* iosxr implemetation for net_interface
* iosxr_interface implementation
* Add integration test
* iosxr_interface integration test
* net_interface intergration test for iosxr
* update boilerplate
* Add tests for group in a VPC
* Improve ec2_group output and documentation
Update ec2_group to provide full security group information
Add RETURN documentation to match
* Fix ec2_group creation within a VPC
Ensure VPC ID gets passed when creating security group
* Add test for auto creating SG
* Fix ec2_group auto group creation
* Add backoff to describe_security_groups
Getting LimitExceeded from describe_security_groups is definitely
possible (source: me) so add backoff to increase likelihood of
success.
To ensure that all `describe_security_group` calls are backed off,
remove implicit ones that use `ec2.SecurityGroup`. From there,
the decision to remove the `ec2` boto3 resource and rely on the client
alone makes good sense.
* Tidy up auto created security group
Add resource_prefix to auto created security group and delete
it in the `always` section.
Use YAML argument form for all module parameters
* win_service: added support for paused services
* change pausable service for local computers
* more fixes for older hosts
* sigh
* skip pause tests for Server 2008 as it relies on the service
* set output_dir_expanded using module result
'path' values are expanded using 'expandvars' too
* foo.txt is located in 'files' directory
* Use 'role_path' and 'connection: local' for local paths
'{{ role_path }}/tmp' is used for generated paths
* Use local connection with local paths
/tmp/ansible-test-abs-link and /tmp/ansible-test-abs-link-dir are
defined by targets/copy/files/subdir/subdir1/ansible-test-abs-link
and targets/copy/files/subdir/subdir1/ansible-test-abs-link-dir links.
* task names: add a suffix when same name is reused
* Check that item exists before checking file mode
then error message is more explicit when item doesn't exist
* Use output_dir_expanded only when necessary
* Enforce remote_user when root is required
* Fix remote path
* Use different local & remote user
this is useful when controller and managed hosts are identical
* Checks must not expect output of tested module to be right
* Use a temporary directory on the controller
* Use sha1 & md5 filters instead of hardcoded values
* Use 'remote_dir' for directory on managed host
* Workaround tempfile error on OS X
Error was:
temp_path = tempfile.mkdtemp(prefix='ansible_')
AttributeError: 'module' object has no attribute 'mkdtemp'"
* initial commit for win_group_member module
* fix variable name change for split_adspath
* correct ordering of examples/return data to match documentation verbiage
* change tests setup/teardown to use new group rather than an inbult group
* prepare_ovs call gather facts
As we are no longer using run_ovs_integration_tests.yml we need to
explicitly gather facts so we can call the correct package manager.
* typo
Absolute path trailing slash handling in absolute directories
find_needle() isn't passing a trailing slash through verbatim. Since
copy uses that to determine if it should copy a directory or just the
files inside of it, we have to detect that and restore it after calling
find_needle()
Fixes#27439
Fixes#13243
** Add --vault-id to name/identify multiple vault passwords
Use --vault-id to indicate id and path/type
--vault-id=prompt # prompt for default vault id password
--vault-id=myorg@prompt # prompt for a vault_id named 'myorg'
--vault-id=a_password_file # load ./a_password_file for default id
--vault-id=myorg@a_password_file # load file for 'myorg' vault id
vault_id's are created implicitly for existing --vault-password-file
and --ask-vault-pass options.
Vault ids are just for UX purposes and bookkeeping. Only the vault
payload and the password bytestring is needed to decrypt a
vault blob.
Replace passing password around everywhere with
a VaultSecrets object.
If we specify a vault_id, mention that in password prompts
Specifying multiple -vault-password-files will
now try each until one works
** Rev vault format in a backwards compatible way
The 1.2 vault format adds the vault_id to the header line
of the vault text. This is backwards compatible with older
versions of ansible. Old versions will just ignore it and
treat it as the default (and only) vault id.
Note: only 2.4+ supports multiple vault passwords, so while
earlier ansible versions can read the vault-1.2 format, it
does not make them magically support multiple vault passwords.
use 1.1 format for 'default' vault_id
Vaulted items that need to include a vault_id will be
written in 1.2 format.
If we set a new DEFAULT_VAULT_IDENTITY, then the default will
use version 1.2
vault will only use a vault_id if one is specified. So if none
is specified and C.DEFAULT_VAULT_IDENTITY is 'default'
we use the old format.
** Changes/refactors needed to implement multiple vault passwords
raise exceptions on decrypt fail, check vault id early
split out parsing the vault plaintext envelope (with the
sha/original plaintext) to _split_plaintext_envelope()
some cli fixups for specifying multiple paths in
the unfrack_paths optparse callback
fix py3 dict.keys() 'dict_keys object is not indexable' error
pluralize cli.options.vault_password_file -> vault_password_files
pluralize cli.options.new_vault_password_file -> new_vault_password_files
pluralize cli.options.vault_id -> cli.options.vault_ids
** Add a config option (vault_id_match) to force vault id matching.
With 'vault_id_match=True' and an ansible
vault that provides a vault_id, then decryption will require
that a matching vault_id is required. (via
--vault-id=my_vault_id@password_file, for ex).
In other words, if the config option is true, then only
the vault secrets with matching vault ids are candidates for
decrypting a vault. If option is false (the default), then
all of the provided vault secrets will be selected.
If a user doesn't want all vault secrets to be tried to
decrypt any vault content, they can enable this option.
Note: The vault id used for the match is not encrypted or
cryptographically signed. It is just a label/id/nickname used
for referencing a specific vault secret.
* Revert "Update conventions in azure modules"
This reverts commit 30a688d8d3.
* Revert "Allow specific __future__ imports in modules"
This reverts commit 3a2670e0fd.
* Revert "Fix wildcard import in galaxy/token.py"
This reverts commit 6456891053.
* Revert "Fix one name in module error due to rewritten VariableManager"
This reverts commit 87a192fe66.
* Revert "Disable pylint check for names existing in modules for test data"
This reverts commit 6ac683ca19.
* Revert "Allow ini plugin to load file using other encoding than utf8."
This reverts commit 6a57ad34c0.
- New option for ini plugins: encoding
- Add a new option encoding to _get_file_contents
- Use replace option in test/runner/lib/util.py when calling decode on stdout/err
output when diff have non-utf8 sequences
* changed collection arg to argregate on 2.4 network modules
* replace users with aggregate in eos_user, junos_user, nxos_user
* added version_added to places where we replaced users with aggregate in the docs
* fix ios_static_route test
* update tests to reference aggregate instead of collection/users
* Nuage module and unit tests with requested changes
* Cleanup of imports
* Adding check on python version
* Adding import try and catch wrappers
* Cleanup of requirements and adding integration tests
* Using pypi package for simulator
* Cleanup of requirements and adding integration tests
* Adding aliases for integration tests
* Adding module to import sanity test skip list
* Revert "Adding module to import sanity test skip list"
This reverts commit eab23af8c5.
* Adding check for importlib and cleanup of requirements
Crypto namespace contains the openssl modules. It has no integration
testing as of now.
This commits aims to add integration tests for the crypto namespace.
This will make it easier to spot breaking changes in the future.
This tests currently apply to:
* openssl_privatekey
* openssl_publickey
* openssl_csr
* vmware_host: Small fixes and docs updates
This PR includes:
- A fix to no longer require a datacenter folder for adding a host
- Documentation improvements
- Ensure imports are specific
* Update vmware_host
Fix adds following:
* Update logic in vmware_host
* Update example documentation
* Added test case for vmware_host
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Sometimes MacOSX's pwd doesn't return an expanded path. Not sure why
but this test is still valid if we expand it via a playbook filter so
go ahead and do that.
* We need a directory walker that can handle symlinks, empty directories,
and some other odd needs. This commit contains a directory walker that
can do all that. The walker returns information about the files in the
directories that we can then use to implement different strategies for
copying the files to the remote machines.
* Add local_follow parameter to copy that follows local symlinks (follow
is for remote symlinks)
* Refactor the copying of files out of run into its own method
* Add new integration tests for copy
Fixes#24949Fixes#21513
* add unit test: nested dynamic includes
* nested dynamic includes: avoid AnsibleFileNotFound error
Error was:
Unable to retrieve file contents
Could not find or access 'include2.yml'
Before 8f758204cf, at the end of
'path_dwim_relative' method, the 'search' variable contained amongst
others paths:
'/tmp/roles/testrole/tasks/tasks/included.yml' and
'/tmp/roles/testrole/tasks/included.yml'.
The commit mentioned before removed the last one despite the method
docstrings specify 'with or without explicitly named dirname subdirs'.
* add integration test: nested includes
* list failed tests for iosxr
* list failed tests for ovs
* list failed tests for junos
* list failed tests for ios
* list failed tests for eos
* list failed tests for nxos
* list failed tests for vyos
* Ensure that include_role properly fires handlers
include_role needs to ensure that any handlers included
with the role are added to the _notified_handler and
_listening_handler lists of the TaskQueueManager, otherwise
it fails when trying to run the handler.
Additionally, the handler needs to be added to the
PlayIterator's `_uuid_cache` or it fails after running
the handler
Add more uuid debug statements - this code was hard
to debug with existing debug statements, so add more
uuid information at little additional output cost.
Fixes#18411
* Add tests for include_role handlers
Tests for #18411
* Only use `git verify-tag` when verifying annotated tags
The command `git verify-tag` only applies to annotated tags. When
verifying lightweight tags, which are more similar to non-moving
branches, one has to use `git verify-commit` instead.
Using ':' as a separator is appropriate since that is one of the
characters not allowed in a Git reference name.
See also https://www.kernel.org/pub/software/scm/git/docs/git-check-ref-format.html
* Improve testing of the Git module's gpg verification
* Add default description string to vyos_interface
* If `state=up` it should remove the `disable` configuration
for interface. However, if no other interface parameter is configured
this ends up deleting the interface itself which is not the desired
behaviour. Hence adding a default description field to avoid such
scenario's.
* Minor changes
* Add default description to aggregate
The 'admin' word was being masked by Ansible as potential cred.
Let's just use network-operator since we are just testing here
we can create users in aggregate.
* Use Boto3 for ec2_group
Currently boto doesn't support ipv6. To support ipv6 in ec2_group, we need boto3.
boto3 has significant API changes, which caused more re-factoring for ec2_group module.
Added additional integration test to test_ec2_group role.
* Follow the standard for boto3 ansible
Fixed imports. Use boto3 ansible exception with camel_dict_to_snake_dict.
Refactored the call to authorize/revoke ingress and egress.
* Removed dependancy with module ipaddress
Added new parameter called cidr_ipv6 for specifying
ipv6 addresses inline with how boto3 handles ipv6 addresses.
* Updated integration test
* Added ipv6 integration test for ec2_group
* Set purge_rules to false for integration test
* Fixed import statements
Added example for ipv6.
Removed defining HAS_BOTO3 variable and import HAS_BOTO3 from ec2.
Cleaned up import statements.
* Fixed exception handling
* Add IAM permissions for ec2_group tests
Missing AuthorizeSecurityGroupEgress necessary for latest tests
* Wrapped botocore import in try/except block
Import just botocore to be more similar to other modules
* junos implementation for net_l3_interface module
* junos_l3_interface implementation
* junos_l3_interface integration test
* net_l3_interface integration test for junos
* Fix module name typo
* once smoketest is implemented in CI, will run a much smaller set of Windows module integration tests for changes to module_utils or connection subsystems
* win_secedit: Added module with tests/diff mode
* fixed up test issues
* Added missing return value
* change for win_secedit based on review
* updated win_security_policy examples for rename
These integration tests were used for testing the exact behaviour of
Ansible for YAML-style syntax and key=value syntax.
This includes fixes to win_shortcut (as `src` can be a URL too)
* win_regedit: rewrite to support edge cases and fix issues
* fix up byte handling of single bytes and minor doc fix
* removed unused method
* updated with requested changes
* vyos implementation for net_interface module
* vyos_interface implementation module
* vyos_interface integration test
* net_interface integration test for vyos
* Change collection to aggregate
* Fix the editable condition into pip module (#19028)
* Add editable to tests
Default changed to False, so now editable: True is needed explicitly in
tests
* Revert "Temporarily disable zypper tests due to timeouts."
This reverts commit 25f943e22f.
* Revert "Disable zypper_repository tests due to errors."
This reverts commit 5833197a19.
* until we can have a robust internal source for chocolatey (and/or PSScriptAnalyzer sanity tests), we want to at least make sure that the module is syntactially valid.
* vmware_guest: fixes for cache objects and datacenter association
* find_all_objs was only looking for datastores
* Clear the result if it's datacenter is not correct.
* Re-enable pyvmomi installation
Addresses #25011
Addresses #26511
* Slight refactor on vmware_guest to fix path searching and vcsim compatibility.
* Clean up pep8 errors
* Fix more pep8 issues
* Add assertions
* Remove debug failure
* Update docsting for folder with examples
* Revise _get_vm_prop based on suggestions
* Implement folder walker to find a folder path
* More enhancements for datacenter->datacenter cloning
* Fix a few pep8 issues
* Remove useless check for subclass of None
* Fix a few suggestions
* Move serialize_spec to a util function
* Group exceptions together
Fixes#25011
* add connection plugin for buildah
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* fixup
* create a method to invoke buildah
* mount container filesystem persistently so we can access it
during put and fetch
* use copyfile function for copying files
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* revert tests
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* fixup
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* progress
(this will be squashed into a single commit before merge)
* add docs for the conn plugin
* fix issue invoking the integration tests
* add a way to invoke commands inside the container as a different user
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* fix shellcheck warning
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* junos_linkagg implementation and junos modules refactor
* junos_linkagg implementation
* junos_linkagg integration test
* net_linkagg integration test for junos
* decouple `load_config` and `commit` operations,
to allow single commit (in case on confirm commit) and
to perform batch commit (multiple `load_config` followed by single
`commit`)
* Other related refactor
* Fix CI issues
* Fix unit test failure
* invalid drive letter breaks new Powershell path validation (this is a separate issue that needs to be solved)
* test also exposes a minor bug in win_get_url where a nonexistent directory in the root of a drive that exists passes the "does the parent dir exist" check and causes DownloadFile to bomb (this should be fixed by dag's rewrite of win_get_url in https://github.com/ansible/ansible/pull/26612)
* Feature #2731: added postgres import and dump
* Feature #2731: be more permissive of arguments
```
hacking/test-module -m ./ppostgresql_db.py -a "db=example state=dump target=/tmp/out"`
```
failed previously since host, user, and port were required as keywords
in the pg_dump / pg_import methods.
* Feature #2731: fixed doc string for validate-modules
```
$ ansible-validate-modules database/postgresql/
```
now passes.
* Feature #2731: disable 'password' for dump/restore
* Feature #2731: bump added version to 2.3
* Feature #2731: replace db_import with db_restore
* Feature #2731: add missing version description
* Feature #2731: fix 'state' description
* Feature #2731: fix pep8 issues
* Feature #2731: put state documentation in a single string
* Bump added version from 2.3 to 2.4
* Fix pep8 and pylint errors
* Attempt yaml formatting of documentation string
* Add integration tests for postgres_db:dump/restore
* Update dump/restore logic to support new kw-args
Also attempt to support password; integration tests are
still failing.
* Revert to postgres user for dump/restore
Passing PGPASSWORD is not working for subprocesses. For the
moment, reverting to the strategy of failing if login_password
is set and using `postgres` for all testing of dump/restore.
* Various cleanups to have tests passing
* Working tests for {sql,tar} x {,bz2,gz,xz}
* Use pg_user to support FreeBSD
* Revert login_ prefixes and re-enable password support
All `login_` keywords are mapped to their non-prefix versions
so the previous changes were effectively using `postgres` for
all actions. With the proper keywords, PGPASSWORD-passing to
the subprocess is now working.
* Optionally add password
environ_update doesn't handle None values in the
dictionary to be added to the environment. Adding
check.
* Quick fixes
* Refactor login arguments after fixes from pchauncey
The fixes introduced by pchaunchy pointed to further issues
(like no --dbname on PG<=9.2) with the login parameters. This
refactors them and adds further tests.
Note: this will still not pass integration tests due to a further
issue with pg_dump as a non-admin user:
pg_restore: [archiver (db)] Error while PROCESSING TOC:
pg_restore: [archiver (db)] Error from TOC entry 1925; 0 0 COMMENT EXTENSION plpgsql
pg_restore: [archiver (db)] could not execute query: ERROR: must be owner of extension plpgsql
* Introduce target_opts for passing limiting dumped/restored schemas
The current integration tests (PG version and template DBs) don't
permit a regular user (`{{ db_user1 }}`) access to plpgsql causing
restores to fail. By adding an option for passing arbitrary args to
pg_dump and pg_restore, testing is made easier. This also paves the
way for `-j` usage, once the PG version is bumped.
* add enhanced run option support for win_scheduled_task
* changed run_level option to runlevel
* correct merge conflicts since task path fix
* changed run_level option to runlevel
* changed do_not_store_password to store_password, and other minor fixes
* conditional logic swap, and documentation change for password
* postgresql_user module - transaction logic hacks to allow recovery from failed select
* postgresql_user - PEP8 and style fixes to make debugging easier
* postgresql_user - move password changing logic to separate function
* postgresql_user - trap failure in case where there is no access to pg_authid
* postgresql_user - further PEP8 fixes
* postgresql_user - Simplify password change logic and improve imports according to suggestions from PR review
* postgresql_user - Eliminate pep8/blank line errors introduced in merge
* Check behaviour when pg_authid relation isn't readable
TASK [postgresql : Normal user isn't allowed to access pg_authid relation:
password comparison will fail, password will be updated] ***
An exception occurred during task execution. To see the full traceback,
use -vvv. The error was: psycopg2.ProgrammingError: permission denied
for relation pg_authid
* Don't reintroduce passlib, remove useless query
This PR includes:
- Checkmode improvements
- Integration tests
- A fix for python3
- PEP8 fixes
This backports improvements from the win_wakeonlan module.
* Implementation of junos_static_route module
* junos implementation of net_static_route
* integration test for junos_static_route
* integration test for junos net_static_route
* Minor change
* Doc change
* Fix CI issue
* junos_user declarative module changes
* Active/Deactivate support
* junos_user integration test
* net_user intergration test for junos
* Add version_added for active param
restored 'rc' inspection but only when failed is not specified
removed redundant changed from basic.py as task_executor already adds
removed redundant filters, they are tests
added aliases to tests removed from filters
fixed test to new rc handling
* as a result of recent core engine changes to ignore rc, modules are responsible to set `failed` on nonzero RC if they want that behavior
* the `failed` filter currently triggers on nonzero RC, which caused the tests to false-pass
* updated tests to explicitly check both rc and failed keys, as well as using the failed filter.
Currently, when using this test, it fails with the following error
message:
> AttributeError: 'NoneType' object has no attribute 'rfind'
This is because there is no _raw_params value for parent_include.args
here
https://github.com/ansible/ansible/blob/devel/lib/ansible/playbook/included_file.py#L104
This commit ensure the value is specified so it can be reused and hence
not fail at this specific line.
Previously tests would stop running on the first failure.
With this PR we move onto running the tests for the next module. This
allows DCI runs to have a fuller picture of what's broken.
This only effects manual and DCI runs, it doesn't effect Shippable runs
as this the modules are tested directly.
* fixes become_method: runas for unprivileged users
* sets permissions on tempdir appropriately
* allows automatic system environment generation for new token (old Process.Start way prevents this)
* add basic become runas tests
* correct, cleanup & simplify dwim stack
latlh chIS logh HeS qar wej chel laD
better errors
update find_file to new exception
* addressed latest comments
* test should not use realpath as it follows symlink
this fails when on OS X as /var is now a symlink to /private/var
but first_found was not supposed to follow symlinks
* win_say: Fix issue, add integration test
This PR includes:
- Make speed_speech an integer parameter
- Test for empty parameters too
- Add integration tests
* Improve the $speech_speed parameter handling
As requested
include_vars will now also return a key 'ansible_included_var_files'
which contains the list of files that were successfully loaded.
This is useful information and, amongst other things, a way for users
to know exactly what files were included when debugging their
playbooks.
This also allows us to improve the integration tests around
include_vars.
So in an effort to verify if Windows modules are feature complete
compared to the python equivalent, I stumbled upon these differences.
This PR includes:
- Add missing 'data' option from documentation
- Simplify ping module
- Update integration tests to test exception
Make pyca/cryptography the preferred backend for cryptographic needs (mainly vault) falling back to pycrypto
pyca/cryptography is already implicitly a dependency in many cases
through paramiko (2.0+) as well as the new openssl_publickey module,
which requires pyOpenSSL 16.0+. Additionally, pyca/cryptography is
an optional dep for better performance with vault already.
This commit leverages cryptography's padding, constant time comparisons,
and CBC/CTR modes to reduce the amount of code ansible needs to
maintain.
* Handle wrong password given for VaultAES format
* Do not display deprecation warning for cryptography on python-2.6
* Namespace all of the pycrypto imports and always import them
Makes unittests better and the code less likely to get stupid mistakes
(like using HMAC from cryptogrpahy when the one from pycrypto is needed)
* Add back in atfork since we need pycrypto to reinitialize its RNG just in case we're being used with old paramiko
* contrib/inventory/gce: Remove spurious require on pycrypto
(cherry picked from commit 9e16b9db275263b3ea8d1b124966fdebfc9ab271)
* Add cryptography to ec2_win_password module requirements
* Fix python3 bug which would pass text strings to a function which
requires byte strings.
* Attempt to add pycrypto version to setup deps
* Change hacking README for dual pycrypto/cryptography
* update dependencies for various CI scripts
* additional CI dockerfile/script updates
* add paramiko to the windows and sanity requirement set
This is needed because ansible lists it as a requirement. Previously
the missing dep wasn't enforced, but cryptography imports pkg_resources
so you can't ignore a requirement any more
* Add integration test cases for old vault and for wrong passwords
* helper script for manual testing of pycrypto/cryptography
* Skip the pycrypto tests so that users without it installed can still run the unittests
* Run unittests for vault with both cryptography and pycrypto backend
* Add new windows module win_psmodule
* Add checkmode, allow_clobber parameter, integration tests
* Add aliases, replace win_raw with win_shell
* restore original test_win_group1.yml, add powershel version test
* fix var type
* add conditional on assert
* integration tests conditional tasks review
* documentation fix, test fix, adds result.change
* fix yml
* fix railing whitespace
* add nuget_changed and repository_changed in result
There are too many possible special cases for Ansible to be able to
precheck known_hosts files without introducing all kinds of false
failures.
* Alternative known_hosts paths
* Alternative host name aliases
* ssh host certificates
* SSHFP + DNSSEC
Fixes#24860
The py-psycopg2 package now requires postgresql95-server instead of
postgresql93-server. Installing py-psycopg2 will automatically remove
postgresql93-server if it is installed, breaking integration tests.
* Add junos_system declartive module and other related change
* junos_system declartive module
* integration test for junos_system
* integration test for net_system (junos platform)
* pep8 fixes for junos modules
* move to lxml from elementree for xml parsing as it support
complete set of xpath api's
* other minor changes
* Fix CI and doc changes
* Fix unit test failures
* Fix typo in import
* Fix import issue for py2.6
* Add missed Element in import
This is a cleanup of the win_uri module to make it feature-complete.
This PR includes:
- Added check-mode support
- Add as many options from the uri module as possible
- Added creates
- Added follow_redirects
- Added maximum_redirection
- Added password
- Added removes
- Added return_content
- Added status_code
- Added timeout
- Added user
- Added validate_certs
- Fixed list-handling for comma-separated strings
- Added basic integration tests (should come from uri module)
* added integration tests for apt upgrade
changed version number for hello to 2.6 so that it works with Ubuntu 12.04
prevent tests from checking if aptitude is installed on non ubuntu systems
changed ordering on when statements for safe and full upgrade types so that the OS check happens before the aptitude check
added integration tests for apt upgrade
changed version number for hello to 2.6 so that it works with Ubuntu 12.04
* Moved additions to tasks/main.yml to make revisions easier. Changed tasks to multiline format
* added integration tests for yum repository
* fixed escaped single quote
* extended yum_repository tests to include fedora
* removed unused variable file
* added check for return values
* replaced escaped double quotes with single quotes, switched to lookup for reading repofile
* Add junos_banner declartive module
* junos_banner implementation
* Integration test for junos_banner
* Integration test for net_banner (junos)
* Minor fixes
* Minor doc change
* Add net_interface declartive module
* Add net_interface module
* Add junos_interface implementation module
* Other minor changes
* Add integration test
* Integration test for net_interface
* Integration test for junos_interface
* Fix CI failures
* Documentation changes
* Add vyos_user implementation module
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Integration test for vyos_user
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Make state absent work
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Unit test for vyos_user
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Standardize user names
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Modify integration test with idempotent case
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Add role as alias to level
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* allows win_scheduled_task to support adding and removing task paths
* fix line length for documentation
* added integration tests for path creation and removal
* removing ability to remove TaskPath if a task isn't removed. also removed superfluous line of code in Invoke-TaskPathCheck function
* trying to delete a nonexistent bucket should not fail
* Improve error handling for deleting s3 bucket
* Allow successful deletion
* Add test for deleting a nonexistent bucket
rename integration test target from s3 to aws_s3
* WIP Add openvswitch_db integration tests
* Add ovs.yaml playbook entrypoint for OVS
* Add test case pattern filtering
* Clear out aliases for now
Running tests on posix group just fails, containers do not have ovs
* Factorize tests related to no_password_change using an include task
* Refactor: deduplicate tasks
* postgresql_user: test 'expires' parameter
* Change 'valid until' even it's the only updated field
* value is changed when another value is provided
* value isn't returned when unset
* Remove unused variable
* psycopg2.extras.DictRow is able to handle comparison
* postgresql_user: simplify helper method
* postgresql_user: define variable just before using it
* Fix comparison between user input and applied configuration
* new test: adding an invalid attribute
* Refactor, add cleaning task
* Check that using same attribute a 2nd time does nothing
* Always try to remove created user
* postgresql_user: fix pep8
* win_environment: Added tests and return info in document
* fixing up some yaml issues
* some more things I should have detected
* fixing up test tag name
* netscaler_service initial implementation
* Changes as requested by reviewers
* Skip some tests if under python2.6 and importing requests library
* Change option "operation" to "state"
* Remove print statements from netscaler module utils
* Catch all exceptions during login
* Fix fail message
* Add common option save_config
* Allow template files to be vaulted
* Make sure to import exceptions we need
* get_real_file can't take bytes, since it looks specifically for string_types
* Now that we aren't using open() we don't need b_source
* Expand playbooks_vault docs to include modules that support vaulted src files
* Add vaulted template test
* Add net_user platform agnostic module
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Integration test for net_user
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* modify eos_user module to support name param as alias to username
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Test collection of users
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Ultra basic api-gateway module based of lambda.py
* Ultra basic deployment added to api-gateway module
* ApiGateway module Allow creation of APIs, more documentation and better return value
* ApiGateway module incorporate review feedback
* ApiGateway module flake8 cleanup
* APIGateway module - more review fixes.
* slightly better messages in api_gateway module
* AWS api_gateway module - try to improve messages in case of exceptions
* rename api_gateway module to aws_api_gateway as discussed in PR 20230
* aws_api_gateway - Allow delivery of swagger either as text or dictionary.
* aws_api_gateway module - introduce 'unit' tests, improve imports using them and small fixes
* aws_api_gateway module - move path expand_user to avoid early typecheck
* aws_api_gateway - version means version of metadata not module - fix to 1.0
* aws_api_gateway module - Rely on module_utils.ec2 for imports & path type for expanduser / cleanups
* aws_api_gateway module - heavy cleanup and refactor of code + cloud retry functionality.
* api_gateway_module - failing test case for handling more than one deployment in succession and API deletion
* add TooManyRequestsException to AWSRetry exception list - makes API deployment work.
* api_gateway_module - Fixes for various review comments + errors from various linters
* api_gateway_module - Fixes for more review comments + linter error
* api_gateway_module - Major refactor into sensible functions - create_response becomes configure_response
* api_gateway_module - should be working under python3; remove test exclusion
* api_gateway_module - finish off remaining review fixes - use ansible defaults and fix mutually exclusive
* api_gateway_module - attempt to improve handling of botocore errors in python3
* api_gateway_module - implement state=absent / API deletion
* Platform agnostic net_system module
Also refactor the action network plugins for better code re-use
Still more refactoring to do once the connection plugin work is complete
* Replace importlib for imp
importlib is not available on 2.6, so we need to stick to imp
* Load action plugin via module metadata
* Better error message if no implementation is found
Now the plugin will show the module name and the network OS in the
error message
* Fix typo on documentation author line
* Fix pep8 issues
* Add missing options key on doc string and stringify version
* Return None in case module has no metadata
* Read module metadata only if it's a python module
Check for module suffix, if it's .py then read metadata.
Otherwise this fails on non-python modules, like Windows PS for example.
* Read metadata variable only if it's a python module
Fix referencing a variable before assignment
* Add action_handler to validate_modules metadata schema
* Pull metadata with plugin_docs get_docstring
Using load_source from PluginLoader is troublesome, it is not guaranteed
a module may be importable at the controller, e.g. if a module depends
on module_utils functions it won't work, because module_utils is not
in the sys path.
Rather than putting that module dependencies introspection, just
use plain parsing like plugin_docs get_docstring does as we only care
about reading ANSIBLE_METADATA.
* Add platform agnostic group of groups for integration tests
This will be the target for platform agnostic integration tests.
* Add integration tests for net_system
* Switch to action plugin inheritance from metadata driven action handler
As the metadata action driven action handler work is being worked on
on its standalone proposal+PR, let's just go back to have one
action handler per platform agnostic module.
Those action plugins will inherit from net_base.
* Add blank line to fix pep8
* Add aliases file to net_system integration test
This will avoid CI failure
* Fix integration tests for net_system
* Give more precedence to task network_os over inventory network_os
* Added win_dsc module file
* mute output and track reboot requirements
* added tests
* proper conditionals for test
* Added moar conditionals for test
* ci fixes
* Added metadata
* fixed integration test yaml
* ci fix
* ci fix
* added module_version param and output, no longer chokes on multiple versions found.
* ci fix
* code review improvements, make return vars more pythonic, cleanup
removed reference to handles in commit message
* Fixed tests, clearer documentation
* fixed trailing whitespace
Facts Refresh (2.4 roadmap)
This commit implements most of the 2.4 roadmap 'Facts Refresh'
- move facts.py to facts/__init__.py
- move facts Distribution() to its own class
- add a facts/utils.py
- move get_file_content and get_uname_version to facts/utils.py
- move Facts() class from facts/__init__ to facts/facts.py
- mv get_file_lines to facts/utils.py
- mv Ohai()/Facter() class to facts/ohai.py and facter.py
- Start moving fact Hardware() classes to facts/hardware/*.py
- mv HPUX() hardware class to facts/hardware/hpux.py
- move SunOSHardware() fact class to facts/hardware/sunos.py
- move OpenBSDHardware() class to facts/hardware/openbsd.py
- mv FreeBsdHardware() and DragonFlyHardware() to facts/hardware/
- mv NetBSDHardware() to facts/hardware/netbsd.py
- mv Darwin() hardware class to facts/hardware/darwin.py
- pep8/etc cleanups on facts/hardware/*.py
- Mv network facts classes to facts/network/*.py
- mv Virtual fact classes to facts/virtual
- mv Hardware.get_sysctl to facts/sysctl.py:get_sysctl
- Also mv get_uname_version from facts/utils.py -> distribution.py
since distribution.py is the only thing using it.
- add collector.py with new BaseFactCollector
- add a subclass for AnsibleFactCollector
- hook up dict key munging FactNamespaces
- add some test cases for testing the names of facts
- mv timeout stuff to facts.timeout
- rm ansible_facts()/get_all_facts() etc
- Instead of calling facts.ansible_facts(), fact collection
api used by setup.py is now to create an AnsibleFactCollector()
and call it's collect method.
- replace Facts.get_user_facts with UserFactCollector
- add a 'systems' facts package, mv UserFactCollector there
- mv get_dns_facts to DnsFactCollector
- mv get_env_facts to EnvFactCollector
- include the timeout length in exception message
- modules and module_utils that use AnsibleFactCollector
can now theoretically set the 'valid_subsets'
May be useful for network facts module that currently have
to reimplement a good chunk of facts.py to get gather_subsets
to work.
- get_local_facts -> system/LocalFactCollector
- get_date_time -> system/date_time.py
- get_fips_facts -> system/fips.py
- get_caps_facts() -> system/caps.py
- get_apparmor_facts -> system/apparmor.py
- get_selinux_facts -> system/selinux.py
- get_lsb_facts -> system/lsb.py
- get_service_mgr_facts -> system/service_mgr.py
- Facts.is_systemd_managed -> system/service_mgr.py
- get_pkg_mgr_facts -> system/pkg_mgr.py
- Facts()._get_mount_size_facts() -> facts.utils.get_mount_size()
- add unit test for EnvFactCollector
- add a test case for minimal gather_subsets
- add test case for collect_ids
- Make gather_subset match existing behavior or '!all'
If 'gather_subset' is provided as '!all', the existing behavior
(in 2.2/2.3) is that means 'dont collect any facts except those
from the Facts() class'. So 'skip everything except
'apparmor', 'caps', 'date_time', 'env', 'fips', 'local', 'lsb',
'pkg_mgr', 'python', 'selinux', 'service_mgr', 'user', 'platform', etc.
The new facts setup was making '!all' mean no facts at all, since
it can add/exclude at a finer granularity. Since that makes more
sense for the ansible collector, and the set of minimal facts to
collect is really more up to setup.py to decide we do just that.
So if setup.py needs to always collect some gather_subset, even
on !all, setup.py needs to have the that subset added to the
list it passes as minimal_gather_subset.
This should fix some intg tests that assume '!all' means that
some facts are still collected (user info and env for example).
If we want to make setup.py collect a more minimal set, we can do that.
- force facts_dicts.keys() to a list so py3 works
- split fact collector tests to test_collectors.py
- convert Facter(Facts) -> other/facter.py:FacterFactCollector
- add FactCollector.collect_with_namespace()
regular .collect() will return a dict with the key names
using the base names ('ip_address', 'service_mgr' etc)
.collect_with_namespace() will return a dict where the key names
have been transformed with the collectors namespace, if there is
one. For most, this means a namespace that adds 'ansible_' to the
start of the key name.
For 'FacterFactCollector', the namespace transforms the key to
'facter_*'.
- add test cases for collect_with_namespace
- move all the concrete 'which facts does setup.py' stuff to setup.py
The caller of AnsibleFactCollector.from_gather_subset() needs to
pass in the list of collector classes now.
- update system/setup.py to import all of the fact classes and pass
in that list.
- split the Distribution fact class up a bit
extracted the 'distro release' file handling (ie, linux
boxes with /etc/release, /etc/os-release etc) into its
own class.
- extract get_cmdline_facts -> cmdline.py
- extract get_public_ssh_host_keys -> system/ssh_pub_keys.py
- extract get_platform_facts -> system/platform.py
platform.py may be a good candidate for further splitting.
- rm test for plain Facts() base class
- let the base class for Collector unit tests provide collected_facts
some Collectors and/or their migrated Facts() subsclasses need
to look at facts collected by other modules ('ansible_architecture'
the main one...).
Collector.collect() has the collected_facts arg for this, so add
a class variable to BaseFactsTest so we can specify it.
- mv Ohai to other/ohai.py and convert to Collector
- update hardware/*.py to return facts (no side effects)
- mv AnsibleFactCollector to setup.py
- extra collector class gathering to module method in
facts/__init__.py (collector_classes_from_gather_subset)
- add a CollectorMetaDataCollector collector used to provide
the 'gather_setup' fact
- add unit test module for 'setup' module
(test/units/modules/system/setup.py)
- Collector init now doesnt need a module, but collect does
An instance of a FactCollector() isnt tied to a AnsibleModule
instance, but the collect() method can be, so optionally pass
in module to FactCollector.collect() (everywhere)
- add a default_collectors for list of default collectors
import and use it from setup.py module
eventually, would like to replace this with a plugin loader
style class finder/loader
- unit tests for module_utils/facts/__init__.py
- add unit tests for ohai facts collector
- remove self.facts side effect on populate() in hardware/sunos.py
- convert OpenBSDHardware() to rm side effects on self.facts
- try to rm some self.facts side effects in Network()
plumb in collected_facts from populate() where it is needed.
stop passing collected_facts into Network() [via cached_facts=,
where it eventually becomes self.facts]
- nothing provides Fact() cached_facts arg now, rm it
Facts() should be internal only implementation so nothing
should be using it.
Of course, now someone will.
- add a Collector.name attr to build a map of name->_fact_ids
To properly exclude a gather_subset spec like '!hardware', we
need to know that 'hardware' also means 'devices', 'dmi', etc.
Before, '!hardware' would remove the 'hardware' collector name
but not 'devices'. Since both would end up in id_collector_map,
we would still end up with the HardwareCollector in the collector
list. End result being that '!hardware' wouldn't stop hardware
from being collected.
So we need to be able to build that map, so add the Collector.name
attribute that is the primary name (like 'hardware') and let
Collector._fact_ids be the other fact ids that a collector is
responsible for.
Construct the aliases_map of Collector.name -> set of _fact_ids
in fact/__init__.py get_collector_names, and use it when we are
populating the exclude set.
- refactor of distribution.py
make the big OS_FAMILY literal a little easier to read
Also keys can now be any string instead of python literals
99% sure the test for 'KDE Neon' was wrong
I don't see how/where it should or could get 'Neon' instead
of 'KDE Neon' as provided in os-release NAME=
Use 'distribution' string for key to OS_MAP
ie, we dont need to make it a valid python label anymore so dont.
move _has_dist_file to module as _file_exists
easier to mock without mucking with os.path
mv platform.system() calls to within get_distribution_facts() instead
of Distribution() init.
- remove _json compat module
The code in here was to support:
-a 'json' python module that was not the standard one included
with python since 2.6.
- potentially fallback to simplejson if 'json' was not available.
'json' is available for all supported python versions now so
no longer needed.
- mv get_collector_names -> facts.collector
- mv collector_classes_from_gather_subset -> facts.collector
- mv collector tests from test_facts -> test_collector
- Use six's reduce() in sunos/netbsd hardware facts
- rm extraneous get_uname_version in utils
only system/distribution.py uses it
- Remove Facts() subclass metaclass usage
- using fact_id and a platform id for matching collectors
gut most of Facts() subclasses
rm Facts() subclasses with weird metaclass
only add collectors that match the fact_ids and the platform_info
to the list of collectors used.
atm, a collectors platform_id will default to 'Generic', and
any platform matches 'Generic'
goal is to select collector classes including matching the
systems platform in collector.py, instead of relying on
metaclasses in hardware/*. To finish this, the various
Facts() subclasses will need to be replaced entirely with
Collector() subclasses.
use collector classmethod platform_match() to match the platform
This lets the particular class decide if it is compatible with
a given platform_info. platform_info is a dict like obj, so it could be
expanded in the future.
Add a default platform_match to BaseFactCollector that matches
platform_info['system'] == cls._platform
They were needed previously to trigger a module
load on all the collector classes when we import
facts/hardare so that the Hardware() and related
classes that used __new__ and find_all_subclasses()
would work.
Now that is done in collectors based on platform matching
at runtime we dont need to do it py module import/parse
time. So the non empty __init__.pys are no longer needed
and their is a more flexible mechanism for selection
platform specific stuff.
facts/facts.py is no longer used, rm'ed
- if we dont find an implement class for gather spec.. just ignore it.
Would be useful to add a warn to warn about this case.
- Fix SD-UX typo (should be HP-UX)
- Port fix for #21893 (0 sockets) to this branch
This readds the change from 8ad182059d
that got lost in merge/rebase
Fixes#21893
- port sunos fact locale fix for #24542 to this branch
based on e558ec19cdFixes#24542
Solaris fact fix (#24793)
ensure locale for solaris fact gathering
fixes issue with locale interfering with proper reading of decimals
- raise exceptions in the air like we just dont care.
Pretty much ignore any not exit exception in facts
collection. And add some test cases.
- added new selinux fact to clarify python lib
the selinux fact is boolean false when the library is not installed,
a dictionary/hash otherwise, but this is ambigous
added new fact so we can eventually remove the type dichtomy and normalize it as a dict
Re-add of devel commit 85c7a7b844 to
the new code layout, since it got removed in merge/rebase
* s3 integration tests
* Make s3 integration tests work in standard integration setup and with fish as current shell
see also https://github.com/ansible/proposals/issues/62 if you don't like this much
* test_s3 integration test - substitute command instead of shell where simple
* test_s3 integration test - random contents + complete elimination of use of shell module by moving to tempfile
* move s3 to integration test targets
* Add a couple more test for . in bucket names
Tidy syntax
remove reference to legacy credentials.yml
remove posix/cli/cloud/aws
* remove from legacy testing
* remove dependencies that aren't used
* win_firewall_rule: Small idempotency fix
This PR includes the following changes:
- an idempotency fix when `profile: any`
- better difference output to debug idempotency issues
- documentation fixes (remove `required: false`)
- Parameter handling fixes
- RDP example that matches default RDP rule
- Renamed parameter 'enable' to 'enabled' (kept alias)
- Renamed parameter 'profile' to 'profiles' (kept alias)
* Rewrite module completely
The logic is still intact, but various changes with a single goal:
- Make the module idempotent
- Implement check-mode
- Implement diff-mode
- Adapted integration tests
This fixes#18807 and #23455.
* Change casing to lowercase
* Improve the logic wrt. diff
This is required for modules that may return a non-zero `rc` value for a
successful run, similar to #24865 for Windows fixing **win_chocolatey**.
We also disable the dependency on `rc` value only, even if `failed` was
set.
Adapted unit and integration tests to the new scheme.
Updated raw, shell, script, expect to take `rc` into account.
* apt: include arch in check for installed packages on multi-arch systems
Thanks: Stefan Löwen <stefan.loewen@gmail.com>
Fixes: #24673
* add an integration test for apt's multi-arch handling
By default, client encoding is determined either from the LANG_*/LC_*
environment variables or using encoding of the database.
Containers used in the CI don't define a default locale, then encoding
of default databases was SQL_ASCII.
This task is only executed when the playbook has already been executed
once, for example using 'ansible-test integration' with '--retry-error'
switch when the first run fails.
This modification allows to recreate default databases (postgres,
template0 and template1) using the same encoding that the one used by
the Debian package.
Default encoding is 'SQL_ASCII' when default locale is not set in
/etc/default/locale.
* test/: PEP8 compliancy
- Make PEP8 compliant
* Python3 chokes on casting int to bytes (#24952)
But if we tell the formatter that the var is a number, it works
- Removed alias autoclean from autoremove.
- Added independent execution of apt-get autoclean/autoremove
- Continued to support --auto-remove as a flag to install/remove
Fixes#22222#24718