* fix become_method 'doas' support by properly specifying becomecmd
a repatch of https://github.com/ansible/ansible/pull/13451/ which was never committed to 'devel' branch.
* fix play_context test for become_method doas to match new becomecmd
* Allow subspec defaults to be processed when the parent argument is not supplied
* Allow this to be configurable via apply_defaults on the parent
* Document attributes of arguments in argument_spec
* Switch manageiq_connection to use apply_defaults
* add choices to api_version in argument_spec
* Stabilize ec2_vpc_vgw and ec2_vpc_vpn so tests for ec2_vpc_vpn_facts in PR 35983 can be run in CI
* Add updated placebo recordings
* ensure find_vgw uses the virtual gateway id if available
Add AWSRetry.jittered_backoff to attach_vpn_gateway to deal with errors when attaching a new VPC directly after detaching
Add integrations tests for ec2_vpc_vgw
* Sort VPN Gateways by ID
* a refactor of pool member and node modules to be inline with current f5 conventions
* Added priority_group_activation to pools
* various other small convention fixes and bug fixes
* Adds gnat provisioning to bigip_provision
* Adds special handling for AFM in bigip_provision
* Add device rebooting for provisioning as necessary
* Refactored route domain module to be inline with current f5 conventions
* Minor refactors across modules
* Adding slxos_config module and supporing util functions.
* Adding slxos module_utils load_config test
* Adding slxos_config module tests
* Removing unneeded required false statements from slxos_config module
* Removing version_aded from slxos_config module
* Removing force and save from slxos config module
* Removing save test
* Adding slx_command module and supporting module_utils.
This commit adds the slx_command module and tests as well as the
required slxos module_utils.
* Update copyright in header
* Adding missing module init
* Cleaning up shebangs/licensing.
* Incorporating feedback
Removing reference to `waitfor` alias in `slxos_command` module.
Adding `Extreme Networks` to `short_description` of `slxos_command` module.
* Adding cliconf tests
* Fixing 3.X tests
* Adding docstrings to test methods for slxos cliconf tests
* Adding slxos terminal tests
* Adding slxos module_utils tests
* Adding Extreme Networks team members to BOTMETA.yml
* fix inventory plugin source caching
- avoid caching invetnory sources in loader in base
- same fix for yaml plugin
- idem for 'auto' plugin
fixes#37162
* fix mock dataloader func sig
This commit moves code to look for vars files/dirs to a common place and
uses it for loading role defaults/vars. This allows things such as
'defaults/main' or 'vars/main' being a directory in a role, allowing
splitting of defaults/vars into multiple files. This commit also fixes
the role loading unit tests for py3 when bytestrings are used for paths
instead of utf8 strings.
This fixes#14248 and #11639.
* Handle duplicate headers, and make it easier for users to use cookies, by providing a pre-built string
* Ensure proper cookie ordering, make key plural
* Add note about cookie sort order
* Add tests for duplicate headers and cookies_string
* Extend tests, normalize headers between py2 and py3
* Add some notes in test code
* Don't use AttributeError, use six.PY3. Use better names.
* Start of tests for ansible.module_utils.urls
* Start adding file for generic functions throughout urls
* Add tests for maybe_add_ssl_handler
* Remove commented out line
* Improve coverage of maybe_add_ssl_handler, test basic_auth_header
* Start tests for open_url
* pep8 and ignore urlopen in test_url_open.py tests
* Extend auth tests, add test for validate_certs=False
* Finish tests for open_url
* Add tests for fetch_url
* Add fetch_url tests to replace-urlopen ignore
* dummy instead of _
* Add BadStatusLine test
* Reorganize/rename tests
* Add tests for RedirectHandlerFactory
* Add POST test to confirm behavior is to convert to GET
* Update tests to handle recent changes to RedirectHandlerFactory
* Special test, just to confirm that aliasing http_error_308 to http_error_307 does not cause issues with urllib2 type redirects
This offers an optimization that allows loading larger
inventories of various structure by improving the
scaling laws involved for adding hosts and groups.
The primary speed benefit is the elimination of duplicate
recusion from traversing converging paths.
* module_common: set required parameter templar
Fix the following error (related to b455901):
$ ./hacking/test-module -m ./lib/ansible/modules/system/ping.py -I ansible_python_interpreter=/usr/bin/python
Traceback (most recent call last):
File "./hacking/test-module", line 268, in <module>
main()
File "./hacking/test-module", line 249, in main
(modfile, modname, module_style) = boilerplate_module(options.module_path, options.module_args, interpreters, options.check, options.filename)
File "./hacking/test-module", line 152, in boilerplate_module
task_vars=task_vars
File "ansible/lib/ansible/executor/module_common.py", line 910, in modify_module
environment=environment)
File "ansible/lib/ansible/executor/module_common.py", line 736, in _find_module_utils
shebang, interpreter = _get_shebang(u'/usr/bin/python', task_vars, templar)
File "ansible/lib/ansible/executor/module_common.py", line 452, in _get_shebang
interpreter = templar.template(task_vars[interpreter_config].strip())
AttributeError: 'NoneType' object has no attribute 'template'
* module_common.modify_module: templar is required
The generated file was completely unusable by the system
therefore the fix which ensures that diffing the file
prior to changes and after only shows diffs
Furthermore the code did not work for Python 3.6
> f.writelines(to_bytes(lines, errors='surrogate_or_strict'))
E TypeError: a bytes-like object is required, not 'int'
The other modifications (lambda variable renaming) is to
comply with default flake8 rules
* Fix 'New Vault password' on vault 'edit'
ffe0ddea96 introduce a
change on 'ansible-vault edit' that tried to check
for --encrypt-vault-id in that mode. But '--encrypt-vault-id'
is not intended for 'edit' since the 'edit' should always
reuse the vault secret that was used to decrypt the text.
Change cli to not check for --encrypt-vault-id on 'edit'.
VaultLib.decrypt_and_get_vault_id() was change to return
the vault secret used to decrypt (in addition to vault_id
and the plaintext).
VaultEditor.edit_file() will now use 'vault_secret_used'
as returned from decrypt_and_get_vault_id() so that
an edited file always gets reencrypted with the same
secret, regardless of any vault id configuration or
cli options.
Fixes#35834
NSO verify did not handle leaf-list value verification in 4.5 and
later due to changes made for configuration writing made.
map prefix for identityref types in verification.
NSO operations can take much longer than 10 seconds as they operate on
real network equipment, set default timeout to 5 minutes and allow for
user override.
* Fix redundant yaml error blurbs on ModArgs parse errors
Some of the AnsibleParserErrors from parsing.mod_args
are created with the obj=some_yaml_ds options but
some are not.
If they were, we don't want to add another yaml_ds to
it, because that will result in double yaml error blurbs.
And since we dont need to add info, we can just re raise it.
But if there is no ._obj, add it here so we get the extra
detail in the error message (see issue #14790) and raise
a new AnsibleParserError instance.
Fixes#36848
* cleanup existing test_tasks pep8/sanity issues
False assumption that values can not have cyclic dependencies. Fix by
removing dependency on self and look for cycles, if found remove
dependency to get a partial sort done.
Fix issues in ValueBuilder used in nso_config and nso_verify so that it
can handle leaf-list in NSO 4.5 and detect identityref types from
unions.
Fail gracefully if a type is not found.
* allows ib_spec attrs to be filtered in update
This change will allow the ib_spec entries to be be filtered on a change
object by setting the update keyword to false. The default value for
update is true. When the update keyword is set to false, the keyed
entry will be removed from the update object before it is sent to the
api endpoint.
fixes#36563
* fix up pep8 issues
* fix nxos_l3_interface tests as n35 doesn't support ipv6
* add terminal dont-ask to nxos_feature and nxos_lldp
* put interfaces in L2 mode for N35
* fix nxos_feature unit-tests
The modules in this patch include waits that need to happen to ensure
something is correctly configured on a BIG-IP. These waits were
raised as an issue in a recent ansible-testing meeting.
This patch eliminates the waits by mocking time.sleep
Start using this to construct shade OpenStack Cloud objects in a
consistent manner. This will let us centralize things like dealing with
password arguments and whatnot. It also allows us to introduce the
ability to pass a fully formed config dict directly to the module.
Migrate all OpenStack modules to use openstack_cloud_from_module.
Have it return the shade library since it's responsible for
importing shade and shade is needed for the exceptions.
Only pull specific OpenStack arguments for the constructor
Rather than passing **module.params to the shade constructor, pull out
only the values that make sense. This should prevent the issues with
module parameters stepping on shade parameters.
Replace module.params.pop with module.params.get
We don't need to pop these anymore since the shade constructor is now
using opt-in values.
Using real urls is ungood. Use example.com domains. Also, get rid of the
antiquated port numbers.
* basic: allow one or more when param list having choices
* add unit tests
* optimize a bit
* re-add get_exception import
* a number of existing modules expect to be able to get it from basic.py
* Fixing eos_config save option. Was removed when deprecated. Fixing other deprecation documentation. Adding unit tests.
* Fixing removed_in_version for force.
* aws ssm parameter lookup test case - fails demonstrating no exception when parameter missing
* aws ssm parameter lookup - fail in case parameter doesn't exist
* aws ssm parameter lookup test case - failing case for nice return from path lookup
* aws ssm parameter lookup - convert incoming taglist to a key-value dictionary
* aws ssm parameter lookup - pep8 / style clean up
* aws_ssm lookup plugin rewrite for more standard interface
* aws_ssm module and lookup - introduce integration test and fix:
* aws_ssm module and lookup - error case integraton test and many PEP8 and other cleanups
* aws ssm parameter lookup - Various fixes in response to review + recursive fix & test
* aws ssm parameter lookup - more in response to review - shertel/abadger
* aws ssm parameter lookup unit test - move to mocker according to abadger
* aws ssm parameter lookup - integrate with new documentation fragment
* aws ssm parameter lookup - accept either aws_profile or boto_profile
* aws ssm parameter lookup - eliminate lookup document fragment until env vars are fixed later
* ACI: Change result output as discussed
* Update all modules to use new aci.exit_json()
* Update output_level spec and docs
* Fix integration tests
* Small PEP8 fix
* Asorted fixes to tests and aci_rest
* More test fixes and support for ANSIBLE_DEBUG
* Fix another PEP8 issues
* Move response handling inside ACI module
* Reform of ACI error handling and error output
* Diff multiline json output
* Fix a few more tests
* Revert aci_bd tests
* Small correction
* UI change: existing->current, original->previous
* UI change: config->sent
* Update all modules with RETURN values
* Fix a few more tests
* Improve docstring and add 'raw' return value
* Fix thinko
* Fix sanity/pep8 issues
* Rewrite unit tests to comply with new design
* Fix over-byte
* Update ios tests to call `provider`
To continue to support testing `connection: local`
* Fix command dict handling in ios_user
* Clean up unit tests, too
* Revert model and serialnum to older version
* Add stacked versions of model and serialnum as separate facts
* Add unit test to check stacked output
* Alter model regex to address #34768
Enforce module deprecation.
After module has reached the end of it's deprecation cycle we will replace it with a docs stub.
* Replace deprecated modules with docs-only sub
* Use of deprecated past deprecation cycle gives meaningful message (see examples below)
* Enforce documentation.deprecation dict via `schema.py`
* Update `ansible-doc` and web docs to display documentation.deprecation
* Document that structure in `dev_guide`
* Ensure that all modules starting with `_` have a `deprecation:` block
* Ensure `deprecation:` block is only used on modules that start with `_`
* `removed_in` A string which represents when this module needs **deleting**
* CHANGELOG.md and porting_guide_2.5.rst list removed modules as well as alternatives
* CHANGELOG.md links to porting guide index
To ensure that meaningful messages are given to the user if they try to use a module at the end of it's deprecation cycle we enforce the module to contain:
```python
if __name__ == '__main__':
removed_module()
```
* refactors nios api shared code to handle provider better
This change refactors the shared code to be easily shared between
modules, plugins and dynamic inventory scripts. All parts now implement
the provider arguments uniformly.
This also provides a centralized fix to suppress urllib3 warnings coming
from the requests library implemented by infoblox_client
* fix up pep8 errors
* fix missing var name
* Adding new code for new module and new module_utils with the pip pyfmg package
* Changed login and logout functionality and renamed mod_utils file as well as cleaned up PEP8 syntax
* Removing extra Ansible parameters and fixing more syntax issues
* Fixing more syntax issues and comparing against previous FTNT script module
* Changing import location to pass syntax checks
* Fixing pylint errors
* Removing test files
* Add unit tests and enabling a login session check within main in order to throw error if network connection exception
* Fixing syntax issues for adding unit tests
* Changing case for pip package requirements
* adding comments
* adding version restriction on pip package for testing
* adding version restriction on pip package for testing
* More comments
* Fixing documentation errors and add the ability to skip a test if it isn't present
* Fixing Pep8 error with whitespace (tab) in the row
* Remove compat code for to_unicode, to_str and to_bytes
Code was marked as deprecated and to be removed after 2.4
* Remove is_encrypted and is_encrypted_file
Code was marked as deprecated after 2.4 release.
* Imported lookup plugin from Role
* Plugin cleanup, including:
* Use existing Python YAML parsing
* Remove environment variables as connection options
* Added initial debugging information
* Reworked the lookup plugin using the Python Request library. As it's available through Ansible, it makes communication with Conjur much more straight forward.
* Removed un-used libraries
* Fixed linting issues
* Standardized output on `format` and insure it works for 2.6, 2.7, and 3.x.
* Use quote_plus from the six library for improved python 2/3 behavior.
* Refactored identity & configuration to prefer user's file. This also includes a refactor to remove an un-needed dictionary merge method.
* Removed `requests` in favor of `ansible.module_utils.urls`.
* Refactored netrc loading to warn if host is not present.
* Tests and a refactor to support easier testing.
* Added reference to website
* Fixed two linting errors
* Fixed an extra line found by linting
* Updated file write to use binary to insure config files are written correctly
* Resolved linting issues
* Refactored config & identity loading to take advantage of plugin options
* Cleanup a bunch of small items caught by linting
* Removed extra line caught by linting
* Swapped in pytest and added some tests with mocked network responses
* Pushing to see if this approach works better...
* Refactored be open_url mocking based on feedback
* Fixed a couple linting issues & refactored mocking into each method to attempt to resolve a failing test
* Use a generic MagicMock for python 2.6
* Fixes doc typo
require -> required
* Use `type: path` in identity_file and config_file
Also removes `expanduser` calls below (which will now be called automatically on
paths.)
* Defines maintainers for conjur_variable plugin
* BOTMETA.yml:
** defines $team_cyberark_conjur as maintainers of Conjur Variable plugin
** adds myself and @jvanderhoof to that team
* Adds URLs to relevant documentation for Conjur Variable lookup plugin
* Clarifies "the server," "the machine" -> "controlling host"
The machine identity used is that of the Ansible controlling host, not any
server being provisioned or instructed. This documentation change aims to make
that relationship clear.
* Adds response code to exception message on authentication failure
* Enhances exception messages to specify the controlling host
These error messages are less likely to confuse a user as to which machine is
associated with the files, identities, and configurations being described.
* Adds ANSIBLE_METADATA for Conjur variable lookup plugin
aws_ec2 is an inventory plugin intended to replace uses of the `contrib/inventory/ec2.py`
inventory script.
For advanced grouping, please use the `constructed` inventory plugin.
Add deps/requires for fact collectors
Fact collectors can now set a required_facts
class attribute that will be a set of the names
of fact collectors they require to be run first.
ie, if a collector needs to know the ansible_distribution,
it should set it's required_facts to include 'distribution'
required_facts = set(['distribution'])
If a collector requires another collector, it gets added
to the selected collector names.
We then topological sort the ordering of the collectors
so that deps work out (ie, 'distribution' will run before
'service_mgr')
required_facts were added to the collectors for:
- network (requires 'distribution', 'platform')
- hardware (requires 'platform')
- service_mgr (requires 'distribution', 'platform')
Fix name references for facts (need 'ansible_' prefix)
is service_mgr
Fixes#30753
The accumulated collected_facts was being update
with new facts _after_ filtering them. So only
facts that pass the filter would ever be passed
to other fact collectors.
For 'filter=ansible_service_mgr', even though it requires
the platform and distribution facts and even collects them,
they would get filtered out and never passed to the other
collectors that need them (service_mgr for ex).
Fix is just to add the unfiltered facts to collected_facts.
Adds unit tests for fact filter and collected_facts.
Fixes#32286
The search string used to look for Clear Linux
was changed in 45a9f96774 to
be more specific, but was too specific. Now finding
a substring match for 'Clear Linux' in /usr/lib/os-release
is enough to consider a match.
Since the details of the full name in os-release varies
('Clear Linux Software for Intel Architecture',
'Clear Linux OS for Intel Architecture', etc) the
search string match was failing and would fall back to the
'first word in the release file' method resulting in
ansible_distribution='NAME="Clear'
Also add a meta fact indicating which search string
was matched.
Test case info from:
https://github.com/ansible/ansible/issues/31501#issuecomment-340861535Fixes#31501
Extract vault related bits of DataLoader._get_file_contents to DataLoader._decrypt_if_vault_data
When loading vault password files, detect if they are vault encrypted, and if so, try to decrypt with any already known vault secrets.
This implements the 'Allow vault password files to be vault encrypted' (#31002) feature card from
the 2.5.0 project at https://github.com/ansible/ansible/projects/9Fixes#31002
* Moved the encryption to its own action method.
* removed silly default value for encryption type.
* Code formatting issues from pull request ANSIBOT.
* changed version_added to "2.5"
because of new new options available
* changed version_added to "2.5"
because of new new options available
* changed version_added to "2.5"
because of new new options available
There are changes that the merge config can fail, but the module
will still report success. This adds a blob of code to start
collecting those failures and bubbling up a module failure
accordingly.
* allow shells to have per host options, remote_tmp
added language to shell
removed module lang setting from general as plugins have it now
use get to avoid bad powershell plugin
more resilient tmp discovery, fall back to `pwd`
add shell to docs
fixed options for when frags are only options
added shell set ops in t_e and fixed option frags
normalize tmp dir usag4e
- pass tmpdir/tmp/temp options as env var to commands, making it default for tempfile
- adjusted ansiballz tmpdir
- default local tempfile usage to the configured local tmp
- set env temp in action
add options to powershell
shift temporary to internal envvar/params
ensure tempdir is set if we pass var
ensure basic and url use expected tempdir
ensure localhost uses local tmp
give /var/tmp priority, less perms issues
more consistent tempfile mgmt for ansiballz
made async_dir configurable
better action handling, allow for finally rm tmp
fixed tmp issue and no more tempdir in ballz
hostvarize world readable and admin users
always set shell tempdir
added comment to discourage use of exception/flow control
* Mostly revert expand_user as it's not quite working.
This was an additional feature anyhow.
Kept the use of pwd as a fallback but moved it to a second ssh
connection. This is not optimal but getting that to work in a single
ssh connection was part of the problem holding this up.
(cherry picked from commit 395b714120522f15e4c90a346f5e8e8d79213aca)
* fixed script and other action plugins
ensure tmpdir deletion
allow for connections that don't support new options (legacy, 3rd party)
fixed tests
* Cache tasks as they are queued instead of en masse
This also moves the task caching from the PlayIterator to the
StrategyBase class, where it makes more sense (and makes it easier
to not have to change the strategy class methods leading to an API
change).
Fixes#31673
* Cleaning up unit tests due to 502ca780
This patch is primarily a refactor to make the validate-modules arg-spec
no longer generate a traceback. It additionally includes removal of deprecated
code in the virtual server module.