* Fix ansible-doc traceback when a plugin doesn't parse correctly
* Change extract_metadata ivocation to take either an ast or source
code. When given source code, it can find file offsets for the start
and end of dict. When given the ast, it is quicker as it doesn't have
to reparse the source. Requires changing the call to the function to
use a keyword arg.
* Fix reading of metadata to find the last occurrence of
ANSIBLE_METADATA instead of the first.
* Add some more unittests to get closer to complete coverage
* Pep8 fixes
* Removed redundant check for name
* Check validity of api_token
* Don't report changed when tag is already present
Fixes#24265
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fixes become_method: runas for unprivileged users
* sets permissions on tempdir appropriately
* allows automatic system environment generation for new token (old Process.Start way prevents this)
* add basic become runas tests
All that is required to verify the signature is that the matching
public key is present in the remote user's keyring. There is no need
for GnuPG to explicitly trust the authenticity of the key.
Not Ansible specific, but rather the behavior of the `git verify-commit`
and the `git verify-tag` command line invocations.
The following snippet:
- name: Let the DMZ connect to internet
firewalld:
zone: dmz
masquerade: True
permanent: True
immediate: True
state: enabled
will fail with this error message:
Exception caught: set_masquerade_enabled() takes 1 positional argument but 3 were given
It turn out that it treat 'zone' as a array of string instead of 1 string.
I only tested on Python 3 with a Fedora 25.
* correct, cleanup & simplify dwim stack
latlh chIS logh HeS qar wej chel laD
better errors
update find_file to new exception
* addressed latest comments
* test should not use realpath as it follows symlink
this fails when on OS X as /var is now a symlink to /private/var
but first_found was not supposed to follow symlinks
CreateSnapshot may fail with several exceptions. This
fix generically handles these exceptions.
Fixes#21121
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Fixed he exception handling logic for the delete_group function.
fixes issue #26100
* Removed the unnecessary del_meta variables and made some other adjustments to the delete_user function
Fix adds support for quiesce and memory options while taking
snapshot of virtual machine. Update documentation and examples
for reflecting this change.
Fixes#26270
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Unittests for extracting metadata from plugins
* Port plugin_docs to use the generic extract_metadata function
* Make the helper functions seek_end_of{string,dict} private
check_mode should behave pretty similarly to non-check mode -
just don't actually create or delete subnets or change tags.
Using DryRun for check_mode behaves very differently and results
in the following module failure:
```
"msg": "Unable to update tags for subnet-abcd1234,
error: EC2ResponseError: 412 Precondition Failed
<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<Response><Errors><Error><Code>DryRunOperation</Code>
<Message>Request would have succeeded, but DryRun flag
is set.</Message></Error></Errors>
<RequestID>12345678-abcd-1234-abcd-abcd1234abcd</RequestID></Response>"
```
* Add support for EC2 dynamic data in ec2_facts
- Flattens out JSON in the instance identity document and IAM info/credentials for easy access to facts
- This changes region fact from ‘ansible_ec2_placement_region’ to ’ansible_ec2_instance_identity_document_region’
* Maintain backwards compatibility by putting the region into the old key
* Improve JSON parsing logic and split security group IDs
* Add documentation, backwards compatibility, fix bug and formatting
- Update documentation for ec2_facts with return values
- Preserve JSON value from the metadata service for backwards compatibility
- Fix bug in fix_invalid_varnames
- The keys in the dict were being modified in place; new dict now created to hold the sanitized keys
- Consolidate two replace calls with a regex substitution
- Move imports for ec2_facts to the top
* Add support for parsing the IAM instance profile role
When using Python3, the exec_module function errors out with a
unsupported operand type(s) for +: 'dict_keys' and 'list'
error when adding the .keys() to a static list. Use the explicit
list function to make a list of keys and then add to the ['tags'] list.
This module can add, remove, update versions, and set default versions
of managed policies. It will cycle out old versions of policies if too
many are present. It will check and set the version of the policy that
matches the pased in policy document if one already exists.
Incorporating changes from PR
Descriptions now have full stops, and pep8 error has been
addressed. Also added requirements, author, and updated interface to
"preview"
Additional change to pass CI
Previous commit added in some whitespace errors. Additinoally added
correct value for version_added, added in a RETURN block for
documentation, and moved import to top of file
Fixed error detaching policy from users
Updates to pass 2.4 CI
Updating iam_managed_policy supporting feedback
The user variable stores whether we need to set user@ in our connection
string. It's now being used at the toplevel of the run() method so the
default needs to be calculated further up the stack
Fixes#24910
Switch to dicts in common code caused silent failures during arg translation, so default values and non-check-mode were always used.
* fixes#23653
* fixes#24062
* fixes#22938
* fixes#25156
commit f79beaa3b3b642c370552d63b0848195358bccd0
Author: James Cammarata <jimi@sngx.net>
Date: Wed Jun 28 17:00:57 2017 -0500
Add example for iptables using the policy option
commit 1a0f9debdb526bef9d8d469a84a8cc55ef68da03
Author: James Cammarata <jimi@sngx.net>
Date: Wed Jun 28 16:59:52 2017 -0500
Fix missing re import for iptables after merging #19476
commit 084479d21d5bdf751a94c787b6644d4f330c5f8a
Author: Alexey Solodkiy <work@x1.by>
Date: Sun Dec 18 12:07:05 2016 +0300
fix#19476
* win_say: Fix issue, add integration test
This PR includes:
- Make speed_speech an integer parameter
- Test for empty parameters too
- Add integration tests
* Improve the $speech_speed parameter handling
As requested
include_vars will now also return a key 'ansible_included_var_files'
which contains the list of files that were successfully loaded.
This is useful information and, amongst other things, a way for users
to know exactly what files were included when debugging their
playbooks.
This also allows us to improve the integration tests around
include_vars.
So in an effort to verify if Windows modules are feature complete
compared to the python equivalent, I stumbled upon these differences.
This PR includes:
- Add missing 'data' option from documentation
- Simplify ping module
- Update integration tests to test exception
As we can see in
9537453586
:
CN used to be without whitespaces around the `=` but OpenSSL 1.1 introduced
whitespaces:
1.0.1: subject=/CN=example.com
1.1.0: subject=CN = example.com
This commit makes them optional.
OpenSSL 1.1 is present on the newly-released Debian Stretch, so absence
of this fix makes us not being able to use this module on this distro.
If target_group_arns is an empty list, then return
an empty target_group_names list.
If a connection to elbv2 is not obtainable, then it is
not possible to return target_group_names
* Fix logical flaw (update when diff), use string ports everywhere
* Change port comparison to integer vs. string
The comparison works either way as long as it's consistent. Boto docs
state that it takes in an integer, but if given a string apparently
keeps it as such. This change just ensures that when we compare, we
specifically deal with integers.
So I thought I fixed it before, but there's still one location where
the `rc` value is influential to decide whether a task failed or not.
We already established in #24867 that it is up to the module to decide
what the return code actually means, not the task executor. We modified
the existing modules to move that logic into the module (eg. for
command, shell, etc.)
This relates to the integration tests of win_robocopy, where different
return codes have different meanings:
- 0 -- No files copied.
- 1 -- Files copied successfully! (changed)
- 2 -- Some Extra files or directories were detected. No files were copied. (warning)
- 3 -- (2+1) Some files were copied. Additional files were present. (changed)
- 4 -- Some mismatched files or directories were detected. Housekeeping might be required! (changed + warning)
- 5 -- (4+1) Some files were copied. Some files were mismatched. (changed + warning)
- 6 -- (4+2) Additional files and mismatched files exist. No files were copied. (warning)
- 7 -- (4+1+2) Files were copied, a file mismatch was present, and additional files were present. (changed + warning)
- 8 -- Some files or directories could not be copied! (changed + failed)
- 9 - 15 -- Fatal error. Check log message! (failed)
- 16 -- Serious Error! No files were copied! Do you have permissions to access $src and $dest? (failed)
This also fixes#24652
Make pyca/cryptography the preferred backend for cryptographic needs (mainly vault) falling back to pycrypto
pyca/cryptography is already implicitly a dependency in many cases
through paramiko (2.0+) as well as the new openssl_publickey module,
which requires pyOpenSSL 16.0+. Additionally, pyca/cryptography is
an optional dep for better performance with vault already.
This commit leverages cryptography's padding, constant time comparisons,
and CBC/CTR modes to reduce the amount of code ansible needs to
maintain.
* Handle wrong password given for VaultAES format
* Do not display deprecation warning for cryptography on python-2.6
* Namespace all of the pycrypto imports and always import them
Makes unittests better and the code less likely to get stupid mistakes
(like using HMAC from cryptogrpahy when the one from pycrypto is needed)
* Add back in atfork since we need pycrypto to reinitialize its RNG just in case we're being used with old paramiko
* contrib/inventory/gce: Remove spurious require on pycrypto
(cherry picked from commit 9e16b9db275263b3ea8d1b124966fdebfc9ab271)
* Add cryptography to ec2_win_password module requirements
* Fix python3 bug which would pass text strings to a function which
requires byte strings.
* Attempt to add pycrypto version to setup deps
* Change hacking README for dual pycrypto/cryptography
* update dependencies for various CI scripts
* additional CI dockerfile/script updates
* add paramiko to the windows and sanity requirement set
This is needed because ansible lists it as a requirement. Previously
the missing dep wasn't enforced, but cryptography imports pkg_resources
so you can't ignore a requirement any more
* Add integration test cases for old vault and for wrong passwords
* helper script for manual testing of pycrypto/cryptography
* Skip the pycrypto tests so that users without it installed can still run the unittests
* Run unittests for vault with both cryptography and pycrypto backend
* Add new windows module win_psmodule
* Add checkmode, allow_clobber parameter, integration tests
* Add aliases, replace win_raw with win_shell
* restore original test_win_group1.yml, add powershel version test
* fix var type
* add conditional on assert
* integration tests conditional tasks review
* documentation fix, test fix, adds result.change
* fix yml
* fix railing whitespace
* add nuget_changed and repository_changed in result
There are too many possible special cases for Ansible to be able to
precheck known_hosts files without introducing all kinds of false
failures.
* Alternative known_hosts paths
* Alternative host name aliases
* ssh host certificates
* SSHFP + DNSSEC
Fixes#24860
Fix adds support for adding VMWare vSwitch without
any physical NICs (uplinks). This makes nic_name as
an optional parameter. Also, updated documentation and
examples to reflect these changes.
Fixes#25632
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Mutually reference Windows and non-Windows modules
To make it easier for Windows or non-Windows users to find the relevant
module information, we are mutually referencing both variants in their
documentation.
We are also adding a special note if a module works on both Windows and
non-Windows targets.
* Mutually reference Windows and non-Windows modules
To make it easier for Windows or non-Windows users to find the relevant
module information, we are mutually referencing both variants in their
documentation.
We are also adding a special note if a module works on both Windows and
non-Windows targets.
* Replace 'look at' with 'use', as requested
ci_complete
So I noticed this when doing integration tests:
Failed to copy file Could not find a part of the path
and this change turns it into:
Failed to copy file: Could not find a part of the path
I also moved something out of the exception handling.
* openbsd_pkg: Handle versionless names with branch.
This makes package names such as "openldap-server--%openldap" work.
Problem reported by Landry Breuil.
While here fix cornercase check for versionless packages and add some
more debug output to packet parsing.
Fixes#25910.
* openbsd_pkg: Split up lines to pass build checks.
===
The test ansible-test sanity --test pep8 failed with the following errors:
lib/ansible/modules/packaging/os/openbsd_pkg.py:383:161: E501 line too long (292 > 160 characters)
lib/ansible/modules/packaging/os/openbsd_pkg.py:398:161: E501 line too long (198 > 160 characters)
===
* cisco_imc_xml: New module to manage Cisco IMC hardware
This module provides direct access to the Cisco IMC API.
See the included examples for a glimpse of what it can do.
* Rename cisco_imc_xml to imc_xml
After discussion with Peter Sprygada renamed from cisco_imc to imc.
As Cisco ACI is named aci as well.
The dependency chain should not include roles below the parent, as it
can introduce very weird things like conditionals from child deps impacting
non-related roles.
Fixes#25136
* Add junos_system declartive module and other related change
* junos_system declartive module
* integration test for junos_system
* integration test for net_system (junos platform)
* pep8 fixes for junos modules
* move to lxml from elementree for xml parsing as it support
complete set of xpath api's
* other minor changes
* Fix CI and doc changes
* Fix unit test failures
* Fix typo in import
* Fix import issue for py2.6
* Add missed Element in import
Fix adds support for Red Hat Enterprise Linux Atomic Host.
RHEL Atomic host uses same RHEL Server strategy for
modifying hostname.
Fixes#25903
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* New facts module for AWS EC2 VPC Endpoints
* ec2_vpc_endpoint_facts - meet latest Ansible standards
Fix exception syntax and use of `iteritems` for python3
Fix undefined `ec2` variable (should have been `connection`
Address various flake8 issues
Use `ansible_dict_to_boto3_filter_list` rather than
duplicating its implementation
* Remove max_items and next_token from vpc_endpoint_facts
max_items and next_token should be a module concern, not
a caller concern. It would be very difficult for a module
consumer to use next_token properly, whereas it's easy for
the module to handle it.
* ec2_vpc_endpoint_facts trivially supports check mode
Add supports_check_mode=True to the argument spec.
* Improve RETURN documentation for ec2_vpc_endpoint_facts
Fix bug in EXAMPLE documentation too
* fix return type for validate-modules
* iam_cert.py Fix duplicate certificate detection with included chains.
The iam_cert module would fail to detect certificates as duplicates
if the certificate body included the authority chain directly.
This commit fixes the problem by checking if a given certificate
matches the start of the data returned by AWS, since in all cases
where they would match the certificate will come first.
* iam_cert.py Return certificate ARN in all success cases.
When uploading certificates or interacting with IAM, the certificate ARN
is needed for other operations with AWS such as provisioning elastic load
balancers.
This commit returns the certificate ARN in all success cases, which allows
it to be used to idempotently provision other Amazon services depending on
it (ELBs being an immediate example).
ansible_host can be pulled from inventory and not match inventory_hostname,
this can "loose" vars to a new host named by ansible_host vs the delegated host
fixes#25770
This is a cleanup of the win_uri module to make it feature-complete.
This PR includes:
- Added check-mode support
- Add as many options from the uri module as possible
- Added creates
- Added follow_redirects
- Added maximum_redirection
- Added password
- Added removes
- Added return_content
- Added status_code
- Added timeout
- Added user
- Added validate_certs
- Fixed list-handling for comma-separated strings
- Added basic integration tests (should come from uri module)
As per documentation and code, external_user_name is
required parameter is case of type 'chat'.
Fix corrects error message displayed to user.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* add aws dynamo_ttl module, small parameter setter
- New Module Pull Request
`dynamodb_ttl`
2.3.0/devel
Very self-contained TTL setter. This is independent of the dynamodb_table module
as it's really designed to be a helper for tables that may be created in other
ways (say, CloudFormation, which doesn't support setting TTL).
* committer is no longer a valid value
* bump version_added, catch common exceptions
* pep8 fixes
* one more pep8
Previously, we used StrictVersion which failed to parse some passlib
version strings. For example, Debian currently ship passlib with a
__version__ of '1.7.0.post20161128115349'
StrictVersion throws an exception when parsing this version string.
Change to using LooseVersion which successfully parses version strings
such as this.
Fixes#20199
* Added new module: github_deploy_key
added a new module for managing deploy keys for GitHub repositories
* Updated github_deploy_key module based on feedback
- added GPL header
- switched to using fetch_url instead of requests
- changed version to 2.4
- set no_log for otp and token arguments
- implemented check mode
* made github_deploy_key module PEP8 compliant
Now that remote-to-remote copies are supported in the copy module,
the module documentation has been updated to indicate this in the
synopsis and examples to make the capability obvious for someone
skimming the documentation.
refactors the Connection class to use the top level function. This will
make the request_builder() function useful for other components such as
action handlers.
* Add junos_banner declartive module
* junos_banner implementation
* Integration test for junos_banner
* Integration test for net_banner (junos)
* Minor fixes
* Minor doc change
The method name was missing a 'd'. The method was not used anywhere
however, so no other code needs to be changed. Neither 'has_chilren'
nor 'has_children' are used in the codebase.
* Add net_interface declartive module
* Add net_interface module
* Add junos_interface implementation module
* Other minor changes
* Add integration test
* Integration test for net_interface
* Integration test for junos_interface
* Fix CI failures
* Documentation changes
* adds new common functions for declarative intent modules
* adds Entity and EntityCollection
* adds dict_diff and dict_combine
* update for CI PEP8 compliance
* more CI PEP8 fixes
* more PEP8 CI clean up
* refactors the lambda assignments into top level classes
this is to be in compliant the PEP8 CI sanity checks
* one last pep8 ci fix
* Add nxos_nxapi tests
* Simple changes to nxos_nxapi
* Move validation to check_args
* Don't mark protocol change unless change is requested
* Add different regex to handle HTTP{,S} ports on a different version of nxos
* Updating ufw.py to support comments
* Revert "Updating ufw.py to support comments"
This reverts commit 54a42de97c77004d4755543bf310f0ec6e1b4d14.
* Support ufw v0.35 in ufw.py
* Add ufw version check to ufw module
* Initial commit for Pure Storage Ansible module
* Initial commit for Pure Storage Ansible module
* Initial commit for Pure Storage Ansible module
* Fix import issues as required by post-2.2
* Move last import to top
* Follow suggestions and only implement one module per PR
Fix documentation changes requested
* Documentation and formatting changes
Setting default values for FieldAttribute values created in the Base class
prevents the _get_parent_attribute() code from working correctly, as the value
is always non-None.
Related to #22924
The boto Route53 get_all_rrsets method will return the record set
matching the name, type, and identifier specified, followed by ALL
subsequent sets in alphabetical order based on name. If the specified
set does not exist, the method will still return all the sets that
_would_ have come after it. Searching through sets we know will not
match is not just a waste of resources but, more importantly, often
triggers AWS API throttling when used on zones with large numbers of
records.
finished normalizing of path handling
removed overloaded '-p' from init_paths option, it is for role_paths
removed expand_tilde and get_opt methods as both were redundant, adjusted rest of code
updated tests to match
* Add vyos_user implementation module
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Integration test for vyos_user
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Make state absent work
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Unit test for vyos_user
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Standardize user names
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Modify integration test with idempotent case
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Add role as alias to level
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Allow EC2-VPC instances to update SG
make ec2 pep8
* use sets instead of loop and a break
* bring things in an indentation level
* Use to_text instead of str, text_type instead of basestring, - instead of difference
* basestrings not unicode
* simplifying syntax
* Start of ansible config project
moved configuration definitions to external yaml file vs hardcoded
* updated constants to be a data strcutures that are looped over and also return origin of setting
changed to manager/data scheme for base classes
new cli ansible-config to view/manage ansible configuration settings
* prints green for default/unchanged and yellow for those that have been overriden
* added list action to show all configurable settings and their associated ini and env var names
* allows specifying config file to see what result would look like
* TBD update, edit and view options
removed test for functions that have been removed
env_Vars are now list of dicts
allows for version_added and deprecation in future
added a couple of descriptions for future doc autogeneration
ensure test does not fail if delete_me exists
normalized 'path expansion'
added yaml config to setup packaging
removed unused imports
better encoding handling
updated as per feedback
* pep8
* allows win_scheduled_task to support adding and removing task paths
* fix line length for documentation
* added integration tests for path creation and removal
* removing ability to remove TaskPath if a task isn't removed. also removed superfluous line of code in Invoke-TaskPathCheck function
* Various fixes to VM customizations (from template)
This patch implements:
- New find_obj() function from vmware.py replacing get_obj()
- Implement proper resource_pool selection
- Fix productId implementation (was not working)
- Ensure that we are not changing anything that is not mandatory (hostName, orgName, fullName)
This is an alternative proposal to #24283
This does not fix#19860 yet though.
For our use-case, we do not want to customize the network information (or any information in fact).
What is used in the template should remain intact.
* Added find_obj() function
* Fix the returned object-list (unused yet)
* Small improvement
* Support DHCP type and fix customizations
* Small fix
* Support resource_pool also for reconfiguring VM
* Remove redundant
* Fix short hostname, specific resource_pool, PEP8
* Improve docs and examples
* Fix missing hostsystem
* Make folder absolute path
* Improve docs, add missing 'mac'
At present, the available facts around block devices are not sufficient to be able to find stable names guaranteed to work across reboots, or to identify block devices by label (UUID, etc).
This patch provides a list of observed links for each device. It relies on functionality specific to Linux (as does the existing sysfs-based code which it extends), but should not cause issues on other platforms.
Moreover, it prevents virtual devices from being excluded, and links such devices to the physical devices to which they are attached.
* Add more mount point statvfs info including sizes
Based on https://github.com/ansible/ansible/pull/12073
facts.utils.get_mount_size() now returns a dict of most
of the posix statvfs data, including block_size and inode
counts.
Update the facts.hardware classes that use get_mount_size() to
use the new info by mount_info.update(mount_statvfs_inof) to merge.
* add back unit tests for LinuxHardware mount/fs facts
* add test cases for facts.utils.get_mount_size
* region isn't required for ec2.py; allow endpoints to be used
* move where aws_connect_kwargs is set
* remove camel_dict_to_snake_dict and display error message
warnings and deprecations were only returned for the top level of a task, this now deals with them in loop
deduplication still occurs so only unique ones will be shown to user.
fixes#25258
According to the redis-py docs, zrank will return the 0 based index for
the value in the sorted set. So the logic here wasn't right to begin
with (It just means that a value at the 0-th position would never show
up as cached). Need to compare against None to know if the value
exists in the cache.
https://redis-py.readthedocs.io/en/latest/#redis.StrictRedis.zrankFixes#25590
Fix added to fail module instead of returning boolean value
which raises AttributeError.
Fixes#21770
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Call initctl version based on initctl's retrieved location
* Remove the use of start/stop/restart in favor of initctl
* Provide correct argument order for initctl usage
* trying to delete a nonexistent bucket should not fail
* Improve error handling for deleting s3 bucket
* Allow successful deletion
* Add test for deleting a nonexistent bucket
rename integration test target from s3 to aws_s3