The edgeos_config module had a list of commands to filter out to avoid
load failures. This list had a single regular expression which caught
commands that attempted to set pre-encrypted passwords. This behavior is
undesirable for a few reasons.
* It's poorly documented. The documentation makes cryptic mention of a
return value that some commands might be filtered out, but offers no
explanation as to what they are or why.
* It's hard-coded. There's no way for the user to change or disable this
functionality, rendering the commands caught by that expression
completely unusable with the edgeos_config module.
* The obvious workaround is unsafe. The filter catches passwords that
are already encrypted, but is perfectly fine letting the user set
plain-text passwords. EdgeOS will encrypt them upon commit, but this
module encourages unsafe handling of secrets up to that point.
* It's a security vulnerability if the user doesn't know about this
behavior. While the module will warn if commands are filtered, the
user won't know what got filtered out until after the fact, and may
easily miss that warning if they are not vigilant. For something as
sensitive as setting a password, it's not hard to imagine naive use of
this module resulting in incorrect credentials being deployed.
* It provides no discernible benefit. Using the module without filtering
does not result in load failures. If those commands are indeed harmful
for some reason on (old?) versions of EdgeOS, it should be incumbent
upon the user to be scrupulous in what commands they issue, rather
than the module maintaining a blacklist of possible ways the user
might misuse their own system.
* "openssl_certificate - Add option for changing which ACME directory to use with acme-tiny. Set the default ACME directory to Let's Encrypt instead of using acme-tiny's default. (acme-tiny also uses Let's Encrypt at the time being, so no action should neccessary.)"
* "openssl_certificate - Change the required version of acme-tiny to >= 4.0.0"
self._discovered_interpreter_key is None unless a previous iteration
has attempted discovery. In that case, force re-discovery, as the
previous attempt certainly failed.
* Fix UNC path joining in the powershell shell plugin, add test
* Remove testy bits and a redundant line
* Fix style nits
* Update to use os.ntpath
* Add changelog for #66604
* Added omitted logpath parameter to win_domain
The Install-ADDSForest -LogPath param seems to have been omitted in the win_domain module. We do not use this module organisation-wide as its non trivial to change the log patch once AD is set up. I will also update docs
* Removed trailing whitespace
* Added logpath option to win_domain module docs
* Add anchor to each paramater row
* Update docs/templates/plugin.rst.j2
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Insert full keys into plugin docs.
* Added visible links.
Co-authored-by: Felix Fontein <felix@fontein.de>
Update the example so that the task name matches the filename being updated
The first example shows how you might template a file to destination /etc/file.conf. The description of this task appears to have a typo as it refers to '/etc/files.conf' rather than '/etc/file.conf'
* Fix#63077
If the package is already installed the stdout is not as expected by this function. Either remove `--needed` or just noop if we detect pacman returning. We cannot match the stdout string, as that is most likely localized.
```
[root@archBook user]# /usr/bin/pacman --upgrade --noconfirm --noprogressbar --needed /srv/aur/src/i3cat-git/i3cat-git-r38.c6d29dd-1-x86_64.pkg.tar.xz
loading packages...
warning: i3cat-git-r38.c6d29dd-1 is up to date -- skipping
there is nothing to do
```
* Add comment
Add comment
* Add changelog fragment.
Co-authored-by: Felix Fontein <felix@fontein.de>
This patch fixes "IndexError: list index out of range" error for https://console.cloud.croc.ru.
When key pair is new, croc return dict with an empty list for key KeyPairs that causes ansible to crush.