subscription-manager currently does not have a way to get credentials
(username, password, activation keys, organization ID) in a secure way:
the existing command line parameters can be easily spotted when running
a process listing while 'subscription-manager register' runs.
There is a D-Bus service, which is used by e.g. cockpit and Anaconda to
interface with RHSM (at least for registration and common queries).
Try to perform the registration using D-Bus, in a way very similar to
the work done in convert2rhel [1] (with my help):
- try to do a simple signal test to check whether the system bus works;
inspired by the login in the dconf module
- pass most of the options as registration options; for the few that are
not part of the registration, execute 'subscription-manager' manually
- add quirks for differently working (or not) registration options for
the D-Bus Register*() methods depending on the version of RHEL
- 'subscription-manager register' is used only in case the signal test
is not working; silent fallback in case of D-Bus errors during the
registration is not done on purpose to avoid silent fallback to a less
secure registration
[1] https://github.com/oamg/convert2rhel/pull/540/
dconf: parse GVariant values to check for equality whenever possible
Direct string comparisons are an inaccurate way to compare two
GVariant representations. For example, 'foo' and "foo" (including the
quote marks, which are part of the representation) are equal GVariants
but if you just do a string compare (remember, including the quotes)
they'll be interpreted.
We therefore want to use the `gi.repository` Python library to parse
GVariant representations before comparing them whenever possible.
However, we don't want to assume that this library will always be
available or require it for Ansible to function, so we use a straight
string comparison as a fallback when the library isn't available. This
may result in some false positives, i.e., Ansible thinking a value is
changing when it actually isn't, but will not result in incorrect
values being written into `dconf`.
Co-authored-by: Jonathan Kamens <jik@jik5.kamens.us>
* add persistent option for modprobe
* add suggested changes + fix broken test
* change modprobe module path in tests due to rebase
* change persistent option type from bool to str with choices
* fix unused import
* add example with persistent option
* fix some minor issues after review
- move regexps compiling to __init__
- move AnsibleModule to build_module function and use this function in tests instead of AnsibleModule
- fix terminlogy issue in documentation
* fix unused-import
* replace missing default favicon with docs.ansible.com
* create changelog fragment for PR 5928
* move changelog fragment
* fix parameter description
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix parameter description
Co-authored-by: Felix Fontein <felix@fontein.de>
* add affected modules in changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Lars Krahl <lkr@mms-dresden.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* opennebula: Add template manipulation helpers
* one_vm: Use 'updateconf' API call to modify running VMs
* one_vm: Emulate 'updateconf' API call for newly created VMs
* opennebula/one_vm: Satisfy linter checks
* opennebula/one_vm: Apply suggestions from code review
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* opennebula/one_vm: Drop 'extend' function, use 'dict_merge' instead
* Add changelog fragment
* one_vm: Refactor 'parse_updateconf' function
* opennebula/one_vm: Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* one_vm: Allow for using updateconf in all scenarios
---------
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add support to Bitwarden Lookup for filtering results by collection id (#5849)
* Debug
* Add support to Bitwarden Lookup for filtering results by collection id (#5849)
* Update comments
* Fix blank line issue
* Fix unit tests for bitwarden lookup plugin. Add changelog fragment file.
* Change collectionId to collection_id parameter on bitwarden plugin
* Fix collection id parameter name when used in bw cli
* Clarify Error message when vault not unlocked
You can be logged into the Bitwarden-CLI, but it can still be locked. This took me several hours to debug, since every time I ran 'bw login' it told me, that I am already logged in.
If you run 'bw unlock' without being logged in, you are prompted to log in.
This clarifies the Error occurring and can drastically reduce debugging time, since you don't have to look into the source code to get an understanding of whats wrong.
* RM: negation
Nobody needs negation
* Update function name
* FIX: tests
* ADD: changelog
* Update changelogs/fragments/5811-clarify-bitwarden-error.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remote management modules for OCAPI-based devices.
Open Composable API (OCAPI) is a REST-based API designed for data center composability. For more information, see https://www.opencompute.org/documents/open-composable-api-for-ocp-2019-06-24-pdf
This PR introduces ocapi_command and ocapi_info modules. These are based on the existing redfish_command and redfish_info modules and follow similar patterns. This initial implementation includes support for the folowing operations:
- Indicator LED toggling
- Power state toggling
- Enclosure reset (reboot)
- Firmware upload
- Firmware update
- Firmware activate
- Job deletion
- Job status
These modules have been tested against Western Digital OpenFlex(tm) Data24 storage enclosures. API reference is at https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/product/platforms/openflex/reference-architecture-open-composable-api.pdf
* Fix licensing issue for ocapi_utils.py
* PR Feedback
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/ocapi_utils.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/ocapi_info.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* PR Feedback
Use six module for urlparse
* Apply suggestions from code review
Documentation fixes.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix sanity test line too long error.
Co-authored-by: Felix Fontein <felix@fontein.de>
Add the `server_proxy_scheme` parameter to configure the scheme used for
the proxy server. This completes the configuration parameters for the
proxy server.
Stop passing all the "rhsm_", and "server_" module arguments to
"Rhsm.register()", and thus as arguments for
"subscription-manager register":
- right before calling "Rhsm.register()", "Rhsm.configure()" is called
to configure subscription-manager with all the "rhsm_", and "server_"
arguments; hence, they are already configured
- the passed argument to "--serverurl" is partially wrong:
"Rhsm.register()" passes only the hostname, whereas the other bits
(port and prefix) are supported too; this "works" because port and
prefix were already configured previously, and the lax parsing that
subscription-manager does allows for missing bits
- the parsing done by subscription-manager for "--baseurl" strips out
the URL scheme and always uses https: this means that specifying
"rhsm_baseurl: http://server" as module parameter will be taken as
"https://server" by subscription-manager; since "rhsm_baseurl" is
already configured by "Rhsm.configure()", this issue is gone
* cmd_runner module utils: fix case for as_fixed() format
* add changelog fragment
* simplified test_cmd_runner
* fix handling empty default for `as_map()`
* add changelog fragment
* MissingArgumentValue is reraised in run()
* Fix the logical flaw when deleting a build in the jenkins_build module.
* Fix the logical flaw when deleting a Jenkins build in the jenkins_build module.
* Adding changelogs.
* Update tests/unit/plugins/modules/test_jenkins_build.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Attempt to mock the exception classes.
* Remedy the CI issues when mocking the exception classes.
* Assuming a way to mock the get_build_status function.
* Near to the feasible approach.
* Calls the correct class when unit testing.
* Fix sending wrong arguments when unit testing.
* Directly assign the argument value in the unit testing.
* Fix errors calling different classes.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Begin building out separate classes to support different op cli versions
Create separet base classes for each major version.
Define the main interface in the base class.
Create methods for getting the current version and instantiating the
appropriate class based on the found version.
* First pass at mostly working CLI version classes
* Correct mismathched parameters
* Update _run() method to allow updating enviroment
This allows passing in the app secret as an env var, which is more
secure than using a command line arg.
* Continuing to improve the interface
* Tear existing tests down to the studs
These tests were based off of the LastPass unit tests. I’m going to
just start from scratch given the new plugin code is vastly diffenent.
* Fix sanity test
* CLI config file path can be None
* Improve required param checking
- only report missing params
- use proper grammer based on number of missing params
* Change assert_logged_in() method return value
Return a boolean value indicating whether or not account is signed in
* Improve full login for v2
Have to do a bit of a dance to avoid hitting the interactive prompt
if there are no accounts configured.
* Remove unused methods
* Add some tests
* Fix linting errors
* Move fixtures to separate file
* Restructure mock test data and add more tests
* Add boilerplate
* Add test scenario for op v2 and increase coverage
* Fix up copyright statements
* Test v1 and v2 in all cases
* Use a more descriptive variable name
* Use docstrings rather than pass in abstract class
This adds coverage to abstract methods with the least amount of hackery.
* Increase test coverage for CLI classes
* Sort test parameters to avoid collection errors
* Update version tested in docs
* Revere test parameter sorting for now
The parameters need to be sorted to avoid the issue in older Python
versions in CI, but I’m having trouble working out how to do that
currently.
* Allow passing kwargs to the lookup module under test
* Favor label over id for v2 when looking for values
Add tests
* Display a warning for section on op v2 or greater
There is no “value” in section fields. If we wanted to support sections
in v2, we would also have to allow specifying the field name in
order to override “value”.
* Move test cases to their own file
Getting a bit unwieldy having it in the test file
* Move output into JSON files fore easier reuse
* Switch to using get_options()
* Add licenses for fixture files
* Use get_option() since get_options() was added in Ansible Core 2.12
* Rearrange fixtures
* Add changelog
* Move common classes to module_utils
* Move common classes back to lookup
The plugin relies on AnsibleLookupError() quite a bit which is not available
in module code.
Remove use of display for errors since section isn’t actually deprecated.
* Properly handle sections
Still room for improvement, but this is at least a start.
* Remove some comments that won’t be addressed
* Make test gathering more deterministic to avoid failures
* Update changelog fragment
* Simple fix for making tests reliable
* Start using Ansible's config manager to handle options.
* Docs improvements.
* Fix documentation, make options actual lookup options.
* The cyberarkpassword lookup does too strange things.
* The onepassword lookups are converted in #4728, let's not interfere.
* Improve docs.
* Skip shelvefile as well.
* Convert lmdb_kv.
* Convert and fix credstash.
* Convert manifold.
* Drop chef_databag.
* Convert dig.
* Update examples.
* Forgot the most important part.
* Fix lmdb_kv docs.
* Python 2.6 compatibility.
* Convert AnsibleUnicode to str.
* Load lookup with lookup loader.
* Fix environment handling and error message checking.
* Improve docs formatting.
* remove redundant
templar is already in base class
env var is already consulted in via config resolution
* more whites
* no need to import templar again
* Add changelog fragment.
* Try to update tests.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Bump version to 6.0.0.
* sender option is now required.
* Default of want_proxmox_nodes_ansible_host changed from true to false.
* username is now an alias of user, and no longer of workspace.
* Remove deprecated return values in favor of end_state.
* Remove debug option.
* Change default of ignore_volatile_options from true to false.
* gitlab_group must now always contain the full path.
* Change default of norc from false to ture.
* Remove deprecated property.
* Add PR URL.
* Adjust bitbucket unit tests.
* Adjust module_helper integration test.
* Adds transport_mode configuration for Infiniband devices
Adds transport_mode configuration for Infiniband based ipoib devices,
which is one of:
- datagram (default)
- connected
* Remove trailing whitespace
* Add changelog fragment
* Update changelogs/fragments/5361-nmcli-add-infiniband-transport-mode.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/net_tools/nmcli.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/net_tools/nmcli.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove default for transport_mode
* Add test for changing Infiniband transport_mode
* remove blank line at end of file
Co-authored-by: Thomas Gebert <thomas.gebert@atos.net>
Co-authored-by: Felix Fontein <felix@fontein.de>
* opentelemetry: logs property
* opentelemetry: support for span events with the Task dump output
* opentelemetry: support property to disable the logs
* bump the version when supported
* add section ini
* test: fix change of signature
* [opentelemetry][callback] changelog fragment
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Experimental change from OpenIndiana
* resolve pfexec problem, by removing superfluous quotes
* reimplement "wrap_exe"
* remove spaces arround keyword argument assignment
* adapted pfexec unit test
* Try to fix quoting of test expression
* Fix quoting of test expression by replacing ' with "
* Add changelog fragment
* WDC Redfish support for setting the power mode.
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add change fragment.
* Add extension to changelog fragment.
Co-authored-by: Felix Fontein <felix@fontein.de>
* nmcli: avoid changed status for most cases with VPN connections
Follow-up https://github.com/ansible-collections/community.general/pull/4746
* `nmcli connection show` includes vpn.service-type but not vpn-type.
Switching to vpn.service-type removes unneeded diffs while keeping
the same functionality, as vpn-type is an alias of vpn.service-type
per nm-settings-nmcli(1).
NetworkManager also adds `org.freedesktop.NetworkManager.` prefix for
known VPN types [1]. The logic is non-trivial so I didn't implement it
in this commit. If a user specifies `service-type: l2tp`, changed will
be always be True:
- "vpn.service-type": "org.freedesktop.NetworkManager.l2tp"
+ "vpn.service-type": "l2tp"
* The vpn.data field from `nmcli connection show` is sorted by keys and
there are spaces around equal signs. I added codes for parsing such
data.
Tests are also updated to match outputs of nmcli commands.
[1] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.38.4/src/libnm-core-impl/nm-vpn-plugin-info.c#L619
* Add changelog
* Some suggested changes
* Make space stripping more flexible - works for cases without equal
signs.
* Keep vpn.data in a test case with no spaces
* nmcli: allow any string for vpn service-type
* feat: Add crc32 filter
Compute CRC32 checksum of a string and return its hex representation. Can be
use to create short checksums.
Signed-off-by: Julien Riou <julien@riou.xyz>
* Update license lines
* Improve string check of a crc32 value
Signed-off-by: Julien Riou <julien@riou.xyz>
Signed-off-by: Julien Riou <julien@riou.xyz>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add sanity test (currently fails).
* doc_fragments can also be non-GPLv3+.
* Replace 'Author:' by 'Copyright:' in some specific cases.
* Avoid matching string for license checkers.
* Reformulate not to throw license detection off.
* Add PSF copyright notice for plugins/module_utils/_mount.py.
* Add generic copyright notices.
* Update changelog fragment.
* WDC Redfish support for chassis indicator LED toggling.
* Added changelog fragment.
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>