`ansible-vault` is the only cli command which knows how to handle the
rekey options `--new-vault-id` and `--new-vault-password-file`. No
point in exposing those rekey options to any of the other ansible
commands.
On a practical level I think this matters most in ensuring that
`--help` doesn't produce any false/unhelpful output.
(cherry picked from commit b78ab37a94)
* Unifying wording and formatting of all include and import modules
* Changes based on comments from dharmabumstead
* Removed instances of the term ‘Ansible Engine’
* Removed instances of term ‘Ansible Engine’
* Updated term
* Updated wording
* Updated wording
* Removed the term ‘Ansible Engine’
(cherry picked from commit 283fee90a7)
Without this additional code snippet `ansible-pull` will still accept
the `--vault-id` option. It just won't pass the option along when
invoking `ansible-pull`.
(cherry picked from commit 7bd54a51e2)
locale.setlocale() call removed in 6b5291d68f
is actually needed by time.strptime(). AnsibleModule() changes both: environment
variables and python level locale settings so both need to be reset.
(cherry picked from commit fd4a6cf7ad)
* Added . and / to rule args regexp
Things like pam_echo.so file=/etc/foo.txt weren't being matched and
causing incorrect change counts. Adding / and . fixed that.
Fixes#33351
(cherry picked from commit e957760d52)
* fix for breaking metadata change in various Azure Python SDK bits; some members were marked `readonly` for validation, which the default msrest serializer ignores. Added `keep_readonly` flag to serializer call to ensure they're preserved.
(cherry picked from commit 70e351036d)
* fixes breaking change in Azure DNS Python SDK 1.2.0
* no apparent functional change (the arg appears to have been superfluous all along)
(cherry picked from commit 64f4132571)
* jsonify inventory
* smarter import, dont pass kwargs where not needed
* added datetime
* Eventual plan for json utilities to migrate to common/json_utils when we split
basic.py no need to move jsonify to another file now as we'll do that later.
* json_dict_bytes_to_unicode and json_dict_unicode_to_bytes will also
change names and move to common/text.py at that time (not to json).
Their purpose is to recursively change the elements of a container
(dict, list, set, tuple) into text or bytes, not to json encode or
decode (they could be a generic precursor to that but are not limited
to that.)
* Reimplement the private _SetEncoder which changes sets and datetimes
into objects that are json serializable into a private function
instead. Functions are more flexible, less overhead, and simpler than
an object.
* Remove code that handled simplejson-1.5.x and earlier. Raise an error
if that's the case instead.
* We require python-2.6 or better which has the json module builtin to
the stdlib. So this is only an issue if the stdlib json has been
overridden by a third party module and the simplejson on the system
is 1.5.x or less. (1.5 was released on 2007-01-18)
(cherry picked from commit ebd08d2a01)
This improves compatibility with older IOS devices which do not
support "section" but "include" has been supported for a lot longer.
(cherry picked from commit a6e425e5a3)
* fixed .loads error for non decoded json in Python 3
* fixed .loads error Python 3.5 - refactor code to one line
* fixed .loads error python 3.5 - mod to use to_text instead of .decode as per reviewer comment
(cherry picked from commit 67d5e1d3e7)
* Fix vault --ask-vault-pass with no tty
2.4.0 added a check for isatty() that would skip setting up interactive
vault password prompts if not running on a tty.
But... getpass.getpass() will fallback to reading from stdin if
it gets that far without a tty. Since 2.4.0 skipped the interactive
prompts / getpass.getpass() in that case, it would never get a chance
to fall back to stdin.
So if 'echo $VAULT_PASSWORD| ansible-playbook --ask-vault-pass site.yml'
was ran without a tty (ie, from a jenkins job or via the vagrant
ansible provisioner) the 2.4 behavior was different than 2.3. 2.4
would never read the password from stdin, resulting in a vault password
error like:
ERROR! Attempting to decrypt but no vault secrets found
Fix is just to always call the interactive password prompts based
on getpass.getpass() on --ask-vault-pass or --vault-id @prompt and
let getpass sort it out.
* up test_prompt_no_tty to expect prompt with no tty
We do call the PromptSecret class if there is no tty, but
we are back to expecting it to read from stdin in that case.
* Fix logic for when to auto-prompt vault pass
If --ask-vault-pass is used, then pretty much always
prompt.
If it is not used, then prompt if there are no other
vault ids provided and 'auto_prompt==True'.
Fixes vagrant bug https://github.com/hashicorp/vagrant/issues/9033Fixes#30993
(cherry picked from commit 86dc3c09ac)
* Do not run script in check mode
Fixes#30676
* Reformat script integration test
* Add integration tests for check mode of script module
* Fix name on test
* Cleanup temp file
* win_script integration test syntaxt changes
* Add check mode tests for win_script
* Use proper variable in test
* Fail if source file does not exist
* Verify script is accessible and don't copy in check mode
Use shlex to properly split shell arguments, though a path with spaces in it still needs to be quoted in the playbook.
Add note to docs describing such.
Improve error message if file is not found indicating there may be a space in the path.
* Properly encode path now that path is split using shlex
* Allow for spaces in both path and script name
* Add unicode character test to Linux script tests
* Add Linux test for space in path to script
(cherry picked from commit ea3638b580)
* nxos_config and nxos_facts - fixes for N35 platform. (#32762)
* update nxos_facts to handle errors in n35 platform
* switch show commands to output text
* replace basestring which is not supported in python3
* do it like the other modules: use string_types
* incorporate PR review
(cherry picked from commit 1360ae6518)
* update changelog
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
If an embedded vaulted variable ('!vault' in yaml)
had an invalid format, it would eventually cause
an error for seemingly unrelated reasons.
"Invalid" meaning not valid hexlify (extra chars,
non-hex chars, etc).
For ex, if a host_vars file had invalid vault format
variables, on py2, it would cause an error like:
'ansible.vars.hostvars.HostVars object' has no
attribute u'broken.example.com'
Depending on where the invalid vault is, it could
also cause "VARIABLE IS NOT DEFINED!". The behavior
can also change if ansible-playbook is py2 or py3.
Root cause is errors from binascii.unhexlify() not
being handled consistently.
Fix is to add a AnsibleVaultFormatError exception and
raise it on any unhexlify() errors and to handle it
properly elsewhere.
Add a _unhexlify() that try/excepts around a binascii.unhexlify()
and raises an AnsibleVaultFormatError on invalid vault data.
This is so the same exception type is always raised for this
case. Previous it was different between py2 and py3.
binascii.unhexlify() raises a binascii.Error if the hexlified
blobs in a vault data blob are invalid.
On py2, binascii.Error is a subclass of Exception.
On py3, binascii.Error is a subclass of TypeError
When decrypting content of vault encrypted variables,
if a binascii.Error is raised it propagates up to
playbook.base.Base.post_validate(). post_validate()
handles exceptions for TypeErrors but not for
base Exception subclasses (like py2 binascii.Error).
* Add a display.warning on vault format errors
* Unit tests for _unhexlify, parse_vaulttext*
* Add intg test cases for invalid vault formats
Fixes#28038
(cherry picked from commit 9c58827410)
Fixes#23263
Add a carriage return (\r) at end on copy config
command which results in prompt on cli terminal
(cherry picked from commit 37b0537279)
Update CHANGELOG.md
This fix adds additional error handling for vmware connect
method, where username provided user does not have required
permissions to use/login ESXi.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 80967380d3)
* Refactor spec serialization so that native types are evaluated last.
* Remove redundant type checks
Fixes#30818
(cherry picked from commit ada404d0ac)
* tests for InventoryModule error conditions
* modified unicode in tests to ahear to Ansible best practices
* flake8 fixes
(cherry picked from commit cf938e9992)
ensures we get both a templated ignore_errors and a
correct 'summary' result for ignore_errors when used in loops
fixes#32384
(cherry picked from commit d22627d944)
Andreas Olsson