This fix adds ability to set MAC address maunally. Before adding
any MAC address, the value is validated. If value is not valid, then
MAC address is set to vCenter generated MAC address.
Also, added integration tests for this change.
Fixes: #21161
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Added eagerzeroedthick disk option to disk spec
* Updated docstrings for vmware_guest disk
* VMware: Integration test for disk type
Signed-off-by: Steve Jacobs <sjacobs@brokencrew.com>
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Adds facts about datastores, esxi_host, vm files, ha state, question, is_template, consolidation status and hw_files. Also, adds integration tests for vmware fact enhancement.
* Add integration test suite for ec2_vpc_subnet
* wrap boto3 connection in try/except
update module documentation and add RETURN docs
add IPv6 support to VPC subnet module
rename ipv6cidr to ipv6_cidr, use required_if for parameter testing, update some failure messages to be more descriptive
DryRun mode was removed from this function a while ago but exception handling was still checking for it, removed
add wait and timeout for subnet creation process
fixup the ipv6 cidr disassociation logic a bit per review
update RETURN values per review
added module parameter check
removed DryRun parameter from boto3 call since it would always be false here
fix subnet wait loop
add a purge_tags parameter, fix the ensure_tags function, update to use compare_aws_tags func
fix tags type error per review
remove **kwargs use in create_subnet function per review
* rebased on #31870, fixed merge conflicts, and updated error messages
* fixes to pass tests
* add test for failure on invalid ipv6 block and update tags test for purge_tags=true function
* fix pylint issue
* fix exception handling error when run with python3
* add ipv6 tests and fix module code
* Add permissions to hacking/aws_config/testing_policies/ec2-policy.json for adding IPv6 cidr blocks to VPC and subnets
* fix type in tests and update assert conditional to check entire returned value
* add AWS_SESSION_TOKEN into environment for aws cli commands to work in CI
* remove key and value options from call to boto3_tag_list_to_ansible_dict
* remove wait loop and use boto3 EC2 waiter
* remove unused register: result vars
* revert az argument default value to original setting default=None
* Allow backoff for describe_subnets
Improve exception handling to latest standards
* Add integration test suite for ec2_vpc_subnet
* Add test for creating subnet without AZ
Fix bug identified by test
Fixes#31905
* Several tests were marked as FIXME and should have been fixed with
the boto3 move.
* Improved tags output. Add purge_tags option (default: no)
* Allow description and tags update
* Return launch_permissions
* Allow empty launch permissions for image creation
* Empty launch permissions should work the same way for image
creation as no launch permissions
* Cope with ephemeral devices in AMI block device mapping
* Ephemeral devices can appear in AMI block devices, and this information should be returned
* Fix notation for creating sets from comprehensions
This fix adds new fact - 'Cores Per Socket' about vmware guest machine.
Also, adds integration test for this change.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Fix vault --ask-vault-pass with no tty
2.4.0 added a check for isatty() that would skip setting up interactive
vault password prompts if not running on a tty.
But... getpass.getpass() will fallback to reading from stdin if
it gets that far without a tty. Since 2.4.0 skipped the interactive
prompts / getpass.getpass() in that case, it would never get a chance
to fall back to stdin.
So if 'echo $VAULT_PASSWORD| ansible-playbook --ask-vault-pass site.yml'
was ran without a tty (ie, from a jenkins job or via the vagrant
ansible provisioner) the 2.4 behavior was different than 2.3. 2.4
would never read the password from stdin, resulting in a vault password
error like:
ERROR! Attempting to decrypt but no vault secrets found
Fix is just to always call the interactive password prompts based
on getpass.getpass() on --ask-vault-pass or --vault-id @prompt and
let getpass sort it out.
* up test_prompt_no_tty to expect prompt with no tty
We do call the PromptSecret class if there is no tty, but
we are back to expecting it to read from stdin in that case.
* Fix logic for when to auto-prompt vault pass
If --ask-vault-pass is used, then pretty much always
prompt.
If it is not used, then prompt if there are no other
vault ids provided and 'auto_prompt==True'.
Fixes vagrant bug https://github.com/hashicorp/vagrant/issues/9033Fixes#30993
* Update vmware.py
Incorrect chain of attributes to obtain snapshots from virtual machine. Module 'vmware_guest_facts' uses method 'gather_vm_facts' of vmware.py and always gets empty list of snapshots.
* Added test for module vmware_guest_facts. Checked VM snapshots.
* Fixed tests for vmware_guest_facts. Ignored certificate for vmware_guest_snapshot module.
* Integrated publickey import and removal in iosxr_user
* Fixed linting issues
* Added version added for publickeyfile option
* Added quotation marks to version, oops
* Added some integration tests, added some checks to prevent aggregate users with public keys.
* Added some integration test files
* Created mutually exclusive public_key and public_key_contents versions of config
* Modified tests to use both methods and test more logins
* Added supports for aggregates
* Incorporated provider auth
* Fixed some lint issues
* Fixed a YAML lint issue
* Implemented catches for unconfigured providers.
* Fixed catches, hopefully
* Another test
* Added groups support so you can add users to multiple groups
* Trailing whitespace
Add new module vmware_host_facts ,it can get remote vmware host system info like setup module
* modify ansible version
* optimized output for human readable
* add serial number get_system_facts() add ansible_product_serial
* fix pep8 issue and ansible module required format
* Use find_obj method instead get_obj
* add ansible_hostname ansible_distribution_build
* add integration test
* vmware_host_facts integration test add verify
* fix yamllint issue
* fix boilerplate test
* Update vmware_host_facts.py
* fix RETURN key's name
* ios_vlan DI module
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Integration test
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* comment out testcases since the image is not available in dci
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* add aggregate test
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Do not run script in check mode
Fixes#30676
* Reformat script integration test
* Add integration tests for check mode of script module
* Fix name on test
* Cleanup temp file
* win_script integration test syntaxt changes
* Add check mode tests for win_script
* Use proper variable in test
* Fail if source file does not exist
* Verify script is accessible and don't copy in check mode
Use shlex to properly split shell arguments, though a path with spaces in it still needs to be quoted in the playbook.
Add note to docs describing such.
Improve error message if file is not found indicating there may be a space in the path.
* Properly encode path now that path is split using shlex
* Allow for spaces in both path and script name
* Add unicode character test to Linux script tests
* Add Linux test for space in path to script
* Clean up after two recent synchronize tests
- add clean up after the last two tests in synchronize to make them
match with the expectations in the previous tests
Signed-off-by: Robert Marshall <rmarshall@redhat.com>
* Add link-dest functionality to synchronize module
- add the link-dest option to the synchronize module code
- add tests for the link-dest option
- add documentation of the link_dest option to synchronize
- modify changed flag so it can properly work around rsync
upstream not flagging hardlinks as a change properly in
formatted output
Signed-off-by: Robert Marshall <rmarshall@redhat.com>
* Minor change to test
* Better handling of malformed vault data envelope
If an embedded vaulted variable ('!vault' in yaml)
had an invalid format, it would eventually cause
an error for seemingly unrelated reasons.
"Invalid" meaning not valid hexlify (extra chars,
non-hex chars, etc).
For ex, if a host_vars file had invalid vault format
variables, on py2, it would cause an error like:
'ansible.vars.hostvars.HostVars object' has no
attribute u'broken.example.com'
Depending on where the invalid vault is, it could
also cause "VARIABLE IS NOT DEFINED!". The behavior
can also change if ansible-playbook is py2 or py3.
Root cause is errors from binascii.unhexlify() not
being handled consistently.
Fix is to add a AnsibleVaultFormatError exception and
raise it on any unhexlify() errors and to handle it
properly elsewhere.
Add a _unhexlify() that try/excepts around a binascii.unhexlify()
and raises an AnsibleVaultFormatError on invalid vault data.
This is so the same exception type is always raised for this
case. Previous it was different between py2 and py3.
binascii.unhexlify() raises a binascii.Error if the hexlified
blobs in a vault data blob are invalid.
On py2, binascii.Error is a subclass of Exception.
On py3, binascii.Error is a subclass of TypeError
When decrypting content of vault encrypted variables,
if a binascii.Error is raised it propagates up to
playbook.base.Base.post_validate(). post_validate()
handles exceptions for TypeErrors but not for
base Exception subclasses (like py2 binascii.Error).
* Add a display.warning on vault format errors
* Unit tests for _unhexlify, parse_vaulttext*
* Add intg test cases for invalid vault formats
Fixes#28038
* azure_rm_virtualmachine: added support for specifying custom image
* Use separate parameter for custom_image, add very basic test
* missed the version_added tag for doco
* removed whitespace I accidentally left in
* merged custom image into the image dict and added more tests
* added one more test
* Protect AWS credentials from accidental commits
* Improve documentation for IAM policies
* Update ELB tests to be multi region
Allow AZs to reflect the region in which the tests are run.
This will not work for regions with fewer than three AZs,
but those are relatively rare
This fix adds details about snapshots in result of
vmware_guest_snapshot, when operation is successful.
Fixes: #32154
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Move profile and region checking to module_utils.ec2
Remove ProfileNotFound checking from individual modules
There are plenty of `if not region:` checks that could be removed,
once more thorough testing of this change has occured
The ec2_asg, iam_managed_policy and ec2_vpc_subnet_facts modules
would also benefit from this change but as they do not have tests
and are marked stableinterface, they do not get this change.
* Add configuration of vlan trunk, security settings and port policies, and tests
This commit adds the following capabilities to the
vmware_dvs_portgroup module:
- Support for VLAN trunk portgroup
- Support for all security settings (promiscuous, forged transmits & mac
address changes)
- Support for all the port specific policies
- port specific policies match the vCenter UI behaviour (for instance:
block override is enabled by default)
- Cleanup and use of proper API entities not root entities
- Integration testing
* Cleanup of docs and adding more examples
* win_dsc: improved parameter handling
* removed uneeded try/catch leftover from testing
* removed undeed return values
* added custom DSC to fully test out casting
* fix up codestyle issues
* using new Requires ps version check
* fixed up error message check on earlier ps version
* win_become: make it easier to become with an admin token
* Fixed up pep8 whitespace
* fix for Server 2008
* Added support for async and become on newer hosts and fix warnings
* show specific undefined var errors on -v in debug
allows users to get more specific information about undefined errors
as they might be looking at a complex data structure and need to find
the specific leaf that has the issue
* now tests works at all verbosity levels
* updated to unicode objects
* win_package: add support for arguments as list
* re-added failure tests as they were accidentally commented out
* changed exit_code in failure messages to rc
* [ec2_ami_facts] new boto3-based module as a replacement for ec2_ami_find
- new boto3-based module to gather facts about ec2 images
- intended to replace ec2_ami_find which uses boto
- an ami find task (using new module) added to the ec2_ami integration test
* [ec2_ami_facts] Use AnsibleAWSModule. Catch BotoCoreError.
* add ec2_ami_facts alias to tests
* [ec2_ami_facts] return ami launch permissions as well
* Fix wrong prompt issue for network moodules
Fixes#31161Fixes#32416
* Store the device prompt in case of error
from remote device
* Check for prompt value in ios action plugin
* Add integration test
* add support to vmware_guest for template => vm conversion
While the vmware_guest currently supports conversion of VMs to templates
using the is_template argument, it does not support the inverse:
converting templates back into VMs. This change adds that
functionality.
When converting a template back into a VM, the extra config option
"uuid.action" is also set so that VMware will automatically create a new
UUID for the converted VM. If the "uuid.action" setting is already
configured, it will not be modified. Setting this prevents an
interactive question from being raised when attempting to boot the VM.
* Add integration tests for vmware_guest is_template
* Add additional idempotency test for vmware_guest is_template
Also add tests for vmware_guest_snapshot, but disable them due to
vcsim not fully supporting such operations yet.
Implement changes suggested in review. Also fix same in remove_or_revert_snapshot() for consistency
These tests are doing string matches on the error condition. Update
them to match the new strings. This is probably okay to push out to old
releases even though it's technically backwards incompatible because
production playbooks won't be checking that a parameter was missing.
Param missing is something detected and fixed while writing the playbook.
* add static route and hsrp it cases
* add snmp_user and snapshot it
* password strength correction
* fix typo
* add compare snapshot as it is fixed in the code now
* skip snapshot tests for titanium
* titanium and nxapi conditions added
Turns out on devices where only Gigabit is available (like our
csr nodes in CI), duplex is not configurable, thus the test fail.
Removing, since we are testing modification of other properties like
description and mtu and have good coverage.
* Use correct pip version in ansible-test.
* Add git fallback for validate-modules.
* Run sanity tests in a docker container.
* Use correct python version for sanity tests.
* Pin docker completion images and add default.
* Split pylint execution into multiple contexts.
* Only test .py files in use-argspec-type-path test.
* Accept identical python interpeter name or binary.
* Switch cloud tests to default container.
* Remove unused extras from pip install.
* Filter out empty pip commands.
* Don't force running of pip list.
* Support delegation for windows and network tests.
* Fix ansible-test python version usage.
* Fix ansible-test python version skipping.
* Use absolute path for log in ansible-test.
* Run vyos_command test on python 3.
* Fix windows/network instance persistence.
* Add `test/cache` dir to classification.
* Enable more python versions for network tests.
* Fix cs_router test.
* Add nxos_file_copy IT
* Restructure nxos_igmp tests
* add nxos_igmp_interface IT
* add nxos_igmp_snooping IT
* add nxos_ntp_auth IT
* Add nxos_ntp_options IT
* update nxos.yaml with new tests
* update nxos_ntp_options test
* update nxos_ntp_auth IT
In some IOS tests, we can't just assume a certain interface, as
we test on IOS and IOS-XE and in our CI they scheme numbering is
different.
Introspect version on the tests where needed.
* ec2_group: add support for rule descriptions.
* Document rule description feature and add an example using it.
* Fix removing rule descriptions.
* Add integration tests to verify adding/modifying/removing rule descriptions works as expected.
* Add permissions to hacking/aws_config/testing_policies/ec2-policy.json for updating ingress and egress rule descriptions.
* ec2_group: add backwards compatibility with older versions of botocore for rule descriptions.
* Add compatibility with older version of botocore for ec2_group integration tests.
* ec2_group: move HAS_RULE_DESCRIPTION to be checked first.
* Make requested change
* Pass around a variable instead of client
* Make sure has_rule_description defaults to None
* Fail if rule_desc is in any ingress/egress rules and the the botocore version < 1.7.2
* Remove unnecessary variable
* Fix indentation for changed=True when updating rule descriptions.
* minor refactor to remove duplicate code
* add missing parameter
* Fix pep8
* Update test policy.
* - Adds iosxr_netconf module to configure netcong service on Cisco
IOS-XR devices
* - Adds Integration test for module
- Handles diff return from load_config
* - Adds unit test for iosxr_netconf module
* windows: add #AnsibleRequires to set whether a module requires module or a specific version
* fix up pep8 issues
* changed psversion to use the actual ps Requires -Version syntax
* missed the check on #Requires -Version
* fix #Requires module extensions
* Add openssh-client to default docker container.
* Include Azure requirements in default container.
To do so, handling of pip requirements was updated to install each
set of requirements separately and then run a verification pass to
make sure there are no conflicts between requirements.
* Add missing --docker-no-pull option.
* Add documentation for the azure-requirements test.
* Handle timezone updates on Ubuntu 16.04+ on containers
Although Ubuntu 16.04 will use timedatectl by default,
containers without a working timedatectl need to use the
old method.
A bug in Ubuntu for the old method means having to write
a nasty hack
https://bugs.launchpad.net/ubuntu/+source/tzdata/+bug/1554806
* Add tests for timezones
Ensure timezone changes work across various OSs
* added win_audit_rule with integration test
* Updated integration testing to target files as well as directories
and registry keys. Split testing files apart to be more organized.
Updated powershell for better handling when targetting file objects
and optimized a bit. Removed duplicated sections that got there from a
previous merge I think.
* Decided to make all the fact names the same in integration testing.
Seemed like there would be less change of accidentally using the wrong
variable when copy/pasting that way, and not much upside to having
unique names.
Did final cleanup and fixed a few errors in the integration testing.
* Fixed a bug where results was displaying a wrong value
Fixed a bug where removal was failing if multiple rules existed due to
inheritance from higher level objects.
* Resolved issue with unhandled error when used didn't have permissions
for get-acl.
Changed from setauditrule to addauditrule, see comment in script for reasoning.
Fixed state absent to be able to remove multiple entries if they exist.
* fixed docs issue
* updated to fail if invalid inheritance_rule when defining a file rather than warn
This adds a new type of vault-password script (a 'client') that takes advantage of and enhances the
multiple vault password support.
If a vault password script basename ends with the name '-client', consider it a vault password script client.
A vault password script 'client' just means that the script will take a '--vault-id' command line arg.
The previous vault password script (as invoked by --vault-password-file pointing to an executable) takes
no args and returns the password on stdout. But it doesnt know anything about --vault-id or multiple vault
passwords.
The new 'protocol' of the vault password script takes a cli arg ('--vault-id') so that it can lookup that specific
vault-id and return it's password.
Since existing vault password scripts don't know the new 'protocol', a way to distinguish password scripts
that do understand the protocol was needed. The convention now is to consider password scripts that are
named like 'something-client.py' (and executable) to be vault password client scripts.
The new client scripts get invoked with the '--vault-id' they were requested for. An example:
ansible-playbook --vault-id my_vault_id@contrib/vault/vault-keyring-client.py some_playbook.yml
That will cause the 'contrib/vault/vault-keyring-client.py' script to be invoked as:
contrib/vault/vault-keyring-client.py --vault-id my_vault_id
The previous vault-keyring.py password script was extended to become vault-keyring-client.py. It uses
the python 'keyring' module to request secrets from various backends. The plain 'vault-keyring.py' script
would determine which key id and keyring name to use based on values that had to be set in ansible.cfg.
So it was also limited to one keyring name.
The new vault-keyring-client.py will request the secret for the vault id provided via the '--vault-id' option.
The script can be used without config and can be used for multiple keyring ids (and keyrings).
On success, a vault password client script will print the password to stdout and exit with a return code of 0.
If the 'client' script can't find a secret for the --vault-id, the script will exit with return code of 2 and print an error to stderr.
* Correct usage for shutil.rmtree
Fix adds correct usage of shutil.rmtree in git module
Fixes: #31225
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Include archive tests so they get run
* Use new include syntax
* Cleanup syntax on git tests
- use multi-line YAML
- remove unneeded {{ }} around vars in conditionals
- remove unneeded quotes
- add task file name to task names for easier troubleshooting when things fail
* Make archive tests work for RHEL/CentOS 6
The older versions of Jinja2 in RHEL/CentOS 6 required assertion tasks using the map filter to be skipped.
The older version of git required gzip compression to be skipped on RHEL/CentOS 6.
* Account for ansible_distribution_major_version missing
* Initial CD-ROM support
* create cdrom bugfix
* Improving CDROM change detection and fixing template creation bug
Running MarkAsTemplate on an existing template will fail with an error
* Better change detection for guest ID
Should only mark a change in case it actually changes
* Adding integration tests
* Pep8 compliance fixes
* Adding CDROM support, including iso, client and none types
* Updating added release version for CDROM option
* Fix rollback in junos_config
Fixes#30778
* Call `load_configuration` with rollback id in case
the id is given as input
* Pass rollback id to `get_diff()` to fetch diff from device
* Fix unit test
* Remove sysctl entry when state=absent
* Cleanup sysctl integration test syntax
* Correct grammar on error message
* Add sysctl integration test for state=absent
* [rpm_key] Fix to import first key on the system
Fixes: #31483
* [rpm_key] removed unsafe_shell and "throwaway" underscore
* [rpm_key] adding test to add the first key on system
* Added warning for 'force' option
* Changed 'profiles' type to list
* Changed 'interfacetypes' type to list
* Added deprecation warning and fixed doc
* updated force parameter
* win_become: Added support to become a service user
* fixes for linting
* changes to get local and network service working
* fixed linting issues again
* pleasing pepe
* Add update_only parameter for yum module
When using latest, `update_only: yes` will ensure that only existing
packages are updated and no additional packages are installed.
* Update yum.py
Update version added for `update_only` parameter to 2.5
* add unit tests for update_only flag in yum module
* Add new lines to end of config file lines
* Properly write out selinux config file
Change module behavior to not always report a change but warn if a reboot is needed and return reboot_required.
Improve the output messages.
Add strip parameter to get_file_lines utility to help with parsing the selinux config file.
* Add return documentation
* Add integration tests for selinux module
* Use consistent capitalization for SELinux
* Use atomic_move in selinux module
* Don't copy the config file initially
There's no need to make a copy just for reading.
* Put message after set_config_policy in case the change fails
* Add aliases to selinux tests
* win_become: move error handling to Ansible outside of shell
* trimmed the output so double newlines don't get set
* added test for non-zero exit code
* missed issue URL on test
* changed exit to SetShouldExit
In cli.CLI.unfrack_path callback, special case if the
value of '--output' is '-', and avoid expanding
it to a full path.
vault cli already has special cases for '-', so it
just needs to get the original value to work.
Fixes#30550
Fix adds a new module 'vmware_guest_powerstate' to manage
power states of virtual machine.
Fixes: #30371
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Fix fact failures cause by ordering of collectors
Some fact collectors need info collected by other facts.
(for ex, service_mgr needs to know 'ansible_system').
This info is passed to the Collector.collect method via
the 'collected_facts' info.
But, the order the fact collectors were running in is
not a set order, so collectors like service_mgr could
run before the PlatformFactCollect ('ansible_system', etc),
so the 'ansible_system' fact would not exist yet.
Depending on the collector and the deps, this can result
in incorrect behavior and wrong or missing facts.
To make the ordering of the collectors more consistent
and predictable, the code that builds that list is now
driven by the order of collectors in default_collectors.py,
and the rest of the code tries to preserve it.
* Flip the loops when building collector names
iterate over the ordered default_collectors list
selecting them for the final list in order instead
of driving it from the unordered collector_names set.
This lets the list returned by select_collector_classes
to stay in the same order as default_collectors.collectors
For collectors that have implicit deps on other fact collectors,
the default collectors can be ordered to include those early.
* default_collectors.py now uses a handful of sub lists of
collectors that can be ordered in default_collectors.collectors.
fixes#30753fixes#30623
Avoid the following seen when running ec2_ami tests on python3,
presumably because the return type of `map` is different between
python2 and python3.
```
Traceback (most recent call last):
File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 242, in <module>
main()
File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 238, in main
list_ec2_snapshots(connection, module)
File "/tmp/ansible_e44v27uj/ansible_module_ec2_snapshot_facts.py", line 193, in list_ec2_snapshots
snapshots = connection.describe_snapshots(SnapshotIds=snapshot_ids, OwnerIds=owner_ids, RestorableByUserIds=restorable_by_user_ids, Filters=filters)
File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 312, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 575, in _make_api_call
api_params, operation_model, context=request_context)
File "/usr/local/lib/python3.5/dist-packages/botocore/client.py", line 630, in _convert_to_request_dict
api_params, operation_model)
File "/usr/local/lib/python3.5/dist-packages/botocore/validate.py", line 291, in serialize_to_request
raise ParamValidationError(report=report.generate_report())
botocore.exceptions.ParamValidationError: Parameter validation failed:
Invalid type for parameter OwnerIds, value: <map object at 0x7ff577511048>, type: <class 'map'>, valid types: <class 'list'>, <class 'tuple'>
```
https://github.com/ansible/ansible/pull/30435#issuecomment-330750498
* Save the serialized values instead of their types
* Add tests for creating and modifying VMs without using a template
* Remove blank line
* Add tests for vm deletion
* Use vault_id when encrypted via vault-edit
On the encryption stage of
'ansible-vault edit --vault-id=someid@passfile somefile',
the vault id was not being passed to encrypt() so the files were
always saved with the default vault id in the 1.1 version format.
When trying to edit that file a second time, also with a --vault-id,
the file would be decrypted with the secret associated with the
provided vault-id, but since the encrypted file had no vault id
in the envelope there would be no match for 'default' secrets.
(Only the --vault-id was included in the potential matches, so
the vault id actually used to decrypt was not).
If that list was empty, there would be an IndexError when trying
to encrypted the changed file. This would result in the displayed
error:
ERROR! Unexpected Exception, this is probably a bug: list index out of range
Fix is two parts:
1) use the vault id when encrypting from edit
2) when matching the secret to use for encrypting after edit,
include the vault id that was used for decryption and not just
the vault id (or lack of vault id) from the envelope.
add unit tests for #30575 and intg tests for 'ansible-vault edit'
Fixes#30575
* win_scheduled_task_stat: add new module to get stat on scheduled tasks
* fixed up linting errors and aliases file
* I should learn how to spell
* removing URI from test
* added state information for the task
* removed argument so task stays running
* Undeprecate ec2_elb_*
* Make ec2_elb* full fledged modules rather than aliases
* Split tests for ec2_elb_lb and elb_classicb_lb
* Change names in documentation of old and new elb modules
Add tests for ec2_elb_lb
As discussed before we selected win_environment to the documentation,
and point to win_uri for a more advanced module.
If we want to make this the reference module, we have to get this one
absolutely right in every possible way.
This PR cleans up both win_environment and win_uri, and makes the
required changes to the windows module development section.
Provide all necessary permissions for AMI tests
Allow tests to run in us-east-2
Ensure `always` section gets used
Update tests to ensure that cleanup works better, and add
deletion idempotency test
* win_scheduled_task: rewrite for additionality functionality and bug fixes
* fixes for docs and os version differences
* started with the testing
* doc fix
* added more tests
* added principals tests
* finished tests for win_scheduled_task rewrite
* feedback from PR
* change to fail when both new and deprecated args are set
* change diff variable to match new standard and update doc sentance
* windows: fix list type in legacy module utils
* only change the return for the list type instead of affecting it all
* additional null check when using an array
As-merged, had several issues that prevented idempotent usage. Some args were defined at the wrong UI level. Dual-state args didn't match up with typical Ansible UI.
* Adds nxos_pim_rp_address integration test role for group_list,
prefix_list and route_map (cli and nxapi)
* * Adds explicit removal of static RP configs to match cli behaviour
* * Removes config deletion using nxos_config module (for 2.4 only)
* * Attempt short and long delete config command
* Add a platform check for N3K for bidir
* Replace pause in integration tests with until.
Use resource prefix instead of generating a random number
Only try to delete keys if they exist
* Add alias to tests
keyUsage and extendedKeyUsage are currently statically limited via a
static dict defined in modules_utils/crypto.py. If one specify a value
that isn't in there, idempotency won't work.
Instead of having static dict, we uses keyUsage and extendedKyeUsage
values OpenSSL NID and compare those rather than comparing strings.
Fixes: https://github.com/ansible/ansible/issues/30316
Current openssl_certificate is mistakenly taking its derivating its
version number from the csr version number.
Thos two fields are completly unrelated and hence the version number of
the certificate should be able to be directly specified (via
selfsigned_version parameter).
* openssl_certificate: Fix parameter assertion in Python3
Parameter assertion in Python3 is broken. pyOpenSSL get_X() functions
returns b'' type string and tries to compare it with '' string, leading
to failure.
The error mentionned above has been fixed by sanitizing the inputs from
a user to the assert only backend.
Also, this error was hidden by the fact that the improper check method
was called in the generate() functions.
* Add simple integration test for openssl_certificate
* remove subject == issuer assertion
* run integration tests only on supported hosts
* change min supported version to 0.15.x
* Add test for more CSR fields
* also convert dict members to bytes
* fix version_compare
* openssl_{csr, certificate}: Fail if pyOpenSSL <= 0.15
Previous 0.13 pyOpenSSL was a C-binding, and required the parameter
passed to add_extention to be in ASN.1. This has changed with the move
to 0.14 and it is now all pythong and string based.
Previous the 0.15 release, the `get_extensions()` method didn't exist,
since the modules rely heavily on it we ensure pyOpenSSL version is at
last 0.15.0.
* check pyopenssl version in openssl_csr integration test
* ini_file: add integration test
Start integration tests for ini_file module.
* ini_file test: add comments for lisibility
* update from review: use var instead of checksum to assert content
* fixes#26623
* Test-Path (and thus `-type path` in Get-AnsibleParam) fail on a nonexistent drive letter, since it can't be mapped to a PSProvider.
* added support and basic smoke tests for
On setup we set it to 'switch', so teardown should be 'switch'.
Also, using inventory_hostname breaks the test, since in our CI
it's a long UUID string, which exceeds the 32 chars maximum for setting
a hostname on NXOS.
* Divide Windows integration tests into 2 groups.
* Support `none` for `--changed-all-target`.
* Run 2 separate Windows groups on Shippable.
* Only run smoketest and minimal for the group1 job.
* module should fail if eos_user is added without configured_password or nopassword or sshkey
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* fix eos_user unit test
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* fix eos_user integration test
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Fix junos_user pruge option failures
Fixes#25989
Add seperate handling for purge option which
fetches configured users on remote device
and delete the one not present in aggregate
list.
* Minor changes
* add template for az func
* (wip) add basic azure functions support
* add support to add app settings to azure function
* add support for updating based off of app settings
* add integration tests and refactor required param
* support check mode and add facts module
* add test for azure functions facts module
* add necessary checks and registrations for web client
* fix documentation
* change return type from complex to dict
* disable azure_rm_functionapp tests until stable
* remove dict comprehension for py2.6
* pepe has whitespace tumor
* Adding acs module
* linter issue
* Reduce the VM Size for the int. tests
* Short the name of the cluster
* Fixing the asserts and title
* Fixing VM Scale count in int. tests
* Changing the location of the tests
* trying eastus2
* disabling acs CI tests until stabilized
* new facts module for dns zone
integration tests and new module for dns zone facts
* use vairable for domain name
* add nondeterministic piece to domain name
* fix azure_rm_dnszone_facts examples
* create new module for record set facts
added new module to get facts for dns zone record sets
* use variable for domain name
* correct lint error
* add nondeterministic piece to name
* fix azure_rm_dnsrecordset_facts examples
* replace duff commit version of win_toast
* change expire_mins to expire_secs and add example showing use of async
* fix metadata version to keep sanity --test validate-modules happy
* code review fixes and change expire_secs to expire_seconds
* add first pass integration tests for win_toast
* win_toast no longer fails if there are no logged in users to notify (it sets a toast_sent false if this happens)
* yaml lint clean up of setup.yml in win_toast integration tests
* improve exception and stack trace if the notifier cannot be created, following feedback from dag
* removed unwanted 'echo' input parameters from return vals; added to CHANGELOG.md, removed _seconds units from module params; updated tests to match
lint
Update integration test
handle check_mode
handle warnings
Removing the empty tags check
Updating author handle
To use github handle
Changing from warn to fail
disabled tests
* First version of managed disks: Multiple methods for creating, one get and one delete
* My name is too cool to be there
* Passing pep8 test
* Create and delete empty working
* Module for testing, lacks sense of setting state changed for unchanged operations
* Checking that actual changes are done to update status changed
* First version of the integration test
* Adding the dictionary to translate the facts, without using serializer
* Adding the serializer to managed disk
* Using native serializer in managed disks facts
* Added DiskSku to pass the whole class to the disk instead of a string
* Bumping version
* Passing sanity checks
* Aparently they Id is not returned by the serilizer
* Integration test
* Latest version
* Using my own serializer, the one in commons is not working for me
* Managed disks module support for ansible
* Updating my github account username in the file
* Sanity checks were missing in facts and integration test
* Fixing typo in source_resource_uri and removed AzureHTTPErrors
* Update tags are working now
* Integration test for tags
* Added support for tags, added check mode, corrected style
* (wip) add partial loadbalancer module
* (wip) add ability to use a public ip for a load balancer
* fix shebang
* add backend address pool to load balancer
* remove unncessary error variable
* add probe support to load balancer
* add ability to add load distribution rule to load balancer
* add nat pool functionality to azure load balancer
* fix pep8 errors from sanity check
* add documentation for load balancer
* refactor imports
* fix license header copyright
* add facts module for azure load balancer
* fix ansible-test failures
* add integration tests for load balancer
* fix metadata version
* add complex integration test to azure_rm_loadbalancer
* Adds win_pagefile module
* Fixed win_pagefile doc
* Fix win_pagefile doc
* Fix win_pagefile doc variable convention
* Added check_mode
* Changed win_pagefile module&doc to the convention
* added win_pagefile integration tests
* Changed check_mode blocks to whatif, fixed a bug
* Added whatif to set-wmiinstance, changed docs
Added whatif in Set-WMIInstance
Added dots to end of decription lines
* Returns to original state at the end, more tests
Added override and no override integration tests
Pagefiles now return to same state as before at the end of the integration test
* Remove extra line
* Added test_path var to win_pagefile
* Set test_path as 'no' in integration
* Added unit to docs and enclosed exception message
* More granular try-catch blocks
* Added workaround to avoid value out of range
* Deleted wrong line ending
* Changed license to one-line
* Removed space in line ending
* Try to fix python2.6 error
* Try 2 to fix python2.6 error
* Add separating line again
* added windows module win_power_plan with integration test
integration testing updated to handle skipping 2008 while testing that
module provides helpful error
* minor docs fix
* my fault, too many spaces
* #18807 win_firewall_rule uses HNetCfg.FwPolicy2 COM object
* Added missing tests
* Added support for InterfaceTypes property
* Added support for EdgeTraversalOptions property
* Added SecureFlags property
* Port ranges are not possible in W2K8
* Added windows version checks
* Fixed doc: removed 'force' option and all notes
* Fixed copirights and docs
* added azure vm extensions support
* added auto_update_minor_version and protected_settings
* update docs
* added get_poller_result
* fixed test failures
* remove tags and check mode
* Include Integration Tests
Include Integration Test for azure_rm_virtualmachine_extensions.py
* Correct location for integration test files
* rewrite of win_package to enable win_msi deprecation
* fix some minor doc issues
* Removed exe tests
* dag's changes seem to be missing, re-add them
* fixed yaml for return values
* Check registry to find RabbitMQ installation path
* Integration tests for win_rabbitmq_plugin
* Added himself to BOTMETA.yml
* Skipped running tests on Windows 2008 SP2
- Fixes to lambda
- reformatting + tests for lambda_facts
- lambda module integration test
- switch lambda and lambda_facts to AnsibleAwsModule
- Get the account ID from STS, GetUser, and finally error message
* Update RDS parameter group for boto3
* Update to boto3
* Update to latest ansible standards
* Remove choices list for valid engines (See #19221 for context)
* Allow tagging
* Return some useful information, and document that information
* Add tests for rds_param_group
* Improve testing of rds_param_group
* Add purge_tags option for rds_param_group
* Fix remaining broken rds_param_group tests
* Ensure the group name is lowercased. Fixes integration tests when run on OSX
Fix adds refactor of code for find_host_by_cluster_datacenter
API in vmware_host and vmware_resource_pool.
Also, adds strict check for cluster and datacenter object find.
Testcase for vmware_resource_pool.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This PR includes:
- Improvements to change-detection by comparing 2 objectified XML trees
- Implement better integration tests by comparing 2 files using copy
So the module was now not doing anything except adding a nic to a
vswitch. This PR adds idempotency checks, and removal checks.
We should probably add modification chacks as well, but I don't know
what the limitations are for vcsim.
* win_wait_for: added module
* Increased timeout on async task
* added more debug messages for test debug
* revert to using win_shell instead of win_command
* rebased from master and updated copyright string
* Updated metadata version
* Capitalised start of short_description
* disabled win_wait_for tests until async issues are solved
* Add tags support to cloud/amazon/ec2_group
* Finish making ec2_group tag support boto3 compatible.
Add integration tests to validate that tags are working as expected.
* openssl_privatekey: Extend test coverage
Extend the coverage of the integration test for the module
openssl_privatekey.
New tests have been added:
* passphrase
* idempotence
* removal
Co-Authored-By: Pierre-Louis Bonicoli <pierre-louis.bonicoli@gmx.fr>
* openssl_publickey: Extend test coverage
Extend the coverage on the integration test for the module
openssl_publickey.
New tests have been added:
* OpenSSH format
* passphrase
* idempotence
* removal
* win_copy rewrite with new tests and functionality
* minor pep fixes
* Handle UTF-8 filenames in zip
* fix for template
* when zip assemblies are not available in .net revert to old behaviour of copying one by one
* typo fix
* some more typos
* updated logic to correctly handle when new directories can be created
* removed testing file as it is not needed
* updated documentation based on PR
This was causing wrong behaviour when `prev_state` was `hard`-link,
since the `file` module tried to apply the same `state` on the new
file, causing unexpected errors.
Particularly, both `overlay` and `devicemapper` storage drivers in
docker use hardlinks to share files between layers. This causes
most ansible playbooks to fail when working with files from layers
below.
* Handle errors in jmespath in json_query better
Catch any exceptions raised from jmespath and raise
an AnsibleFilterError instead.
Avoid a traceback.
Fixes#20379
* pep8
* alternatives: add integration tests
* alternatives: handle absent link (fix AttributeError)
Error occurred at least on Debian Stretch and OpenSuse 42.2:
Traceback (most recent call last):
File "/tmp/ansible_RY6X41/ansible_module_alternatives.py", line 161, in <module>
main()
File "/tmp/ansible_RY6X41/ansible_module_alternatives.py", line 113, in main
current_path = current_path_regex.search(display_output).group(1)
AttributeError: 'NoneType' object has no attribute 'group'
update-alternatives stdout sample:
dummy - manual mode
link best version is /usr/bin/dummy1
link currently absent
link dummy is /usr/bin/dummy
* alternatives: PEP 8 fixes
* alternatives: fix copyright in integration tests
* alternatives: nested loops handle more than 2 items
Thanks to Michael Scherer (@mscherer) for pointing that.
* alternatives: enable integration tests
* Add network value to support_by field.
* New support_by value, certified
* Deprecate curated in favor of certified
* Add conversion from 1.0 to 1.1 to metadata-tool
* Add supported by Red Hat field to ansible-doc output
* Fail if an empty string is set as src for copy module
Fixes#27363
* Cleanup task formatting on copy tests
Use multi-line YAML
Add debug statements with verbosity: 1 rather than leave them in there commented out.
* Add test for empty string as source
* Do more checks in order to add more specific errors messages
Add more integration tests for the various failure scenarios.
Cleanup some syntax on existing integration test tasks.
* Add config option for a default list of vault-ids
This is the vault-id equilivent of ANSIBLE_DEFAULT_PASSWORD_FILE
except ANSIBLE_DEFAULT_VAULT_IDENTITY_LIST is a list.
* Better handling of empty/invalid passwords
empty password files are global error and cause an
exit. A warning is also emitted with more detail.
ie, if any of the password/secret sources provide
a bogus password (ie, empty) or fail (exception,
ctrl-d, EOFError), we stop at the first error and exit.
This makes behavior when entering empty password at
prompt match 2.3 (ie, an error)
* Add comment option to authorized_keys
* Update version_added for authorized_keys comment
* PEP8
* Include index rank in parsed_key_key
* Properly display diff
Only display diff if specificed via settings
* Fix PEP8 test failure
Removed from legacy files since it is now properly formatted
* Cleanup integration test formatting and add test for new comment feature
* Correct version_added for new option
* Add intent arguments for ios_interface
* Intent argument support
* Integration test case for intent arguments
* Fix ci issue
* Add intent arguments for iosxr_interface
* Add intent check support for iosxr_interface
* Integration test for intent + configuration
* Fix ci failure
* Handle common agrument in aggregate parameter for vyos module
* Add supoort to set parameter in aggregate to it's respctive
top level argument if value not provided in aggregate.
* Aggregate argument spec validation
* Documentation for aggregate
* Fix unit test failure
* [password] _random_password -> random_password and moved to util/encrypt.py
* [passwordstore] Use built-in random_password instead of pwgen utility
* [passwordstore] Add integration tests
Ricardo Carrillo Cruz