Commit Graph

847 Commits (68d487eacf27b6db24d7e7a39ac79009762052a8)

Author SHA1 Message Date
3onyc 554496c404 [passwordstore] Use builtin _random_password function instead of pwgen (#25843)
* [password] _random_password -> random_password and moved to util/encrypt.py
* [passwordstore] Use built-in random_password instead of pwgen utility
* [passwordstore] Add integration tests
7 years ago
saichint 9d84a4e530 fix for nxos_ospf_vrf invalid cmd and ntp errors (#27977)
* fix for nxos_ospf_vrf invalid cmd

* fix for nxos_ntp issues
7 years ago
Toshio Kuratomi 3edac559d3 the smart transport is broken by ssh retry code
1fe67f9 introduced retries to the ssh connection put file and fetch
file.  Unfortunately, that change broke the smart transport because it
started raising exceptions instead of returning from _run().  This
breakage is documented in #23711.

An attempt to fix it was made at #23717 but the first attempt was
objected to as needing to touch too much code.  The second attmept was
objected to as smart was forced to encapsulate retries (thus retrying
a sftp "rety" times before trying scp "retry" times and then finally
moving onto piped).  This third attempt has retries encapsulate smart.
So each sub-transport is tried once and if all three fail, another retry
attempt is made which tries each of the three again.

Fixes #23711
Fixes #23717
7 years ago
Trishna Guha 60ce6438e3 fix nxos_overlay_global idempotence (#28150)
* fix nxos_overlay_global idempotence

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* modify nxos_overlay_global unittest

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
7 years ago
David Newswanger a01aa6e9df Fix structured output not supported in nxos_pim_interface (#28125)
* fixed unstructured error

* fix unit tests so they accept commands in dictionary form
7 years ago
Trishna Guha 12460dd713 Add ios_vrf declarative intent config check (#28001)
* Add ios_vrf declarative intent config check

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* add version for delay param

* modify ios_vrf unit test
7 years ago
Pierre-Louis Bonicoli 94a327dd09 rhn_channel: add unit tests 7 years ago
Sloane Hertel 1de91a9aa0 [cloud] Convert `s3` module to use boto3 (#21529)
* replace boto with boto3 for the s3 module

make s3 pep8 and remove from legacy files

fix s3 unit tests

* fix indentation

* s3 module - if we can't create an MD5 sum return None and always upload file

* remove Location.DEFAULT which isn't used in boto3 and tidy up the docs

* pep8

* s3: remove default: null, empty aliases, and required: false from documentation

fix incorrectly documented defaults

* Porting s3 to boto3. Simplify some logic and remove unused imports

* Fix s3 module variables

* Fix a typo in s3 module and remove from pep8 legacy files

* s3: add pagination for listing objects.

Fix logic and use head_object instead of get_object for efficiency.

Fix typo in unit test.

* Fix pagination to maintain backwards compatibility.

Fix incorrect conditional.

Remove redundant variable assignment.

Fix s3 list_object pagination to return all pages

* Use the revised List Objects API as recommended.

* Wrap call to paginated_list in a try/except

Also remembered to allow marker/prefix/max_keys to modify what keys are listed

* Simplify argument
7 years ago
Ganesh Nalawade 3b0e9ded91 Fix fallback and boolean check in argspec (#27994)
Fixes #27978

*  Add missing assignment for param key in fallback handling
*  Add check for frozenset type
*  Unit testcase
7 years ago
Adrian Likins 220db9cdd2 Better vault pass prompt behav on EOF, more unit tests (#27981) 7 years ago
Adrian Likins 82f550e8cd Add prompt formats for 2.3 compat ask-vault-pass (#27974)
The prompt_formats dict didn't get the 'prompt_ask_vault_pass'
item added for interactive --ask-vault-pass, which
caused "KeyError: u'prompt_ask_vault_pass'"

Fixes #27885
7 years ago
Zac Medico 501fc7a248 template: fix KeyError: 'undefined variable: 0 (#27972)
* template: fix KeyError: 'undefined variable: 0

For compatibility with the Context.get_all() implementation
in jinja 2.9, make AnsibleJ2Vars implement collections.Mapping.
Also, make AnsibleJ2Template.newcontext() handle dict type
for the 'vars' parameter.

See: d67f0fd4cc
Fixes: https://github.com/ansible/ansible/issues/20494

* add units/template/test_vars

* intg tests for jinja-2.9 issues like 20494

test cases here are based on
https://github.com/ansible/ansible/issues/20494#issue-202108318
7 years ago
Nathaniel Case a78f3faa6c nxos_bgp_neighbor_af does not want required_together (#26370)
* nxos_bgp_neighbor_af does not want required_together

* fixup tests

* Fix max_prefix_* issues

* Require address-family

* Fix idempotency for next_hop_third_party

* Fix idempotency for allowas_in*

* Fix idempotency for *_in and *_out

* Reorder command generation again

`default` is first, then `max-prefix`, then booleans
7 years ago
Nathaniel Case c1bf74283e Network load_config: Capture configuration output and display as warnings (#27851)
* Capture configuration output and display as warnings

* Don't break on nxapi

nxapi errors very loudly instead, so no need to muck about with warnings
7 years ago
Adrian Likins c38ff3b8f8 pylint fixes for vault related code (#27721)
* rm unneeded parens following assert
* rm unused parse_vaulttext_envelope from yaml.constructor
* No longer need index/enumerate over vault_ids
* rm unnecessary else
* rm unused VaultCli.secrets
* rm unused vault_id arg on VaultAES.decrypt()

pylint: Unused argument 'vault_id'
pylint: Unused parse_vaulttext_envelope imported from ansible.parsing.vault
pylint: Unused variable 'index'
pylint: Unnecessary parens after 'assert' keyword
pylint: Unnecessary "else" after "return" (no-else-return)
pylint: Attribute 'editor' defined outside __init__

* use 'dummy' for unused variables instead of _

Based on pylint unused variable warnings.

Existing code use '_' for this, but that is old
and busted. The hot new thing is 'dummy'. It
is so fetch.

Except for where we get warnings for reusing
the 'dummy' var name inside of a list comprehension.

* Add super().__init__ call to PromptVaultSecret.__init__
pylint: __init__ method from base class 'VaultSecret' is not called (super-init-not-called)

* Make FileVaultSecret.read_file reg method again

The base class read_file() doesnt need self but
the sub classes do.

Rm now unneeded loader arg to read_file()

* Fix err msg string literal that had no effect
pylint: String statement has no effect

The indent on the continuation of the msg_format was wrong
so the second half was dropped.

There was also no need to join() filename (copy/paste from
original with a command list I assume...)

* Use local cipher_name in VaultEditor.edit_file not instance
pylint: Unused variable 'cipher_name'
pylint: Unused variable 'b_ciphertext'

Use the local cipher_name returned from parse_vaulttext_envelope()
instead of the instance self.cipher_name var.

Since there is only one valid cipher_name either way, it was
equilivent, but it will not be with more valid cipher_names

* Rm unused b_salt arg on VaultAES256._encrypt*
pylint: Unused argument 'b_salt'

Previously the methods computed the keys and iv themselves
so needed to be passed in the salt, but now the key/iv
are built before and passed in so b_salt arg is not used
anymore.

* rm redundant import of call from subprocess
pylint: Imports from package subprocess are not grouped

use via subprocess module now instead of direct
import.

* self._bytes is set in super init now, rm dup

* Make FileVaultSecret.read_file() -> _read_file()

_read_file() is details of the implementation of
load(), so now 'private'.
7 years ago
mzizzi 4648dc9702 [cloud] Add more configurable backoff implementations to CloudRetry/AWSRetry (#27251) 7 years ago
Pilou b57af4428d rhn_register: fix broken imports, add unit tests (#26878)
Fix 'module' object is not callable

* rhn_register: fix Python 3 compatibility
* rhn_register: update requirements
* rhn_register: add unit tests
* Add missing method name
* use a dedicated line for XML related requirements
* rhn_register: drop support for Python 2.4
* rhn_register unit tests: fix Python 3 compatibility
* refactor in order to check order of the requests
7 years ago
Philippe Dellaert 6d33e59ca1 Fix for subspec options validation issue #27715 (#27728)
* Fix for issue ansible/ansible#27715

* Also fixing mutually exclusive check

* Updating subspec checks
These changes take into account a spec with all features enabled and do
the following tests for subspecs:
1. Test proper specs
2. Test Alias
3. Test missing required param
4. Test mutually exclusive params
5. Test required if params
6. Test required one of params
7. Test required together params
8. Test required if params with a default value
9. Test basis subspec params
10. Test invalid subsec params
7 years ago
Peter Sprygada 7b604368d3 adds new filter plugins for network use cases (#27695)
* adds new filter plugins for network use cases

* adds parse_cli filter
* adds parse_cli_textfsm filter
* adds Template class to network_common
* adds conditional function to network_common

* fix up PEP8 issues
7 years ago
Sloane Hertel 467a1f54a3 s3_bucket: fix python3 sorting incompatibility (#27502)
* s3_bucket: fix policy sorting for python3 so strings are evaluated as less than tuples.

Add tests to ensure this behavior is maintained.

* Fix s3_bucket comparison function to work on both Python 3.5 and 3.6

* s3_bucket: document that cmp_to_key is used for python 2.7.

Add another test for s3_bucket to compare policies of different sizes.

* fix pep8

* Work around code-smell grepping by not using the word 'cmp'.
7 years ago
Sloane Hertel dbbad16385 [cloud] New module: Add module for managing AWS Datapipelines (cloud/amazon/data_pipeline) (#22878)
* New module for managing AWS Datapipelines

* Supports create/activate/deactivate and deletion
* Handles idempotent creation by embeding the version in the
uniqueId field
* Waits for requested state to be reached, as Botocore doesn't
have waiters yet for datapipelines

* rename module, fix imports, add tags option, improve exit_json results, fix a couple bugs, add a TODO so I don't forget

fix pep8

allow timeout to be used for pipeline creation

make .format syntax uniform

fix pep8

fix exception handling

allow pipeline to be modified, refactor, add some comments, remove unnecessary imports

pipeline activation may not be in the activated state long

remove datapipeline version option

change a loop to a list comprehension

create idempotence by hashing the options given to the module minus the objects (which can be modified)

small bugfix

* data_pipeline unittests

make unittests pep8

fix bug in unittests

* remove exception handling that serves no purpose

* Fix python3 incompatibilities in datapipeline tests and add placebo fixture maybe_sleep for faster tests

Fix python3 incompatibilities in data_pipeline build_unique_id()

Don't delete a pipeline in diff_pipeline() because it's unexpected

Don't use time.time() because it causes an issue with placebo testing

re-recorded tests

fix pep8 in data_pipeline

Remove disable_rollback from tests

Make sure unique identifier is a string

re-record tests

* improve documentation and add another example

* use a placebo fixture instead of redundant code in tests

fix tests for PLACEBO_RECORD=false

* Fix data_pipeline docs

use isinstance instead of type()

fix documentation

* fix documentation

* Remove use of undefined variable from data_pipeline module and fix license

* fix copyright header
7 years ago
George Nikolopoulos 31b4ae2e6a New module: manage Citrix Netscaler GSLB site configuration (network/netscaler/netscaler_gslb_site) (#27639)
* Add netscaler_gslb_site

* Lowercase enabled, disabled option values

* Add fixes in netscaler module utils needed for unit test success
7 years ago
George Nikolopoulos d88c07a037 New module: manage Citrix Netscaler GSLB service configuration (network/netscaler/netscaler_gslb_service)) (#27638)
* Add netscaler_gslb_service

* Lowercase enabled, disabled option values

* Add fixes in netscaler module utils needed for unit test success
7 years ago
George Nikolopoulos cd865be987 New module: manage Citrix Netscaler SSL certificate keys (network/netscaler/netscaler_ssl_certkey)) (#27641)
* Add netscaler_ssl_certkey

* Fix options

* Lowercase enabled, disabled option values

* Add fixes in netscaler module utils needed for unit test success
7 years ago
George Nikolopoulos e2f907ae3e Add netscaler_gslb_vserver (#27640) 7 years ago
Felipe Garcia Bulsoni b060d0ccba Initial commits for integration of HPE OneView resources with Ansible (#26026)
* Initial commit for integration of HPE OneView resources with Ansible Core. Adding FC Network and FC Network Fact modules and unit tests, and OneView base class for all OV resources.
7 years ago
Adrian Likins 27a015f0ad add a 'min' type for gather_subset to collect nothing (#27085)
previously gather_subset=['!all'] would still gather the
min set of facts, and there was no way to collect no facts.

The 'min' specifier in gather_subset is equilivent to
exclude the minimal_gather_subset facts as well.

   gather_subset=['!all', '!min'] will collect no facts

This also lets explicitly added gather_subsets override excludes.

   gather_subset=['pkg_mgr', '!all', '!min'] will collect only the pkg_mgr
fact.
7 years ago
mharista c85f363aaa Add module cv_server_provision for integration with Arista CloudVision Portal. (#25450)
* Add module cv_server_provision for integration with Arista CloudVision Portal.

* Doc update.

* Remove shebang from test file. Update short description with company and product name.

* Update exception syntax to Python3 style.

* Remove blank line between imports.

* Remove newlines from RETURN documentation.

* Add cvprac to unittest requirements.

* Update unittest format. Add a few additional tests.

* Mock exceptions from cvprac so the library is not needed for unittests.

* Mock cvprac imports.

* Update unit tests to support python 3.5.

* Mock full cvprac library for unittests.

* Update Jinja2 import to pass updated CI checks.

* Update cvprac imports format for new CI tests.

* Add __metaclass__ and __future__.
7 years ago
Adrian Likins 2b0a7338d4 Handle win style CRLF newlines in vault text (#27590)
When parsing a vaulttext blob, use .splitlines()
instead of split(b'\n') to handle \n newlines and
windows style \r\n (CRLF) new lines.

The vaulttext enevelope at this point is just the header line
and a hexlify()'ed blob, so CRLF is a valid newline here.

Fixes #22914
7 years ago
Roman Belyakovsky 42039cd436 New module: manage debian network interfaces file /etc/network/interfaces (system/interfaces_file) (#25295)
* Added new module interfaces_file

* interfaces_file: added unit tests

* interfaces_file: added golden files for unit tests

* interfaces_file: moved to system modules

* interfaces_file: fixed code formatting and convention issues
7 years ago
James Mighion 4dd8f281d6 Adding aruba_config module (#27130)
* Adding aruba_config module.

* Fixing documentation.

* Forgot action plugin.
7 years ago
George Nikolopoulos f204e7cb33 New module: manage Citrix Netscaler content switching virtual server configuration (network/netscaler/netscaler_cs_vserver) (#26245)
* Add netscaler_cs_vserver

* Correct version_added
7 years ago
George Nikolopoulos 36537186e3 New module: manage Citrix Netscaler content switching policy configuration (network/netscaler/netscaler_cs_policy) (#26189)
* Add netscaler_cs_policy

* Correct version_added
7 years ago
George Nikolopoulos e329c9da8c New module: manage Citrix Netscaler servicegroup configuration (network/netscaler/netscaler_servicegroup)) (#26183)
* Add netscaler_servicegroup

* Correct version_added
7 years ago
George Nikolopoulos 7df14bd2b0 New module: manage Citrix Netscaler load balancer virtual servers configuration (network/netscaler/netscaler_lb_vserver) (#26144)
* Add netscaler_lb_vserver

* Correct version_added
7 years ago
George Nikolopoulos ac0c5dec2f Add netscaler_lb_monitor (#26143) 7 years ago
Adrian Likins 17ab546c48 Add 2.0-2.3 facts api compat (ansible_facts(), get_all_facts()) (#27294)
* Add 2.0-2.3 facts api compat (ansible_facts(), get_all_facts())

These are intended to provide compatibilty for modules that
use 'ansible.module_utils.facts.ansible_facts' and
'ansible.module_utils.facts.get_all_facts' from 2.0-2.3 facts
API.

Fixes #25686

Some related changes/fixes needed to provide the compat api:

* rm ansible.constants import from module_utils.facts.compat

Just use a hard coded default for gather_subset/gather_timeout
instead of trying to load it from non existent config if the
module params dont include it.

* include 'external' collectors in compat ansible_facts()

* Add facter/ohai back to the valid collector classes

facter/ohai had  gotten removed from the default_collectors
class used as the default list for all_collector_classes by
setup.py and compat.py

That made gather_subset['facter'] fail.
7 years ago
Ganesh Nalawade 97a34cf008 Add options sub spec validation (#27119)
* Add aggregate parameter validation

aggregate parameter validation will support checking each individual dict
to resolve conditions for aliases, no_log, mutually_exclusive,
required, type check, values, required_together, required_one_of
and required_if conditions in argspec. It will also set default values.

eg:
tasks:
  - name: Configure interface attribute with aggregate
    net_interface:
      aggregate:
        - {name: ge-0/0/1, description: test-interface-1, duplex: full, state: present}
        - {name: ge-0/0/2, description: test-interface-2, active: False}
    register: response
    purge: Yes

Usage:
```
from ansible.module_utils.network_common import AggregateCollection

transform = AggregateCollection(module)
param = transform(module.params.get('aggregate'))
```

Aggregate allows supports for `purge` parameter, it will instruct the module
to remove resources from remote device that hasn’t been explicitly
defined in aggregate. This is not supported by with_* iterators

Also, it improves performace as compared to with_* iterator for network device
that has seperate candidate and running datastore.
For with_* iteration the sequence of operartion is
load-config-1 (candidate db) -> commit (running db) -> load_config-2
(candidate db) -> commit (running db) ...

With aggregate the sequence of operation is
load-config-1 (candidate db) -> load-config-2 (candidate db) -> commit
(running db)

As commit is executed only once per task for aggregate it has
huge perfomance benefit for large configurations.

* Fix CI issues

* Fix review comments

*  Add support for options validation for aliases, no_log,
   mutually_exclusive, required, type check, value check,
   required_together, required_one_of and required_if
   conditions in sub-argspec.
*  Add unit test for options in argspec.
*  Reverted aggregate implementaion.

* Minor change

* Add multi-level argspec support

*  Multi-level argspec support with module's top most
   conditionals options.

* Fix unit test failure

* Add parent context in errors for sub options

* Resolve merge conflict

* Fix CI issue
7 years ago
Will Thames 5f73bdc3bf [cloud] Improve Camel to Snake conversion in EC2 module_utils (#25015)
* Make camel_to_snake work on capitalized plurals

`TargetGroupARNs` should become `target_group_arns`, not
`target_group_ar_ns`

Promote `camel_to_snake` to top layer function but prefix
it with an underscore.

Add tests for improved `_camel_to_snake` function.

Reduce use of `re.compile` as it makes no sense when the
compilation result is not reused.

* Remove unused LooseVersion check

* Fix PLURALs case for camel_to_snake

Also renamed EXPECTED_CAMELIZATION to EXPECTED_SNAKIFICATION
7 years ago
Dag Wieers 97aaf103e8 ACI module_utils library for ACI modules (#27070)
* ACI module_utils library for ACI modules

This PR includes:
- the ACI argument_spec
- an aci_login function
- an experimental aci_request function
- an aci_response function
- included the ACI team

* New prototype using ACIModule

This PR includes:
- A new ACIModule object with various useful methods
7 years ago
Adrian Likins 934b645191 Support multiple vault passwords (#22756)
Fixes #13243

** Add --vault-id to name/identify multiple vault passwords

Use --vault-id to indicate id and path/type

 --vault-id=prompt  # prompt for default vault id password
 --vault-id=myorg@prompt  # prompt for a vault_id named 'myorg'
 --vault-id=a_password_file  # load ./a_password_file for default id
 --vault-id=myorg@a_password_file # load file for 'myorg' vault id

vault_id's are created implicitly for existing --vault-password-file
and --ask-vault-pass options.

Vault ids are just for UX purposes and bookkeeping. Only the vault
payload and the password bytestring is needed to decrypt a
vault blob.

Replace passing password around everywhere with
a VaultSecrets object.

If we specify a vault_id, mention that in password prompts

Specifying multiple -vault-password-files will
now try each until one works

** Rev vault format in a backwards compatible way

The 1.2 vault format adds the vault_id to the header line
of the vault text. This is backwards compatible with older
versions of ansible. Old versions will just ignore it and
treat it as the default (and only) vault id.

Note: only 2.4+ supports multiple vault passwords, so while
earlier ansible versions can read the vault-1.2 format, it
does not make them magically support multiple vault passwords.

use 1.1 format for 'default' vault_id

Vaulted items that need to include a vault_id will be
written in 1.2 format.

If we set a new DEFAULT_VAULT_IDENTITY, then the default will
use version 1.2

vault will only use a vault_id if one is specified. So if none
is specified and C.DEFAULT_VAULT_IDENTITY is 'default'
we use the old format.

** Changes/refactors needed to implement multiple vault passwords

raise exceptions on decrypt fail, check vault id early

split out parsing the vault plaintext envelope (with the
sha/original plaintext) to _split_plaintext_envelope()

some cli fixups for specifying multiple paths in
the unfrack_paths optparse callback

fix py3 dict.keys() 'dict_keys object is not indexable' error

pluralize cli.options.vault_password_file -> vault_password_files
pluralize cli.options.new_vault_password_file -> new_vault_password_files
pluralize cli.options.vault_id -> cli.options.vault_ids

** Add a config option (vault_id_match) to force vault id matching.

With 'vault_id_match=True' and an ansible
vault that provides a vault_id, then decryption will require
that a matching vault_id is required. (via
--vault-id=my_vault_id@password_file, for ex).

In other words, if the config option is true, then only
the vault secrets with matching vault ids are candidates for
decrypting a vault. If option is false (the default), then
all of the provided vault secrets will be selected.

If a user doesn't want all vault secrets to be tried to
decrypt any vault content, they can enable this option.

Note: The vault id used for the match is not encrypted or
cryptographically signed. It is just a label/id/nickname used
for referencing a specific vault secret.
7 years ago
James Mighion a328e96455 Adding aireos_config module (#27408)
* Adding aireos_config module.

* Fixing pep8 W291.
7 years ago
Trishna Guha 6d1bd33aa5 fix iosxr_banner (#27378)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
7 years ago
Trishna Guha a49c419651 fix nxos_vrf_af nxapi & cli (#27307)
* fix nxapi failure #27142

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* fix nxos_vrf_af nxapi and cli

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
7 years ago
David Newswanger 81151ef02c Remove Deprecated Template network modules (#27076)
* removed deprecated networking template modules

* update changelog

* update changelog
7 years ago
saichint 9b9a8749da Add integration tests and fix nxos providers (#26913)
* fix issues with python3.x

* Add integration testa and fix for nxos_evpn_vni

* add nxos_evpn_vni to nxos.yaml

* fix get_vtp_config()

* add new integration tests

* fix rollback

* add integration test files
7 years ago
Matt Davis 3f1ec6b862 add custom module type validation (#27183)
* Module argument_spec now accepts a callable for the type argument, which is passed through and called with the value when appropriate. On validation/conversion failure, the name of the callable (or its type as a fallback) is used in the error message.
* adds basic smoke tests for custom callable validator functionality
7 years ago
Trishna Guha 41ce724801 fix nxos_hsrp (#27306)
* fix nxos_hsrp

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* modify nxos_hsrp test

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
7 years ago
Toshio Kuratomi 802c9efaa3 Disable abstract-class-instantiated for smoketests
These tests are actually checking that the classes will error out if
they are still abstracted and instantiated
7 years ago
Toshio Kuratomi 225fa5d092 Fix undefined variables, basestring usage, and some associated python3 issues 7 years ago