* Cisco Intersight module_utils and intersight_facts module
* Add RETURN information and fix pylint, import, and pep8 issues.
* Review updates for specifying type of params/returns and not polluting ansible_facts.
* BSD one line license, validate_certs used, urls.fetch_urls replaces requests
* module_utils: Clean up parameter types
This PR includes:
- Parameter types added
- Copyright format fixes
- Short license statement
- Description fixes (only for a few files, then I stopped :-))
* More network stuff
* Fix typo
* Fix PEP8
* Fix booleans
* Fix typo
* module_utils: Clean up parameter types (database)
This PR includes:
- Parameter types added
- Copyright format fixes
- Short license statement
- Description fixes (only for a few files, then I stopped :-))
* Fix validate-modules test ignores
* module_utils: Clean up parameter types (storage)
This PR includes:
- Parameter types added
- Copyright format fixes
- Short license statement
- Description fixes (only for a few files, then I stopped :-))
* Fix quotes
* Fix rST issue
* Raise AnsibleConnectionError on winrm con errors
Currently all uncaught exceptions of the requests library that is used
in winrm will lead to an "Unexpected failure during module execution".
Instead of letting all exceptions bubble up we catch the connection
related errors (inkl. timeouts) and re-raise them as
AnsibleConnectionError so Ansible will mark the host as unreachable and
exit with the correct return code.
This is especially important for Zuul (https://zuul-ci.org) to
distinguish between failures and connection/host related errors.
* Update lib/ansible/plugins/connection/winrm.py
Co-Authored-By: westphahl <westphahl@gmail.com>
* Add changelog fragment
* identity: Add GSSAPI suport for FreeIPA authentication
This enables the usage of GSSAPI for authentication, instead of having
to pass the username and password as part of the playbook run.
If there is GSSAPI support, this makes the password optional, and will
be able to use the KRB5_CLIENT_KTNAME or the KRB5CCNAME environment
variables; which are standard when using kerberos authentication.
Note that this depends on the urllib_gssapi library, and will only
enable this if that library is available.
* identity: Add documentation for GSSAPI authentication for FreeIPA
This documentation describes how to use GSSAPI authentication with the
IPA identity modules.
* identity: Add changelog for GSSAPI support for IPA
This adds the changelog entry for the GSSAPI authentication feature for
the IPA identity module.
* Check that verify_ssl defined in tower_cli.cfg isn't ignored
* Avoid to override verify_ssl value defined in tower_cli.cfg
By default, tower-cli library enables SSL certificates check. But
verify_ssl false value defined in config files read by default by
tower-cli library (for example /etc/tower/tower_cli.cfg) was ignored
because overriden by the tower_verify_ssl parameter default value.
* fix a typo in comment
There are other chat systems with hook implementations more or less
compatible with Slack, such as Rocket.Chat. The latter requires the
Content-Type header to be set to "application/json" (the body is JSON).
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
* [WIP] become plugins
Move from hardcoded method to plugins for ease of use, expansion and overrides
- load into connection as it is going to be the main consumer
- play_context will also use to keep backwards compat API
- ensure shell is used to construct commands when needed
- migrate settings remove from base config in favor of plugin specific configs
- cleanup ansible-doc
- add become plugin docs
- remove deprecated sudo/su code and keywords
- adjust become options for cli
- set plugin options from context
- ensure config defs are avaialbe before instance
- refactored getting the shell plugin, fixed tests
- changed into regex as they were string matching, which does not work with random string generation
- explicitly set flags for play context tests
- moved plugin loading up front
- now loads for basedir also
- allow pyc/o for non m modules
- fixes to tests and some plugins
- migrate to play objects fro play_context
- simiplify gathering
- added utf8 headers
- moved option setting
- add fail msg to dzdo
- use tuple for multiple options on fail/missing
- fix relative plugin paths
- shift from play context to play
- all tasks already inherit this from play directly
- remove obsolete 'set play'
- correct environment handling
- add wrap_exe option to pfexec
- fix runas to noop
- fixed setting play context
- added password configs
- removed required false
- remove from doc building till they are ready
future development:
- deal with 'enable' and 'runas' which are not 'command wrappers' but 'state flags' and currently hardcoded in diff subsystems
* cleanup
remove callers to removed func
removed --sudo cli doc refs
remove runas become_exe
ensure keyerorr on plugin
also fix backwards compat, missing method is attributeerror, not ansible error
get remote_user consistently
ignore missing system_tmpdirs on plugin load
correct config precedence
add deprecation
fix networking imports
backwards compat for plugins using BECOME_METHODS
* Port become_plugins to context.CLIARGS
This is a work in progress:
* Stop passing options around everywhere as we can use context.CLIARGS
instead
* Refactor make_become_commands as asked for by alikins
* Typo in comment fix
* Stop loading values from the cli in more than one place
Both play and play_context were saving default values from the cli
arguments directly. This changes things so that the default values are
loaded into the play and then play_context takes them from there.
* Rename BECOME_PLUGIN_PATH to DEFAULT_BECOME_PLUGIN_PATH
As alikins said, all other plugin paths are named
DEFAULT_plugintype_PLUGIN_PATH. If we're going to rename these, that
should be done all at one time rather than piecemeal.
* One to throw away
This is a set of hacks to get setting FieldAttribute defaults to command
line args to work. It's not fully done yet.
After talking it over with sivel and jimi-c this should be done by
fixing FieldAttributeBase and _get_parent_attribute() calls to do the
right thing when there is a non-None default.
What we want to be able to do ideally is something like this:
class Base(FieldAttributeBase):
_check_mode = FieldAttribute([..] default=lambda: context.CLIARGS['check'])
class Play(Base):
# lambda so that we have a chance to parse the command line args
# before we get here. In the future we might be able to restructure
# this so that the cli parsing code runs before these classes are
# defined.
class Task(Base):
pass
And still have a playbook like this function:
---
- hosts:
tasks:
- command: whoami
check_mode: True
(The check_mode test that is added as a separate commit in this PR will
let you test variations on this case).
There's a few separate reasons that the code doesn't let us do this or
a non-ugly workaround for this as written right now. The fix that
jimi-c, sivel, and I talked about may let us do this or it may still
require a workaround (but less ugly) (having one class that has the
FieldAttributes with default values and one class that inherits from
that but just overrides the FieldAttributes which now have defaults)
* Revert "One to throw away"
This reverts commit 23aa883cbed11429ef1be2a2d0ed18f83a3b8064.
* Set FieldAttr defaults directly from CLIARGS
* Remove dead code
* Move timeout directly to PlayContext, it's never needed on Play
* just for backwards compat, add a static version of BECOME_METHODS to constants
* Make the become attr on the connection public, since it's used outside of the connection
* Logic fix
* Nuke connection testing if it supports specific become methods
* Remove unused vars
* Address rebase issues
* Fix path encoding issue
* Remove unused import
* Various cleanups
* Restore network_cli check in _low_level_execute_command
* type improvements for cliargs_deferred_get and swap shallowcopy to default to False
* minor cleanups
* Allow the su plugin to work, since it doesn't define a prompt the same way
* Fix up ksu become plugin
* Only set prompt if build_become_command was called
* Add helper to assist connection plugins in knowing they need to wait for a prompt
* Fix tests and code expectations
* Doc updates
* Various additional minor cleanups
* Make doas functional
* Don't change connection signature, load become plugin from TaskExecutor
* Remove unused imports
* Add comment about setting the become plugin on the playcontext
* Fix up tests for recent changes
* Support 'Password:' natively for the doas plugin
* Make default prompts raw
* wording cleanups. ci_complete
* Remove unrelated changes
* Address spelling mistake
* Restore removed test, and udpate to use new functionality
* Add changelog fragment
* Don't hard fail in set_attributes_from_cli on missing CLI keys
* Remove unrelated change to loader
* Remove internal deprecated FieldAttributes now
* Emit deprecation warnings now
* standardize user/password connection vars
* docs: use ansible_user and ansible_password
* docs: var precedence for connection vars
* docs: ansible_become_pass -> ansible_become_password etc
* k8s*: add a reference to k8s_auth in all the modules' descriptions
* k8s_auth: new k8s module for handling auth
* k8s_auth: ignore E203
Can't use module_utils.urls, since that lacks user CA support, which is
a critical feature of what this module does.
* Create new documentation pages for httpapi and cliconf
* Add new documentation to plugins toctree and Makefile
* Add DOCUMENTATION to cliconf
* Apply suggestions from code review
* Move docker_ module_utils into subpackage.
* Remove docker_ prefix from module_utils.docker modules.
* Adding jurisdiction for module_utils/docker to $team_docker.
* Making docker* unit tests community supported.
* Linting.
* Python < 2.6 is not supported.
* Refactoring docker-py version comments. Moving them to doc fragments. Cleaning up some indentations.
Fixes: #51675
the sample for 'Fetch all deployments' is "{{ lookup('k8s', kind='Deployment', namespace='testing') }}" but it should be "{{ lookup('k8s', kind='Deployment') }}"
* Update yaml.py exmaple to include A colon
took me some time to find that out, you can have a single host under a group without the A colon, but if you add another host also w/o A colon, they will be parsed as a single line.
* Update yaml.py
* PR Candidate for FortiManager Connection Plugin, plus associated Utilities.
* Update fortimanager.py
Adding additional comments
* Committing changes for PR as requested by Ansible Staff
* Minor doc change to kick off new shippable test. Unrelated code (not our stuff) caused a failure on the last test.
* Removed generic methods for get/set/etc. Moved a copy of FMGRLockCTX into the plugin for portability, and to left the original in the mod_utils/fortimanager.py as deprecated code for pre-2.7 customers still running on pyFMG and not the plugin.
Tested all playbooks and all modules, and all appears well.
Added support for username and password authentication in hashi_vault
lookup plugin.
Fixes: #38878
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* identity: Autodetect FreeIPA server with DNS
This adds the ability for the freeIPA related modules to be able to
auto-detect the IPA server through DNS.
This takes advantage of the fact that a lot of FreeIPA deployments
configure their hosts to use IPA as the nameserver.
This check is only used if we didn't set neither the ipa_host parameter,
nor the environment variable IPA_HOST.
* identity: Specify docs for DNS discovery of ipa_host
These docs specify that it can now default to DNS if the 'ipa-ca' entry
is available.
* Add coherency between check and normal mode see issue #24633
* Add changelog fragment for the PR
* Make change following PR comment
* Remove trailing whitespace
* aws_ec2 Implement the missing 'region discovery'
fixes#45288
tries to use api as documented (which seems to fail in latest boto3 versions)
and fallback to boto3 'hardcoded' list of regions
* fixes and cleanup, add error for worst case scenario
* fix tests, remove more unused code
* add load_name
* acually load the plugin
* set plugin as required
* reverted test changes, removed options tests
* fixes as per feedback and cleanup
* Standardize cliconf get_capabilities
* Check for capabilities before querying them
* Try to be more helpful when unexpected things are found in get_capabilities
* Add flags param to get_config for compatibility
* promote doc_fragments into actual plugins
change tests hardcoded path to doc fragments
avoid sanity in fragments
avoid improper testing of doc_fragments
also change runner paths
fix botmeta
updated comment for fragments
updated docs
* faster config loading
- used already loaded module var instead of doc functions
- add preload to populate config defs cache
- avoid debug work when not in debug
- generators, force consumption
* Catch SSH authentication errors and don't retry multiple times to prevent account lock out
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Subclass AnsibleAuthenticationFailure from AnsibleConnectionFailure
Use comparison rather than range() because it's much more efficient.
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Make paramiko_ssh connection plugin behave the same way
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add changelog
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Replace loose string that should be a byte string
* Replace byte string literals with string literals
* These, on the other hand, need to be byte strings
* Increase persistent command_timeout default value
* Increase command_timeout default value from 10 to 30 sec
to reduce frequent timeout issue for network connection
types (netconf/network_cli/httpapi/napalm)
* Fix review comments
* added timestamps to nxos_command module
nxos_command module now returns timestamps field, which shows command execution time
* fixed unit test failure for /lib/ansible/module_utils/basic
* cosmetic changes to align with PEP 8
* Revert "avoid x2 setting of set_fact when 'cacheable' (#50564)"
This reverts commit 207848f354.
* clarify clear_facts with set_fact cacheable
revert previous 'fix' as it will break playbooks by changing precedence
opted to leave current behaviour but document it on both plugins to mitigate confusion
fixes#50556
also fix grammer, add comment, remove unused e
* Add autopublish and autoinstallpolicy behaviour to Checkpoint devices
Up till now we published and installed policy package for every operation,
however operators may not want that and only reconcile changes after a series
of changes.
Added flags to toggle this behaviour, which defaults to autopublish and
autoinstall policy package just as it was till now.
The policy package name defaults to 'standard', since it's the default one
created on the Checkpoint management server on AWS, unsure if that's common
in other setups.
* Change signature for publish and install policy
The module object is not needed
* Fix pep8
* Fix install_policy invocation
Also fix payload in publish/discard, since it seems passing the UID
when it's not needed has issues.
* Add doc fragments
* Remove default value of targets on install_policy method
It's already defaulting to None via checkpoint_arg_spec
* Fix pep8
* Remove doc fragment and push down auto options to resource modules
I realized if I put those options as doc fragments they will show up
on facts module, which do not apply, only on resource modules that
mangle with objects.
* Fix bogus param name and validate modules issues
* Fix bogus param name on checkpoint_host
* Bubble up import exception content for k8s module
Signed-off-by: Fabian von Feilitzsch <fabian@fabianism.us>
* Track down other places import exception is reported
* Add changelog fragment
* Fix encoding issues with file paths.
Discovered while testing with ANSIBLE_CONFIG env var set to a path
that contained unicode characters while LC_ALL=C.
* Fix unit tests.
* Fix another path encoding issue.
* Added documentation around using vmware dynamic inventory plugin
* Fixed bug for populating host_ip in hostvars for given inventory host
* VMware: Add properties in vmware_vm_inventory
Fixes: #50249
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Provide toggle flag to allow display of unreachable task to stderr
using default callback plugin.
Fixes: #48069
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add auth_timeout parameter when supported
Paramiko 2.2 introduces the auth_timeout parameter. This will set the
parameter to the same value of the timeout parameter to prevent
"Authentication timeout" errors.
* Conditionally add auth_timeout to ssh.connect
Renamed sock_kwarg to ssh_connect_kwargs and conditionally added the
auth_timeout parameter based on the installed paramiko version.
* Add changelog fragment
* csv of memory usage
* Fix var
* Configurable output file
* Add cpu profiling
* Valdiate the existence of cgroup files
* Add guard to prevent exception when trying to reset max memory value
* to_bytes/to_text and docs updates
* Add support for CPU results
* Just track the max, don't log all results, and then calculate max
* Restore cgroup_memory_recap, and move new functionality into cgroup_perf_recap
* Add pid count tracking, restructure to support more profilers
* Add cli tool for graphing cgroup_perf_recap data
* csv_output_dir is a path
* Correct CALLBACK_NAME
* Include uuid in csv data
* fix linting errors
* Bump version_added
* Create helper funciton to create dict from list of keys, with callable default
* Updated notes to include pids
* Print a newline after each section
* Plugin improvements
* Add option to supporess recap display
* Add default for output directory
* Add option to dictate whether or not to write files
* Add JSON-seq output option
* s/uuid/task_uuid
* Use bytes for paths
* Increase polling interval length for pids/memory
* Reduce instance attrs, change how we invoke profilers
* Shorten some line lengths
* Remove more instance attrs
* Fix some typos
* document directory creation, and catch exceptions
* Enable per task file outputs, and filename customization
* s/per_task_file/file_per_task/g
* Add checkpoint httpapi plugin and access rule facts module
* WIP checkpoint_access_rule module
* Add publish and install policy, plus fix empty json object request for publish
* Refactor publish and install_policy onto module_utils
* Add update resource logic
* Add checkpoint_host_facts module
* Return code and response on get_acess_rule function
* Add checkpoint_host module
* Add checkpoint_run_script module
* Add checkpoint_task_facts module
* Show all tasks if no task id is passed
Note, this is only available on v1.3 of Checkpoint WS API
* Add update logic to checkpoint host
* Add full details on get task call
* Add checkpoint httpapi plugin
* Fix pep8
* Use auth instead of sid property and return False on handle_httperror method
* Fix version in docstring
* Remove constructor
* Remove Accept from base headers
* Do not override http error handler and assign Checkpoint sid to connection _auth
There is scaffolding in the base class to autoappend the token, given
it is assigned to connection _send
* Use new connection queue message method instead of display
* Remove unused display
* Catch ValueError, since it's a parent of JSONDecodeError
* Make static methods that are not used outside the class regular methods
* Add missing self to previously static methods
* Fix logout
Was carrying copy pasta from ftd plugin
* Remove send_auth_request
* Use BASE_HEADERS constant
* Simplify copyright header on httpapi plugin
* Remove access rule module
* Remove unused imports
* Add unit test
* Fix pep8
* Add test
* Add test
* Fix pep8
* Fix backup issue in network config modules
* Fix `get_working_path` not found issue introduced due to
backup config code refactor (PR #50208)
* Further refactor config related action plugins to minimize
duplicate code
* Remove unwated imports in config action plugins
* Add common network class for action plugin and related code refactor
* Fix review comment
* Once cli args are parsed, they're constant. So, save the parsed args
into the global context for everyone else to use them from now on.
* Port cli scripts to use the CLIARGS in the context
* Refactor call to parse cli args into the run() method
* Fix unittests for changes to the internals of CLI arg parsing
* Port callback plugins to use context.CLIARGS
* Got rid of the private self._options attribute
* Use context.CLIARGS in the individual callback plugins instead.
* Also output positional arguments in default and unixy plugins
* Code has been simplified since we're now dealing with a dict rather
than Optparse.Value
* urldecode filter for Jinja2
We needed this in order to deconstruct correct URLs using Jinja2.
And we might as well upstream this.
* Add integration tests
* Fixes for Python 3
* Add urlencode for older Jinja2
* Add support for NRDP notifications
* Correct pep-8 check, adding copyright
* Correct pep-8 check using autopep8
* Update nrdp to 2.6 version
* Update nrdp to 2.7 version
* Use internal ansible url and options modules
* Remove useless comments
* Add option to validate https certs
* Update nrdp to 2.8 version
* Correct nrdp pep8
* Add session tracing support for network_cli, netconf and httapi connection
* Add `persistent_log_messages` configuration option to log device inteaction
in log file for network_cli, netconf and httapi connection
type
* Log jsonrpc request and response in log file is configuration option
is enabled
* Update docs to talk about warning shown when persistent_log_messages is on
* Revert "Fix incorrect examples with random filter (#50137)"
This reverts commit 9a7dbd5213.
The correction is incomplete and also based on a 'fix' that was supposed to have been reverted already
* Revert "Added `+1` to the `end` in `random` filter so that it was inclusive (#27215)"
This reverts commit ea2b89c7ae.
reverted fix as agreed at the time, but missed by maintainers.
* Connections can queue messages to be returned from ansible-connection
* Provide fallback for invalid display level
* Strip display from plugins
* Route messages through helper method to try to avoid improper appends
verify_file was improperly always returning true if pyvimomi and requests libs were correct
moved library checking to parse, avoid unneded errors unless the file is actually meant for
this plugin
* Fix mandatory statement error for junos modules
Fixes#40267
* Add error regex in junos terminal plugin to error out
in case of commit fails
* If commit fails add logic to discard changes before existing
else next task will result in error
* Add integration test
* Minor update
* Fix example in ini.py
* Fix unittest in test_ini.py to pass CI as latest ansible returns list in
different order. To prevent such issues in future results are sorted
* PEP8 E501 styling improvements
Co-Authored-By: Sergii Golovatiuk <sgolovat@redhat.com>
* PSRP: Add support for reconnection retries
This adds support for reconnection retries to overcome sudden Connection
Refused or other recoverable states. (Either because WinRM is (re)started,
or firewall changes make it briefly unavailable)
* Fixes from review comments
* In some cases, it appears that Exception should have been used instead
as there's no need to catch sys.exit KeyboardInterrupt and similar.
* In a few cases, it appears that BaseException is used because
a library we depend on calls sys.exit() contrary to good coding
design. Comment those so that we know that those have been audited
and found to be correct and change to use (Exception, SystemExit)
instead.
* Bare minimum rip out cliconf
* nxapi changeover
* Update documentation, move options
* Memoize device_info
* Gratuitous rename to underscore use of local api implementation
Fixup eos module_utils like nxos
* Streamline version and image scans
* Expose get_capabilities through module_utils
* Add load_config to module_utils
* Support rpcs using both args and kwargs
* Add get_config for nxos
* Add get_diff
* module context, pulled from nxapi
We could probably do this correctly later
* Fix eos issues
* Limit connection._sub_plugin to only one plugin
* Fix various bugs related in reboot
- Use format strings for consistency and improve debug log messages
- Use local variables instead of class attributes in order to be thread safe
- Run setup module to get distribution and version
- Run find module to get full path of shutdown command
- Use ansible_os_family and ansible_distribution to find commands and args
- Use same command for all Solaris/SunOS distributions
- Move delay calculations to properties
- Reliably check for module run failure
- Fix bug in run_test_command() that accidentally made the method work properly
- Use better exceptions rather than Exception
- Use dict literals rather than constructors
- Correct _check_delay() so it always returns a value, not None
- Don't store and return result in run_test_command() because it's not used anywhere
- add test for post reboot command that fails
- test negative values for delay parameters
* Consolidate handler tracking
- Remove unused code. ci_complete
- unit test fixes. ci_complete
- Restore previous behavior of matching a single handler
- when notifying a host for a handler, return True if it was added, False otherwise, to reduce copied logic
- rename funcitons for clarity. ci_complete
- Remove handler logic for static includes which was disabled previously
Template lookup plugin now support variable_start_string and
variable_end_string, just like template module.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fix py3 scope for unique filter errors, enable filters integration tests on rhel8 beta
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog
Signed-off-by: Adam Miller <admiller@redhat.com>
* Fix FactCache to conform to the dict API
* update needs to take a dict rather than a key and a value
* __init__ needs to allow for setting the intial dictionary
* Remove unneeded _display and _cache attributes
* Move ansible.plugins.cache.FactCache to
ansible.vars.fact_cache.FactCache because this isn't part of the cache
plugin API.
* Add backwards compatibility when calling update on the new FactCache
* Remove code for calling old FactCache. There's no way to call the old
FactCache so there's no need for backwards compatible code for calling
code. Backwards compatibility is handling things which are calling
the new FactCache.
* Port our code to the new FactCache location.
* Implement test case prefix to filter test cases
* Cut line to not exceed 160 chars
* Replace tabs with spaces
* Add version_added field
* Include changelog file
* Fix iosxr netconf plugin response namespace
* iosxr netconf plugin removes namespace by default
for all the responses as parsing of xml is easier
without namepsace in iosxr module. However to validate
the response received from device against yang model requires
namespace to be present in resposne.
* Add a parameter in iosxr netconf plugin to control if namespace
should be removed from response or not.
* Fix CI issues
* Fix review comment
Different connection plugins return different data when throwing exceptions. The Paramiko connection plugin does not return a text sting, which caused an exception.
The ssh connection plugin returns multi-line errors, which makes the debug logs harder to read. Only return the last line in that case in order to make the logs more readable.
When experiencing a connection failure, reset the connection.
Add reset() to paramiko_ssh
Indicate thet conection state is False when running close(). This is needed by the ensure_connected() decorator to work properly.
Co-authored-by: Matt Martz <matt@sivel.net>
* test for openstack inventory constructed functionality
this adds unit tests for the compose, groups, and keyed_var features
of the openstack inventory plugin
* fix constructed functionality in openstack inventory plugin
The compose, groups, and keyed_groups functionality of the openstack
inventory plugin was broken:
- the plugin was not passing the correct variables to the
Constructable methods for compose and groups
- the plugin was simply never calling the appropriate method for
implementing keyed_groups
This commit fixes both issues.
Network platforms that don't have cliconf plugin will fail when
sending rpc calls for the reset_history and disable_response_logging
functions because those are defined in cliconf exclusively at this
time.
This patch adds checks for those attributes before making the call
* Add append_hash functionality to k8s module
append_hash adds a hash based on the contents of a ConfigMap
or Secret to the name - this enables immutable ConfigMaps and
Secrets.
* Provide k8s_config_resource_name plugin
The k8s_config_resource_name filter plugin provides a means of determining
the name of ConfigMaps and Secrets created with append_hash
* Add changelog fragment
* fix failing tests
* Update openshift version needed for append_hash
* FTD modules: bug fixes and upsert functionality
* Fix sanity checks
* Fix unit tests for Python 2.6
* Log status code for login/logout
* Use string formatting in logging
* inventory now errors for invalid group/host names
also made yaml inventory slightly smarte
fixes#45493
* add some 'YAML protection' to ini plugin
* better msg
* avoid ranges as positive match
* pepe
* expand inherited instead of total override
* Always use /proc/sys/kernel/random/boot_id to confirm reboot on Linux
/proc/sys/kernel/random/boot_id is available since kernel 2.3.16 and
should be safe to rely on.
The previously used method by checking the system boot time using who -b
turned out to be unreliable: Some systems lacking an RTC report the Unix
epoch as boot time, but the code trying to detect that did't always
work.
Closes#46562
* Change DEFAULT_BOOT_TIME_COMMAND
- change to usinsg /proc by default
- add BOOT_TIME_COMMANDS for BSD, Solaris, and macOS
* win_update: Add post search category matching to support product matching
* win_updates: Return categories of each update
* win_updates: Documentation fix-up
* win_updates: Adjusted documentation to reflect regex vs sub-string match of post-cat strings
* win_updates: Sped up post-category checking
* win_updates: Updated documentation to suggest querying post-category strings
* win_updates: Simplified saving and checking post-categories
* fixed some issues and added filtered categories to return value
* win_updates: Moved all category matching to occur after initial search
* win_updates: Adjustments to satisfy PowerShell lint checks
* win_updates: Dropped category validation from action plugin
* win_updates: Documentation updates
* win_updates: Fixed plugin unit tests
* First pass at a toml inventory
* Make EXAMPLES yaml
* Remove unnecessary comment
* Small formatting changes
* Add ansible-inventory option to list as TOML
* TOML inventory improvements, to allow a more simple inventory, specifically related to children
* changelog
* Simplify logic
* Dedupe _expand_hostpattern, making it available to all inventory plugins
* Don't make the TOML inventory dependent on the YAML inventory
* Quote IP address values
* Add more TOML examples
* Further cleanups
* Enable the toml inventory to run by default
* Create toml specific dumper
* 2.8
* Clean up imports
* No toml pygments lexer
* Don't raise an exception early when toml isn't present, and move toml to the end, since it requires an external dep
* Require toml>=0.10.0
* Further clean up of empty data
* Don't require toml>=0.10.0, but prefer it, add code for fallback in older versions
* Ensure we actually pass an encoder to toml.dumps
* Simplify recursive data converter
* Appease tests, since we haven't limited controller testing to 2.7+
* Update docstring for convert_yaml_objects_to_native
* remove outdated catching of AttributeError
* We don't need to catch ImportError when import ansible.plugins.inventory.toml
* Add note about what self.dump_funcs.update is doing
* Address some things
* A little extra comment
* Fix toml availability check
* Don't create an intermediate list
* Require toml file extension
* Add metadata
* Remove TOML docs from intro_inventory to prevent people from getting the wrong idea
* It's in defaults, remove note
* core supported, indicate very clearly that this is preview status
* fix(tasks: synchronize): wrap in sshpass if ssh password was provided
Closes#16616
* fix(tasks: synchronize): pass rsync password to sshpass via fd
* fix(tasks: synchronize): use fail_json instead of AnsibleError
* fixup! fix(tasks: synchronize): use fail_json instead of AnsibleError
fix python2 handling
* feat(module_utils: basic: run_command): add optional arguments `pass_fds` and `before_communicate_callback`
* fix(tasks: synchronize): use module.run_command instead of subprocess.Popen
* fixup! fix(tasks: synchronize): use module.run_command instead of subprocess.Popen
remove unused import
* fixup! fixup! fix(tasks: synchronize): use module.run_command instead of subprocess.Popen
pass_fds only if they passed to run_command()
The current doc of k8s_raw_module contain a copy paste of the env var name :
```
host :
Provide a URL for accessing the API. Can also be specified via K8S_AUTH_HOST environment variable.
key_file : Path to a key file used to authenticate with the API. Can also be specified via K8S_AUTH_HOST environment variable.
```
shade is not used anymore by the `os_*` modules.
PR #40532 replaces `shade` library by `openstacksdk`. This commit clean
up some references to the old library. It's similiar to what has been
done in PR #40784.
* New v2_runner_on_start callback added to indicate the start of execution for a host in a specific task
* Add changelog fragment
* Minor docstring clarification
* Parsing plugin filter may raise TypeError, gracefully handle this exception
and let user know about the syntax error in plugin filter file.
* Test for plugin_filtering
Fixes: #46658
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This reverts commit c649d0ea32.
The change results in deadlock in network_cli while it is
waiting to check the return value of recv_ready() which
was added in this commit to improve performance
* Add shorthand debugger method to recreate the task from the original ds, and re-template. Fixes#46321
* Fix rst header
* Indicate update_task was added in 2.8
* Add Scaleway API pagination to server inventory call
* Move Link parsing to helper module
* Correct some PEP8 errors
* Replace AnsibleError with ScalewayException in module_utils since the former doesn't work
* Simplify the regexes to match the intended purpose
* Cleanup helper to conform to review
* Cleanup Scaleway inventory to conform to review
* Flatten the conditional branches structure
* fix a regexp typo
* Fix prompt mismatch issue for ios
Fixes#40884#44463
* If the command prompt is matched check if data is
still pending to be read from buffer.
* This fix adds a new timer `buffer_read_timeout`
which will be trigerred after command prompt
is matched and data is attempted to be read from channel.
If not data is present of channel the timer will expire
and response we be returned to calling function.
* Fix unit test failure
* Update to make buffer timeout float
* Update doc and fix review comment
* Fix CI issues
* Update doc
* Fix review comments
* Fix review comments
* Fix AWS EC2 inventory plugin caching of groups
* Added changelog fragment for aws_ec2 caching fix
* Store the AWS query results
The underlying inventory object contains inventory from other sources,
so caching it as ours would be wrong.
It seems easiest and safest to just cache the boto query results
instead.
* Remove unused functions
* reboot: Add timeout in error to help troubleshooting
So we've been hit by 'Timed out waiting for boot_time check' and it was
unclear what timeout was used for the boot_time check. By adding the
timeout value it is easier to understand the used value, and verify if a
change to the timeout is reflected in the output.
* Add changelog fragment
* Add support for IOS vlan parsing filter.
Example usage below:
{% set parsed_vlans = vlans | vlan_parser %}
switchport trunk allowed vlan {{ parsed_vlans[0] }}
{% for i in range (1, parsed_vlans | count) %}
switchport trunk allowed vlan add {{ parsed_vlans[i] }}
* Update test_network.py
Add import statement for filter
* Fixed PEP8 issues relating to comments
* Fix PEP8 issues related to blank lines
* Removed magic numbers for line lengths. This should generalize support
to other IOS-like NOS that use similar methods for listing vlans. The
default arguments for line lengths will still be specific to Cisco IOS.
The unit tests for line length are still specific to Cisco IOS.
* Add url_username and url_password options for url lookup
* Update url.py
Fix documentation
* Fix options documentation
Default value for url_password and url_username is None not an empty string
* Add version added to documentation
* Break command over multiple lines to fix linting
* Fix more linting
* Update version_added in url.py to 2.8
This fix checks if executable exists in local connection specified using
ANSIBLE_EXECUTABLE variable.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* win_reboot: Fix for ignore post_reboot_delay
This fixes an issue where win_reboot would be ignoring the provided
post_reboot_delay (and on Windows timing/waiting is everything!)
This must be backported to the v2.7 branch.
* Merge post-reboot handling into run()
* Adding a basic get lookup for rabbitmq.
* Always return a list
* If content type is JSON, make accessible via dict.
* Fixed incorrect json.loads variable and missing raise
* Change to document returned data
* Fixed pep8 issues
* Adding integration testing
* Moving lookup intgration tests to new target
* New rabbitmq lookup plugin (#44070).
* New rabbitmq lookup plugin (#44070).
* PR review feedback updates
* Testing pika is installed
* Minor mods to tests
* Check if connection is already closed or closing
* Updated tests and connection testing
* PR review feedback updates
* PR review include ValueError in AnsibleError output
* Suggesting to use set_fact when using returned variable more than once.
* Cleaned up some tests, added some notes and handling connection closure on some exceptions.
* Removed finally statement and added some additional error handling.
* Added some additional error handling.
* PR review updates.
* Additional integration tests and removing return in finally
* Updated version
* Changing back to running tests on ubuntu.
* Additional tests
* Running tests on Ubuntu only
* Fixing syntax error
* Fixing ingtegration tests and a string/byte issue
* Removed non-required test and fixed BOTMETA
* Trying to fix integration test failure on ubuntu1404
* Some issues occured when handling messages from the queue with to_native. Switching to to_text resolved the issues.
* Renaming channel to queue (thanks dch). Disabling trusty tests.
Fixes#35120 : the redis cache plugin keeps key/value
entries in an in-memory cache to avoid hitting the
redis database each time.
The problem is that a cache entry is only set when
a value is get or set but it is always deleted when
trying to delete a value.
When the --flush-cache ansible-playbook option is used,
the redis cache plugin is first asked to remove every
entry corresponding to every hostname present in the inventory.
As no value as been set/get so far, it then tries to delete
an unexisting value from the cache and hence crashes with
a KeyError exception.
* win_exec: refactor PS exec runner
* more changes for PSCore compatibility
* made some changes based on the recent review
* split up module exec scripts for smaller payload
* removed C# module support to focus on just error msg improvement
* cleaned up c# test classifier code
* New option JUNIT_TASK_RELATIVE_PATH to output relative paths.
It makes the output in Jenkins much more readable as the absolute
path was taking the whole width of the screen, leaving no space for
the actual message.
A makedirs instead of mkdir slipped in as to make the creation of
the output directory recursive, hope this is OK.
* Add version_added field to doc set to 2.8
* Check that union Jinja filter can be chained
* set filters: fix unexpected templating type error
this error occurs with Jinja 2.10 since 32ec69d827,
for example when union filters are chained:
$ ansible all -i localhost, -mdebug -a"msg={{ []|union([])|union([]) }}"
localhost | FAILED! => {
"msg": "Unexpected templating type error occurred on ({{ []|union([])|union([]) }}):
unsupported operand type(s) for +: 'set' and 'list'"
}
* fix callback Plugin json to support global stat set by set_stats module
* refactor to not break compatiblity, add trailing comma on output dict
* Remove sorted, as it not needed
* refactor, to sivels better code
* clean some code messup
* add changelog fragment
* added missing new line
* fix pep8 stuff
The stdout and stderr values returned from self._low_level_execute() are text, not bytes. This results in an error in Python 3 since str and bytes cannot be concatenated.
Changing to unicode type allows this to work without error on Python 2 and Python 3.
* openshift inventory: fix exception when auth fails
Fix 'ForbiddenError' object has no attribute 'message':
[WARNING]: * Failed to parse test.yml with openshift plugin: 'ForbiddenError' object has no attribute 'message'
File "ansible/lib/ansible/inventory/manager.py", line 270, in parse_source
plugin.parse(self._inventory, self._loader, source, cache=cache)
File "ansible/lib/ansible/plugins/inventory/openshift.py", line 122, in parse
self.setup(config_data, cache, cache_key)
File "ansible/lib/ansible/module_utils/k8s/inventory.py", line 58, in setup
self.fetch_objects(connections)
File "ansible/lib/ansible/module_utils/k8s/inventory.py", line 250, in fetch_objects
super(OpenShiftInventoryHelper, self).fetch_objects(connections)
File "ansible/lib/ansible/module_utils/k8s/inventory.py", line 81, in fetch_objects
namespaces = self.get_available_namespaces(client)
File "ansible/lib/ansible/module_utils/k8s/inventory.py", line 95, in get_available_namespaces
raise K8sInventoryException('Error fetching Namespace list: {0}'.format(exc.message))
Don't try to get 'message' attribute from:
- K8sInventoryException instances
- Exception instances
- KubernetesException instances (because KubernetesException can be
Exception)
* move k8s/OpenShift inventory plugin dedicated code
inventory plugin specific code should not be located in
lib/ansible/module_utils directory. Then ansible.utils methods can be
reused (for example Display).
* Remove unused class variables 'helper'
unused since 4d77878654.
* allow jinja2 unique filter compat
* detect if unique is provided, fallback with warning
* handle j2 specific params
* now all filters using unique must pass environment
* added env to tests
also normalized on how we normally import and use exceptoins
* Start of work on pylint plugin to catch due/past-due deprecated calls
* Improve deprecated pylint plugin
* Catch call to AnsibleModule.deprecate also
* Skip splatted kwargs, we can't infer that info
* Add error for invalid version in deprecation
* Skip version if it's a reference to a var
* Disable ansible-deprecated-no-version for displaying deprecated module info
* fix comments
* is None
* Force specifying a version, this can be disabled on a per case basis
* Disable ansible-deprecated-version by default
* Remove to look for 2.8 deprecated
* Revert "Remove to look for 2.8 deprecated"
This reverts commit 4e84034fd1.
* Add script and template used for creating issues for deprecated issues
* Fix underscore var
* Various changes to nxos_logging. Plus added purge capibility.
* Made a few new nxapi_logging test cases conditional based on version
and/or platform.
* Addressed PR comments and ansibot shippable. Fixed up nxos_logging documentation format.
* Addressed ansibot shippable issues with whitespaces and documentation.
* Resolved ansibot codestyle trailing whitespace
* adds support for null values to the ternary filter
This change adds a third optional argument to the ternary filter to
handle a null value. If the third option is specified null and false
are treated differently.
For instance, take the following example:
{{ enabled | ternary('no shutdown', 'shutdown') }}
If enabled == True, then 'no shutdown' is used.
If enabled in (False, None), then 'shutdown' is used.
With this change the following is possible:
{{ enabled | ternary('no shutdown', 'shutdown', omit) }}
If enabled == True, then 'no shutdown'
If enabled == False, then 'shutdown'
If enabled == None, then omit
* update documentation with example of filter
* update filter documentation example per comments
* fix logic error in user_guide example
* Update yaml-style in password-lookup example
##### SUMMARY
Update the yaml-style in a password-lookup example to match best-practices.
##### ISSUE TYPE
- Docs Pull Request
##### COMPONENT NAME
password_lookup plugin
##### ANSIBLE VERSION
devel
* remove whitespace
* Unify login behavior between 1Password lookup plugins and module
- Use the same names for all credential aspects
- Only require the minimal amount of information for each
- Add more examples
* Change parameter terms
- use terms in line with 1Password documentation.
- update examples
- update tests
* Improve error messages in lookup plugin
* Unify onepassword_facts with lookup plugins
- use same methods and logic for signing in or reusing existing session
- unify terms with lookup plugins
* Change rc test for determing login
An rc other than 1 can be returned when a current login session does not exist.
* Create AnsibleModuleError class
ansible.errors is not available to modules, so create an AnsibleModuleError class within the module
Do not user os.path.expanduser since this is already done by virtue of the type being "path" in the argument spec.
* Add note about risk with fact caching sensitive data
* Add note on op version that was used for testing
* Ensure that the src file contents is converted to unicode in diff info. Fixes#45717
* Fix up and cleanup
* The diff functionality in the callback plugins should have the
to_text() calls removed since we're now doing it in ActionBase
* catching of UnicodeError and warnings in the callback diff
functionality from 61d01f549f haven't been
needed since we switched to to_text so remove them.
* Add a note to ActionBase's diff function giving an example of when the
diff function will be inaccurate and how to fix it
* Fix callback get_diff() tests
I believe the unittests of callback's get_diff() were wrong. They were
sending in a list where strings were expected. Because previous code
was transforming the lists into strings via their repr, the previous
tests did not fail but they would have formatted the test cases output
in an odd way if we had looked at it.
* Try to intuit proper plugins to send to ansible-connection
* Move sub-plugins to init so that vars will be populated in executor
* Fix connection unit tests
* win async: use async_dir for the async results file directory
* tried to unify POSIX and PowerShell async implementations of async_dir
* fix sanity issue
* Add the key_name/value_name options to dict2items - as with items2dict, allow users to configure the key/value name for dict2items, add "version added" and examples
* reboot: Fix typo and support bare Linux systems
This fixes a problem for bare Linux systems that do not support 'who -b' or 'uptime -s'.
* Accumulate stdout and stderr information
* win_script: add support for become and centralise exec wrapper builder
* satisfying the pep8 gods
* do not scan for module dependencies when running as a script
On all supported Pythons, the io.BytesIO is always a stream
implementation using an in-memory bytes buffer. Makes code slightly more
forward compatible by reducing use of the six module.
* Fix diff_ignore_lines option issue for candidate configuration
* diff_ignore_lines option is to handle the running config fetch from
remote host and ignore the lines that are auto updated eg: commit time and date
* This option should not be used while processing candidate (input) configuration
* Fix review comment
Added examples on how to use "keyed_groups", "hostnames", and "compose"
The compose example shows how to set the ansible_host var for a host to either the public or private ip. This is necessary when you set your hostname by name instead of ip
"python-netaddr" is an OS package, but "netaddr" is the pypi package needed in python. Suggesting OS packages for python libs seems in bad form. I like the syntax "python's netaddr" to explain what package manager would have it.
build its intersection set and unnecessarily unique the final result.
The prior use of the intersect() function within the list comprehension
conditional leads to the function being called for every value in the input
list being processed, not efficient. When the input lists a,b are large,
the Ansible run time and resource utilization wildly increases generally
never completing the operation.
Unique of the intersection result is unnecessary as the source list union()
is already unique.
* Fix netconf netconf issues
* Identifier is optional for get_schema api
* Fix dispatch api mandatory argument check
* Add save option handling to copy config from target datastore
to startup datastore if supported
* Validate config in check-mode or if validate option set to true
* Copy config if check-mode is not enabled
* Refactoring code to adhere to persistence connection.
* Update cnos_rollback.py
* Updating license for the refactored method
* Update cnos_rollback.py
* Removing the BSD License as suggested by Legal
* Adding cnos_image after testing on sftp. Test code is also added
* Removing debug comments
* adding space
* Add check in network_cli to handle all prompts
* Add check_all flag to mandatory handle all the command prompt
in prompts list. By default if any one prompt is handled
remaining prompts are ignored.
* Fix cli_command multiple prompt issue
* If multiple prompt and answers are given as input network_cli
handles only the first prompt that matched by default
* If a command execution results in muliple prompt the fix
add support to set a boolean option C(check_all) to indicate
network_cli to wait till all the prompts and answers are processed.
* Update cli_command
* Update api doc
* Fix unit test failure
* Fix CI failure
* Update network_cli
* Fix review comment
David Soper