* Fix over-byte
* Update ios tests to call `provider`
To continue to support testing `connection: local`
* Fix command dict handling in ios_user
* Clean up unit tests, too
* Insert lines before or after when the regexp exists elsewhere in the file
* Correct filter syntax in lineinfile integration test
* Use multi-line YAML syntax on lineinfile tests
Unify indentation
* Add lineinfile tests for same line matched to different regexps
* Remove debug statement from test
* aci_aaa_user: Manage AAA users on ACI fabrics
* Fix module documentation
* Ensure we allow to not set accountStatus and expires
* Added aaa_password_lifetime and aaa_password_update_required support
* Improvements to integration tests in light of issue 35544
* Fix ACI ISO 8601 formatted string
* Add HAS_DATEUTIL
We introduced the new loop keyword as a replacement for with without
adding tests that it behaved as we expected. This test asserts that
behaviour.
Incidentally, it also shows how to use parameters with lookups and loops
now.
* Test for include_tasks & include_role bug
Related to ansible/ansible:#21890
* Fix nested include_tasks called from role
This fixes the path of included files when you want
to call include_task inside a role's task file and this
role is itself called from multiple level of playbook include_tasks
Related to ansible/ansible:#21890
This fixes ansible/ansible:#35109
* ec2_group: fix ipv6 tests to use an explicit VPC
* otherwise would fail on old AWS accounts supporting EC2-classic
* ec2_group: fix tests to use an explicit VPC
* Only run some tests if there is a default vpc associated with the account
* galaxy remove incorrect check for role path before extraction
Fixes#35217
Currently lib/ansible/galaxy/role.py checks roles_path and will
ignore paths that don't currently exist which it should not because
the path will attempt to be created by the role extraction process
(which is valid and expected behavior) and if unable to write at the
time of role extraction into the role_path, that error will be
handled properly at that point in the process.
Signed-off-by: Adam Miller <admiller@redhat.com>
* add test case for galaxy install with rolefile and rolepath
Verify we don't regress GitHub Issue #35217
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix the integration test
Signed-off-by: Adam Miller <admiller@redhat.com>
* double quote for shellcheck glob warning
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix galaxy install tests to not need remote resources
Signed-off-by: Adam Miller <admiller@redhat.com>
* make shellcheck sanity tests happy
Signed-off-by: Adam Miller <admiller@redhat.com>
* prep git global conf for running the galaxy install tests in docker
Signed-off-by: Adam Miller <admiller@redhat.com>
* move ansible-galaxy tests into their own target, make git conf non-global
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix up tests based on feedback
Signed-off-by: Adam Miller <admiller@redhat.com>
* remove extra newline from aliases file
Signed-off-by: Adam Miller <admiller@redhat.com>
* Revert model and serialnum to older version
* Add stacked versions of model and serialnum as separate facts
* Add unit test to check stacked output
* Alter model regex to address #34768
Enforce module deprecation.
After module has reached the end of it's deprecation cycle we will replace it with a docs stub.
* Replace deprecated modules with docs-only sub
* Use of deprecated past deprecation cycle gives meaningful message (see examples below)
* Enforce documentation.deprecation dict via `schema.py`
* Update `ansible-doc` and web docs to display documentation.deprecation
* Document that structure in `dev_guide`
* Ensure that all modules starting with `_` have a `deprecation:` block
* Ensure `deprecation:` block is only used on modules that start with `_`
* `removed_in` A string which represents when this module needs **deleting**
* CHANGELOG.md and porting_guide_2.5.rst list removed modules as well as alternatives
* CHANGELOG.md links to porting guide index
To ensure that meaningful messages are given to the user if they try to use a module at the end of it's deprecation cycle we enforce the module to contain:
```python
if __name__ == '__main__':
removed_module()
```
* Add aws_ses_identity module
* Update CI alias, add BotoCoreError exception handling.
* Add SES and SNS permissions to hacking/aws_config to run aws_ses_identity integration tests
This adds a new module called vmware_vm_vm_drs_rule. This module add
affinity/antiaffinity rule for VM-VM in given cluster.
Fixes: #32109
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* refactors nios api shared code to handle provider better
This change refactors the shared code to be easily shared between
modules, plugins and dynamic inventory scripts. All parts now implement
the provider arguments uniformly.
This also provides a centralized fix to suppress urllib3 warnings coming
from the requests library implemented by infoblox_client
* fix up pep8 errors
* fix missing var name
* use tests instead of filters
* Don't check 'rc', use success/failed tests
- yum module use 'fail_json' which set 'failed'
- 'rc' is for backward compatibility:
bbd6b8bb42/lib/ansible/executor/task_executor.py (L571)
- besides yum module doesn't document any return values
* Allow to run tests twice in a row
ansible-test is executed with '--retry-on-error' switch, then tests must
be able to executed twice in a row.
Error was:
TASK [yum : install group] ***
ok: [testhost] => {
"attempts": 1,
"changed": false,
"failed": false,
"invocation": { [...] },
"msg": "",
"rc": 0,
"results": []
}
TASK [yum : verify installation of the group] ***
fatal: [testhost]: FAILED! => {
"assertion": "yum_result.changed",
"attempts": 1,
"changed": false,
"evaluated_to": false,
"failed": true
}
ecs_taskdefinition_facts should not populate ansible_facts with
so much information.
Better to just return the contents of the dict directly.
Reduce line lengths, use AnsibleAWSModule, don't reimplement
camel_dict_to_snake_dict.
* Adding new code for new module and new module_utils with the pip pyfmg package
* Changed login and logout functionality and renamed mod_utils file as well as cleaned up PEP8 syntax
* Removing extra Ansible parameters and fixing more syntax issues
* Fixing more syntax issues and comparing against previous FTNT script module
* Changing import location to pass syntax checks
* Fixing pylint errors
* Removing test files
* Add unit tests and enabling a login session check within main in order to throw error if network connection exception
* Fixing syntax issues for adding unit tests
* Changing case for pip package requirements
* adding comments
* adding version restriction on pip package for testing
* adding version restriction on pip package for testing
* More comments
* Fixing documentation errors and add the ability to skip a test if it isn't present
* Fixing Pep8 error with whitespace (tab) in the row
* New module: ec2_vpc_egress_igw
* minor pep8 fix and doc update
* add test dir and files
* add tests for gateway module
* fix up return documentation per review
* remove HAS_BOTO3 stuff as it is handled in AnsibleAWSModule per review
* fix an error with failure message and add custom handler for non-existent vpc ID
* add additional tests and update tests per review
* ignore errors on clean up tasks
* update module copyright to newer format
* fix exception handling since BotoCoreError doesnt have response attribute
* actually fix exception handling this time so it works with Py3 as well
* Module to generate Diffie-Hellman parameters
Implements #32577
* Add integration tests for openssl_dhparam
* Slightly refactor check to prevent unnecessary regeneration
* Fix code smell in tests
Highly annoying to have to do this again and again and again as the rules change during the game
* Using module.run_command() and module.atomic_move() from a tempfile.
* Remove underscore variable
Ansible prefers dummy
* fix broken import
Error was:
lib/ansible/modules/cloud/azure/azure_rm_dnsrecordset.py:223:0: NameError: name 'ARecord' is not defined
* doc: use formatting functions
* remove unused dict
* Skip parameters that are being deprecated
So in most cases when parameters are deprecated, you may not want to
advertise them in the documentation. One reason for this is because
these parameters were not introduced within Ansible but predate
upstreaming them.
So this change avoids reporting parameters that are not documented and
are deprecated. It's only a small subset of the existing E322 errors.
* Add support for E323 with these changes
* Unsure about the other issues now
* Add better error message with E321
* Restore some erroneously remove files
* Readd false positives to ignore.txt
* Admin account is not always called Administrator (eg Azure)
* this fixes some, but not all issues related to the Administrator account on non-English Windows as well (still numerous references to "Administrators" and other en-US Windows group names)
* Add missing pylint test for invalid path.
* Fix syntax in integration test.
* Use Write-Output in win_script test script.
* Fix pylint in explain mode.
* Don't skip an inventory source just because it has a comma, make sure it's also doesn't exist as a path. Fixes#34931
* Add integration test for inventory path with commas
* * Changes to enable network_cli and netconf on modules.
* limits connection local for single TC per playbook.
* * adds a note on why only 1 TC is executed with connection: local
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* updates to azure_rm_sqldatabase
* support the mutilple ip configuration
* Update azure_rm_networkinterface.py
* add test
* fix spell
* make the virtual network name more flexiable
* add test
* fix
* fix lint
* add test
* fix parameter
* deprecate the flatten ip configuration
* fix lint
* fix encoding
* fix mirror
* fix
* load model from common
* ecs_ecr: Remove registry ID from create repository call
[Boto3 documentation][1] specifies 'repositoryName' as the only expected
argument. The `**build_kwargs(registry_id)` part also adds 'registryId' which,
when executed, fails with: 'Unknown parameter in input: “registryId”, must be
one of: repositoryName'.
[AWS API documentation][2] also lists only the 'repositoryName' parameter. I.e.
this is not a problem with the boto3 library.
The default registry ID for the account that's making the request will be used
when creating the rpository. This means that if the `registry_id` specified by
the user is different from the default registry ID, then the policy changes
following the repository creation would fail, because the repository will have
been created in one repository but subsequent calls try to modify it in
another. Added a safeguard against this scenario.
[1]: https://boto3.readthedocs.io/en/latest/reference/services/ecr.html#ECR.Client.create_repository
[2]: https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_CreateRepository.html
* Fix concurrent ECR integration tests
If the `ecr_name` is the same in multiple concurrent test runs, then they can
interfere with one another causing both to fail. The `resource_prefix` is
guaranteed to be unique for different jobs running in CI an so avoids this
issue while also making it easier to identify the test which created the
resource.
* Remove compat code for to_unicode, to_str and to_bytes
Code was marked as deprecated and to be removed after 2.4
* Remove is_encrypted and is_encrypted_file
Code was marked as deprecated after 2.4 release.
* Add identifier option to apache2_module
There is a convention connecting the name passed to a2enmod and the one
appearing in apache2ctl -M. Not all modules follow this convention and
we have added a growing list of implicit conversions.
As a better long-term solution this adds an "identifier" option to be
able to set both strings explicitly.
* Run debian-specific tests only there
* Improve cleanup after apache2 tests
This is a follow-up/extension of https://github.com/ansible/ansible/pull/33630
* Add example for the new identifier option
* Put all debian tests in a block
* Imported lookup plugin from Role
* Plugin cleanup, including:
* Use existing Python YAML parsing
* Remove environment variables as connection options
* Added initial debugging information
* Reworked the lookup plugin using the Python Request library. As it's available through Ansible, it makes communication with Conjur much more straight forward.
* Removed un-used libraries
* Fixed linting issues
* Standardized output on `format` and insure it works for 2.6, 2.7, and 3.x.
* Use quote_plus from the six library for improved python 2/3 behavior.
* Refactored identity & configuration to prefer user's file. This also includes a refactor to remove an un-needed dictionary merge method.
* Removed `requests` in favor of `ansible.module_utils.urls`.
* Refactored netrc loading to warn if host is not present.
* Tests and a refactor to support easier testing.
* Added reference to website
* Fixed two linting errors
* Fixed an extra line found by linting
* Updated file write to use binary to insure config files are written correctly
* Resolved linting issues
* Refactored config & identity loading to take advantage of plugin options
* Cleanup a bunch of small items caught by linting
* Removed extra line caught by linting
* Swapped in pytest and added some tests with mocked network responses
* Pushing to see if this approach works better...
* Refactored be open_url mocking based on feedback
* Fixed a couple linting issues & refactored mocking into each method to attempt to resolve a failing test
* Use a generic MagicMock for python 2.6
* Fixes doc typo
require -> required
* Use `type: path` in identity_file and config_file
Also removes `expanduser` calls below (which will now be called automatically on
paths.)
* Defines maintainers for conjur_variable plugin
* BOTMETA.yml:
** defines $team_cyberark_conjur as maintainers of Conjur Variable plugin
** adds myself and @jvanderhoof to that team
* Adds URLs to relevant documentation for Conjur Variable lookup plugin
* Clarifies "the server," "the machine" -> "controlling host"
The machine identity used is that of the Ansible controlling host, not any
server being provisioned or instructed. This documentation change aims to make
that relationship clear.
* Adds response code to exception message on authentication failure
* Enhances exception messages to specify the controlling host
These error messages are less likely to confuse a user as to which machine is
associated with the files, identities, and configurations being described.
* Adds ANSIBLE_METADATA for Conjur variable lookup plugin
* UCS LAN Connectivity Policies and integration tests
* Docs updated
* UCS LAN Connectivity Policy and integration tests
* Fix use of description in docs and argument_spec so validate-modules passes
* UCS vNIC templates and integration tests
* docs updated
* UCS vNIC template and integration test
* Update docs and argument_spec for description, mtu, and target.
* win_setup: Add Product ID and Product Key in facts
So this is actually a very nice way to get product key information from
systems collected centrally.
Especially with systems that have been upgraded from Windows 7 or
Windows 8 to Windows 10 may not have a valid Windows 10 product
license key printed anywhere, it was a digital license.
If you ever have to reinstall the system, you may recover the system
from the recovery partition, or the original media, but cannot upgrade
to Windows 10 for free. By collecting the product key, one can always
reinstall your free Windows upgrade.
My only question is, do we want this to be part of the default facts, as
it may be considered important information. Or should we make a special
**win_product_key_facts** ?
* Add ACPI product key support
* Add integration test
* Remove Get-ProductKey function, move inline
aws_ec2 is an inventory plugin intended to replace uses of the `contrib/inventory/ec2.py`
inventory script.
For advanced grouping, please use the `constructed` inventory plugin.
Add deps/requires for fact collectors
Fact collectors can now set a required_facts
class attribute that will be a set of the names
of fact collectors they require to be run first.
ie, if a collector needs to know the ansible_distribution,
it should set it's required_facts to include 'distribution'
required_facts = set(['distribution'])
If a collector requires another collector, it gets added
to the selected collector names.
We then topological sort the ordering of the collectors
so that deps work out (ie, 'distribution' will run before
'service_mgr')
required_facts were added to the collectors for:
- network (requires 'distribution', 'platform')
- hardware (requires 'platform')
- service_mgr (requires 'distribution', 'platform')
Fix name references for facts (need 'ansible_' prefix)
is service_mgr
Fixes#30753
Enforce that there can be only one --new-vault-id or
--new-vault-password-file and use this instead of
--encrypt-vault-id
* Add a config option for default vault encrypt id
This avoids breaking other tests which depend on backports
modules, since the backports.lzma module is currently
incompatible with other backports modules.
The accumulated collected_facts was being update
with new facts _after_ filtering them. So only
facts that pass the filter would ever be passed
to other fact collectors.
For 'filter=ansible_service_mgr', even though it requires
the platform and distribution facts and even collects them,
they would get filtered out and never passed to the other
collectors that need them (service_mgr for ex).
Fix is just to add the unfiltered facts to collected_facts.
Adds unit tests for fact filter and collected_facts.
Fixes#32286
The search string used to look for Clear Linux
was changed in 45a9f96774 to
be more specific, but was too specific. Now finding
a substring match for 'Clear Linux' in /usr/lib/os-release
is enough to consider a match.
Since the details of the full name in os-release varies
('Clear Linux Software for Intel Architecture',
'Clear Linux OS for Intel Architecture', etc) the
search string match was failing and would fall back to the
'first word in the release file' method resulting in
ansible_distribution='NAME="Clear'
Also add a meta fact indicating which search string
was matched.
Test case info from:
https://github.com/ansible/ansible/issues/31501#issuecomment-340861535Fixes#31501
Extract vault related bits of DataLoader._get_file_contents to DataLoader._decrypt_if_vault_data
When loading vault password files, detect if they are vault encrypted, and if so, try to decrypt with any already known vault secrets.
This implements the 'Allow vault password files to be vault encrypted' (#31002) feature card from
the 2.5.0 project at https://github.com/ansible/ansible/projects/9Fixes#31002
People expect to be able to upload files to s3 using standard
locations for files.
Providing an action plugin that effectively rewrites the `src`
key to the result of finding such a file is a great help.
Tests added, and IAM permissions corrected
* First pass at include_role tests
* Reorganize test structure
Do all import and include tests in a single target.
* Build out more tests and test with linear and free strategy for each type
* import_role tests
* Set target host for play test
* Basic import_playbook tests
* Basic import/include_tasks tests
* Add recursion test
* import_playbook tests
* Add import_playbook group_vars test
Issue #33177
* Additional group_var tests for import_playbook
* Enable recursion test
* More work on import_tasks
* Run all tests via run.sh, improve conditional tests, add never tag
Add never tag to certain failining tests and explicitly skip it for now until #34104 is merged. Some tasks need to remain commented out because they cause the entire play to fail and aren't skippable by tags because they are syntax and/or variable checks.
Improve test for whether or not a role was run based on a conditional. Since the [import|include]_role does not register a variable, use a variable that is set inside a role as a canary test for whether or not the role was run.
* Use a fail task rather than trigger a failure via bogus command
This should resolve the "unstable" test results.
* Import tag tests
Fix bug it tests where validate tasks weren't run on tag tests.
Add tests for task import/include with tags.
* Remove test for playbook group_var inheritance