* s3_bucket: Allow empty encryption_key_id with aws:kms to use KMS master key
* Add idempotency check and cleanup example, dont require encryption_key_id
* ec2_instance/ec2_instance_info : Fixup sanity test errors
* Move ec2_instance integration tests to use aws_defaults
* Search for the AMI instead of hardcoding an AMI
* Make our VPC CIDR variable
* Remove AZ assumptions - no guarantees about specific AZs being available
* Make sure we terminate instances when we're done with them.
* Add a 10 second pause for IAM roles to become available before using them
* Wait on instance changes by default
* Switch out t2 instances for t3 they're cheaper and have more CPU available
* Pull t3.nano instance info a little earlier
* rework vpc_name and vpc_cidr a little
* Mark ec2_instance tests unsupported for now, they take too long
* s3_logging: (integration tests) updated AWS policy
* s3_logging: fix sanity test issues
* s3_logging: Integration tests
* Add pauses to cope with evenual consistency
* Mark s3_logging tests as 'unsupported' for now due to testing instability
* postgresql_privs: add support a type parameter option for types
* postgresql_privs: add support a type parameter option for types, add changelog fragment
* postgresql_privs: add support a type parameter option for types, add schema handling
* postgresql_privs: add support a type parameter option for types, fix typo
* postgresql_privs: add support a type parameter option for types, add comment
* Add support for format option.
* Improve private key format detection.
* Fix raw format handling.
* Improve error handling.
* Improve raw key handling.
* Add failed raw test.
* Improve raw key loading.
* Simplify tests.
* Add raw format tests.
* Fail if format != 'auto_ignore' is specified for pyopenssl backend.
* Fix quoting.
* Bump version.
* Allow to convert private keys between different formats.
* Improve description.
* Add extra args and executable name to podman connection plugin
Like there is for docker plugin, add extra arguments for command
line of podman. Also add configurable executable and checking if
this executable exists on host. Fail module if executable is not
in PATH.
* Update changelogs/fragments/63166-add-extra-args-executalbe-podman-connection.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
Eh, 2.10 is close enough
* drop top-level authorize
* Remove from documentation
* Remove load_params
* nxos_hsrp: I don't think this is an actual module parameter
* Move local params to provider
* Promote 'timeout' to a real parameter for eos_eapi
* Provider now always has auth_pass
* Get no_log parameters from subspec
* Add changelog and unit tests
* Handle list of dicts in suboptions
Add fancy error message (this will probably haunt me)
* Update unit tests to test for list of dicts in suboptions
* Add integration tests
* Validate parameters in dict and list
In case it comes in as a string
* Make changes based on feedback, fix tests
* Simplify validators since we only need to validate dicts
Add test for suboptions passed in as strings to ensure they get validated properly and turned into a dictionary.
ci_complete
* Add a few more integration tests
* add a new module to manage lacp
* add a new module to manage lacp
* add a new module to manage lacp
* add a new module to manage lacp
* add a new module to manage lacp
* update for shippable.
* update for shippable
* add units test to module ce_lacp.
* add units test to module ce_lacp.
* add units test to module ce_lacp.
* update
* update
* update
* update
* update
* update
* update for shippable.
* for shippable
* update ignore.txt to reslove conflict
* update for shippable
* update
* update unittest to remove provider.
* update unittest for shipppable.
* use to_native.
* intergration test
* syntax error
* syntax error
* syntax error
* update for `Andersson007` review and thanks.
* update for shippable
* clean "changed" after it has been processed
without this change, a loop of `debug` tasks with `changed_when`
causes the "changed" status to get lost before output
* runme.sh tests for debug loop status
* fix default collection resolution in adhoc
* if an adhoc command is run with a playbook-dir under a configured collection, default collection resolution is used to resolve unqualified module/action names
* Set ANSIBLE_PLAYBOOK_DIR in integration tests.
* Fix config conflict in ansible integration test.
* add adhoc default collection test
* text-ify warning string
* mysql_replication: add connection_name param for MariaDB multi source support
* mysql_replication: add connection_name param for MariaDB multi source support, add changelog
* add ANSIBLE_PLAYBOOK_DIR envvar support
* allows `ANSIBLE_PLAYBOOK_DIR` envvar as a fallback on CLI types that support `--playbook-dir`. This should have been implemented with #59464, but was missed due to an oversight.
* added basic integration test
* make first-class PLAYBOOK_DIR config entry
* update changelog
* Move EC2 networking objects into network-policy.json
* ec2_vpc_nacl: Add integration tests
* ec2_vpc_nacl: Migrate tests to use module_defaults
* ec2_vpc_nacl: (integration tests) Add missing AWS permissions
* ec2_vpc_nacl: (integration tests) Update tests for ipv6 support
* ec2_vpc_nacl: Migrate to AnsibleAWSModule
* Fix sanity tests for ec2_vpc_nacl and ec2_vpc_nacl_info
* ec2_vpc_nacl_info: Migrate to AnsibleAWSModule
* ec2_vpc_nacl_info: (integration tests) Rename from ec2_vpc_nacl_facts to ec2_vpc_nacl_info and add a test using a filter (by tag)
* Pick availability zones dynamically
Rather than assuming that AZa and AZb always exist (they don't), query to find out which AZs we have available first
* Test that the NACLs we get back are actually the *saml* NACL rather than duplicates/delete remove
* Cleanup IPv6 tests a little.
Note: IPv6 support for ec2_vpc_nacl not complete yet.
This provides the initial framework, and should ensure things don't start exploding when support is added.
* Removing subnets by name from a NACL *is* now supported
* Fix ec2_vpc_nacl return documentation
* mysql_replication: add CI tests with MySQL 5.6
* mysql_replication: add CI tests with MySQL 5.6, add auxiliary checks
* mysql_replication: add CI tests with MySQL 5.6, fix comments
* mysql_replication: add CI tests with MySQL 5.6, add pause
Added vmware module vmware_guest_register_operation
This module can do the following.
Register VM to inventory
Unregister VM from inventory
This is useful when you want to unregister a VM from inventory and register it again.
* Specifying IP addresses needs API version 1.22 or newer.
* Simplify code.
* Use IPAMConfig.IPv*Address instead of IPAddress and GlobalIPv6Address.
* Add changelog.
* Fix syntax errors.
* Add integration test.
* Don't rely on netaddr.
* Normalize IPv6 addresses before comparison.
* Install netaddr, and use it.
* Move tests with docker registry into own target.
* Add docker_login tests.
* Add step which makes sure hello-world:latest is around.
* Make work inside docker container.
* Add dependency.
* Use plaintext password.
* Forgot check_mode.
* Add no_log to avoid double log output in verbose mode.
* AWS: new module iam_user_info
Signed-off-by: psharkey <psharkey@cleo.com>
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Rename from iam_user_facts to iam_user_info.
Rename and target 2.10.
Fixing docs.
* Adding iam_user_info integration test.
Removing unnecessary tasks.
Fixing yamllint failure test/integration/targets/iam_user_info/defaults/main.yml:5:1: empty-lines: too many blank lines (1 > 0).
* name paramter is optional
* Switch to use AnsibleAWSModule.
* Convert to using fail_json_aws
* Rework asserts to inspect ARN.
* Move integration tests from iam_user_info to iam_user.
* Fix pep8 problems.
* ec2_argument_spec not needed with AnsibleAWSModule.
* Switch to use helper in AnsibleAWSModule.
* Add iam_user_info to the aws group.
* Add support for pagination and backoff.
* Check improper parameter usage first.
* Adding test cases for multiple users.
* Rmoving unneeded line.
* Remove unneeded imports.
* Switch to catch BotoCoreError.
* Adding tests for exception coverage.
* Compare user info directly with values from created user.
* iam_role: Add support for managing MaxSessionDuration
* iam_role: Add support for deleting the IAM Instance Profiles we created
* iam_role: migrate all boto failures to fail_json_aws for consistency
* iam_role: test validity of path so we can throw a more understandable error
* iam_role: (integration tests) Split iam_role integration tests from sts_assume_role tests
- Make the iam_role tests more comprehensive
- Add tests for iam_role_info
* iam_role: (integration tests) Make some of our pauses optional
If the tests appear to be flakey we may need to enable standard_pauses
Improve tests
- add more unit test cases
- add specific integration test with more cases
Testing shows no major downside to calling .strip() twice in a comprehension vs. using a regular for loop and only calling .strip() once. Going with the comprehension for ease of maintenance and because comprehensions are optimized in CPython.
Until now, the vcenter provider was switching between `static` and
`govcsim` depending on the presence of the following configuration file:
`test/integration/cloud-config-vcenter.ini`.
This was not consistent with Worldstream, which we enable with the
`VMWARE_TEST_PLATFORM` environment variable.
We now only rely on `VMWARE_TEST_PLATFORM` to know which platform should be
used. `govcsim` is still the default, this to preserve the original
behaviour.
This commit also rename the following variables to be consistent with the rest
of the code base. It also ensures they are alway defined, even with `govcsim`:
- `VCENTER_HOSTNAME`
- `VCENTER_USERNAME`
- `VCENTER_PASSWORD`
The `pids` module returns the list of the PID in a `pids` key.
This change ensures we correctly wait for the end of the previous mongod
instances before we start the next ones.
In addition, we remove an unnecessary `ignore_errors`.
* postgresql: move CI tests of *_tablespace, *_membership, *_idx to separate targets
* postgresql: move CI tests of *_tablespace, *_membership, *_idx to separate targets, change formatting
* Ensure k8s apply works with check mode
Update the new predicted object with fields from the previous object
before applying in check mode
Don't log output of `file` with `state: absent` on huge virtualenvs!
Fixes#60510
* Use openshift client fix to improve apply for check mode
Use new apply_object method to get a better approximation
of the expected object in check mode.
Requires released upgrade to openshift
* Add changelog fragment for k8s apply check mode fix
* Update changelogs/fragments/60510-k8s-apply-check-mode.yml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fix plugin names for collection plugins.
Add an integration test to verify plugin __name__ is correct for collection plugins.
* Fix collection loader PEP 302 compliance.
The `find_module` function now returns `None` if the module cannot be found. Previously it would return `self` for modules which did not exist.
Returning a loader from `find_module` which cannot find the module will result in import errors on Python 2.x when using implicit relative imports.
* add changelog
* sanity/units/merge fixes
* Add integration tests for ansible-doc.
* Enable tests that now pass
* Cleanup processing of plugin docs
* Mostly separate the steps of processing plugin docs
1) Acquire source data
2) Transform and calculate additonal data
3) Format data for output
4) Output data
format_plugin_doc() is still mixing transformation and formatting but
that should be fixed in a devel-only change
* Raise exceptions in _get_plugin_doc() on errors.
* Remove check to exclude on blacklisted extensions. We already request
only .py files
* If there is no DOCUMENTATION entry in the plugin, raise an exception
from _get_plugin_doc(). Everywhere we use _get_plugin_doc(), this is
treated as an error
* If there is no ANSIBLE_METADATA raise an exception as well as
displaying of docs assumes that this has been set.
* If there is neither DOCUMENTATION nor ANSIBLE_METADATA, warn about the
lack of METADATA and error on the lack of DOCUMENTATION. Lack of
DOCUMENTATION is more important so it is what the user should see.
* Add a few special cases for backwards compat. These should probably
be made errors in 2.10:
* no docs but has metadata shows no documentation rather than an error
* empty plugin file shows no doumentation rather than an error
* Simplify backwards compatibility logic.
Fixes#62319
Change `enable` option to `enabled` in junos_interfaces
and junos_lldp_interfaces
data model to be in sync with other network platform
resource modules added in 2.9 version.
* Add ecs_domain module
* Fixes to integration tests and module
* Fixes to tests and module
* Corrections to revalidation behavior, cna only revalidate domains in expiring.
* Remove debugs for final test run, fix sanity check test fails.
* Add checks for domain status
* Add changelog fragment for new module.
* Removed extra space in backtick
* Minor fixes to make behavior more consistent and correct documentation.
* Update lib/ansible/modules/crypto/entrust/ecs_domain.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update lib/ansible/modules/crypto/entrust/ecs_domain.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update lib/ansible/modules/crypto/entrust/ecs_domain.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Apply suggestions from code review
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Change casing of verification method enum, remove redundant changelog fragment
* Return ov_eligible and ev_eligible fields even if false, as long as they're returned by ECS API
* Fix for junos cli_config replace option
* For device that support replace option by loading
configuration from a file on device `config` option
is not required and value of `replace` option is the
path of configuration file on device. This fix allows
invoking run() function in cli_config if `config` option
is None and `replace` option is not boolean
* The command to replace running config on junos device
is `load override <filename>` and not `load replace <filename>`
This is fixed in the junos cliconf plugin.
* Add integration test
* AWS ec2_vpc_net: Enable ipv6 CIDR assignment
Enable IPv6 CIDRs in ec2_vpc_net, and fix ec2_vpc_subnet tests that
were depending on the aws cli for CIDR assignment.
Related to: #27800
* aws_secret: (integration tests) Move tests to using module_defaults
* Update hacking aws security policy to enable management of secrets
* aws_secret: (integration tests) Fixup integration tests
- Update tests to use resource_prefix as a prefix rather than a suffix
- Pause after role creation to cope with AWS being slow (and returning before the role it ready)
* Fix ec2_vpc_vgw broken tests
Add waiter function to wait for API to report detached vgw is available.
Also catch extra error code in attach retry as EC2 sometimes reports that
the vgw is available several seconds before permitting the attachment.
Fixes: #53185
* Re-enable ec2_vgc_vgw test target
* add new module: aws_stepfunctions_state_machine
* add integration tests for new module: aws_stepfunctions_state_machine
* fix sanity checks
* use files/ folder instead for integration test
* rename role name in integration test
* attempt further permissions
* iam states prefix
* iam integration test prefix
* add iam policy for running step functions state machine actions
* slightly increase iam permission scope
* rename integration test folder to proper name
* move main() method to end of file
* move contents of integration-policy.json for state machines to compute-policy.json
* make check_mode return proper changed value + add check_mode integration tests
* rename module to aws_step_functions_state_machine
* fix missed rename in integration test variable
* add purge_tags option
* bump to version 2.10
* Fixes to ecs_certificate cert chain for #61738
* Added changelog fragment
* Fixes to ecs_certificate for cleaner join, and better integration test
* Fix integration test formatting
* End cert chain with a \n
* Update changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update main.yml
* Update AWS hacking policy to enable ASG Tagging management
* aws_asg: Add tests for ASG Tagging (including idempotency)
* aws_asg: ignore sort order when comparing tags on the ASG (fix idempotency)
* ec2_asg: (integration tests) test for idempotency when managing metrics collection
* ec2_asg: sort list of enabled metrics to ensure clean comparisons.
* iam_group: (integration tests) migrate tests to module_defaults
* iam_group: (integration tests) migrate to using temporary user and group with {{ resource_prefix }}
* iam_group: (integration tests) fix test, checking the return values
* iam_group: (integration tests) Add some more tests around the behaviour of 'changed'
* iam_group: (docs) Update documentation of iam_group return value
* Update AWS testing policies to enable group/user management
* aws_vpc_subnet: (integration tests) migrate to module_defaults
* aws_vpc_subnet: (integration tests) remove hard coded assumption that AZ A exists.
While Amazon now tends to enable all AZs in a region, new customers in us-west-1 are only assigned 2 out of the 3 AZs, which might not include AZ a
* ec2_vpc_subnet: (integration tests) General cleanup
- use "is changed" rather than .changed
- clean up labelling of a couple of assertions (C&P fail)
* ec2_launch_template: (integration tests) make sure security_token is optional
* ec2_launch_template: (integration tests) add dependencies at the top level so they're pulled into the docker containers
* Update Hacking Compute Policies for Launch Templates
* Fix bad assumption about shippable resource_prefix for codebuild and codepipeline tests
* Update test/integration/targets/aws_codepipeline/defaults/main.yml
On OpenBSD, 13 asterisk characters as a password hash, marks the
account as disabled. Otherwise daily(8) script which executes
security(8) will email operator about not properly locked accounts.
Before the diff, we see following warning:
> [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
After the diff, warning is gone.
- Add retries instead of a pause task
- Shorten the IAM role name length
- Put the IAM role name in defaults/main.yml instead
- Fix the aws_codepipeline tests too
* Migrate ec2_eip module to boto3
This patch is a step towards the integration of several PRs that have
attempted to migrate this code
closes#55190closes#45478
Follow-up PRs will address the outstanding changes made in #55190
* Update DevOps AWS policy
- Fix typos in permission names
- While AWS claims you can use 'arn:aws:codecommit:*' it errors unless you use '*'
* aws_codecommit: (integration tests) Migrate to module_defaults
* aws_codecommit: (integration tests) Fix integration tests
* aws_codecommit: (integration tests) Add tests for updating the description
* aws_codecommit: Add support for updating the description and rename "comment" option to "description"
* Initial nxos_file_copy action plugin work
* Remove code from nxos_file_copy module
* Add file_push and file_pull support
* Additional refactoring and shipable updates
* Simplify outcomes and update doc header
* Add more error data information for easier debugging
* Reorder outcomes and add additional tests
* Capture more data for permission denied outcome
Add support for create or re-configure VM with multiple CD-ROMs attaching to IDE controller now, will implement SATA controller support later.
parameters can be set as below:
cdrom:
- controller_type: ide
controller_number: 0
unit_number: 0
type: client
This directory is currently a fixed location to make troubleshooting easier.
It is cleared before each test target runs, but is preserved when a test target finishes.
This allows the contents to be inspected when a test fails.
The previous location was `~/ansible_testing/`.
The new location is within the content root:
- `test/results/.tmp/output_dir` for Ansible
- `tests/output/.tmp/output_dir` for Ansible Collections
Moving the directory reduces the number of places on the filesystem where tests create output.
It also enables the results to be returned from delegated systems.
* default collection support
* playbooks run from inside a registered collection will set that collection as the first item in the search order (as will all non-collection roles)
* this allows easy migration of runme.sh style playbook/role integration tests to collections without the playbooks/roles needing to know the name of their enclosing collection
* disable default collection test under Windows
* enable collection search for role dependencies
* unqualified role deps in collection-hosted roles will first search the containing collection
* if the calling role has specified a collections search list in metadata, it will be appended to the search order for unqualified role deps
* disable cycle detection unit test
* failing on 3.7+, needs proper cycle detection
* see #61527
* Clean up layout paths for integration tests.
* Remove "special" integration test target type.
* Remove unnecessary role detection logic.
* Remove support for non-sh runme scripts.
* Simplify reading of aliases.
* play, block, task: New attribute forks
With this it is possible to limit the number of concurrent task runs.
forks can now be used in play, block and task. If forks is set in different
levels in the chain, then the smallest value will be used for the task.
The attribute has been added to the Base class as a list to easily provide
all the values that have been set in the different levels of the chain.
A warning has been added because of the conflict with run_once. forks will
be ignored in this case.
The forks limitation in StrategyBase._queue_task is not used for the free
strategy.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Handle forks in free strategy
The forks attribute for the free strategy is handled in run in the free
StrategyModule. This is dony by counting the amount of tasks where the uuid
is the same as the current task, that should be queued next. If this amount
is bigger or equal to the forks attribute from the chain (task, block,
play), then it will be skipped to the next host. Like it is also done with
blocked_hosts.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Test cases for forks with linear and free strategy
With ansible_python_interpreter defined in inventory file using
ansible_playbook_python.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Changing forks keyword to throttle and adding some more docs
* default collection support
* playbooks run from inside a registered collection will set that collection as the first item in the search order (as will all non-collection roles)
* this allows easy migration of runme.sh style playbook/role integration tests to collections without the playbooks/roles needing to know the name of their enclosing collection
* ignore bogus sanity error
* filed #61460
* fixed task unit test failure
* don't append an empty collections list to the ds
* ignore leftover local_action in mod_args ds action parsing
* fix async_extra_data test to not require ssh and bogus locale
* disable default collection test under Windows
* ensure collection location FS code is always bytes
* add changelog
* Fix TypeError in ec2_group.py for Python3 when sorting dictionary list
* Using json.loads() and dumps() to replace sorting
* Bug fixes for ec2_group.py
* Dictionaries cannot be compared/sorted in Python3
* Diff will occur when the IpPermissions have the same IpRanges but have different ordering
* 'before' will be sorted by 'Type' with high priority than 'IP', but 'boto3.describe_security_groups()' function cannot get 'Type' from Amazon
* Add some basic diff mode testing to exercise the rule-sorting code
* Addition of ecs_certificate module.
* Documentation and code fixes
* Updates per code review
* Doc fixes, rename of chain_path to full_chain_path, add regex for cert_Expiry check
* Fixes to pep8 check to make regexp string 'raw'.
* Mistakes with find/replace of caseing.
* Added integration tests and some doc cleanup
* Some additional assertions and test typo cleanup
* Update lib/ansible/modules/crypto/entrust/ecs_certificate.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Responses to code review comments
* Remove fake passwords from aliases file.
* Add na_santricity_firmware module.
Manages NetApp E-Series firmware upgrades.
Includes unit and integration tests.
* Add legacy support to na_santricity_firmware module.
* Rename na_santricity_firmware to netapp_e_firmware
* Improved netapp_e_firmware example documentation.
* Add na_santricity_drive_firmware module
Manage NetApp E-Series drive firmware downloads
Includes unit and integration tests
* Rename na_santricity_drive_firmware to netapp_e_drive_firmware
* Model->Role->Module.
Yet to import modules/exos_facts.py
* exos_facts refactor
* future-import and metaclass
* Fix unit tests
* Fix openconfig-lldp word and send_request API from Httpapi class
idempotent, json.dumps in base class, send_requests from base exos class
* action file for exos_lldp_global
* Add intergration tests for exos_lldp_global
* Test data field of the request
* win_updates: Add flag to only download updates without installing them
* Fix test
* Fixes ansible-test (pep8)
* Fix integration test
* Fix actual fix.
* Change collection PS util import pattern
* Add changes for py2 compat
* fix up regex and doc errors
* fix up import analysis
* Sanity fix for 2.6 CI workers
* Get collection util path for coverage collection
* add locks
* rename the module
* add test
* add test
* address comments
* add quote
* can list child scope lock
* minor docs tweaks
* Add files via upload (#62)
* change '\r\n' to '\n' (#63)
* Small changes, just to trigger CI verify.
* trigger CI verify
* remove 's'
* Update according by comments
* change small for trigger CI check
* Added coverage collection for PowerShell - ci_complete ci_coverage
* uncomment out coverage uploader call
* Generate XML for PowerShell coverage
* Use whitelist to exclude coverage run on non content plugins
* Remove uneeded ignore entry
* Try to reduce diff in cover.py
* Fix up coverage report package - ci_complete ci_coverage
`vmware_guest_disk_info` expects the VM to be running. Since
964783fbd2, `prepare_vmware_tests`
creates the test VM with the `powered-off` state. This to increase
the performance.
This commit ensures the test-suite actually run against a running VM,
as expected.
* add module to create aci VMM credential objects
add initial remove and add integration tests for VMM credential objects
* update 'credential' var name to 'name'
* move vmware tests to domain type specific file
* move vmware tests to domain type specific file
add include task in main file to reference domain type specific tests
* update task names
add test to remove credential prior to first credential add
add tests for querying individual credentials
add tests for query all credentials
add additional tests for removing credentials
* update version added to 2.9
remove invalid module references from 'seealso' section
* fix list reference in query all assertions
* add reference to VM_PROVIDER_MAPPING keys for vm_provider arg
* Fix junos resource modules group based config and minor updates
Fixes https://github.com/ansible/ansible/issues/61183
* Add support to get inherited configuration for resource
modules to handle group based configuration
* Add task input check for merged, replaced and overridden
states in junos resource modules
* Integration test for group based configuration
* Fix CI test failures
* Fix test failures
* add azure monitor log profile module
* fix version
* fix lint
* mark test as unsupported
* fix lint
* fix lint
* Fix the error prompted in the comments