Commit Graph

198 Commits (124036337ed0266661d0bd4f3457bc1e0114306c)

Author SHA1 Message Date
Matthias Fuchs 7871027c9d Share the implementation of hashing for both vars_prompt and password_hash (#21215)
* Share the implementation of hashing for both vars_prompt and password_hash.
* vars_prompt with encrypt does not require passlib for the algorithms
  supported by crypt.
* Additional checks ensure that there is always a result.
  This works around issues in the crypt.crypt python function that returns
  None for algorithms it does not know.
  Some modules (like user module) interprets None as no password at all,
  which is misleading.
* The password_hash filter supports all parameters of passlib.
  This allows users to provide a rounds parameter, fixing #15326.
* password_hash is not restricted to the subset provided by crypt.crypt,
  fixing one half of #17266.
* Updated documentation fixes other half of #17266.
* password_hash does not hard-code the salt-length, which fixes bcrypt
  in connection with passlib.
  bcrypt requires a salt with length 22, which fixes #25347
* Salts are only generated by ansible when using crypt.crypt.
  Otherwise passlib generates them.
* Avoids deprecated functionality of passlib with newer library versions.
* When no rounds are specified for sha256/sha256_crypt and sha512/sha512_crypt
  always uses the default values used by crypt, i.e. 5000 rounds.
  Before when installed passlibs' defaults were used.
  passlib changes its defaults with newer library versions, leading to non
  idempotent behavior.

  NOTE: This will lead to the recalculation of existing hashes generated
        with passlib and without a rounds parameter.
        Yet henceforth the hashes will remain the same.
        No matter the installed passlib version.
        Making these hashes idempotent.

Fixes #15326
Fixes #17266
Fixes #25347 except bcrypt still uses 2a, instead of the suggested 2b.

* random_salt is solely handled by encrypt.py.
  There is no _random_salt function there anymore.
  Also the test moved to test_encrypt.py.
* Uses pytest.skip when passlib is not available, instead of a silent return.
* More checks are executed when passlib is not available.

* Moves tests that require passlib into their own test-function.

* Uses the six library to reraise the exception.

* Fixes integration test.

When no rounds are provided the defaults of crypt are used.
In that case the rounds are not part of the resulting MCF output.
6 years ago
Toshio Kuratomi ee891c2b16 Fix refs broken by removal of old module docs 6 years ago
Chris Archibald 66ae8efbd3 Bug Fixes for ontap_net_vlan.py (#44209)
* Bug Fixes for ontap_net_vlan.py

* Make documentation changes
6 years ago
Toshio Kuratomi 0e7b470a01 Remove deprecated tags config option (#44479)
* Remove deprecated tags config option

* wordsmith porting guide entry

acozine via github
6 years ago
Chris Archibald 9dceca8a88 Deprecated Old NetApp Cdot Modules (#43781)
* MVP2 Post ElementSW OSRB sync

* Revert "MVP2 Post ElementSW OSRB sync"

This reverts commit c13db2ad962cd56bffce052c2891c558a2240c72.

Undoing bad push

* move deprecated files

* add documentation

* add new line

* Fix version issue

* fix issue with ignore file, hopefully

* Add ontap modules to porting guide

* fix refs

* add _module to ref
6 years ago
Toshio Kuratomi a0e6ab09d1 Add note to the porting guide about why we're dropping python-2.6 controller support 6 years ago
Toshio Kuratomi c4951cce0b Exorcise Python-2.6 6 years ago
Pilou 32eab149b6 [doc] import_role: mention version from which behavior changed and fix some typos (#43843)
* [doc] fix some typos

* [doc] import_role: mention version from which behavior changed
6 years ago
Toshio Kuratomi 52449cc01a AnsiballZ improvements
Now that we don't need to worry about python-2.4 and 2.5, we can make
some improvements to the way AnsiballZ handles modules.

* Change AnsiballZ wrapper to use import to invoke the module
  We need the module to think of itself as a script because it could be
  coded as:

      main()

  or as:

      if __name__ == '__main__':
          main()

  Or even as:

      if __name__ == '__main__':
          random_function_name()

  A script will invoke all of those.  Prior to this change, we invoked
  a second Python interpreter on the module so that it really was
  a script.  However, this means that we have to run python twice (once
  for the AnsiballZ wrapper and once for the module).  This change makes
  the module think that it is a script (because __name__ in the module ==
  '__main__') but it's actually being invoked by us importing the module
  code.

  There's three ways we've come up to do this.
  * The most elegant is to use zipimporter and tell the import mechanism
    that the module being loaded is __main__:
    * 5959f11c9d/lib/ansible/executor/module_common.py (L175)
    * zipimporter is nice because we do not have to extract the module from
      the zip file and save it to the disk when we do that.  The import
      machinery does it all for us.
    * The drawback is that modules do not have a __file__ which points
      to a real file when they do this.  Modules could be using __file__
      to for a variety of reasons, most of those probably have
      replacements (the most common one is to find a writable directory
      for temporary files.  AnsibleModule.tmpdir should be used instead)
      We can monkeypatch __file__ in fom AnsibleModule initialization
      but that's kind of gross.  There's no way I can see to do this
      from the wrapper.

  * Next, there's imp.load_module():
    * https://github.com/abadger/ansible/blob/340edf7489/lib/ansible/executor/module_common.py#L151
    * imp has the nice property of allowing us to set __name__ to
      __main__ without changing the name of the file itself
    * We also don't have to do anything special to set __file__ for
      backwards compatibility (although the reason for that is the
      drawback):
    * Its drawback is that it requires the file to exist on disk so we
      have to explicitly extract it from the zipfile and save it to
      a temporary file

  * The last choice is to use exec to execute the module:
    * https://github.com/abadger/ansible/blob/f47a4ccc76/lib/ansible/executor/module_common.py#L175
    * The code we would have to maintain for this looks pretty clean.
      In the wrapper we create a ModuleType, set __file__ on it, read
      the module's contents in from the zip file and then exec it.
    * Drawbacks: We still have to explicitly extract the file's contents
      from the zip archive instead of letting python's import mechanism
      handle it.
    * Exec also has hidden performance issues and breaks certain
      assumptions that modules could be making about their own code:
      http://lucumr.pocoo.org/2011/2/1/exec-in-python/

  Our plan is to use imp.load_module() for now, deprecate the use of
  __file__ in modules, and switch to zipimport once the deprecation
  period for __file__ is over (without monkeypatching a fake __file__ in
  via AnsibleModule).

* Rename the name of the AnsiBallZ wrapped module
  This makes it obvious that the wrapped module isn't the module file that
  we distribute.  It's part of trying to mitigate the fact that the module
  is now named __main)).py in tracebacks.

* Shield all wrapper symbols inside of a function
  With the new import code, all symbols in the wrapper become visible in
  the module.  To mitigate the chance of collisions, move most symbols
  into a toplevel function.  The only symbols left in the global namespace
  are now _ANSIBALLZ_WRAPPER and _ansiballz_main.

revised porting guide entry

Integrate code coverage collection into AnsiballZ.

ci_coverage
ci_complete
6 years ago
Yuma Inaura (稲浦悠馬) 1199dff246 Update porting_guide_2.0.rst
Fix indent

+label: docsite_pr
6 years ago
Jordan Borean 2c9cbae3f9
Removed deprecated Windows items slated for removed in 2.7 (#43231) 6 years ago
Jordan Borean 93c05074ee
win_chocolatey: refactor module to fix bugs and add new features (#43013)
* win_chocolatey: refactor module to fix bugs and add new features

* Fix some typos and only emit install warning not in check mode

* Fixes when testing out installing chocolatey from a server

* Added changelog fragment
6 years ago
Jarryd Tilbrook 460f858640 Enable check_mode in command module (#40428)
* Enable check_mode in command module

This only works if supplying creates or removes since it needs
something to base the heuristic off. If none are supplied it will just
skip as usual.
Fixes #15828

* Add documentation for new check_mode behavior
6 years ago
Sandra McCann 1900635409 fixed typo (#42900) 6 years ago
Matt Martz 27b4d7ed31
Add feature to expose vars/defaults with include/import_role (#41330)
* First pass at making 'private' work on include_role, imports are always public

* Prevent dupe task execution and overwriting handlers

* New functionality will use public instead of deprecated private

* Add tests for public exposure

* Validate vars before import/include to ensure they don't expose too early

* Add porting guide docs about public argument and change to import_role

* Add additional docs about public and vars exposure to module docs

* Insert role handlers at parse time, exposing them globally
6 years ago
Sam Doran fb55038d75 Add warning when using an empty regexp in lineinfile (#42013)
* Revert "Account for empty string regexp in lineinfile (#41451)"

This reverts commit 4b5b4a760c.

* Use context managers for interacting with files

* Store line and regexp parameters in a variable

* Add warning when regexp is an empty string

* Remove '=' from error messages

* Update warning message and add changelog

* Add tests

* Improve warning message

Offer an equivalent regexp that won't trigger the warning.
Update tests to match new warning.

* Add porting guide entry for lineinfile change
7 years ago
Alicia Cozine e0a9a71b04 updates docs links to changelogs for all versions (#41289)
* updates docs links to changelogs for all versions

* updates latest 2.5 release
7 years ago
Matt Martz ee221859cd
Load role vars and defaults before parsing tasks (#40982)
* Load role vars and defaults before parsing tasks. Fixes #40163

* Add porting guide note

* Wording clarifications

* typo

* grammar fixes
7 years ago
Hideki Saito d7df072b96 Add syslog_facility parameter handling with systemd.journal (#41078)
* Add syslog_facility parameter handling with systemd.journal

- Fixed issue #41072

Signed-off-by: Hideki Saito <saito@fgrep.org>
7 years ago
Matt Martz 4ca23cb147
Ensure the 2.7 porting guide is in the toc (#41267) 7 years ago
Toshio Kuratomi cef4d862bc
Better error message if the template is not utf-8 encoded (#41030)
* Better error message if the template is not utf-8 encoded

Also document this in the porting guide
7 years ago
Matt Martz 1cec3c8daf Add docs detailing how to convert many with_X style loops to use loop and filters (#40964)
* Add docs detailing how to convert many with_X style loops to use loop and filters. Fixes #40727

* Switch lookup used in query vs lookup comparison, to not recommend use of nested lookup

* Improve docs based on feedback
7 years ago
Matt Martz 96ec32630e Deprecate squash_actions (#35978)
* Deprecate squash_actions

* Wording update

* Update wording and version

* Update versions to reflect 2.7 deprecation

* Add 2.7 porting guide
7 years ago
Fabian von Feilitzsch 4d77878654 K8s dynamic collected changes (#40745)
* Move k8s modules to dynamic backend

* update required openshift version

* update -> patch

* use new dynamic client exceptions

* style

* guard urllib3 import

* guard ansibleerror import

* give more information about error cause

* format in variable

* style

* rename tests

* Search for provided kind in a few more places to match old behavior, properly handle failure

* make common code use fail instead of fail_json, to work for lookup plugins as well

* update docs

* move openshift_raw tests into k8s tests

* fix typo

* Use diff of response and resource to determine change, don't do any checking client-side before making requests

* remove duplicate yaml blocks

* Update porting guide for k8s module

* remove invalid doc refs

* If fuzzy searching finds a resource, update resource_definition to match proper kind and version

* remote unsupported openshift_raw variables

* properly check environment variables when determining auth method:
7 years ago
Brian Coca bc93038943 added information on keyword/vars separation (#39561)
* added information on keyword/vars separation

fixes #39551

* updated as per fb
7 years ago
Jordan Borean 070a5557d1
always_run: removed deprecated always_run task option (#40470) 7 years ago
Toshio Kuratomi 6227c2ac75
More file refactoring (#40114)
* Set src in the state functions rather than the toplevel

A good API should only require passing one version of a piece of data
around so do that for src

* Move the rewriting of path into additional_parameter_handling

When the path is a directory we can rewrite the path to be a file inside
of the directory

* Emit a warning when src is used with a state where it should be ignored
7 years ago
Brian Coca 32c2aae258
document lookup errors optoin (#39645)
* document lookup errors optoin

* changed to doc

* updated as per feedback
7 years ago
Toshio Kuratomi 1885883a88 Document follow changes
Add the file, blockinfile, and replace changes to the follow parameter
to the porting guide
7 years ago
Abhijeet Kasurde 85ad2eae8a Fix typo in porting guides index page (#39582)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
7 years ago
Jordan Borean f8853d83e3
windows: removed deprecated features in 2.6 (#38930)
* windows: removed deprecated features in 2.6

* Comma surgery.
7 years ago
Alicia Cozine 4b52a54e18 Reduce warnings (#39254)
* removes FAQ links; no entries exist for linked config settings

* fixes various anchors and links

* addresses abadger comments, thanks

* marks orphan pages, avoids TOC errors

* adds links for remote_tmp setting to FAQ
7 years ago
saichint 6eecbf10e6 fix nxos_igmp_interface issues (#38752)
* fix nxos_igmp_interface issues

* shippable fix

* fix oif_prefix and oif_source

* shippable fix

* shippable fix

* shippable fix

* add an example for oif_ps

* review comments

* review comments

* more review comments

* fix typo
7 years ago
Toshio Kuratomi 9faf7b949e Fix places in docs that refer to modules without namespace
We've namespaced all plugin docs.  Change the docs to reflect that
7 years ago
Qasim Sarfraz 6d830166e9 Minor typo fix (#38589) 7 years ago
Pierre Templier 2340ca7701 Small typos in docs (#38370)
* Small typos in docs

* Fixed wording
7 years ago
Jonas Meurer 55fd3d62fb Update porting_guide_2.5.rst (#37927)
The example regarding `include_*` is a bit unclear. First it seems like the v2.4 and v2.5 examples are the same. So I attempted to make the relevant change in the examples more obvious.

 label: docsite_pr
7 years ago
Alicia Cozine b72960fdd4
revises network portion of 2.5 porting guide (#37938)
* revises network portion of 2.5 porting guide
7 years ago
Ryan Pineo fe87869cec Fix casing on CallbackBase in 2.4 porting guide (#37616) 7 years ago
Arbab Nazar 775e8ed806 fix the typo
<!--- Your description here -->

 label: docsite_pr
7 years ago
Robert de Bock 0cf2ecbc62 Update porting_guide_2.5.rst
A fix to a minor typo. ("Previouslu" -> "Previously")

 label: docsite_pr
7 years ago
scottb 381359a8f8
Doc build warning/broken link clean-a-palooza (#37382)
* Doc build warning/broken link clean-a-palooza, WIP commit 1.

* Fixed broken anchor

* Fixing additional broken links; converting from doc to ref.

* Fix anchor
7 years ago
Toshio Kuratomi fafcb3452f
Porting guide (#37226)
* Add the lookup plugin strictness to the porting guide

* Edited for clarity.

* Wordsmithing.
7 years ago
John R Barker 41c066eff9
Fix broken links (#36864) 7 years ago
John R Barker f77a390131
Depreciate aos (#36029)
* Deprecate Apstra's aos_* modules

These modules don't work with AOS 2.1 or higher.
They will be replaced non-upstreamed modules

* Correct list
7 years ago
Brian Coca 1f363a6a7c updates to porting guide (#36219)
* updates to porting guide

(cherry picked from commit 7a6d6870d4633ae38a14cc799521b5fc1c0320fd)

* Edits to correct spelling, grammar, and clarify wording.

* Fixed typo
7 years ago
John R Barker 577ff4d949
Add stub porting_guide_2.6.rst (#36190)
* Add stub porting_guide_2.6.rst

* Typo fix
7 years ago
scottb 373b1dcf59
Core Docs Refactor and Redesign (#36067)
* Docs refactor as outlined in https://github.com/ansible/proposals/issues/79. Moves content into 'guides'; refactors TOC; fixes CSS; design tweaks to layout and CSS; fixes generated plugin, CLI and module docs to fix links accodingly; more.

* Adding extra blank line for shippable
7 years ago