore missing system_tmpdirs on plugin load
correct config precedence
add deprecation
fix networking imports
backwards compat for plugins using BECOME_METHODS
* Port become_plugins to context.CLIARGS
This is a work in progress:
* Stop passing options around everywhere as we can use context.CLIARGS
instead
* Refactor make_become_commands as asked for by alikins
* Typo in comment fix
* Stop loading values from the cli in more than one place
Both play and play_context were saving default values from the cli
arguments directly. This changes things so that the default values are
loaded into the play and then play_context takes them from there.
* Rename BECOME_PLUGIN_PATH to DEFAULT_BECOME_PLUGIN_PATH
As alikins said, all other plugin paths are named
DEFAULT_plugintype_PLUGIN_PATH. If we're going to rename these, that
should be done all at one time rather than piecemeal.
* One to throw away
This is a set of hacks to get setting FieldAttribute defaults to command
line args to work. It's not fully done yet.
After talking it over with sivel and jimi-c this should be done by
fixing FieldAttributeBase and _get_parent_attribute() calls to do the
right thing when there is a non-None default.
What we want to be able to do ideally is something like this:
class Base(FieldAttributeBase):
_check_mode = FieldAttribute([..] default=lambda: context.CLIARGS['check'])
class Play(Base):
# lambda so that we have a chance to parse the command line args
# before we get here. In the future we might be able to restructure
# this so that the cli parsing code runs before these classes are
# defined.
class Task(Base):
pass
And still have a playbook like this function:
---
- hosts:
tasks:
- command: whoami
check_mode: True
(The check_mode test that is added as a separate commit in this PR will
let you test variations on this case).
There's a few separate reasons that the code doesn't let us do this or
a non-ugly workaround for this as written right now. The fix that
jimi-c, sivel, and I talked about may let us do this or it may still
require a workaround (but less ugly) (having one class that has the
FieldAttributes with default values and one class that inherits from
that but just overrides the FieldAttributes which now have defaults)
* Revert "One to throw away"
This reverts commit 23aa883cbed11429ef1be2a2d0ed18f83a3b8064.
* Set FieldAttr defaults directly from CLIARGS
* Remove dead code
* Move timeout directly to PlayContext, it's never needed on Play
* just for backwards compat, add a static version of BECOME_METHODS to constants
* Make the become attr on the connection public, since it's used outside of the connection
* Logic fix
* Nuke connection testing if it supports specific become methods
* Remove unused vars
* Address rebase issues
* Fix path encoding issue
* Remove unused import
* Various cleanups
* Restore network_cli check in _low_level_execute_command
* type improvements for cliargs_deferred_get and swap shallowcopy to default to False
* minor cleanups
* Allow the su plugin to work, since it doesn't define a prompt the same way
* Fix up ksu become plugin
* Only set prompt if build_become_command was called
* Add helper to assist connection plugins in knowing they need to wait for a prompt
* Fix tests and code expectations
* Doc updates
* Various additional minor cleanups
* Make doas functional
* Don't change connection signature, load become plugin from TaskExecutor
* Remove unused imports
* Add comment about setting the become plugin on the playcontext
* Fix up tests for recent changes
* Support 'Password:' natively for the doas plugin
* Make default prompts raw
* wording cleanups. ci_complete
* Remove unrelated changes
* Address spelling mistake
* Restore removed test, and udpate to use new functionality
* Add changelog fragment
* Don't hard fail in set_attributes_from_cli on missing CLI keys
* Remove unrelated change to loader
* Remove internal deprecated FieldAttributes now
* Emit deprecation warnings now
* standardize user/password connection vars
* docs: use ansible_user and ansible_password
* docs: var precedence for connection vars
* docs: ansible_become_pass -> ansible_become_password etc
* Enable 'changed' var with ufw check mode
* Fix from comment of the PR + Unit Test
* Fix on ufw module after the second review
- delete rules change works in check mode
- simplify execute def & use it on every call process
- improved regexp
- rename vars defaults to current_default_values
* Add ignore error to execute() and use it in get_current_rules()
* Update after third code review (introduce change in changed status)
* Adjust tests and fix some problems (#1)
* 'active' also appears in 'inactive'.
* 'reject' is also a valid option here.
* For example for reloaded, changed will be set back to False here.
* Improve and adjust tests.
* Fix after merging integration test
* handle "disabled" on default routed
* Add /var/lib/ufw/.. rules files
* add unit test
* Fix pep8 formatting error
* Separate ipv6 and ipv4 rules process from checkmode
* fix non-ascii error on ci
* Some change after review
* Add unit test with sub network mask
* rename is_match function by is_starting
* add changelog fragment
Previously it was assumed that the Amazon system-release
number was the final value of the string. This isn't always
the case. Some releases have the name at the end.
Amazon Linux release 2
Amazon Linux release 2 (Karoo)
Fix by instead looking for a number in the string.
Fixes#48823
Check the path /run/ostree-booted which I'm told by upstream that it
will always be present when a host system is Fedora/RHEL/CentOS
Atomic/CoreOS vs "traditional" distro instance to detect the
non-traditional instance and ensure pkg_mgr selection is correct
Signed-off-by: Adam Miller <admiller@redhat.com>
* use list instead of tuple and remove md5 on ValueError
Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>
* convert algorithms to list and add comment
Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>
* only convert to list if algorithms is not None
Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>
* new fragment for PR 51357
Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>
* fix lint: remove blank line
Fixes: #51534
* set valid_until equal to current time + spot_wait_timeout
* add setting ValidUntil to value
* add changelog fragment
* fix shebang issue
* uri: fix TypeError when file can't be saved
Fix the following exception (and others):
Traceback (most recent call last):
File "/home/lilou/debug_dir/__main__.py", line 604, in <module>
main()
File "/home/lilou/debug_dir/__main__.py", line 554, in main
write_file(module, url, dest, content, resp)
File "/home/lilou/debug_dir/__main__.py", line 320, in write_file
module.fail_json(msg="Destination dir '%s' not writable" % os.path.dirname(dest), **resp)
TypeError: fail_json() got multiple values for keyword argument 'msg'
I would rather remove **resp from returned values but this module is
flagged as stableinterface.
* Static imports are more straight forward and preferred unless dynamic inclusion is required.
Added support for username and password authentication in hashi_vault
lookup plugin.
Fixes: #38878
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add coherency between check and normal mode see issue #24633
* Add changelog fragment for the PR
* Make change following PR comment
* Remove trailing whitespace
* Always check envvars when auth parameter is not provided
This will make it so that all code using the get_api_client
method will make use of the environment variables, instead of
silently ignoring them if default values haven't been set. This
affects at least the k8s lookup plugin.
* Add changelog
* move extravars and option vars loading into VM
also safedir setting, all these are intrinsic to VM
avoid uneeded and inefectual shallow copy
remove setters/getters as VM now does most of the work in init
updated and added tests
* feedback + fixes
* keep extra_vars property for vars_prompt
* pass values not objects
* remove bare var handling in conditionals
this makes top level and multilevel vars (dicts keys) behave the same
it will require adding |bool for 'string comparissons' in indirect templates
- added new tests to ensure uniform handling
- switched to 'is' testing for status
- changed warning to 'conditional' as 'when:' is not only place it gets triggered
* updated to include toggle and deprecation
* fix deprecated
* updated tests to handle toggle
* fixed typo and added note about the future
* aws_ec2 Implement the missing 'region discovery'
fixes#45288
tries to use api as documented (which seems to fail in latest boto3 versions)
and fallback to boto3 'hardcoded' list of regions
* fixes and cleanup, add error for worst case scenario
* fix tests, remove more unused code
* add load_name
* acually load the plugin
* set plugin as required
* reverted test changes, removed options tests
* fixes as per feedback and cleanup
* Add functionality to set hidden properties. Fixes#50299
* Add inject_ovf_env functionality
* Add xml declaration
* Revert "Add functionality to set hidden properties. Fixes#50299"
This reverts commit 4b41bb75207b5f88573df556cf94cfd64c843e56.
* Add changelog fragment
* Minor changes
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* add static facility and apply to register
* added warning
* added test for templated register
* test register 'static' status
* rely on subshell to deal with quote context
* use corrects pb for test
* bring constants back cause new code in devel
* Add tests for check_mode at play and task level
These test inheritance of check_mode from the various levels (command
line, as a play attribute and as a task attribute) so they will be
useful for checking that the change to fieldattribute inheritance with
defaults works
* Add a sentinel object
The Sentinel object can be used in place of None when we need to mark an
entry as being special (usually used to mark something as not having
been set)
* Start of using a Sentinel object instead of None.
* Handle edge cases around use of Sentinel
* _get_parent_attribute needs to deal in Sentinel not None
* No need to special case any_errors_fatal in task.py any longer
* Handle more edge cases around Sentinel
* Use Sentinel instead of None in TaskInclude
* Update code to clarify the vars we are copying are class attrs
* Add changelog fragment
* Use a default of Sentinel for delegate_to, this also allows 'delegate_to: ~' now to unset inherited delegate_to
* Explain Sentinel stripping in _extend_value
* Fix ModuleArgsParser tests to compare with Sentinel
* Fixes for tasks inside of roles inheriting from play
* Remove incorrect note. ci_complete
* Remove commented code
* Catch SSH authentication errors and don't retry multiple times to prevent account lock out
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Subclass AnsibleAuthenticationFailure from AnsibleConnectionFailure
Use comparison rather than range() because it's much more efficient.
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Make paramiko_ssh connection plugin behave the same way
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add changelog
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Move relative time handling to module_utils and rewrite it
* Fix cases with no seconds defined
* fix a small typo along the way
* add relative time handling to the ownca provider in openssl_certificate
* add initial integration test for relative time ownca
* quote the documentation to produce valid yaml
* move timespec conversion and validation to the init function
* fix small edge case in conversion function
* add relative timestamp handling to the selfsigned provider
* add get_relative_time_option
* add relative timestamp handling to valid_in
* pep8 fix indentation
* add quotes in error message
* add changelog fragment
* Update changelogs/fragments/50570-relative_time_crypto.yaml
Co-Authored-By: MarkusTeufelberger <mteufelberger@mgit.at>
* Added support for labels for Docker Network
* Fixed missing comma in Docker Network module
* Specified minimal versions for dependencies and added changelog
* Fixes based on suggestions after code review
* Added integration tests
* Add command option
* Fix test task name
* Changelog fragment
* Fix indendation
* Add version_added
* Better command description
* Test passing command as list
* Handle invalid command types
* Cleaner command type checking
* Check that all items in command list are strings
* Better error about command list items
* Better type checking errors
* Add tests for command type checking
* Update command tests
* Fix messed up rebase
* Fix publish idempotency when mode is None
* Add changelog fragment
* Python 2.6 compat
* Use self.publish
* Check length of publish before comparing content
* Sort publish lists before zipping
* Enable publish tests
* python3 compat
* Don’t sort by mode as it is not safe
* Document publish suboptions and add them to args
* Add type to publish documentation
* Add choices to publish argument_spec suboptions
* Make tcp the default protocol
* Make documentation reflect protocol default
* Simplify setting mode
* Remove redundant string quoting
* Test order of publish
* Add comment about publish change detection
* Revert "Revert "openssl_csr: Allow to use cryptography as backend (#50324)""
This reverts commit bbd2e31e9f.
* Remove more complicated selection copy'n'pasted from openssl_privatekey.
* Add tests for backend selection.
* Add openssl_csr test for arbitrary string commonName.
* Allow to disable commonName -> SAN copying (fixes#36690).
* Increase persistent command_timeout default value
* Increase command_timeout default value from 10 to 30 sec
to reduce frequent timeout issue for network connection
types (netconf/network_cli/httpapi/napalm)
* Fix review comments
* Corner case in which import_role would add another instance of a role with the same signature into roles: when it already existed there.
roles:
- name: a
tasks:
- import_role: name=a
would execute role 'a' 3 times instead of the intended 2 (x2 in roles: phase +1 in tasks:)
* added tests
* Add object_type param to checkpoint_object_facts
* Add changelog fragment
* Fix sanity
* Fix sanity
* Pass type param to payload
Otherwise it does not do what is expected to do
* Add ip-only default to docstring
* Revert "avoid x2 setting of set_fact when 'cacheable' (#50564)"
This reverts commit 207848f354.
* clarify clear_facts with set_fact cacheable
revert previous 'fix' as it will break playbooks by changing precedence
opted to leave current behaviour but document it on both plugins to mitigate confusion
fixes#50556
also fix grammer, add comment, remove unused e
* Bubble up import exception content for k8s module
Signed-off-by: Fabian von Feilitzsch <fabian@fabianism.us>
* Track down other places import exception is reported
* Add changelog fragment
When a user home dir is not created with `useradd`, the home dir will now
be created with umask from /etc/login.defs. Also fixed a bug in which
after a local user is deleted, and the same user exists in the central
user management system, the module would create that user's home.
* check for result['status'] in systemd module
* instead of checking for result['state'], actually check for chroot and warn
* allow systemctl status to work if in a chroot, update warn text
* simply change warning message
* Allow to use cryptography as backend for openssl_csr.
* Use different curve.
* Adding changelog.
Includes changelog fragment for #49416, which didn't include one.
* Describe labels and container_labels correctly
* Clarify reserve_memory and limit_memory docs
* Remove default from container_labels doc
* Remove trailing whitespace
* Document min api version for configs and secrets
* Add changelog fragment
* Specify type on labels and container_labels
* Consolidate required API version descriptions
* Update reserve and limit memory docs
* Use correct power-of-two units
* Remove description about limit_memory minimum 4mb
* docker_swarm_service: use exact name match when finding services
The Docker API's filtering support allows filtering for substring
matches which means that when we filter the list of running services we
may accidentally match a service called "foobar" when looking for a
service named "foo".
Fix this by filtering the list of services returned from the Docker API
so that name matches are exact. It is still worth passing the filter
parameter to the Docker API because it reduces the number of results
passed back which may be important for remote Docker connections.
Closes 50654.
* add changelog fragment for #50654
* Added documentation around using vmware dynamic inventory plugin
* Fixed bug for populating host_ip in hostvars for given inventory host
* VMware: Add properties in vmware_vm_inventory
Fixes: #50249
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fixes issue 50296
* fixes the indentation of the return statement
* Adds a conditional test into `_find_systems_resource()` to check the existence
of the Members of System resource
* updates the error message
* harden the conditional test
* Add a changelog
Provide toggle flag to allow display of unreachable task to stderr
using default callback plugin.
Fixes: #48069
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>