Make pyca/cryptography the preferred backend for cryptographic needs (mainly vault) falling back to pycrypto
pyca/cryptography is already implicitly a dependency in many cases
through paramiko (2.0+) as well as the new openssl_publickey module,
which requires pyOpenSSL 16.0+. Additionally, pyca/cryptography is
an optional dep for better performance with vault already.
This commit leverages cryptography's padding, constant time comparisons,
and CBC/CTR modes to reduce the amount of code ansible needs to
maintain.
* Handle wrong password given for VaultAES format
* Do not display deprecation warning for cryptography on python-2.6
* Namespace all of the pycrypto imports and always import them
Makes unittests better and the code less likely to get stupid mistakes
(like using HMAC from cryptogrpahy when the one from pycrypto is needed)
* Add back in atfork since we need pycrypto to reinitialize its RNG just in case we're being used with old paramiko
* contrib/inventory/gce: Remove spurious require on pycrypto
(cherry picked from commit 9e16b9db275263b3ea8d1b124966fdebfc9ab271)
* Add cryptography to ec2_win_password module requirements
* Fix python3 bug which would pass text strings to a function which
requires byte strings.
* Attempt to add pycrypto version to setup deps
* Change hacking README for dual pycrypto/cryptography
* update dependencies for various CI scripts
* additional CI dockerfile/script updates
* add paramiko to the windows and sanity requirement set
This is needed because ansible lists it as a requirement. Previously
the missing dep wasn't enforced, but cryptography imports pkg_resources
so you can't ignore a requirement any more
* Add integration test cases for old vault and for wrong passwords
* helper script for manual testing of pycrypto/cryptography
* Skip the pycrypto tests so that users without it installed can still run the unittests
* Run unittests for vault with both cryptography and pycrypto backend
* Start of ansible config project
moved configuration definitions to external yaml file vs hardcoded
* updated constants to be a data strcutures that are looped over and also return origin of setting
changed to manager/data scheme for base classes
new cli ansible-config to view/manage ansible configuration settings
* prints green for default/unchanged and yellow for those that have been overriden
* added list action to show all configurable settings and their associated ini and env var names
* allows specifying config file to see what result would look like
* TBD update, edit and view options
removed test for functions that have been removed
env_Vars are now list of dicts
allows for version_added and deprecation in future
added a couple of descriptions for future doc autogeneration
ensure test does not fail if delete_me exists
normalized 'path expansion'
added yaml config to setup packaging
removed unused imports
better encoding handling
updated as per feedback
* pep8
Working on several separate ideas to make ansible work with both
cryptography or pycrypto. This particular change will let a user
installing ansible change which crypto backend gets encoded in the
metadata (and hence, which backend is required by pkg_resource).
This works with both setup.py and pip::
ANSIBLE_CRYPTO_BACKEND=cryptography pip install ansible
ANSIBLE_CRYPTO_BACKEND=cryptography python2 ./setup.py
Note that the code to use cryptography is not yet merged so using
ANSIBLE_CRYPTO_BACKEND is not yet a good idea (as it can lead to not
installing pycrypto and hence the current vault code will fail).
Related to: #20566
* test/: PEP8 compliancy
- Make PEP8 compliant
* Python3 chokes on casting int to bytes (#24952)
But if we tell the formatter that the var is a number, it works
setup.py will not install package_data this is just an empty
directory, even if the globs in package_data match it.
So the role skeleton that was being installed to galaxy/data/*/
was excluding the files/ and templates/ directories since they were
empty.
Since the skeleton dir doesnt include those dirs
'ansible-galaxy init' would not set them up.
So this adds a .* glob to those directories so the .git_keep
will be included as well, so that setup.py will create the otherwise
empty directoty. ansible-galaxy init already knows to ignore those
files, so no other changes are needed.
(Including the .git_keep files is a little odd, but the alternative
would be creating our own placeholder files. Since ansible-galaxy
already understands .git_keep files we just reuse that)
Fixes#23597
pip can't handle zip files with symlinks. Attempt to workaround that by
transforming the bin scripts into symlinks after the zip file has been
unarchived into the build tree.
Move to using a requirements.txt to install the python packages.
This makes it easy to keep the documentation and actual package
dependencies in sync.
Fixes#18453
At the moment, this change will use EPoll on Linux, KQueue on *BSDs,
etc, so it should alleviate problems with too many open file
descriptors.
* Bundle a copy of selectors2 so that we have the selectors API everywhere.
* Add licensing information to selectors2 file so it's clear what the
licensing terms and conditions are.
* Exclude the bundled copy of selectors2 from our boilerplate code-smell test
* Rewrite ssh_run tests to attempt to work around problem with mocking
select on shippable
Fixes#14143
In setuptools prior to 21.2.1, package_data can't directly reference
a directory. Modify the entry for galaxy data so that it includes the
files but not the directories
Fixes#18231
* Make ziploader's ansible and ansible.module_utils libraries into
namespace packages.
* Move __version__ and __author__ from ansible/__init__ to
ansible/release.py. This is because namespace packages only load one
__init__.py. If that is not the __init__.py with the author and
version info then those won't be available.
* In ziplaoder, move the version ito ANSIBLE_CONSTANTS.
* Change PluginLoader to properly construct the path to the plugins even
when namespace packages are present.
porting @dominis 's ansible-shell tool from 1.9 and integrating it into ansible
added verbosity control
made more resilitent to several errors
added highlight color, to configurable colors
more resilient on exception and interruptions
prompt coloring, goes red and changes to # when using become = true and root
become setting is now explicit and not a toggle
I was particularly interested in the programming language ones,
but the others might be useful to others browsing PyPI.
Now with GPLv3+, and Utilities topic.
As described by http://docs.ansible.com/intro_configuration.html#library the library supports multiple paths to load modules from.
Currently `setup.py` treats something like `/usr/share/ansible:/my/custom/modules` as a single directory name and results in the installed modules not being on the module path. (instead they are in a directory named `/usr/share/ansible:/my/custom/modules`)
This commit simply takes the first listed directory as the install directory for the core modules.