remove cloudtrail.py from legacy-files as it passes pep8 tests now
update return values to use snake case per coding guidelines
update boto3 exception handling to use method outlined in coding guidelines
update parameter spec and return value code per PR code review
* Add sros changes for Python3
Make `execute_command` arguments and its
return value complaint to PY3 changes
made in PR #24431
Code cleanup
pep8 fixes
* Fix CI issue
* Add vyos changes for Python3
Make `execute_command` arguments and its
return value complaint to PY3 changes
made in PR #24431
pep8 fixes
* Fix CI issues
In _process_pending_results (strategy/__init__.py), we were using the delegate_to
field directly from the original task, which was not being templated correctly.
As an alternate to #23599, this patch instead pulls the host name out of the delegated
vars passed back in the task result dictionary to avoid having to re-template things.
Fixes#23599Fixes#20508
Ensure newly created NAT gateways get converted to snake dict
Remove custom code, and associated test, for generating snake
dict and use `camel_dict_to_snake_dict`
Make use of `required_if` rather than bespoke parameter checks
Remove ec2_vpc_nat_gateway from pep8 legacy files list
If a lambda exists but does not have a VPC configuration,
add the VPC configuration when it's present in the ansible
parameters.
Prior to this change, setting VPC configuration on a lambda
that did not have any VPC configuration would ignore that config.
* Fixes#24251 save config only if it is changed
Save to startup configuration only when it is different
from running configuration.
* Fix unit test issue
* vmware_guest: Add support for Linked Clones
* Resolve PEP8 Issues
* Change snapshot_name to snapshot_src
* Add additional option 'snapshot_linked' to specify whether to use a linked clone or not
* Changed snapshot_linked parameter to "linked_clone"
* Remove unnecessary conditional
We have a protection against a user setting use_default_subnetpool in
their playbook - but then we sure do pass the kwarg anyway. Maybe let's
not do that.
With newer versions of ansible, module arguments are assumed to
be strings unless otherwise specified. Our 'facts' argument is
expected to be a dictionary, so tell ansible that.
Without this, the argument will arrive as a string and be written
to the facter file inside string quotes. Facter will produce the
following error:
undefined method `each' for #<String:0x000000016ee640>
This was originally fixed and found in the Ansible Puppet role which
is maintained by the OpenStack infrastructure team.
8d0f0bfd0a
On Python3 and Python2 use pickle slightly differently so we need to be
explicit about some things.
If pickles could be shared between python2 and python3, as in
ansible-connection and the pickle cache, we need to specify the protocol
to use when dumping and the encoding to use for byte strings when
loading.
The dumping protocol needs to be no higher than 2 as python-2 only
supports up to protocol 2. The encoding should usually be 'bytes' so
that python2 str type becomes python3 bytes type. However, doing this
means that we must make sure that the objects being serialized properly
make their strings into text strings except when they're supposed to be
bytes. If strings are improperly byte strings, they may cause
tracebacks on the receiving end
Fix for persistent connection plugin on Python3. Note that fixes are also needed to each terminal plugin. This PR only fixes the ios terminal (as proof that this approach is workable.) Future PRs can address the other terminal types.
* On Python3, pickle needs to work with byte strings, not text strings.
* Set the pickle protocol version to 0 because we're using a pty to feed data to the connection plugin. A pty can't have control characters. So we have to send ascii only. That means
only using protocol=0 for pickling the data.
* ansible-connection isn't being used with py3 in the bug but it needs
several changes to work with python3.
* In python3, closing the pty too early causes no data to be sent. So
leave stdin open until after we finish with the ansible-connection
process.
* Fix typo using traceback.format_exc()
* Cleanup unnecessary StringIO, BytesIO, and to_bytes calls
* Modify the network_cli and terminal plugins for py3 compat. Lots of mixing of text and byte strings that needs to be straightened out to be compatible with python3
* Documentation for the bytes<=>text strategy for terminal plugins
* Update unittests for more bytes-oriented internals
Fixes#24355
* New module fortios_address_group
* Fix issue when fortigate don't contain any address group
* Add alias & change member from str to list type
* Fix pep8
* Fix aliases format in doc
* Fix pep8
* Remove duplicate arg spec with module_utils/fortios.py
* Change string format for better compat + better exception catching + cosmetic changes
* Use set, specify exception, RE pattern one time...
* fix pep8
* Improving of nxos_ip_interface module
Added features:
* Route tags for an IP address at interface level with 'tag' option
* Support of IPv4 secondary addresses if option 'allow_secondary' is
true (false by default). If option 'allow_secondary' is true primary
IPv4 address will be replaced
All features support NXAPI and CLI transport, but only with text/raw
output. Currently not possible to get route tags for secondary IPv4/IPv6
addresses from JSON output.
Other changes:
* Module return state 'changed' only when configuration commands were
executed
* Module result includes multiple prefixes if IPv4 addresses were
found
* Fix PEP8 issues
* Addition fix of PEP8 issues
* Remove unused variable from main()
* Fix "proposed" sample in RETURN variable
* Fix "existing" sample in RETURN variable
* Update RETURN variable
Add 'secondary' for every element of 'addresses' list.
* Restore old version number
* Added exception when ipaddress module is imported
* DOCUMENTATION string was updated
* Added 'version_added' for new features
* Added 'requirements' for module
* Added compatibility with latest commit in devel branch
* DOCUMENTATION was fixed
* Improve changes of route tag for existing ip addresses
* Added compatibility with core code
* Fixed mistypes in the DOCUMENTATION variable
* argument_spec fixed
allow_secondary argument type was changed according to allowed choices.
Template can take a directory as the destination. When that's the case,
we need to diff between the source and the file inside of the directory.
That happened when the directory was specified with a trailing slash but
not when it was specified on its own. This change fixes that.
Fixes#24413
For playbook base objects, when dumping attributes via dump_attrs() an
attribute like loop_control is a class. Using the default serialization
for these is slow and consumes a lot of memory. Since LoopControl is also
based on the Base class, we can use serialize() instead and save a lot of
resources.
This also adds a from_attrs() complimentary method to nicely turn the
dumped attrs back into proper field attributes.
Fixes#23579
* [GCP] UrlMap module
This module provides support for UrlMaps on Google Cloud Platform. UrlMaps allow users to segment requests by hostname and path and direct those requests to Backend Services.
UrlMaps are a powerful and necessary part of HTTP(S) Global Load Balancing on Google Cloud Platform.
UrlMap takes advantage of the python-api so the appropriate infrastructure has been added to module_utils.
More about UrlMaps can be found at:
https://cloud.google.com/compute/docs/load-balancing/http/url-map
UrlMap API:
https://cloud.google.com/compute/docs/reference/latest/
Google Cloud Platform HTTP(S) Cross-Region Load Balancer:
https://cloud.google.com/compute/docs/load-balancing/http/
* updated documentation, remmoved parens
* fixed tabs
* Create netconf_config.py
To support new attribute 'src' for the netconf_config module.
Cross-check with #24323
* Update netconf_config.py
* Update netconf_config.py
* switch to boto3 and add support for application ELBs with target groups.
* use py23 compatible dict iterator.
* removing commented out fail_json calls
utilize sets to simplify logic
remove setting a redundant variable
add bounds checking in two places
add AWSRetry decorator - do we want this for other functions too?
change xrange to range so python3 doesn't fail
remove sorting lists of dicts; in python2 this returns None, in python3 this fails
* remove error variable from traceback.format_exc
* Remove boto2-style calls brought in by rebase
Old boto-style calls to `as_group` attributes break in boto3
Also remove module from legacy-PEP8 list
* Add parameter to target_group_arn option
* Fix HAS_BOTO3 check
* use tags.items() instead of iteritems
* import botocore
* Fixed bugs in deleting autoscaling groups
* make changes in deleting autoscaling groups pep8
* more pep8
* fix version
* fix bugs so local integration tests run
* fix launch config check
* reflect changed status for ASG updates
* Fix existing exception handling and use traceback.
Fix imports
* line length
* Fix notification setup
* Fix mutually exclusive arguments
Only one of the AvailabilityZones and VPCZoneIdentifier arguments should be provided to the CreateAutoScalingGroup call.
* Allow desired_capacity, min_size, max_size, launch_config_name to be derived from the existing ASG if not specified
Remove code updating dict after ASG already uses it
* Add new helper function for comparing AWS tag key pair dicts. Also modify boto3_tag_list_to_ansible_dict function to be more generic when looking for key names because AWS sometimes uses 'Key', sometimes 'TagKey' and who knows what the future holds! Fixed modules to work with changes.
* Review changes
* Add some more doc to GUIDELINES for tags and fix var name for snaked values in ec2_group_facts
* nxos_vrf_af fix and unit test
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* ansibot told me to do this
* use sorted() as the test list elements differ in order for python2.x and 3.x
* fixes nxos_evpn_vni
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* fixes pep8 issue and syntax error
* ansibot tole me to do this
* Unit test
* win_psexec: Enable -nobanner option by default
PR also includes:
- Option `nobanner:` to remove this flag
- Improvements to Examples
- Improvement to Return Value
- Add types to all parameters now
- Add (limited) integration tests
* Move sysinternals into C:\Windows\Temp
* Support auto_remove in docker_container
* Fail if not docker>=2 and auto_remove=True, don't set auto_remove in host_config if not docker>=2
* Make quoting more readable in ansible errors
* allow elb scheme to be updated by restarting the resource
use ensure_gone and require wait option
* fix pep8
* fix yaml
* requested changes
* fix fail_json
Simplified the logic, and fix the issue of having a nested list as
entry.
Also indicate that we deliberately want to retain $null values
(and i.e. do not want them to be turned into a boolean).
Previously, this module could throw the following error message:
NameError: global name 'current_roles_attrs' is not defined
The referencing key should also match the name of the column, which is
rolvaliduntil, not rol_valid_until
* WIP file_mode
* WIP
* Add file_mode + integration tests
* fix pep8
* Update doc fragments
Create mutualy_exclusive param
Fix yamllint problem in tests
* Add aliases file + main playbook for fortios
* Install pyfg before running tests
* Install pyfg before running tests in role
* Remove pre_task as it's done in roles
* Force pyFG minimal version for python3
* role_path not role_dir :(
* Change requirements
* Specify Error type when error on import
* Bug in pygf library with python 2.5 (PR is waiting https://github.com/spotify/pyfg/pull/19)
* Bad requirement format
* still bad format -_-'
* remove test/integration/fortios.py (auto generated by tests)
missing new lines at end of file
* pyFG is now fixed in 0.50
Fix adds check if app_key and api_key provided by
user is correct or not. If this combination is wrong
then fail with appropriate error message given by
Datadog server
Fixes https://github.com/ansible/ansible/issues/24325
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
CVE-2017-7481
Lookup returns wrap the result in unsafe, however when used through the
standard templar engine, this does not result in the jinja2 environment being
marked as unsafe as a whole. This means the lookup result looses the unsafe
protection and may become simple unicode strings, which can result in bad
things being re-templated.
This also adds a global lookup param and cfg options for lookups to allow
unsafe returns, so users can force the previous (insecure) behavior.
Output of `yum check-update` can contain lines with long package names and long
repository label names, which will be broken into multiple lines, which need to
be sanitized. The solution to this has been fixed and refactored in 2.3 in form
of parse_check_update(), but it still contains subtle bug, which makes such
multi-lines invisible to later logic (such packages aren't included in
parse_check_update()) output. The problem is caused by using '\1' in re.sub(),
instead of proper r'\1', which literally puts unicode symbol \1 into resulting
output.
ssh-keyscan isn't very verbose about errors. Give the user whatever
information we have available even if it isn't much. At least they will
know how we were running ssh-keyscan and why there's an error now.
Fixes#19440
Use the default repr of AnsibleVaultEncryptedUnicode.data instead
of a custom one, since jinja templating ends up using the repr()
results.
Fixes#23846, #24175
os_quota checks the current quotas for compute, network and volume
services and fails when no volume service is found in the catalog.
Since openstack test deployments without volume services are common
os_quota shouldn't fail if such service is missing.
Fixes#23085
Signed-off-by: Alberto Murillo Silva <alberto.murillo.silva@intel.com>
This allow users to write better playbooks by replacing
- shell: dnf autoremove -y
with
- dnf: autoremove=yes
Fixes#18815
Signed-off-by: Alberto Murillo Silva <alberto.murillo.silva@intel.com>
Fix adds correct warning after deleting Windows User.
Also, adds modular function to get group
Fixes https://github.com/ansible/ansible/issues/24190
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* ansible-doc -s is supposed to output a sample snippet of how you could
add the module into a playbook. These changes update the style:
* Use yaml mappings instead of key=value
* Use the module name directly instead of action: modulename
* Fixes a bug when displaying option descritpions which are yaml strings
instead of lists.
This fixes in code the bad formatting reported in #24201
Using github_issue module, user can retrive status of issue
listed on Github repository and depending upon status takes
various actions e.g., workarounds and downloading patches.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
When unittesting, the framework creates a pipes module that is picked up
by the basic module_utils test. Switch to using shlex_quote as that is
the right thing to use for portability anyway.
* Added new common argument api_version for all Avi modules
* Updated dependency for the new modules to use avi sdk 17.1 and above
* Updated Avi 17.1.1 modules with descriptions and moddule dependencies
* Updated version_added for new options
This fix adds a module option `validate_certs' to check
self-signed certificate of LDAP server.
Fixes https://github.com/ansible/ansible/issues/24009
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This fix makes it so that the module works as expected when
`server_hostname` is provided. It was being silently ignored
previously. I suppose this may also fix similar behavior with
`server_insecure`, but I did not check that explicitly.
* Fix netconf port validation and minor doc change
Add check to confirm if `validate_*` funcion is
callable.
Add `config_format` in `junos_facts` documentation
* Fix review comments
- Use `fail_json` for `get_all_load_balancers` unhandled exception.
- Do not mask error message on failure of `enable_zones`.
- Do not mask error message on failure of `disable_zones`.
Also added/removed blank lines to improve PEP 8 compliance.
If a bridge does not have a fail mode set, it returns nothing, i.e.
empty string.
This causes a failure when doing the want vs have compare in plays
where the fail-mode is missing, as we compare "" vs None respectively.
If a bridge does not have external_ids, ovs-vsctl returns '{}'.
This causes issues on the current want vs have comparison in cases
where the play does not define external_ids, as the comparison
is None vs '{}'.
* fix documentation and correct exception handling
* follow AWS exception guidelines
* fix parameter_group_family req; only needed when creating cache parameter group
make pep8 and remove from legacy files
* Added Composer Command global
Added a parameter to run composer commands globally. The `working_dir`
parameter is only required if `global_command` is `False`.
Fixes#24052
* Added Composer Command global
Added a parameter to run composer commands globally. The `working_dir`
parameter is only required if `global_command` is `False`.
Fixes#24052
The timeout for gathering facts needs to be settable from three places
(highest precedence to lowest):
* programmatically
* ansible.cfg (equivalent to the user specifying it explicitly when
calling setup)
* from the default value
The code was changed in b4bd6c80de to
allow programmatically and the default value to work correctly but
setting via ansible.cfg/parameter was broken.
This change should fix setting via ansible.cfg and adds unittests for
all three cases
Fixes#23753
ClearLinux has changed its pretty name in os-release file
from: 'Clear Linux Software for Intel Architecture'
to: 'Clear Linux OS for Intel Architecture'
This patch makes the SEARCH_STRING 'Clear Linux' rather than
the full name to make it compatible with the old and new name.
Signed-off-by: Alberto Murillo Silva <alberto.murillo.silva@intel.com>
template/__init__.py imported unsafe_proxy from vars which caused
vars/__init__.py to load. vars/__init__.py needed template/__init__.py
which caused issues. Loading unsafe_proxy from another location fixes
that.
Just after release of 2.0.0 (in 2.0.0.1) we had a change to the API of
callbacks without bumping the API version. We added the playbook to the
arguments passed to the callbacks.
This wasn't in the Tower callback at the time. In order to prevent
breaking that callback we added a temporary hack to inspect the
callback's API to decide if we needed to call it with arguments or not.
We scheduled the hack for removal in January 2017. Since that's now
past, removing the hack.
Change signed off by matburt on the Tower side.
Puppet modules are not always installed in the default location
(i.e, /etc/puppet/modules) so it is useful to be able to specify
an alternate location.
Fixes issue [#24078](https://github.com/ansible/ansible/issues/24078)
Resource pools are retrieved from VSphere regardless of the state of the `resource_pool` parameter. During this process, each retrieved Resource Pool is checked for the `parent` attribute, and if it exists, the currently-scoped parent object is compared against the Resource Pool's parent object. The method doing the check, however, `assert`s that the parent object is not `None`. In some cases, a Resource Pool will have the `parent` attr, but that `parent` object will be `None`, causing the `assert` to fail.
This should avoid that. :-)
* Add check_mode to get_url that does a HEAD request to make sure the URL exists, but doesn't write the real file
* Add info about new --check behavior to docs. Add tests for the new behavior. Populate res_args with the info the tests are looking for.
* Add trailing comma
* Change nonexistent test URL to http://{{httpbin_host}/DOESNOTEXIST. Fix spacing while I'm at it
* Further spacing cleanup
* State that this functionality is in Ansible 2.4+
* Split modules/network into two parts
Given the dedicated team we we have working on Ansible Networking a
clearer split is needed between Networking modules and "things that
happen to use the network"
* nmcli to net_tools
* nmcli moved
* Run `save` before exiting config mode.
* Fix unit tests for `save`
* Allow `save` to be on its own again and introspect success
* Introspecting `compare running` makes this a lot harder.
Move `save` tests to integration tests
Ok, so for openvswitch_db in particular we just return one command
but in the sake of consistency and code re-use, let's return a list
of "commands", even if it's just one.
* Document deprecation of fetch module validate_md5 and update --tags merging deprecation
Update the default of --tags merging config option to merge by default
* Update CHANGELOG.md
Minor edit
Added an integration test for fetch module idempotence. (Testing
that validate_checksum is doing what it's supposed to is harder as we'd
have to create a race condition with the downloaded data to trigger it.
Probably need to make that a unittest eventually).
Also give a deprecation message to the validate_md5 parameter so that we
can eventually get rid of it.
* atomic_image: add support for pull --storage=
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* atomic_container: new module
Manage atomic containers
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Minor junos_config module changes
* Add note for json config support
* Add example for lines argument
* Fix future warning for ElementTree
* Remove unwanted space
We fail-fast and display 'stderr' in case 'pacman' returns with 'rc != 0'.
There is no point computing 'module._diff' in such case anyway.
Fixes#23910
(cherry picked from commit 8c6a2a848cf6a6d6522c8f5be56decf8df1ed6ab)
* Fix systemd in chroot
The 'request ignored' message is in stderr, not stdout.
* Check both stdout and stderr for systemd message
Some versions of systemd report to stderr, others to stdout. Also check
whether output could be a valid normal response to avoid false positives.
* Use sys.stdout.buffer to write vault bytes to stdout on py3
We need sys.stdout.buffer on py3 so we can write bytes to it since the plaintext
of the vaulted object could be anything/binary/etc
Before, attempting to write bytes to stdout on py3 would cause:
TypeError: write() argument must be str, not bytes
* keep unsafe .. unsafe
fixes#23734, which was broken in previous fix that allowed non string types to be templated
use new 'is_template' function vs bastardizing others
refactored clean_data to allow for arbitrary data structures to clean
fixed/removed some tests
* deal with complex data for is_template
* typos
We have a list of specific messages that we scree-scrape and flag
them as legit errors.
However, we also have a catch-all regex that matches everything
starting with %.
That can cause issues on commands that return lines with that
character, like for example the 'crypto key generate'.
Fixes#23770
In current stable (2.2), ansible galaxy install --force do erase
a role, even if the version is not set. This commit should restore
that specific behavior, in accordance to people reports:
https://github.com/ansible/ansible/issues/11266#issuecomment-273801480
It was also the behavior planned in the initial discussion:
"if you're not fixing versions in your roles file, then it's fine
to expect that the role will be reinstalled each time you run
ansible-galaxy install.", cf https://github.com/ansible/ansible/pull/12904
* Revert "fixes play context connection user (#21776)"
This reverts commit 58ee661437.
fixes#23530
* preserve original in copy
updated comment to clarify wtf is going on here
fixes#17382
alternate to #22979
deal with cases in which group/host have . in name
updated as per feedbck
only be strict about extension when doing dirs
also avoid ~ endings
without this patch, ansible-galaxy will mangle files containing
the archive parent directory name, eg 'owncloud/files/owncloud.cron'
will become 'owncloud/files/.cron'.
The previous code could affect the entire path and even filenames.
If a file path has the top level dir name as a substring, galaxy
replaces it with ''. In one example, the archive top level dir
is 'go', so 'files/go-bin.sh' becomes 'files/-bin.sh'.
Fixes#22572, #23694, #23623
* Fix vault reading from stdin (avoid realpath() on non-links)
os.path.realpath() is used to find the target of file paths that
are symlinks so vault operations happen directly on the target.
However, in addition to resolving symlinks, realpath() also returns
a full path. when reading from stdin, vault cli uses '-' as a special
file path so VaultEditor() will replace with stdin.
realpath() was expanding '-' with the CWD to something like
'/home/user/playbooks/-' causing errors like:
ERROR! [Errno 2] No such file or directory: u'/home/user/ansible/-'
Fix is to specialcase '-' to not use realpath()
Fixes#23567
* to_text decrypt output when writing to stdout
* Make warning logs consistent
Arguments outside provider with default
value should not log as warning in case
it is not mentioned in play.
* Make nxos timeout default consistent and add comments
* Make comments more verbose
update module to support more standard state=present/absent syntax
update module to use required_if, required_together, mutually_exclusive functions where possible
per ryansb review: make documentation section more clear, fix some extra quotes, remove FIXME comment
pre willthames review: force private_zone to True if vpc_id is set and fix word wrap
The commit was started before 2.3 was branched, but was only merged once
2.3 was actually branched. This leads to documentation stating this
module is new in 2.3 when it will be actually new in 2.4
Regex patterns were not being escaped properly so package names
containing characters that could be interpreted as regex symbols
were causing failures.
Fixes: #19714
* Support check mode in ec2_vpc_dhcp_options_facts
As a facts module, ec2_vpc_dhcp_options_facts supports check mode
by default
* ec2_vpc_dhcp_options_facts tidy up
Use named method imports, move imports to top of code
Use shared code to handle filters and tags
Use snake case for parameter names while retaining backward compatibility
* Code cleanup
Removed 'add' method from CustomNetworkConfig. It is identical
to the one inherited from NetworkConfig
* Removed unused CustomNetworkConfig import
* Replaced
```
def get_existing(module, args):
existing = {}
netcfg = get_config(module)
config = netcfg.get_section(parents)
```
with
```
netcfg = CustomNetworkConfig(indent=2, contents=get_config(module))
```
get_config returns a string, not an object in 2.3.
* Removed non-functioning get_object method in CustomNetworkConfig in favor of the
inherited method.
Added child_objs property so that expand_selection would work. The original
verion never worked correctly as it compared NetworkConfig obj's and str's.
* Removed ShellError method in favor or new load_config method.
* Removed ShellError method in favor or new load_config method.
fixes#20260
* nxos requires a "no" statement to change mcase group. Corrected.
Corrected changed logic.
* Corrected deleted CustomNetworkConfig import
This addresses a problem where the action plugin would ignore the
remote_addr value for the host. In this case, only the inventory values
for the hostname would be considered and populate the remote host
remote_addr value for the connection plugin.
Only a few more modules were using Set-Attr on the $result object rather
than using a normal hashtable. This PR changes the PSObject to a
hashtable and gets rid of Set-Attr.
This fixes issue when list from module contains more than one element.
Ansible and/or boto may put same elements in list in different order,
thus resulting task as changed.
Fixes#3310
* Improve Fortios IPv4 policy with logging capabilities. While there, fix typos in examples. forti_config: use the backup_filename param and dont enforce the the filename value.
* forti-typos
* Add version_added for new options in the documentation
* Make it easier to find network modules
Feedback has been it's difficult (via Google or directly) to find
modules as some people search for the company name vs product name,
therefore specify both.
* "IOS XR" (not "IOS-XR")
It's possible that if the module has a low-level failure, such as
"unable to open shell", or something else in the action plugin that
stdout and stdout_lines will not be returned.
Update the documentation to clarify this point.
When the security groups specified to the os_server module change they
should be updated on the server. This will require shade 1.19 where the
server security group commands were added.
Fixes: #23206
* allow split horizon for route53_zone and refactor
* fix documentation
remove comment
fix version_added
* Remove unused imports
* Only include zone as matching if it has the same privacy setting
* Use `.endswith` instead of indexing into a string
* Update public zone behavior to only create new if there is no matching public zone
* Remove from legacy PEP8 files
We invoke /usr/bin/apt inside of the ansible module. When that command
exits, it doesn't always include a helpful error message. Include the
exit code so that user's have all the information we can gice them as to
why apt failed.
Addresses #19128
* msg_format parameter added
error message received from telegram API is added to fail json
compatibility with python3 added
* pep8 formatted
* version_added property added for msg_format
* bot token must be set without 'bot' prefix in module parameters
* formatting options described in documentation
* six module for compatibility used
telegram.py removed from legacy-files.txt
* rpm_key: Decode bytes to string to work with Python 3 (#20326)
The read() method will return bytes we need to then decode() those bytes
to a string before trying to match() it using the re module.
* Make the rpm_key pgp regex more robust on both py2 and py3
* Check for provider values inside check_args of respective network code
* Partial revert of b9ee5aa
The no_log change is okay, but take out the action result munging
Recent Python3 versions require open() to specify binary mode if the data is anything other than text.
Python3: Use int() instead of long() in unarchive
Changes long() to int() for CRC values in the unarchive module. Affects unarchiving of zip files. Since CRC values in zipfile are 32 bits the behaviour should be unchanged even in Python 2.
When retrieving file contents for diffing we need to get the contents as
binary. Otherwise python3 will try to convert the file to text and fail
with non-decodable contents.
Fixes#23171
* Build HTTPSClientAuthHandler more similarly to how HTTPSHandler works
* Add docs for new client cert authentication
* Support older versions of python
* Simplify logic
* Initial support for client certs in urls.py
* Add an extra test
* Add a get_url test for client cert auth
* Add additional test for client cert auth, with validation and ssl mismatch
* Skip assert when http tester not available
* Update version_added for new options
Copy module was walking over files in subdirectories repeatedly (a
directory tree a few levels deep could bring the time spent into the
tens of minutes)
This was traced to the fix for this bug report: https://github.com/ansible/ansible/issues/13013Fixed#13013 a different way and added an integration test to check for
regressions of #13013 as we optimize this code.
Fixes#21513
Ansible will now automatically retry a connection if SSH returns an error:
mux_client_hello_exchange: write packet: Broken pipe
This is probably a bug in SSH, but because it's safe to retry this
connection there is no need for Ansible to fail because of it.
If we run the task with 'login' banner, the 'show banner' command
will return a dict containing key 'loginBanner'.
However for motd, it will just return 'motd'.
Yay naming consistency!
We were hard-coding the protocol, port and validate_certs on
eos EAPI via the action plugin.
Put defaults on the eos_argument_spec and pull those values from it.
* 'unable to open shell' -> direct to web help
The "unable to open shell" error is returned for a number of different,
direct people to online docs (we we can update out of band of releases)
to guide them though the various solutions.
* fix pep8 errors
* Resolve#23239:
- path is missing when state=absent
- update doc for unclear policy ID
- required params based on state
* Fix pep8 + doc
* Fix doc
* Another doc problem...
* doc
* Update doc fot policy ID
* Fix doc string
* fix required in doc
* fix required in doc Required when I(state=present).
The openvswitch_db module uses the ovs-vsctl binary to
address changes.
On other network modules we follow the pattern of returning 'commands'
as part of the result, containing the commands run on the target device.
Follow that for code consistency and maintenance.
Also, adding state param, which allows to add/remove keys on columns.
This reverts commit 97cb2016d8.
It was causing issues downstream as facts seem to be merged back for
subsequent tasks. Will restore if I ever figure out how to avoid that.
* Add workaround for evasive in apache2_module
* Fixes#22635
* Clean up workarounds for php/shib
* Add test for evasive workaround
* Remove use of re module, since all searches work with native python
* Add unit tests to apache2_module name replacements
Go back to using re package where needed
* Rename replace_name to create_apache_identifier
* Add ability to use either sec group name or sec group id or combination to ec2_lc. Also fix header size in AWS Guidelines
* Fix ec2 import to only import neccessary packages. Remove pep8 double line
The current implementation matches libreoffice-oldstable when testing for libreoffice.
So uninstalling libreoffice fails when libreoffice-oldstable is installed.
```
PS C:\WINDOWS\system32> choco list --local-only libreoffice
Chocolatey v0.10.3
libreoffice-oldstable 5.2.6
1 packages installed.
PS C:\WINDOWS\system32> choco list --local-only --exact libreoffice
Chocolatey v0.10.3
0 packages installed.
```
The solution is easy, just add `--exact`.
Apparently in some devices the filesystems gathering command can return
a dict containing a 'messages' key with the filesystems, instead of a
plain string.
Fixes#23217
* re-raise exception as expected
The current ThrottlingException handling code hides other actual exceptions from the user, and basically goes infinite loop instead. eg when the api caller doesn't have permission (example below) to use the api, ansible effectively hangs. adding the re-raise stops execution and shows the error to the command line as expected
can test by removing permission to the efs api, and calling the efs: module
The error was: botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the DescribeFileSystems operation: User: <x> is not authorized to perform: elasticfilesystem:DescribeFileSystems on the specified resource
* PEP8 fix
* Remove DryRun parameter in ec2_vpc_igw_facts check_mode
Using DryRun in check mode causes errors, and is not required
(as nothing changes when calling describe_internet_gateways)
Prevents the following error:
```
{"changed": false,
"failed": true,
"msg": "An error occurred (DryRunOperation) when calling
the DescribeInternetGateways operation: Request
would have succeeded, but DryRun flag is set."}
```
* ec2_vpc_igw_facts pep8 tidy up
Due to the number of "real world" caveats in the current runas become method, it was agreed that we'd warn that it's experimental on use. A potential future version based on LogonUser/CreateProcessAsUser will have very different requirements and limitations.
* . switched from 'user.id' to 'account.id' in REST API calls.
+ added ability to select desired account (by name or identifier) from list of accounts to which authorized user have access.
* + added account option addition version.
* Remove pubnub_blocks from PEP8-legacy list
* [cloud][tests] Create fixtures for using placebo to test boto3-using modules
* Use pytest's importorskip instead of manually skipping on missing deps
* Fix imports in cloudformation module
* Delete unused code
* Add maybe_sleep fixtures to speed up recorded test runs
* Build basic placebo-CFN tests
* Commit placebo recordings of basic stack operations
* Add placebo to test-requires
* Allow unit tests to run regardless of environment by setting a default region
* Use explicit relative import for Python 3 compat
* Use __name__ attribute that works on Python 2 and 3
These were deprecated back in the 1.x timeframe, so have been deprecated
for the 2 cycles required. They also do things wrong and should be
avoided anyway. Go ahead and remove them.
* GCP: backend service module
* GCP: rework param-checking code. Fixed a couple of bugs and changed to ValueError instead of custom tuple.
* GCP: fixed commit, spelled out Google Cloud for clarity in module description.
fixed itertools.imap busting several things that used to be lists,
profiles not being set correctly, upon create, when it was a separate
method, allowed port having the wrong lowest port (zero is allowed),
empty port value should just be interpreted as None.
The password_hash filter will generate a salt value if none is supplied.
The character set used by Ansible
(upper & lowercase letters, digits)
did not match that used by libc crypt
(upper & lowercase letters, digits, full stop, forward slash).
This resulted in a slightly smaller key space, and hence hashes would be
slightly easier to attack (e.g. by dictionary, brute force).
* Ansible 2.3 feature support for dellos6.
- With the new Ansible 2.3 infra changes, the dellos modules doesn't work
(the new infra changes are not backward compatible), so added the below
changes support it.
- Added the new terminal plugin for DellOS6
- Added the new action plugin for DellOS6
- Modified the modules to work with the new infra.
- with that it adds support for DellOS6 Persistent Connection support.
* Remove pep8 confirming files from dellos6.py and dellos6_config legacy-files
* add else statement to ensure instids is set
set res_list to None to avoid UnboundLocalError and fix iteration over a nonetype by adding an empty tuple
* make res_list empty tuple by default and check for instids before setting tags (fails otherwise)
* fix 'sequence' lookup shortcut syntax and documentation
* Update playbooks_loops.rst
Minor edits for grammar and clarity.
* Update playbooks_loops.rst
Another tweak for clarity.
If the banner is not set, the stdout of 'show configuration | begin banner <banner>'
returns empty string thus the re.search raises an exception.
Fixes#22216
The fix for leading junk in sudo output: fee6e29 causes problems with
ssh + sudo. On the initial connection using ControlPersist, the output
that we scan for the prompt contains both the command we're sending to
configure the prompt and the prompt itself. The code in fee6e29 ends up
sending the password when it sees the line configuring the prompt which
is too early.
Switch to a version that splits on lines and then checks whether the
first or last line starts with the prompt to decide if it's time to send
the password.
Fixes#23054
References #20858
The pass prompt expects an answer and compares a `str` to a binary buffer, thus crashing.
It's an obvious fix to help transitioning towards Python3 and hopes it does not need a specific test.
In old IOSXR versions, 'show commit changes diff' does not work.
Fall-back to 'show configuration' if that command fails so execution
can move forward.
Fixes#22235
When using state=latest with the package not being installled, Ansible complains that the package is not installed and fails the task.
Whereas the expected behaviour is to install the package when it is missing.
This PR fixes this behaviour.
* Fix a couple issues in synchronize with docker
* Make the rsync_opts parse as a list using the same criteria as
module_utils argumentspec parsing
* Do not quote arguments in the action plugin. The module will quote as
it knows whether it will invoke rsync with a shell or via exec.
Fixes#23046
The cron module forces changed=True when there was no real change,
but the original crontab did not contain a final newline, which is
mandatory.
When the user has no crontab or the user does not exist at all,
crontab -l exits with 1 and the cron module correctly interprets
this as "no crontab" and stores the old crontab as "".
However this triggers changed=True, even if we're not going to
change anything, e.g. when removing a crontab entry from a user
who has no crontabs at all.
Let's special-case the fact that the old crontab is empty and not
force changed=True in that case.
* Fixes bug https://github.com/ansible/ansible/issues/22455 - Git reset fails when file with the name 'origin' is present in the repository
* #22455 Integration test for git module to test if it clones a repository with a file named origin
* Fixed yaml errors for test/integration/roles/test_git_clone/tasks/main.yml
* Removed the newly added target git and moved the code to test/integration/targets/git
* Reorganised code structure as per comments
* Fixed playbook name
* Added code that didn't make it to the playbook before.
* No longer need git.yml
* Remove non tasks specific code from tasks file and use existing variables
* Removed msg var from the vars.yml
When the ios_config module has 'defaults' param it runs in the device the command
'show running-config all' but 'all' may not be available in older devices.
This change makes introspection by using the help command and run 'full' in case
'all' is not available.
Fixes#22747
* Add examples in os_server module showing userdata
Added an example using Bash and also using Cloud-init. Also, showing using {% raw %} and {% endraw %} to provide a pointer to those hitting similar issues to the ones I had.
* Removed erronious whitespace
* Ansible 2.3 feature support for dellos9 and dellos10
* Use Persistent Connection Manager
* Fix CI issue, revert the doc and metadata changes
* Reverted the meta_info (supported_by) to community from core
* Fixed the CI issues, use module_utisl.six and updated legacy-files
Set encrypted to default False, rather than None
Otherwise you get:
```
Invalid type for parameter Encrypted, value: None, type: <type 'NoneType'>, valid types: <type 'bool'>)
```
* Adding first checkin of resource_pool module
* fixing length issues and indentation multipliers
* mend
* mend
* mend
* remove * import from modules
* Add space on variable assignments
* changing line 321 to less characters
* fixing pep8 issues
* mend
* cleaning up example section
* Add RETURN section
* adding spacing to list
* all spacing consistent now
* move imports as per CI
* update integration tests for updated boto exception message
* integration tests fail on both "test credential" test cases
exception bubbles out of module. instead catch and wrap
* ec2_group does not support updating a security group's description
AWS security group descriptions are immutable.
if ec2_group finds a group that matches by name, but the descriptions do not match, the module does not support this case
previously it would check if the group was used, but would not do anything if it was
old behavior was erroneous because it could make a user expect that the description change of a group was fine when in fact it did not occur
also, it made an expensive check against all ec2 instances for no good reason
* comments not doc strings
* else must have pass w/o doc-string statement
* Catch specific BotoServerException, give context around error when fetching SGs
* python3 compatible exception blocks
* add traceback to fail_json
* two blank lines before first function
* fixes action handlers for sros
* fixes sros_config module execution to use AnsibleModule
* fixes sros_command module to use socket connection
* adds sros to constants
* key is ANSIBLE_METADATA, not METADATA
* Need to check that the node is an ast.Dict, not a real dict.
* Need to convert the ast.Dict into a real dict via literal_eval.
* synchronize: Convert cmd to list and fix handling of the copy_links argument
Converting cmd from str to list stops the pain of argument quoting/escaping.
* synchronize: Update imports according to #pullrequestreview-28758614
* fixes#15770
* When running under the UTF-8 codepage, Powershell subprocesses will fail (eg, Start-Job, others) if the input encoding is using the default BOM preamble. This fix forces it to use no preamble in leaf_exec and win_shell, and includes tests to verify that Start-Job works.
* win_command/win_shell: Clean up and make coherent
Changes include:
- Make win_command and win_shell more coherent
- Make condensed one-line more readable
* Revert to original formatting
This change to the template action plugin make template use the
platform's native newline_sequence for Jinja.
We also added the option `newline_sequence` to change the newline
sequence using by Jinja if you need to use another newline sequence than
the platform default.
This was previously discussed in
https://github.com/ansible/ansible/issues/16255#issuecomment-278289414
And also relates to issue #21128
* fixes#22441
* fixes#22655
* moves all env handling into the exec wrapper; this should work for everything but raw, which is consistent with non-Windows.
* Update module_utils.six to latest
We've been held back on the version of six we could use on the module
side to 1.4.x because of python-2.4 compatibility. Now that our minimum
is Python-2.6, we can update to the latest version of six in
module_utils and get rid of the second copy in lib/ansible/compat.
If the # is inside of quotes, it's a string. If it's outside of quotes
then an exception will be raised which we'll catch and then send to the
to_text() call at the end of the function anyhow.
Fixes#22868
The base64 stdlib functions require byte strings. So we have to
transform the strings into bytes before handing to the stdlib and then
transform them back into text before handing back to ansible.
Fixes#22873
The junos action handler was not honoring the host value in the provider
argument. This patch will now use the provider host entry if it exists
and falls back to the inventory hostname
Made ansible-doc more plugin agnostic
We can have docs in lookup, callback, connectionm strategy, etc
Use first docstring and make pepizis happy
generalized module_docs to plugin_docs
documented cartesian, ssh, default, jsonfile, etc as examples
changed lack of docs to warning when listing
made smarter about bad docstrings
better blacklisting
added handling of options/config/envs/etc
move blacklist to find_plugins, only need once
purge_subnets|routes were introduced recently.
ensure_subnet_associations now takes purge_subnets as a parameter. A
call to this function was missed when introducing this feature. With
out, results in a "got 5 expected 6" error.
Allows to health-check two services on one host. Before, asking for 2 health checks being present for `http://myhost:8888` and `http://myhost:9999` resulted in just a single health check, as this module considered the two specs as equal.
Bonus: route53_health_check now passes style guidelines
* ensure exit_json does not fail from stderr=False
- do a little bit of safety-checking in exit_json to not try to .splitlines() on a boolean
- remove the stderr=boolean from uri.py, this is the only spot that uses it (at least so obviously)
- add unit tests that call exit_json. These are useless because the stderr parsing is in _execute_module and is difficult to mock; deleting these tests after the commit.
* remove added unit tests per prev commit
exit_json doesn't do the param parsing, that is buried deep inside _execute_module.
* Fix get_s3_connection (fixes#22317)
Override aws_connect_kwargs rather than prepending to them. Should fix an issue in which `calling_format` is set twice in the kwargs passed to `boto.connect_s3` or `S3Connection` if a bucket name contains a `.`
* Revert "Fix get_s3_connection (fixes#22317)"
This reverts commit 7f61b8bebd2929940495204f1a98d660a55985d8.
* implements alternative way of fixing issue with aws_connect_kwargs for rgw and fakes3 (fixes 22317)
* add comment to explain why the keys are being removed from aws_connect_kwargs
* remove trailing whitespace on comment line
* don't modify an eni without eni_id
fix pep8
remove ec2_eni from pep8 legacy files
remove a couple unused variables in main()
fix the documentation
* fix yaml
If something else created the dir New-Item will throw an exception and
the task will fail. Check the existing file and as long as it's a dir,
we don't need to error out.
* cloudstack: fix connection by ENV vars and configs overloading
* cloudstack: pep8 cloudstack module_utils
* cloudstack: allow api_url to be set in ini config
* docsite: explain ENV vars support as written in python-cs for ansible
Add support for default credentials. Practically, this means that a playbook creator would not have to specify the service_account_email or credentials_file Ansible parameters.
Default Credentials only work when running on Google Cloud Platform. The 'project_id' is still required.
A test has been added to trigger this condition.
* allow users to control group var merge order
With ansible_group_priority var at each group will determine merge order with siblings,
falling back to sorted names when priority is equal as it did before.
Parent/children relationships still work as they did and have higher precedence than priority
* move priority setting to groups, sourc indep
* now both inventory and play group follow priority
* removed double exception handling
Due to how the result-dictionary is being used, in some codepaths it would have an empty dictionary.
This then is problematic if the code expects the 'changed' key later on.
I also improved the docs a bit, by clearly marking the parameter names and URL in the documentation.
* making ec2 pep8
* remove ec2 from pep8 legacy files
* missed a couple
* fix imports and remove iteritems
* making group_id and group_name mutually exclusive and fixing whitespace
* Tidy up docs for network 2.3 modules
* Use suboptions
* Correct indentation
* more tidyup
* bulk updates
* more tidyup
* Bulk changes
* nxos_mtu is dead
* revert
* NXOS_mtu is dead, also better layout
* rebase
* rebase
* win_scheduled_task: Added frequency: once and check_mode support
This patch includes:
- Renamed `execute:` parameter to `executable:`
- Renamed `argument:` parameter to `arguments:`
- Implemented `frequency: once` support
- Implemented check_mode support
- Fix idempotency issue related to empty description
- Added integration tests
* Improve the integration test structure
I think this is a great way to test normal mode and check-mode from the same playbook.
* Small fixes after review
* Clean up parameter handling and added check-mode support
Changes include:
- Remove trailing semi-colons
- Replaced PSObjects into normal hashes
- Make use of Get-AnsibleParam and types
- Added check-mode support
* Implemented -WhatIf:$check_mode support
* powershell.ps1: Ensure Fail-Json() works with Hashtables
Without this change a dictionary $result object would be emptied if it
is anything but a PSCustomObject. Now we also support Hashtables.
* Revert to original formatting
Fixes#22575 - issue under new exec wrapper where unconstrained handle inheritance (for stdin) caused WinRM to block on breakaway processes. Uses explicit handle inheritance to ensure that only stdin read handle gets inherited. Adds test to ensure that async is actually async.
On EAPI, the multi-line commands are expected to be a dict,
with key/value pairs 'cmd'/'input' .
This change implements that behaviour and fixes the idempotency
on EAPI as well.
Fixes#22494
Changes to the metadata format were approved here:
https://github.com/ansible/proposals/issues/54
* Update documentation to the new metadata format
* Changes to metadata-tool to account for new metadata
* Add GPL license header
* Add upgrade subcommand to upgrade metadata version
* Change default metadata to the new format
* Fix exclusion of non-modules from the metadata report
* Fix ansible-doc for new module metadata
* Exclude metadata version from ansible-doc output
* Fix website docs generation for the new metadata
* Update metadata schema in valiate-modules test
* Update the metadata in all modules to the new version
Currently the documentation utilizes with_subelements, but it does not parse the results correctly. By changing to with_items: and specifying the proper list, we are able to tag the instances as expected.
This will now print a log message that displays how long the ssh
connection took to establish to the remote device. If the connection
established time is exceed it will also print a message to the log file
that the connection attempts have exceed.
Updates default connection retries to 30
fixes#22319