Commit Graph

156 Commits (20a0d90ebeec92fc498e29d57393b280f6e639a5)

Author SHA1 Message Date
Sloane Hertel d3f5238c09
Fix dangerous elb_application_lb state (#44646)
* elb_application_lb: fix dangerous default of deleting an ELB if state is omitted by changing state to default to present to be more like other AWS modules
6 years ago
Shuang Wang b03feb6d40 Implement part of #27617 [expend checksum format to <algorithm>:(<checksum>|<url>)] (#43751)
* expend checksum format to <algorithm>:(<checksum>|<url>)

* continue to code at office

* ALPHA - expend checksum format to <algorithm>:(<checksum>|<url>)

* clean up tmpfile and comment

* try to add test code for 27617

* try to add test code for 27617

* try to add test code for 27617

* try to fix [Could not find or access 'testserver.py']

* fix test code [Could not find or access 'testserver.py']

* fix test code [add files dir]

* fix test code [files dir not exists]

* as [connection was closed before a valid response was received]

* [connection was closed before a valid response was received]

* [connection was closed before a valid response was received]

* add test item [sha1 and sha256]

* since [connection was closed before a valid response was received]

* fix [connection was closed before a valid response was received]

* fix test code typo

* add docs for #27617

* PR #43751 is minor change

* fix pep8 issue.

* fix test code style.

* fix unexpected quote
6 years ago
Toshio Kuratomi f46c943d3d Fix another corner case of too many warnings for world readable current working directory
There should be no warning if there is no ansible.cfg file i nthe
current working directory.
6 years ago
Will Thames 60e3af42d5 sns_topic boto3 port (#39292)
* Port sns_topic to boto3 and add tests
6 years ago
Sloane Hertel 79ecb4c41f
Add diff mode for ec2_group (#44533)
* Add (preview) diff mode support ec2_group

* Add diff mode to some ec2_group integration tests

* Remove unnecessary arguments and add comment to the module notes

* Add changelog
6 years ago
Sloane Hertel b152515fcb RDS inventory plugin (#41919)
Comments out uses of rds_instance in the integration tests and replace with AWS CLI until rds_instance has been merged
6 years ago
Sam Doran 05fff27415
Pass path to GalaxyRole object (#43051)
This will list all roles in all paths in roles_path rather than just the first path in roles_path.
6 years ago
jctanner 653d9c0f87 New keyword: ignore_unreachable (#43857) 6 years ago
guoqiao 6ef9c2d7b7 Fix mail module for python 3.7.0 (#44550) (#44552)
In python 3.7.0, changes in `ssl.py` breaks `smtplib.SMTP_SSL`, which
then breaks `mail` module in ansible.

Run this line in python shell:

    import smtplib;smtplib.SMTP_SSL().connect(host='smtp.gmail.com', port=465)

Before python 3.7.0, we will get:

    (220, b'smtp.gmail.com ESMTP j13-v6sm3086685pgq.56 - gsmtp')

In python 3.7.0, we get such error at `lib/python3.7/ssl.py` line 843, method `_create`:

    ValueError: server_hostname cannot be an empty string or start with a leading dot.

The ssl module is using host info on SMTP_SSL instance, which is not set.
The fix/workaround is simple, just pass host info to it:

    import smtplib;smtplib.SMTP_SSL(host='smtp.gmail.com').connect(host='smtp.gmail.com', port=465)

Fixes: #44550

Signed-off-by: Guo Qiao <guoqiao@gmail.com>
6 years ago
Jordan Borean e07352b9de basic.py: catch ValueError when trying to import hash algorithms (#44551)
* basic.py: catch more Exceptions when trying to import md5 hash algorithms
6 years ago
Guilherme Steinmuller 3db93e4c2a Add missing changelog for PR #44418 (#44478)
The PR[1] was merged but we noticed that the
changelog file is missing.

[1] https://github.com/ansible/ansible/pull/44418
6 years ago
Ryan Brown 4c8808ec9d
Extend `module_defaults` by adding default groups for cloud modules (#44127)
Extends `module_defaults` by adding a prefix to defaults `group/` which denotes a builtin list of modules. Initial groups are: `group/aws`, `group/azure`, and `group/gcp`
6 years ago
Matt Martz a1febd95b7
Remove deprecated ec2_facts (#44536)
* Remove deprecated ec2_facts

* Add changelog
6 years ago
Matt Martz 5ea7480e90
Remove deprecated s3 module (#44537)
* Remove deprecated s3 module

* Add changelog
6 years ago
sdubrul 061877d584 added account_alias in the response of module aws_caller_facts (#42345)
* added account_alias in the response of module aws_caller_facts

* added comment to explain list_account_aliases

* renamed caller_identity to caller_facts as the content is extended

* created changelog

* security-policy needs the iam:ListAccountAliases for this module to work

* test now checks for the added field account_alias

* gracefully handle missing iam:ListAccountAliases permission
6 years ago
Vladimir Dobriakov 6f480fd03d Fixes #23078 - eliminate trailing whitespace in to_nice_json (#42633)
* Fix #23078 - eliminate trailing whitespace in to_nice_json

* Add changelog fragment for #42633
6 years ago
Matt Martz 81ca04512d
Raise a nicer error when we cannot execute the editor (#44423)
* Raise a nicer error when we cannot execute the editor. Fixes #44419

* Don't use to_bytes when constructing an exception

* Add changelog fragment
6 years ago
Brian Coca bda074d34e
fix tempating issues with no_log and loops (#44468)
* fix tempating issues with no_log and loops

 - task is no log if any item is
 - added test cases

fixes #43294
6 years ago
Toshio Kuratomi 0e7b470a01 Remove deprecated tags config option (#44479)
* Remove deprecated tags config option

* wordsmith porting guide entry

acozine via github
6 years ago
Matt Martz 2bf6507c44
Use newer is_sequence function instead of MutableSequence (#44331)
* Use newer is_sequence function instead of MutableSequence. Fixes #44327

* Add changelog for #44331

* Update changelog fragment to describe the fix in more detail
6 years ago
Matt Martz 617372f8c0
Mass nuke deprecated items that are easily removed. ci_complete (#44320) 6 years ago
Matt Martz 9b2baebe64
Don't use copy.deepcopy in high workload areas, use naive_deepcopy (#44337)
* Don't use copy.deepcopy in high workload areas, use deepishcopy. ci_complete

* Add tests

* Add changelog fragment

* rename to naive_deepcopy and add extra docs

* Rename to module_response_deepcopy and move to vars/clean
6 years ago
Monty Taylor 27ac2fc67c Ensure that apt is always chosen on debian/ubuntu (#44413)
One can install alternate packages managers on debuntu machines.
However, doing so doesn't mean you want to suddenly start using them.

Add in a check similar to the fedora yum/dnf check that sets apt as the
pkg_mgr if the ansible_os_family is Debian.
6 years ago
Martin Krizek a66588129f
Add changelog for Jinja2 native types (#44309) 6 years ago
Sam Doran 00e7c020b2 Add backup feature to user module (#41854)
*  Add backup option

* Only backup shadow file when the OS has one

* Only backup shadow file for SunOS

* Update docs on backup feature

* Add changelog fragment

* Add tests for shadow backup

* Remove backup option, make it automatic

Remove the option to enable/disable backups and make it automatic. Add note to docs describing this behavior.

Change tests to account for new module behavior.

Change section name in changelog fragment since minor_features is not a valid section.
6 years ago
Tom Matthews 5c1e620504 Strip trailing comments from /etc/default/passwd (#43931)
* strip additional comments from /etc/default/passwd

Strip trailling comments from /etc/default/passwd like
MINWEEKS=1 #MINWEEKS=2
MAXWEEKS=12  # MAXWEEKS=8
Which otherwise cause failures with "failed to read /etc/default/passwd: too many values to unpack"

* fix carriage return typo in commit

* yet another typo in commit

* Fix indent problem

* add changelog fragment for PR 43931
6 years ago
Andreas Calminder 21066410be authorized_key 29891 use os.path.realpath to follow keyfile symlinks (#40417)
* 29891 use os.path.realpath to follow keyfile symlinks
* 29891 add parameter follow
* updated changelog fragment
* add documentation and set default to false
6 years ago
Sam Doran 6d38167d49
Only template values in vars_prompt rather than all vars (#39304)
* Only template values in vars_prompt rather than all vars

This allows the use of variables in vars_prompt fields but allows variables entered in the prompt to affect play vars rather than throwing an undefined error.

Only post validate if there was a vars_prompt

* Add tests for vars_prompt
6 years ago
Zhikang Zhang b20d903cc4 Give warning if user inputs not encrypted password to user module (#43615)
* Check the password format

Check the password format and notify user if they
input unencrypted password.

* Fix sanity error

* Add integration test

* Missed a task name

* Hard code the testing password

Since some testing platfrom has no passlib installed

* Add changelog fragment

* Rework some English sentences

* Fix a grammar mistake
6 years ago
Toshio Kuratomi a0e6ab09d1 Add note to the porting guide about why we're dropping python-2.6 controller support 6 years ago
Toshio Kuratomi da26ba3760 Documentatin fixes 6 years ago
Toshio Kuratomi c4951cce0b Exorcise Python-2.6 6 years ago
Toshio Kuratomi e2e44f846c Fix the local and ssh plugins for a cornercase retrying a syscall
The bundled selectors library which is used by the local and ssh
connection plugins had a bug which caused a traceback in a cornercase.
If selectors were in use and a syscall was interrupted, selectors would
attempt to restart the syscall after the interrupt was processed.  if
the attempt determined that the timeout for running the syscall had
already expired, the code attempted to raise OSError.  The raise was
using a Python3-ism and needed to be ported to work on Python2.

Fixes #41630
6 years ago
René Moser 1fb0e11b56
vultr: rename prefix vr_to vultr_ (#43994)
* vultr: rename modules

* replace string vr_ with vultr_

* add deprecation warning

* fix sanity tests

* add changelog
6 years ago
Felix Fontein aef16ee195 ACME: use Cryptography (if a new enough version is available) instead of OpenSSL (#42170)
* Collecting PEM -> DER conversions.

* Using cryptography instead of OpenSSL binary in some situations.

* Moving key-to-disk writing for key content to parse_account_key.

* Rename parse_account_key -> parse_key.

* Move OpenSSL specific code for key parsing and request signing into global functions.

* Also using cryptography for key parsing and request signing.

* Remove assert statements.

* Fixing handling of key contents for cryptography code path.

* Allow to disable the use of cryptography.

* Updating documentation.

* 1.5 seems to work as well (earlier versions don't have EC sign function). Making Python 2.x adjustments.

* Changing option to select_crypto_backend.

* Python 2.6 compatibility.

* Trying to test both backends separately for acme_account.

* Also testing both backends separately for acme_certificate and acme_certificate_revoke.

* Adding changelog entry which informs about select_crypto_backend option in case autodetect fails.

* Fixing YAML.
6 years ago
Brian Coca abe68d523c
fix alt linux detection for new versions (#43723)
they dropped the Linux so now it only shows as ALT, it should still be backwards compatible
pkg_mgr detection relies on `Altlinux` string, so properly setting os_distribution should take care of it as side effect
fixes #43539
6 years ago
Brian Coca 9be3a7dde5
handle env exception in gathering even no inject (#43569)
* handle env exception in gathering even no inject

(cherry picked from commit 60e3b9b3527daea6d9fb75a80cc14b35923748f3)
6 years ago
Matt Martz c1c229c6d4
Remove use of simplejson throughout code base (#43548)
* Remove use of simplejson throughout code base. Fixes #42761

* Address failing tests

* Remove simplejson from contrib and other outlying files

* Add changelog fragment for simplejson removal
6 years ago
Jordan Borean 7b1cc11685
win_domain modules: ensure Netlogon service is still running after promotion (#43703) 6 years ago
Toshio Kuratomi 08e8d8c1d5 changelog for lxd idempotence fix 6 years ago
Toshio Kuratomi 30662bedad
Only print warning when ansible.cfg is actually skipped (#43583)
Only print warning when ansible.cfg is actually skipped

* Also add unittests for the find_ini_config_file function
* Add documentation on world writable current working directory
  config files can no longer be loaded from a world writable current
  working directory but the end user is allowed to specify that
  explicitly.  Give appropriate warnings and information on how.

Fixes #42388
6 years ago
Brian Coca 62d8c8fde6 more useful messages when module failure (#43576)
* more useful messages when module failure

specially if the 'interpreter' is not found

* 1 less var

* shebang can be none

* remove typoes
6 years ago
Seuf 6f4b2e8f7f Moved grafana 5 dashboard compatible changelog to fragments dir (#43593) 6 years ago
Toshio Kuratomi d483d646eb Normalize config from environment as text strings
On Python3, these would be text strings already.  On Python2, we need to
convert them from bytes.

Use a new helper function py3compat to do this.

Fixes #43207
6 years ago
Shuang Wang 68683b4c73 fix issue [ get_url does not change mode when checksum matches ] (#43342)
* fix  #29614

* add change log for #43342

* Cleanup tests and add tests for this scenario


Co-authored-by: ptux
6 years ago
Jiri Tyr c93f24b45b Fix for creation and removal of swap record in fstab (fixes #42706, #31437 and #30090) (#42837) 6 years ago
Alex 29a62038b7 module_utils_service: Fix glob path of rc.d (#43018)
Some distribtuions like SUSE has the rc%.d directories under /etc/init.d

Quote of /etc/rc.d.README on SLES11.

"Some people expect the system startup scripts in /etc/rc.d/.
We use a slightly different structure for better LSB compliance."
6 years ago
Jordan Borean 9259f31fee Add Ansible.ModuleUtils.PrivilegeUtil and converted code to use it (#43179)
* Add Ansible.ModuleUtils.PrivilegeUtil and converted code to use it

* Changed namespace and class to be a better standard and fixed some typos

* Changes from review

* changes to avoid out of bound mem of server 2008

* changes to detect failure when setting a privileged not allowed
6 years ago
Artem Goncharov 6667ec4474 fixes #42042 (#42939)
Do not create group with empty name when region (optional argument) is 
not given in the openstack connection
6 years ago
Toshio Kuratomi 52449cc01a AnsiballZ improvements
Now that we don't need to worry about python-2.4 and 2.5, we can make
some improvements to the way AnsiballZ handles modules.

* Change AnsiballZ wrapper to use import to invoke the module
  We need the module to think of itself as a script because it could be
  coded as:

      main()

  or as:

      if __name__ == '__main__':
          main()

  Or even as:

      if __name__ == '__main__':
          random_function_name()

  A script will invoke all of those.  Prior to this change, we invoked
  a second Python interpreter on the module so that it really was
  a script.  However, this means that we have to run python twice (once
  for the AnsiballZ wrapper and once for the module).  This change makes
  the module think that it is a script (because __name__ in the module ==
  '__main__') but it's actually being invoked by us importing the module
  code.

  There's three ways we've come up to do this.
  * The most elegant is to use zipimporter and tell the import mechanism
    that the module being loaded is __main__:
    * 5959f11c9d/lib/ansible/executor/module_common.py (L175)
    * zipimporter is nice because we do not have to extract the module from
      the zip file and save it to the disk when we do that.  The import
      machinery does it all for us.
    * The drawback is that modules do not have a __file__ which points
      to a real file when they do this.  Modules could be using __file__
      to for a variety of reasons, most of those probably have
      replacements (the most common one is to find a writable directory
      for temporary files.  AnsibleModule.tmpdir should be used instead)
      We can monkeypatch __file__ in fom AnsibleModule initialization
      but that's kind of gross.  There's no way I can see to do this
      from the wrapper.

  * Next, there's imp.load_module():
    * https://github.com/abadger/ansible/blob/340edf7489/lib/ansible/executor/module_common.py#L151
    * imp has the nice property of allowing us to set __name__ to
      __main__ without changing the name of the file itself
    * We also don't have to do anything special to set __file__ for
      backwards compatibility (although the reason for that is the
      drawback):
    * Its drawback is that it requires the file to exist on disk so we
      have to explicitly extract it from the zipfile and save it to
      a temporary file

  * The last choice is to use exec to execute the module:
    * https://github.com/abadger/ansible/blob/f47a4ccc76/lib/ansible/executor/module_common.py#L175
    * The code we would have to maintain for this looks pretty clean.
      In the wrapper we create a ModuleType, set __file__ on it, read
      the module's contents in from the zip file and then exec it.
    * Drawbacks: We still have to explicitly extract the file's contents
      from the zip archive instead of letting python's import mechanism
      handle it.
    * Exec also has hidden performance issues and breaks certain
      assumptions that modules could be making about their own code:
      http://lucumr.pocoo.org/2011/2/1/exec-in-python/

  Our plan is to use imp.load_module() for now, deprecate the use of
  __file__ in modules, and switch to zipimport once the deprecation
  period for __file__ is over (without monkeypatching a fake __file__ in
  via AnsibleModule).

* Rename the name of the AnsiBallZ wrapped module
  This makes it obvious that the wrapped module isn't the module file that
  we distribute.  It's part of trying to mitigate the fact that the module
  is now named __main)).py in tracebacks.

* Shield all wrapper symbols inside of a function
  With the new import code, all symbols in the wrapper become visible in
  the module.  To mitigate the chance of collisions, move most symbols
  into a toplevel function.  The only symbols left in the global namespace
  are now _ANSIBALLZ_WRAPPER and _ansiballz_main.

revised porting guide entry

Integrate code coverage collection into AnsiballZ.

ci_coverage
ci_complete
6 years ago