Commit Graph

49292 Commits (36ed3321fd29ff578885e9c800288adda316dcb6)
 

Author SHA1 Message Date
Lihu Ben-Ezri-Ravin 48505af9d2
Remove filtering from edgeos_config module (#63362)
The edgeos_config module had a list of commands to filter out to avoid
load failures. This list had a single regular expression which caught
commands that attempted to set pre-encrypted passwords. This behavior is
undesirable for a few reasons.

* It's poorly documented. The documentation makes cryptic mention of a
  return value that some commands might be filtered out, but offers no
  explanation as to what they are or why.

* It's hard-coded. There's no way for the user to change or disable this
  functionality, rendering the commands caught by that expression
  completely unusable with the edgeos_config module.

* The obvious workaround is unsafe. The filter catches passwords that
  are already encrypted, but is perfectly fine letting the user set
  plain-text passwords. EdgeOS will encrypt them upon commit, but this
  module encourages unsafe handling of secrets up to that point.

* It's a security vulnerability if the user doesn't know about this
  behavior. While the module will warn if commands are filtered, the
  user won't know what got filtered out until after the fact, and may
  easily miss that warning if they are not vigilant. For something as
  sensitive as setting a password, it's not hard to imagine naive use of
  this module resulting in incorrect credentials being deployed.

* It provides no discernible benefit. Using the module without filtering
  does not result in load failures. If those commands are indeed harmful
  for some reason on (old?) versions of EdgeOS, it should be incumbent
  upon the user to be scrupulous in what commands they issue, rather
  than the module maintaining a blacklist of possible ways the user
  might misuse their own system.
5 years ago
Jørgen Lien Sellæg 43f93d275c
openssl_certificate: Selecting which acme directory to use to get certificate (#67109)
* "openssl_certificate - Add option for changing which ACME directory to use with acme-tiny. Set the default ACME directory to Let's Encrypt instead of using acme-tiny's default. (acme-tiny also uses Let's Encrypt at the time being, so no action should neccessary.)"
  * "openssl_certificate - Change the required version of acme-tiny to >= 4.0.0"
5 years ago
Ruediger Pluem 80c4b86abe
group - correctly determine if a local group exists. (#59772)
Fixes #58619
Add integration test
5 years ago
Mark Chappell 50eb2f6957
sns_topic: Retry on Topic 'NotFound' Exceptions when attempting to list subscriptions (#67089)
* sns_topic: Retry on Topic 'NotFound' Exceptions when attempting to list subscriptions

* add changelog
5 years ago
Adam Miller 2f77a6f1f0
migrate qradar and splunk httpapi plugins to collections (#67132)
Signed-off-by: Adam Miller <admiller@redhat.com>
5 years ago
anshulbehl f3f9671e01
Adding migration for netapp content (#67081)
* Adding migration for netapp elementsw content

* Adding migration data for netapp ontap content
5 years ago
Mitsuru Nakakawaji c55ba658c6
add note for Azure Availbility Zone (#66200)
* add note for Azure Availbility Zone

* Change title

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

* Update docs/docsite/rst/scenario_guides/guide_azure.rst

Co-Authored-By: Sandra McCann <samccann@redhat.com>

Co-authored-by: Sandra McCann <samccann@redhat.com>
5 years ago
Newptone 0a8f5aba74
Bugfix for os_coe_cluster_template module (#54819) (#54820)
* Support 'overlay2' in docker_storage_driver

* Fixed the data type in labels

* Improve string process with parsing labels
5 years ago
Mads Jensen 3dd4b3c8a3
Replaces a open/close to validate access with os.access in azure storageblob. (#65608) 5 years ago
Martin Nečas 52f2081e62
Ovirt_host_network: add custom_properties (#67117)
* init of cp

* set update_custom_properties

* update check_mode

* correct examples

* add version_added

* update sanity
5 years ago
Markus Bergholz 822077fefd
Asg mixed instance types (#67045)
* merge from origin pr 55067

* handle update existing asg with mixed-instance-policy

* fix documentation and append output

* update output documentation

* update documentation version added

* add integration test for mixed instance policy using launch template

* add changelog fragment

* Update lib/ansible/modules/cloud/amazon/ec2_asg.py

Co-Authored-By: Mark Chappell <mchappel@redhat.com>

* Update lib/ansible/modules/cloud/amazon/ec2_asg.py

Co-Authored-By: Mark Chappell <mchappel@redhat.com>

* Update lib/ansible/modules/cloud/amazon/ec2_asg.py

Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>

* add warning about botocore version and add expand example documentation

* Update changelogs/fragments/67045-ec2_asg_mixed_instance_policy.yml

Co-Authored-By: Mark Chappell <mchappel@redhat.com>

* Update lib/ansible/modules/cloud/amazon/ec2_asg.py

Co-Authored-By: Mark Chappell <mchappel@redhat.com>

* Update lib/ansible/modules/cloud/amazon/ec2_asg.py

Co-Authored-By: Mark Chappell <mchappel@redhat.com>

* remove useless line

Co-authored-by: Yi-Tse Hong <yitse.hong@soocii.me>
Co-authored-by: Mark Chappell <mchappel@redhat.com>
Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
5 years ago
Jordan Borean f23cee2145
win_mapped_drive - Add WebDAV information (#67111) 5 years ago
Jordan Borean 12e3adb23a
win_domain_controller - add a deprecation warning for the log_path option (#67108) 5 years ago
Jordan Borean 78470c43c2
Removed deprecated items in Windows modules (#67105) 5 years ago
James Cassell 1bb94ec92f
service_mgr: detect systemd, even offline (#66071)
* service_mgr: detect systemd, even offline

* service_mgr=systemd iff /sbin/init is symlink
5 years ago
GomathiselviS 4ac89b8ac7
Added Fix - Allow nxos_l2_interfaces to append the allowed vlans list (#66517)
* Added Integration tests

* Corrected lint errors

* Added fix for bug # 54400

* Revert "Added fix for bug # 54400"

This reverts commit bf42db4269.

* Revert "Adding files for RM static_routes"

This reverts commit dafdd92d43.

* Revert "Added Integration tests"

This reverts commit 129dc87682.

* Bug Fix 65332

* Added testcase for #66517

* Removed unnecessary commit

* fixing conflicts

* fixing conflicts

* addressed mikeweibe's comments

* Corrected lint errors

* Added idempotent tc for add vlans

* Added replaced and overridded tcs for trunk vlan add
5 years ago
James Cassell fd954a9c5c
wait_for_connection: also retry interpreter discovery (#67040)
self._discovered_interpreter_key is None unless a previous iteration
has attempted discovery.  In that case, force re-discovery, as the
previous attempt certainly failed.
5 years ago
Matt Clay f4a80bb600
Code cleanup and refactoring in ansible-test. (#67063)
* Code cleanup in ansible-test.
* Split out encoding functions.
* Consoldate loading of JSON files.
* Split out disk IO functions.
* Simplify file access.
* Add functions for opening files.
* Replace open calls with appropriate functions.
* Expose more types from typing module.
* Support writing compact JSON.
* Add verbosity argument to display.warning.
* Add changelog entry.
* Update files overlooked during rebase.
* Use `io.open` instead of `open`.
* Fix file opening for imp.load_module.
* Remove use of `r+` mode to access files.
* Add missing import.
* Fix httptester on Python 2.x.
* Clarify changelog fragment.
* Consolidate imports. Remove extra newlines.
* Fix indirect imports.
5 years ago
tavery321 994a6b0c5a
fixes ANSIBLE_DUPLICATE_YAML_DICT_KEY=error crashes (#66786)
* Fix #65366
5 years ago
Erwin Oegema 3b32f95fb3
user - warn if "append" is set but not "groups" (#65795)
This fixes people unknowingly changing the primary group rather than adding a secondary group.

* Add integration test
5 years ago
Felix Fontein fe454d27a1
Fix removed_in_version to support honor suboptions (#66918)
* Add unit tests.
* Fix reporting for removed_in_version.
* Add changelog.
5 years ago
Felix Fontein 28b2428d22
docker_container: fix port order in docs (#67071)
* Fix port order.

* Forgot to remove random.
5 years ago
Felix Wong 8b2ead5870
add jittered backoff for elb (#66673) 5 years ago
Brian Scholer fc7980af9a
Fix UNC path support in the powershell shell plugin (#66604)
* Fix UNC path joining in the powershell shell plugin, add test

* Remove testy bits and a redundant line

* Fix style nits

* Update to use os.ntpath

* Add changelog for #66604
5 years ago
AirCombat 81378b3e74
Added -LogPath param from Install-ADDSForest to win_domain module (#66956)
* Added omitted logpath parameter to win_domain

The Install-ADDSForest -LogPath param seems to have been omitted in the win_domain module. We do not use this module organisation-wide as its non trivial to change the log patch once AD is set up. I will also update docs

* Removed trailing whitespace

* Added logpath option to win_domain module docs
5 years ago
Jordan Borean 6d792838e4
Move url option from util to individual modules (#67068) 5 years ago
Matt Clay be9471b251 Temporarily remove AIX from test matrix.
AIX provisioning is failing.
5 years ago
Jordan Borean 3ada0b2f65
win_uri: fix up tests (#67064) 5 years ago
Felix Fontein 23b2bb4f4d
docker_container: change behavior for one-port container ranges to be same as docker CLI (#66382)
* Adjust docker_container behavior for one-port container ranges to be similar to docker CLI.

* Add changelog.

* Add documented examples for ports:.
5 years ago
Andrew Klychkov 21ae66db2e
postgresql_user_obj_stat_info: new module (#66892)
* postgresql_user_obj_stat_info: new module

* fix sanity

* add schema parameter

* add CI tests

* add RETURN section

* add example with schema

* fix CI

* fix example comments

* skip aix

* fixes part 1

* fixes part 2

* fix CI

* fix CI

* fix doc formatting
5 years ago
Matt Clay 622f1c4c01 Revert "Temporarily remove AIX from test matrix."
This reverts commit 6024c09be5.
5 years ago
Dick Visser 5b93a14a0f
Add anchor to each parameter row (#66895)
* Add anchor to each paramater row

* Update docs/templates/plugin.rst.j2

Co-Authored-By: Felix Fontein <felix@fontein.de>

* Insert full keys into plugin docs.

* Added visible links.

Co-authored-by: Felix Fontein <felix@fontein.de>
5 years ago
Matt Clay 6024c09be5 Temporarily remove AIX from test matrix.
AIX provisioning is failing.
5 years ago
Felix Fontein 5c1a3a3ac2
docker_container and docker_swarm_service: allow to actually disable healthcheck of image (#66599)
* Allow to actually disable healthcheck of image.

* Add changelog.
5 years ago
Ilias Trichopoulos d6f2b4e788
Fix indentation (#66991) 5 years ago
unixsysadmin ea105dcb2f
Update template.py (#67010)
Update the example so that the task name matches the filename being updated
The first example shows how you might template a file to destination /etc/file.conf.  The description of this task appears to have a typo as it refers to  '/etc/files.conf' rather than '/etc/file.conf'
5 years ago
Sander 87a5e433ef
update guide_azure.rst (#66940)
changed example for ping linux machines. Looks liked it was wrongly copy paste.
5 years ago
Gregor Riepl f49408287a
Document difference between ec2 and ec2_instance modules (#67009)
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
5 years ago
Martin Nečas fad261b04f
ovirt_job: add when job is detected but in state finished (#66810)
* ovirt_job: add when job is detected but in state finished

* add docs
5 years ago
Nathaniel Case 53c7f8cbde
Allow httpapi for EOS resource modules (#66871)
* Redo tests to be transport agnostic

cli -> eos config

* Redirect connection for httpapi

* Fix tests

* Handle missing platform imports
5 years ago
ndclt 0ee28c14c2
Add maintainer for keycloak module (#61521)
* add maintainer for keycloak module

* typo correction
5 years ago
Felix Fontein a0e5e2e4c5
openssl_publickey: forgot to pass backend (#67036)
* Forgot to pass backend.

* Add changelog.

* Pass on backend from get_fingerprint.

* Handle cryptography backend in get_fingerprint.
5 years ago
Simon Dodsley b1a8bded3f
Remove deprecated parameter for 2.10 in purefb_fs (#67026) 5 years ago
Felix Fontein 8f10db8552
Do fail instead of regenerate for password protected and invalid keys. (#65638) 5 years ago
Felix Fontein d6fb9da8ed
openssl_* modules: allow direct input and output for some files (#65400)
* Allow to return generated object.

* Use slurp module instead of file lookup + b64encode.

* Rename return_xxx_content -> return_content.
5 years ago
Evert Mulder 4d345813ea
Group ids are strings now (#66939) 5 years ago
Klaus Frank 14b1febf64
Fix pacman: "IndexError: list index out of range" #63077 (#65750)
* Fix #63077

If the package is already installed the stdout is not as expected by this function. Either remove `--needed` or just noop if we detect pacman returning. We cannot match the stdout string, as that is most likely localized.

```
[root@archBook user]# /usr/bin/pacman --upgrade --noconfirm --noprogressbar --needed  /srv/aur/src/i3cat-git/i3cat-git-r38.c6d29dd-1-x86_64.pkg.tar.xz
loading packages...
warning: i3cat-git-r38.c6d29dd-1 is up to date -- skipping
 there is nothing to do
```

* Add comment

Add comment

* Add changelog fragment.

Co-authored-by: Felix Fontein <felix@fontein.de>
5 years ago
Andrew Klychkov 3baea92ec9
Bugfix of 54239: mysql_variables not supporting variables name with dot (#66806)
* Bugfix of 54239: mysql_variables not supporting variables name with dot

* add changelog

* add CI tests
5 years ago
Toshio Kuratomi f5e194cbcd
Move random_mac into its own file (#67000)
* Move random_mac into its own file

This is likely to be the only filter which is not included in
ansible-base.  So it needs to be in its own file.
5 years ago
Rotaru Sergey ef1fd19c00
croc cloud - ec2 key patch (#60929)
This patch fixes "IndexError: list index out of range" error for https://console.cloud.croc.ru.
When key pair is new, croc return dict with an empty list for key KeyPairs that causes ansible to crush.
5 years ago