Commit Graph

23 Commits (2186b04934dd327f9a300d0bda009da949c8d562)

Author SHA1 Message Date
Maciej Lasyk 5c0b94217e Added handling optional GCE_CREDENTIALS_FILE_PATH (#25526)
Ansible documentation states that env variable based authentication bases on variable GCE_CREDENTIALS_FILE_PATH while gce.py reads only GCE_PEM_FILE_PATH (see https://docs.ansible.com/ansible/guide_gce.html). This commit adds GCE_CREDENTIALS_FILE_PATH to the configuration chain; if set it will be used.
7 years ago
Achraf Cherti e45d5b7e8e Compatibility of gce.py (Google Cloud Ansible inventory) with Python 3 (#26032)
* Compatibility of gce.py (inventory) with Python 3

* Revert './secrets.py' file check (will import 'secrets' from PYTHONPATH)

Instead of checking if secrets.py exists in the current directory, this
commit will make gce import 'secrets' from one of PYTHONPATH's paths.

There are 2 possibilities:
1. secrets.py will be used if secrets.GCE_PARAMS and
secrets.GCE_KEYWORD_PARAMS are declared.

2. secrets.py will be ignored if secrets.GCE_PARAMS and
secrets.GCE_KEYWORD_PARAMS aren't declared. This could happen in Python
>=3.6 where a module named 'secrets' could be imported if a custom
secrets.py doesn't exist in PYTHONPATH.
Check out https://www.python.org/dev/peps/pep-0506/ and
https://docs.python.org/3/library/secrets.html for more information.
7 years ago
Do Hoang Khiem 3b12a85750 Add node private & public ips to gce groups (#12539) 7 years ago
Toshio Kuratomi e238ae999b Cyptography pr 20566 rebase (#25560)
Make pyca/cryptography the preferred backend for cryptographic needs (mainly vault) falling back to pycrypto

pyca/cryptography is already implicitly a dependency in many cases
through paramiko (2.0+) as well as the new openssl_publickey module,
which requires pyOpenSSL 16.0+. Additionally, pyca/cryptography is
an optional dep for better performance with vault already.

This commit leverages cryptography's padding, constant time comparisons,
and CBC/CTR modes to reduce the amount of code ansible needs to
maintain.

* Handle wrong password given for VaultAES format

* Do not display deprecation warning for cryptography on python-2.6

* Namespace all of the pycrypto imports and always import them

  Makes unittests better and the code less likely to get stupid mistakes
  (like using HMAC from cryptogrpahy when the one from pycrypto is needed)

* Add back in atfork since we need pycrypto to reinitialize its RNG just in case we're being used with old paramiko

* contrib/inventory/gce: Remove spurious require on pycrypto

(cherry picked from commit 9e16b9db275263b3ea8d1b124966fdebfc9ab271)

* Add cryptography to ec2_win_password module requirements
  * Fix python3 bug which would pass text strings to a function which
    requires byte strings.

* Attempt to add pycrypto version to setup deps

* Change hacking README for dual pycrypto/cryptography

* update dependencies for various CI scripts

* additional CI dockerfile/script updates

* add paramiko to the windows and sanity requirement set

  This is needed because ansible lists it as a requirement. Previously
  the missing dep wasn't enforced, but cryptography imports pkg_resources
  so you can't ignore a requirement any more

* Add integration test cases for old vault and for wrong passwords

* helper script for manual testing of pycrypto/cryptography

* Skip the pycrypto tests so that users without it installed can still run the unittests

* Run unittests for vault with both cryptography and pycrypto backend
7 years ago
Matt Martz d3249e7875 pep8 fixes for contrib (#24344) 8 years ago
Tom Melendez 9d5c399313 Added subnetwork parameter to inventory instance dictionary. (#23984) 8 years ago
Markus Liljedahl 67dc8c146e Added support for specifying zone for gce dynamic inventory (#20938) 8 years ago
Matt Clay 10d9318de7 PEP 8 indent cleanup. (#20800)
* PEP 8 E121 cleanup.

* PEP 8 E126 cleanup.

* PEP 8 E122 cleanup.
8 years ago
Matt Clay d0d1158c5e PEP 8 cleanup. (#20789)
* PEP 8 E703 cleanup.
* PEP 8 E701 cleanup.
* PEP 8 E711 cleanup.
* PEP 8 W191 and E101 cleanup.
8 years ago
Carlos E. Garcia 0b8011436d minor spelling changes 8 years ago
Tom Melendez 9400ba1728 [GCE] inventory script supports paginated API results. (#18554)
The inventory script now supports paginated results.  This means that inventory may exceed 500 instances.
8 years ago
James Tanner 2d2bb626d4 Port has_key to python3 compatible syntax 8 years ago
Tom Melendez 54caf3c5d5 [GCE] Caching support for inventory script. (#18093)
* [GCE] Caching support for inventory script.

The GCE inventory script now supports reading from a cache rather than making the request each time.  The format of the list and host output have not changed.

On script execution, the cache is checked to see if it older than 'cache_max_age', and if so, it is rebuilt (it can also be explicity rebuilt).

To support this functionality, the following have been added.

* Config file (gce.ini) changes: A new 'cache' section has been added to the config file, with 'cache_path' and 'cache_max_age' options to allow for configuration.  There are intelligent defaults in place if that section and options are not found in the configuration file.

* Command line argument: A new --refresh-cache argument has been added to force the cache to be rebuild.

* A CloudInventoryCache class, contained in the same file has been added.  As a seperate class, it allowed for testing (unit tests not included in this PR) and hopefully could be re-used in the future (it contains borrowed code from other inventory scripts)

* load_inventory_from_cache and do_api_calls_and_update_cache methods (, which were largely lifted from other inventory scripts, in a hope to promote consistency in the future) to determine if the cache is fresh and rebuild if necessary.

* A 'main' check, to support the script being imported and testable.

A new dictionary has been added to the list output, located at ['_meta']['stats'] that informs if the cache was used and how long it took to load the inventory (in 'cache_used' and 'inventory_load_time', respectively).

* fixed default value error; change cache time to 300
8 years ago
Adrian Likins 57a911e098 Use sys.exit(msg) i/o print() and sys.exit() (#15465)
Any non-0 exits should be showing an error message
to stderr instead of to stdout.
8 years ago
Wayne Witzel III bb8d1168ac Added the ability to filter gce grouped_instances by region/zone (#14138) 8 years ago
Kenny Woodson ebf1feb5bb Adding instance_states option to gce inventory 9 years ago
Matt Hite fbfc24fb40 New inventory_ip_type option in gce inventory tool 9 years ago
Vlad Panainte 8259c091d6 fix logging 9 years ago
Marius Gedminas 3f9879aedb Use print() as function under contrib/
This fixes the remaining Python 3 syntax errors, so re-enable compileall
for contrib/ again.
9 years ago
Marius Gedminas 9ae66a7f5c Use 'except ... as' syntax in contrib/ and test/ too 9 years ago
Mathieu Lecarme 1873e8ed08 GCE tag prefix for creating ansible group. 9 years ago
Brian Coca 9c5a6d7b5a fixed all references to old plugins/inventory to point at contrib/inventory 9 years ago
Brian Coca d0c6d2ff1c poreted log_plays, syslog_json and osx_say callbacks to v2
renamed plugins to contrib (they are not really plugins)
rewrote README.md to reflect new usage
added new dir to setup.py so it gets copied with installation, in views
of making using inventory scripts easier in teh future
9 years ago