If hashtype for the password_hash filter is 'blowfish' and passlib is
available, hashing fails as the hash function for this is named 'bcrypt'
(and not 'blowfish_crypt'). Special case this so that the correct
function is called.
Since passlib algo sometime takes a bytes, and sometime
not, depending on a internal variable, we have to convert
bnased on it, or it fail with "TypeError: salt must be bytes,
not str" (or unicode instead of bytes)
However, that's not great to use internal structure for that.
The -b option reads as follows:
` The target job is directed to ignore hangup signals. This is particularly
useful for running the target program in the background.`
If needed, '-b' can be added to become_flags
Squashed commit of the following:
commit f2c9f5c011ae8be610301d597a34bfba1a391e08
Author: Aaron Bieber <aaron@bolddaemon.com>
Date: Mon Oct 17 10:58:14 2016 -0600
remove pbrun flags
commit f402679ac177c931ad64bd13306f62512a14fcd6
Author: Aaron Bieber <aaron@bolddaemon.com>
Date: Fri Oct 14 15:29:29 2016 -0600
use Password: vs assword: for matching pbrun prompt
commit cd2e90cb65854c4cc5dd8773404e520d40f82765
Author: Aaron Bieber <aaron@bolddaemon.com>
Date: Fri Oct 14 15:28:58 2016 -0600
move -b to pbrun_flags
Fixes for non-ascii passwords on
* both python2 and python3,
* local and paramiko_ssh (ssh tested working with these changes)
* sudo and su
Fixes#16557
The PlayIterator was written without nested roles in mind, but since
include_role can nest them we need to check to see if we've moved into
a new role which is a child via nesting.
Fixes#18026
The network module will now log a message when it connects to a remote host
successfully and specify the transport used. It will also log a message
when the module discconnect() method is called.
Earlier versions of EOS that do not support config sessions would
create an exception. This fix will now check if the device supports
sessions and if it doesn't, it will fall back to not using sessions
* Fix unbound method call for JSONEncoder
The way it is currently it will lead to unbound method error
```python
In [1]: import json
In [2]: json.JSONEncoder.default('object_here')
---------------------------------------------------------------------------
TypeError Traceback (most recent call last)
<ipython-input-2-872fdacfda50> in <module>()
----> 1 json.JSONEncoder.default('object_here')
TypeError: unbound method default() must be called with JSONEncoder instance as first argument (got str instance instead)
```
But what is really wanted is to let the json module to raise the "is not serializable error" which demands a bounded instance of `JSONEncoder()`
```python
In [3]: json.JSONEncoder().default('object_here')
---------------------------------------------------------------------------
TypeError: 'object_here' is not JSON serializable
```
BTW: I think it would try to call `.to_json` of object before raising as it is a common pattern.
* Calling JSONEncoder bounded `default` method using super()
This is better API as the booleans could conflict with each other.
If the config value is a string, make sure to return it as a text string
rather than a byte string.
As recently there was back-and-forth with this hardcoded value
(0.001 -> 0.01 -> 0.005), obviousely the optimal value for it depends on
Ansible usage scanario and is better to be configurable.
This patch adds a new config option in DEFAULT section,
`internal_poll_interval`, with default of 0.001 corresponding to the
value hardcoded in Ansible v2.1.
This config option is then used instead of hardcoded values where
needed.
Related GH issue: 14219
Implement tag and skip_tag handling in the CLI() class. Change tag and
skip_tag command line options to be accepted multiple times on the CLI
and add them together rather than overwrite.
* Make it configurable whether to merge or overwrite multiple --tags arguments
* Make the base CLI class an abstractbaseclass so we can implement
functionality in parse() but still make subclasses implement it.
* Deprecate the overwrite feature of --tags with a message that the
default will change in 2.4 and go away in 2.5.
* Add documentation for merge_multiple_cli_flags
* Fix galaxy search so its tags argument does not conflict with generic tags
* Unit tests and more integration tests for tags
In order for the config to be returned with vpn passwords, the get_config()
method now supports a keyword arg include=passwords to return the desired
configuration. This replaces the show_command argument
foo.split('\n') is picky about the type of 'foo'.
if 'foo' is a bytes type, then foo.split('\n')
will fail on py3 with:
TypeError: a bytes-like object is required, not 'str'
The foo.split('\n') change isn't strictly required
when run_command returns native str types, but it
is more idiomatic and conceptually also supports other
line endings.
Prior to this commit, the ini parser would fail if the inventory was
not 100% utf-8. This commit makes this slightly more robust by
omitting full line comments from that requirement.
Fixes#17593
* Specify run_command decode error style as arg
Instead of getting the stdout/stderr text from
run_command, and then decoding to utf-8 with a
particular error scheme, use the 'errors' arg
to run_command so it does that itself.
* Use 'surrogate_or_replace' instead of 'replace'
For the text decoding error scheme in run_command calls.
* Let the local_facts run_command use default errors
* fix typo
In py3, dict.keys() is a view and not a copy of the
dicts keys, so attempting to delete items from the dict
while iterating over the keys results int
RuntimeError: dictionary changed size during iteration
Resolve by casting .keys() to a list() type.
* Remove unicode-escape which is not present on python3
Alternative fix for #17305
* Enable the assemble test on python3
* Fix other problems with assemble on python3
The kickstart kwarg should be set to False for eos based devices and
was set to True. This change cleans up problems loading json output
from cli commands
All eos_command test cases are now passing successfully
fixes#17441
When adding condition statements, the Conditional instance will now generate
an AddConditionError if is unable to map the condition to a function in the
instance
When the conditional cannot extract a value from the result string,
an unhandled exception would be raised. This fix now gracefully handles
the exception
An unhandled exeception is raised with using nxapi transport and setting
the save argument to true. This fix will allow the configuration to be
saved regardless of the transport.
fixesansible/ansible-modules-core#5094
If the sftp fails, roll over to scp by default. This saves users
from having to know about the scp_if_ssh method when sftp is broken
on the remote host.
The conditional processing was failing due for two reasons:
1) The xml to json conversion string was not happening before the runner
was processing the results
2) The Conditional instance was not parsing conditionals encoded with []
This fix address both issues.
Currently, if the host specified in delegate_to for a task is null,
Ansible will crash with a stack trace. Add a check for this state
and handle the error appropriately.
The junos load_config() method supports operations of overwrite, replace
and merge. This adds the missing overwrite keyword arg to load_config()
so that action in junos_template can be procesed correctly.
The Conditional class now raises a ValueError with message if it cannot
correclty parse the passed in conditional. This makes it easier to
detect issues in modules that specify conditionals.
The arguments for the regex search() function were transposed in the
netcli match() method that caused conditionals to fail. Switched the
arguments to fixe the bug
fixes#17749
files is really a placeholder for common code for separate service modules, was copy of current service module and this seemed to confuse people so this update should clear that up
The raw kwarg was added to return raw output from devices with if the
attempt to convert to json failed. The change was causing all json
output to be returned raw. This fixes that issue.
* refactor ignore_limits_and_restrictions
into ignore_limits and ignore_limitations
* add ansible_play_hosts_all
* update docs re ansible_play_hosts_all
* only use play.hosts when is has a value
* replace ansible_play_hosts with ansible_play_hosts_all
* remove unnecessary var
This fixes a problem with the Netconf transport in which the ssh keyfile
wasn't being used if it was defined. The ref issue is filed against 2.1.1
but have been unable to replicate the problem in that version
ref: ansible/ansible-modules-core#4966
* fixes issue #13981: unsafe_writes block appeared too late in the atomic_move
workflow. This led to errno.EBUSY to not be managed in the context of
issue #!#981
* Reduce changes to fix#13981
* Abstract the unsafe_writes fallback into a helper method.
Explicitly try/except os.rename part of the code and call this helper method.
If the code fails in shutil.copy2 or shutil.move this should not be related to issue #13981
since they write to b_tmp_dest_name.
(as suggested by @abadger)
* Check if unsafe_writes in the caller, not in _unsafe_writes.
That way the function call reads as "Do an unsafe write"
and not as "I think we should do an unsafe_write.
When using hostvars to get extra connection-specific vars for connection
plugins, use this raw lookup to avoid prematurely templating all of the
hostvar data (triggering unnecessary lookups).
Fixes#17024
* Add oVirt utility module
This patch add oVirt utility module, which contains helper functions,
for oVirt modules and also shared documentation fragment for oVirt.
* Adjust to Python 2.4
* Fixups
* Add support for poll interval and fixes
When using the Cli transport, if the session hung on a command and the
socket timed out, the config session would be left behind. This change
will allow the shell to try to get control back and remove the config
session, assuming the channel is still open.
fixesansible/ansible-modules-core#4945
* changed missing file error to warning for lookups
* changed plugins that expected exception
warning will still be displayed, they now work with None value
* Improve unit testing of 'password' lookup
The tests showed some UnicodeErrors for the
cases where the 'chars' param include unicode,
causing the 'getattr(string, c, c)' to fail.
So the candidate char generation code try/excepts
UnicodeErrors there now.
Some refactoring of the password.py module to make
it easier to test, and some new tests that cover more
of the password and salt generation.
* More refactoring and fixes.
* manual merge of text enc fixes from pr17475
* moving methods to module scope
* more refactoring
* A few more text encoding fixes/merges
* remove now unused code
* Add test cases and data for _gen_candidate_chars
* more test coverage for password lookup
* wip
* More text encoding fixes and test coverage
* cleanups
* reenable text_type assert
* Remove unneeded conditional in _random_password
* Add docstring for _gen_candidate_chars
* remove redundant to_text and list comphenesion
* Move set of 'chars' default in _random_password
on py2, C.DEFAULT_PASSWORD_CHARS is a regular str
type, so the assert here fails. Move setting the
default into the method and to_text(DEFAULT_PASSWORD_CHARS)
if it's needed.
* combine _random_password and _gen_password
* s/_create_password_file/_create_password_file_dir
* native strings for exception msgs
* move password to_text to _read_password_file
* move to_bytes(content) to _write_password_file
* add more test assertions about genned pw's
* Some cleanups to alikins and abadger's password lookup refactoring:
* Make DEFAULT_PASSWORD_CHARS into a text string in constants.py
- Move this into the nonconfigurable section of constants.
* Make utils.encrypt.do_encrypt() return a text string because all the
hashes in passlib should be returning ascii-only strings and they are
text strings in python3.
* Make the split up of functions more sane:
- Don't split such that conditionals have to occur in two separate functions.
- Don't go overboard: Good to split file system manipulation from parsing
but we don't need to do every file manipulation in a separate
function.
- Don't split so that creation of the password store happens in two
parts.
- Don't split in such a way that no decisions are made in run.
* Organize functions by when it gets called from run().
* Run all potential characters through the gen_candidate_chars function
because it does both normalization and validation.
* docstrings for functions
* Change when we store salt slightly. Store it whenever it was already
present in the file as well as when encrypt is requested. This will
head of potential idempotence bugs where a user has two playbook tasks
using the same password and in one they need it encrypted but in the
other they need it plaintext.
* Reorganize tests to follow the order of the functions so it's easier
to figure out if/where a function has been tested.
* Add tests for the functions that read and write the password file.
* Add tests of run() when the password has already been created.
* Test coverage currently at 100%
The Conditional instance will cause a stack trace if the provided conditional
does not map properly to the response. This fixes that issue so that the
Conditional instance will now raise a FailedConditionalError with the
conditional that caused the failure.
Modules *_command modules (and any other modules that create an instance
of Conditional) should be updated to catch the FailedConditionalError
exception.
This addresses a problem when *_config or *_template network modules are
being used in roles. The module will error with the above message. This
fixes that problem
fixedansible/ansible-modules-core#4840