Commit Graph

44 Commits (339452c1050b5b8fa6fd916e00519dff90443ceb)

Author SHA1 Message Date
Danilo Bargen c2c6005842
get_url: Verify checksum using tmpsrc, not dest (#64092)
Previously, if the checksum of the downloaded file did not match the
specified checksum, the *destination* file was removed. This possibly
leaves the system that is being provisioned in an invalid state.

Instead, the checksum should be calculated on the temporary file only.
If there's a mismatch, delete the *temporary* file, not the destination
file.

This requires checking the checksum before moving the file.
5 months ago
Matt Clay 560d3af097
ansible-test - Update http-test-container (#83272)
* Disable cipher suite integration tests

When the client and server both support TLS 1.3, cipher suite selection is effectively a no-op.

Python provides no way to disable TLS 1.3 cipher suites, and no way to prefer user-selected cipher suites.
Since TLS 1.3 includes a mandatory cipher suite, this makes it impossible to induce a cipher suite related error when using TLS 1.3.

* Update multipart form-data integration test

* Fix netrc integration tests

* Update HTTP test host substring

* ansible-test - Update http-test-container
6 months ago
Brian Coca ddae41759c
Add FreeBSD 13.3 and 14.0 to ansible-test (#82530)
Co-authored-by: Matt Clay <matt@mystile.com>
8 months ago
Sloane Hertel b5649f9686
Remove more Python 2 handling from tests (#82449) 11 months ago
Matt Clay 21fc699b77
Remove trailing spaces from lines in YAML (#80032) 2 years ago
Matt Clay a4248a63aa
Add missing newlines to YAML files (#80031) 2 years ago
Matt Clay 9d65e122ff
Fix detection of available hashlib algorithms (#79946)
* Fix detection of available hashlib algorithms

Detection of hashlib algorithms now works on Python 3.x.
The new implementation works on Python 2.7 and later.

Test coverage is provided by both integration and unit tests.

* Add additional details about hashlib in docs
2 years ago
Matt Martz 2143bcd6b1
Ensure we are passing ciphers to all url_get calls (#79718)
* Ensure we are passing ciphers to all url_get calls. Fixes #79717

* Add clog frag

* Fix tests
2 years ago
Artur a26c325bd8
uri: added use_netrc argument to allow ignoring netrc (#74397) (#78569) 2 years ago
Matt Martz b8025ac160
Allow selection of TLS/SSL ciphers (#78650)
* Allow selection of TLS/SSL ciphers. Fixes #78633
* Never pass None as the password. Fixes #53373
2 years ago
Matt Martz d58e69c82d
Add support for gzip decoding responses (#41925) 2 years ago
Sloane Hertel c908d782fb
get_url - permit to have a checksum only file (#77948)
checksum can also accept a checksum only file (no filename beside the checksum).
fixes #54390

Co-authored-by: Baptiste Mille-Mathias <baptiste.millemathias@gmail.com>
3 years ago
Matt Martz 4dca539a29
Expose `unredirected_headers` to `uri` and `get_url` modules (#75308) 3 years ago
René Moser 403a5d147d
modules: get_url: Fix checksum binary validation (#74502)
From the sha512sum man page:

... The default mode is to print a line with checksum, a character indicating type ('*' for binary, ' ' for text), and name for each FILE.
4 years ago
pva 42bc03f0f5
[get_url] skip checksum during --check (#66700)
Fix get_url failure in check mode (--check) when using the checksum
format <algorithm>:<url>.

Regression introduced in (#20532)

Fixes: #61369
4 years ago
Jordan Borean aee7a3ed68
Fix FreeBSD HTTP Kerberos setup (#72595) 4 years ago
Jordan Borean caba47dd3f
Add support for GSSAPI/Kerberos to urls.py (#72113)
* Add support for GSSAPI/Kerberos to urls.py

* Test out changes with the latest test container

* Get remote hosts working

* Fix up httptester_krb5_password reader

* Fix tests for opensuse and macOS

* Hopefully last lot of testing changes

* Dont do CBT on macOS

* Fixes from review
4 years ago
Jordan Borean 09c2475368
Update the tests to work with new httptester container (#72013) 4 years ago
Abhijeet Kasurde 159544610e
get_url: Handle same SHA sum for downloaded files (#71435)
Fixes: #71420

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
4 years ago
Edwin Hermans eb8b3a8479
get_url - Allow checksum file to be local file:// url (#71205)
This would be a partial solution for #69364 in that the SHASUMS file can be downloaded and gpg verified but then used from the downloaded location to verify the get_url's file.
* Make checksum url parsing more explicit

Use urlsplit to test if the checksum string has a (currently tested and) supported url scheme.

* Fix whitespace
* Changelog fragment
* Added tests
* Fix typo in test setup
4 years ago
Abhijeet Kasurde 7714f691eb wait_for simplehttpserver to come up online
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
5 years ago
Martin Krizek 365f2aaed1 get_url: remove deprecated headers string format (#66649)
Fixes #61891
5 years ago
Baptiste Mille-Mathias 32a8b620f3 [get_url] Return status_code on HTTP 304 (#65739)
Return field status_code on HTTP status 304 (implemented by lkthomas)
Add an integration test for this case.
Fixes #65263
5 years ago
Danilo Bargen 35c415de98 get_url integration test: Fix missing conditional (#64100) 5 years ago
Matt Martz 7d51cac330 Don't treat no checksum as a checksum match (#62146)
Fixes #61978
* moar tests for get_url fetch behavior with existing file
* add changelog fragment
5 years ago
Matt Martz 8bd4e2a144 cert validation fixes - Attempt 2 (#55953)
* Attempt 2 of cert validation fixes

* Remove unused code

* Cleanup the tmp cert using atexit

* Fix linting issues

* Only add SSLValidationHandler when not HAS_SSLCONTEXT

* Catch value errors on non PEM certs

* Only catch NotImplementedError to avoid masking issues

* set self._context even with PyOpenSSLContext for conformity

* Fix error building

* normalize how we interact with the context we create

* Remove unused code

* Address test for py3.7 message difference

* open_url should pass the ca_path through

* Account for new error in url lookup test

* Guard some code behind whether or not we are validating certs

* Make _make_context public

* Move atexit.register up to where the tmp file is created
6 years ago
Tony Finch ccad79d162 get_url: return no change in check mode when checksum matches (#53070)
Signed-off-by: Tony Finch <dot@dotat.at>
6 years ago
Dag Wieers 8f671e6cff Squash redundant tasks (#52628)
This PR includes some changes to reduce the number of tasks.
6 years ago
Matt Clay a8116497ba More test fixes for split controller/remote tests. 6 years ago
Matt Clay d2a7cc0b9f Fix integration tests to support remote hosts. 6 years ago
Matt Martz 5785de582f
Fix logic to not re-download existing files when force=no (#45495)
* Fix logic to not re-download existing files when force=no. Fixes #45491

* Reduce logic complexity
6 years ago
David Rodríguez 600c7ac108 Fix remote checksums when paths have leading dots (#45287)
* Fix remote checksums with paths have leading dots

* Fix result recorded from the wrong file

* Add changelog fragment
6 years ago
Shuang Wang b03feb6d40 Implement part of #27617 [expend checksum format to <algorithm>:(<checksum>|<url>)] (#43751)
* expend checksum format to <algorithm>:(<checksum>|<url>)

* continue to code at office

* ALPHA - expend checksum format to <algorithm>:(<checksum>|<url>)

* clean up tmpfile and comment

* try to add test code for 27617

* try to add test code for 27617

* try to add test code for 27617

* try to fix [Could not find or access 'testserver.py']

* fix test code [Could not find or access 'testserver.py']

* fix test code [add files dir]

* fix test code [files dir not exists]

* as [connection was closed before a valid response was received]

* [connection was closed before a valid response was received]

* [connection was closed before a valid response was received]

* add test item [sha1 and sha256]

* since [connection was closed before a valid response was received]

* fix [connection was closed before a valid response was received]

* fix test code typo

* add docs for #27617

* PR #43751 is minor change

* fix pep8 issue.

* fix test code style.

* fix unexpected quote
6 years ago
Shuang Wang 68683b4c73 fix issue [ get_url does not change mode when checksum matches ] (#43342)
* fix  #29614

* add change log for #43342

* Cleanup tests and add tests for this scenario


Co-authored-by: ptux
6 years ago
Matt Clay b92ef8e54a
Use HTTPS instead of HTTP for httpbin tests. (#39457)
The httpbin.org site is now redirecting HTTP to HTTPS.
7 years ago
Matt Martz 0507c907a9
get_url should accept headers as a dict, instead of only a complicated string (#35470)
* get_url should accept headers as a dict, instead of only a complicated string

* update headers description text

* Add headers string and dict tests for get_url

* Add intg test for string header format parsing error

* Adjust deprecation version ahead 1 release, add the version dict format was added in to description
7 years ago
Pierre-Louis Bonicoli cbb238522b get_url tests: controller & managed node can be distinct
Templating happens on the Ansible controller, not on the task’s target host.
7 years ago
Matt Martz 4fe08441be Deprecate tests used as filters (#32361)
* Warn on tests used as filters

* Update docs, add aliases for tests that fit more gramatically with test syntax

* Fix rst formatting

* Add successful filter, alias of success

* Remove renamed_deprecation, it was overkill

* Make directory alias for is_dir

* Update tests to use proper jinja test syntax

* Update additional documentation, living outside of YAML files, to reflect proper jinja test syntax

* Add conversion script, porting guide updates, and changelog updates

* Update newly added uses of tests as filters

* No underscore variable

* Convert recent tests as filter changes to win_stat

* Fix some changes related to rebasing a few integration tests

* Make tests_as_filters_warning explicitly accept the name of the test, instead of inferring the name

* Add test for tests_as_filters_warning

* Update tests as filters in newly added/modified tests

* Address recent changes to several integration tests

* Address recent changes in cs_vpc
7 years ago
Matt Clay a7d5492ea3 Fix github_issue test and enable in CI. 7 years ago
Dag Wieers 0e160d5c7e Ensure exit_json returns failed = False
This is required for modules that may return a non-zero `rc` value for a
successful run, similar to #24865 for Windows fixing **win_chocolatey**.

We also disable the dependency on `rc` value only, even if `failed` was
set.

Adapted unit and integration tests to the new scheme.
Updated raw, shell, script, expect to take `rc` into account.
8 years ago
SesquipedalianDefenestrator 3f321e7591 Add check_mode to get_url (#20532)
* Add check_mode to get_url that does a HEAD request to make sure the URL exists, but doesn't write the real file

* Add info about new --check behavior to docs.  Add tests for the new behavior.  Populate res_args with the info the tests are looking for.

* Add trailing comma

* Change nonexistent test URL to http://{{httpbin_host}/DOESNOTEXIST.  Fix spacing while I'm at it

* Further spacing cleanup

* State that this functionality is in Ansible 2.4+
8 years ago
Matt Martz 621e27b5dd Urls client cert auth (#18141)
* Build HTTPSClientAuthHandler more similarly to how HTTPSHandler works

* Add docs for new client cert authentication

* Support older versions of python

* Simplify logic

* Initial support for client certs in urls.py

* Add an extra test

* Add a get_url test for client cert auth

* Add additional test for client cert auth, with validation and ssl mismatch

* Skip assert when http tester not available

* Update version_added for new options
8 years ago
Adrien Vergé 0e834fc9e4 Fix cosmetic problems in YAML source
This change corrects problems reported by the `yamllint` linter.

Since key duplication problems were removed in 4d48711, this commit
mainly fixes trailing spaces and extra empty lines at beginning/end of
files.
8 years ago
Matt Clay 75e4645ee7 Migrate Linux CI roles to test targets. (#17997) 8 years ago