Commit Graph

892 Commits (acc675e4a86db4ec5c51383808dda1d8b9243db7)

Author SHA1 Message Date
Benjamin MALYNOVYTCH 9c5275092f mysql_user: fix compatibility issues with various MySQL/MariaDB versions (#45355)
* mysql_user: fix MySQL/MariaDB version check

To handle properly user management, version check needed refacto, as well as the query used to get existing password hash

* mysql_user: break long query in multiple lines

* mysql_user: fix query fetch existing password hash

* mysql_user: MariaDB version check 100.2 != 10.2

* mysql_user: fix existing password fetch

In some cases, both columns (Password and authentication_string) may exist and be populated.
In other cases one exist, but not the second.
This fix should handle properly all situations

* mysql_user: break long queries

* mysql_user: refactor duplicated code

* mysql_user: handle updates from root with empty passwd to new passwd

* mysql_user: GC debug statement and readd trailing new line

* mysql_user: fix pep8 under indentation

* mysql_user: fix privileges management
https://github.com/ansible/ansible/pull/45355#issuecomment-428200244

* mysql_user: raise exception if exception caught doesn't match the one that is managed

* mysql_user: improve plugins output (add msg field with explicit informations)

* mysql_user: fix old / new password hash comparison

* mysql_user: fix reference to old MySQLdb lib

* mysql_user: fix cursor when root password is left empty (mysql DB invisible)

* mysql_user: add changelog

* ALL privileges comparison

* fixed blank line

* added mysql 8 fixes

* fixed version compatibility

* mysql_user: fix MySQL/MariaDB version check

To handle properly user management, version check needed refacto, as well as the query used to get existing password hash

* mysql_user: break long query in multiple lines

* mysql_user: fix query fetch existing password hash

* mysql_user: MariaDB version check 100.2 != 10.2

* mysql_user: fix existing password fetch

In some cases, both columns (Password and authentication_string) may exist and be populated.
In other cases one exist, but not the second.
This fix should handle properly all situations

* mysql_user: break long queries

* mysql_user: refactor duplicated code

* mysql_user: handle updates from root with empty passwd to new passwd

* mysql_user: GC debug statement and readd trailing new line

* mysql_user: fix pep8 under indentation

* mysql_user: fix privileges management
https://github.com/ansible/ansible/pull/45355#issuecomment-428200244

* mysql_user: raise exception if exception caught doesn't match the one that is managed

* mysql_user: improve plugins output (add msg field with explicit informations)

* mysql_user: fix old / new password hash comparison

* mysql_user: fix reference to old MySQLdb lib

* mysql_user: fix cursor when root password is left empty (mysql DB invisible)

* mysql_user: add contrib

* Rename changelogs/fragments/45355-mysql_user-fix-versions-compatibilities to add YML extension
6 years ago
Abhijeet Kasurde b142b6f0e8 Move changelog entries to fragments directory (#55017)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
6 years ago
Hideki Saito 377fba3d76 Fix handling of inventory and credential options for tower_job_launch (#54967)
- Fixed issue #25017,#37567
- Add example for prompt on launch
- Add integration test for prompt on launch

Signed-off-by: Hideki Saito <saito@fgrep.org>
6 years ago
Raymond Roelands 8edae1bc61 updated tests and changelog for 54516 (#54670)
* updated tests and changelog for 54516

* Handle errors if PG does not support partitioning.

* Check for PG > 10 in tasks

* Show changes for partitioned tables in ansible

* Added documentation in the tests

* Update test/integration/targets/postgresql/tasks/postgresql_privs.yml

Co-Authored-By: raymondroelands <raymondroelands@users.noreply.github.com>

* Update test/integration/targets/postgresql/tasks/postgresql_privs.yml

Co-Authored-By: raymondroelands <raymondroelands@users.noreply.github.com>

* Added check for 0 tables after revoking rights

* Added test and moved tests
Added check mode test and moved test right after the change.

* Rebased postgresql_privs.py
6 years ago
Christopher Snyder 09f68fc659 redhat_subscription: Fix usage of ConfigParser (#54815) 6 years ago
Jason Witkowski 87f8e37c2c Fix for neither LaunchConfigName nor LaunchTemplate existing on object (#54692) 6 years ago
Matt Martz 56ae8ebd60 Don't swallow exceptions when processing included files (#54791)
* Don't swallow exceptions when processing included files. Fixes #54786
6 years ago
Felix Fontein 7d27348356 ufw: fix default, direction is not necessary for it (#54799)
* Correct behavior so that direction isn't required for default.
* Add more tests.
* 'disabled' values cannot be changed.
* Include 'not specified' in messages.
6 years ago
Felix Fontein e079758b31 Move refactoring steps from #54635 to own PR. (#54690) 6 years ago
Robert Osowiecki 1532e31ec0 Allow all of yum version compare operators (#54603)
* Allow all of yum version compare operators

* * yum: name="foo >= VERSION" integration test
* changelog fragment
6 years ago
Adam Miller 21d692cace fix dnf module removal in dnf upstream 4.2.2+ (#54923)
* fix dnf module removal in dnf upstream 4.2.2+

Signed-off-by: Adam Miller <admiller@redhat.com>

* Remove extra blank line in changelog fragment.
6 years ago
Toshio Kuratomi ae667d3d86 New release v2.8.0a1 6 years ago
Felix Fontein 8cba1f9397 docker_network: add IPAM driver options support (#54632)
* Tidying up.

* Adding ipam_driver_options parameter.

* Add tests.

* Add changelog.
6 years ago
Brian Coca bda541fa0d
fix missing attribs with dirct module execution (#53875)
* fix missing attribs with dirct module execution
* also make remote tmp handling smarter
 update tests
* set default if attrib does not exist
* add simple test
6 years ago
Sam Doran 6ce9cf7741
Change default smart connection to ssh on macOS and remove paramiko from requirements.txt (#54738)
* Remove default use of paramiko connection plugin on macOS
    This fix was originally to work around a bug that caused a kernel panic on macOS
    that has since been fixed.
* Remove paramiko from requirements.txt
* Move paramiko checking to common place
* Drop the warnings obfiscation code
* Update pip installation instructions to reflect upstream instructions
* Fix tests on CentOS 6 (Python 2.6) that now show Python deprecation warnings
* Add changelog fragment
6 years ago
Felix Fontein e422f18898 acme_certficate: allow to write files to CWD (#54754)
* Allow to write files to CWD.

* Add changelog.
6 years ago
Martin Krizek d15812fabf
Fix copy module to reset filesystem acls (#51868)
The controller's fixup_perms2 uses filesystem acls to make the temporary
file for copy readable by an unprivileged become user. On Python3, the
acls are then copied to the destination filename so we have to remove
them from there.

We can't remove them prior to the copy because we may not have
permission to read the file if the acls are not present. We can't
remove them in atomic_move() because the move function shouldn't know
anything about controller features. We may want to generalize this into
a helper function, though.

Fixes #44412

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
6 years ago
Jordan Borean e56fb48873
psrp - auth options (#54705) 6 years ago
Łukasz Szczęsny bcdd1dc951 pamd: fix idempotence issue when removing rules (#54105) 6 years ago
Hannes Ljungberg e58f23b73e docker_swarm: Return UnlockKey (#54490)
* Return UnlockKey

* Add changelog fragment

* Add method to check if a parameter exists in diffs

* Add method to get swarm unlock key

* Add option unlock_key

* Only return unlock key when created or changed

* Rename difference check

* Extend unlock key example

* Assert that unlock_key is a string

* Fix docker_swarm_info authors

* Don’t silence APIErrors

* Test unlock_key on unlocked swarm

* Catch APIError when retrieving unlock key

* Better return value description

* Lint

* Fix UnlockKey return value documentation

Co-Authored-By: hannseman <hannes@5monkeys.se>

* Get unlock key safely

Co-Authored-By: hannseman <hannes@5monkeys.se>

* Return None on empty UnlockKey

* Assert swarm_unlock_key is undefined if unqueried

* Add documentation about swarm_info unlock_key

* Add change log fragment for unlock_key option

* Revert "Add change log fragment for unlock_key option"

This reverts commit e3cb2325b5.

* Use generator expression instead

* Restart docker more decisively

* Use systemctl kill

Co-Authored-By: hannseman <hannes@5monkeys.se>

* Try to restart docker daemon
6 years ago
Felix Fontein fa47bed71c openssl_certificate: fix ACME provider (#54656)
* Change default of acme_chain to no.

* Stop using string command lines.

* Add changelog.

* Fix changelog.
6 years ago
René Moser 01f63ee871
cloudstack: fix E326 (#54657)
* cloudstack: remove choice list for hypervisor param

* cloudstack: streamline network_type with returned value by the API

* cloudstack: remove E326

* add changelog fragment
6 years ago
Hannes Ljungberg 833512b07c docker_swarm: Add support for default_addr_pool and subnet_size (#54642)
* Add support for default_addr_pool and subnet_size

* Add changelog fragment

* Document options only used on init / join
6 years ago
Kevin Subileau 09979e899f win_nssm: refactor to fix issues, support check mode and add more features (#45693)
* win_nssm: rename cmdlets to use approved verbs, rename service name parameters

* win_nssm: improve code style and cmdlets ordering

* win_nssm: always escape all command line parameters with Argv-ToString

fix error when the service name contains quotes

* win_nssm: use Fail-Json instead of exceptions and remove global try/catch

* win_nssm: small refactoring, inline some functions

* win_nssm: refactoring - add a generic cmdlet to idempotently set any nssm service parameter

* win_nssm: refactoring - inline some functions

To make the code more malleable for future changes

* win_nssm: change application, stdout_file and stderr_file options type to path

* win_nssm: deprecates app_parameters, rename app_parameters_free_form to arguments, and add support for list of parameters

* win_nssm: add support of check mode

* win_nssm: add working_directory option

* win_nssm: add display_name and description options

* win_nssm: minor changes

* win_nssm: remove some sanity exclusions

* win_nssm: avoid using aliases and minor style fixes

* win_nssm: doc and ui improvements

* win_nssm: remove sanity exclusions

* win_nssm: minor revision

* win_nssm: deprecates dependencies, start_mode, user and password parameters and some choices of state in favor of win_service

* win_nssm: fix style

* win_nssm: add executable option to specify the location of the NSSM utility

* win_nssm: add missing parameter types

* win_nssm: add diff mode support

* win_nssm: avoid displaying depreciation warning if default value is assigned

* win_nssm: fix variable scope

* win_nssm: use the explicit -LiteralPath parameter name instead of -Path

* win_nssm: fix documentation

* win_nssm: add porting guide entries

* win_nssm: add changelog fragment
6 years ago
Felix Fontein 188903448a openssl_*: add backup option (#54294) 6 years ago
Scott Luther 5517b0384f fix remove_orphans using APIs exposed via AnsibleDockerClient (#54316)
Co-Authored-By: sluther <neenach2002@gmail.com>
6 years ago
Kevin Breit d16dcb8dbb meraki_device - Support for creating and modifying device notes (#51100)
* Add support for notes

* Add test for notes

* Device notes changes
- Renamed from notes to note
- Modified tests to work

* Comment device test since it only works once

* Remove assertion stanza and move assertion to existing one

* Add version_added to note documentation

* Converted from tabs to spaces

* Added changelog fragment

* Remove changelog file since it's a feature

* Add changelog fragment
6 years ago
David Passante 7c57caf8fa cs_network_offering: add a for_vpc parameter (#54551)
* cs_network_offering: add for_vpc parameter

* add changelog fragment
6 years ago
Matt Davis f86345f777
Collection content loading (#52194)
* basic plugin loading working (with many hacks)

* task collections working

* play/block-level collection module/action working

* implement PEP302 loader

* implicit package support (no need for __init.py__ in collections)
* provides future options for secure loading of content that shouldn't execute inside controller (eg, actively ignore __init__.py on content/module paths)
* provide hook for synthetic collection setup (eg ansible.core pseudo-collection for specifying built-in plugins without legacy path, etc)

* synthetic package support

* ansible.core.plugins mapping works, others don't

* synthetic collections working for modules/actions

* fix direct-load legacy

* change base package name to ansible_collections

* note

* collection role loading

* expand paths from installed content root vars

* feature complete?

* rename ansible.core to ansible.builtin

* and various sanity fixes

* sanity tweaks

* unittest fixes

* less grabby error handler on has_plugin

* probably need to replace with a or harden callers

* fix win_ping test

* disable module test with explicit file extension; might be able to support in some scenarios, but can't see any other tests that verify that behavior...

* fix unicode conversion issues on py2

* attempt to keep things working-ish on py2.6

* python2.6 test fun round 2

* rename dirs/configs to "collections"

* add wrapper dir for content-adjacent

* fix pythoncheck to use localhost

* unicode tweaks, native/bytes string prefixing

* rename COLLECTION_PATHS to COLLECTIONS_PATHS

* switch to pathspec

* path handling cleanup

* change expensive `all` back to or chain

* unused import cleanup

* quotes tweak

* use wrapped iter/len in Jinja proxy

* var name expansion

* comment seemingly overcomplicated playbook_paths resolution

* drop unnecessary conditional nesting

* eliminate extraneous local

* zap superfluous validation function

* use slice for rolespec NS assembly

* misc naming/unicode fixes

* collection callback loader asks if valid FQ name instead of just '.'
* switch collection role resolution behavior to be internally `text` as much as possible

* misc fixmes

* to_native in exception constructor
* (slightly) detangle tuple accumulation mess in module_utils __init__ walker

* more misc fixmes

* tighten up action dispatch, add unqualified action test

* rename Collection mixin to CollectionSearch

* (attempt to) avoid potential confusion/conflict with builtin collections, etc

* stale fixmes

* tighten up pluginloader collections determination

* sanity test fixes

* ditch regex escape

* clarify comment

* update default collections paths config entry

* use PATH format instead of list

* skip integration tests on Python 2.6

ci_complete
6 years ago
Sam Doran 023c5167fd Revert "Use locking for concurrent file access (#52567)" (#54547)
This reverts commit e152b277cf.
6 years ago
James Cassell bc4ef99533 standardize TLS connection properties (#54315)
* openstack: standardize tls params

* tower: tower_verify_ssl->validate_certs

* docker: use standard tls config params

- cacert_path -> ca_cert
- cert_path -> client_cert
- key_path -> client_key
- tls_verify -> validate_certs

* k8s: standardize tls connection params

- verify_ssl -> validate_certs
- ssl_ca_cert -> ca_cert
- cert_file -> client_cert
- key_file -> client_key

* ingate: verify_ssl -> validate_certs

* manageiq: standardize tls params

- verify_ssl -> validate_certs
- ca_bundle_path -> ca_cert

* mysql: standardize tls params

- ssl_ca -> ca_cert
- ssl_cert -> client_cert
- ssl_key -> client_key

* nios: ssl_verify -> validate_certs

* postgresql: ssl_rootcert -> ca_cert

* rabbitmq: standardize tls params

- cacert -> ca_cert
- cert -> client_cert
- key -> client_key

* rackspace: verify_ssl -> validate_certs

* vca: verify_certs -> validate_certs

* kubevirt_cdi_upload: upload_host_verify_ssl -> upload_host_validate_certs

* lxd: standardize tls params

- key_file -> client_key
- cert_file -> client_cert

* get_certificate: ca_certs -> ca_cert

* get_certificate.py: clarify one or more certs in a file

Co-Authored-By: jamescassell <code@james.cassell.me>

* zabbix: tls_issuer -> ca_cert

* bigip_device_auth_ldap: standardize tls params

- ssl_check_peer -> validate_certs
- ssl_client_cert -> client_cert
- ssl_client_key -> client_key
- ssl_ca_cert -> ca_cert

* vdirect: vdirect_validate_certs -> validate_certs

* mqtt: standardize tls params

- ca_certs -> ca_cert
- certfile -> client_cert
- keyfile -> client_key

* pulp_repo: standardize tls params

remove `importer_ssl` prefix

* rhn_register: sslcacert -> ca_cert

* yum_repository: standardize tls params

The fix for yum_repository is not straightforward since this module is
only a thin wrapper for the underlying commands and config.  In this
case, we add the new values as aliases, keeping the old as primary,
only due to the internal structure of the module.

Aliases added:
- sslcacert -> ca_cert
- sslclientcert -> client_cert
- sslclientkey -> client_key
- sslverify -> validate_certs

* gitlab_hook: enable_ssl_verification -> hook_validate_certs

* Adjust arguments for docker_swarm inventory plugin.

* foreman callback: standardize tls params

- ssl_cert -> client_cert
- ssl_key -> client_key

* grafana_annotations: validate_grafana_certs -> validate_certs

* nrdp callback: validate_nrdp_certs -> validate_certs

* kubectl connection: standardize tls params

- kubectl_cert_file -> client_cert
- kubectl_key_file -> client_key
- kubectl_ssl_ca_cert -> ca_cert
- kubectl_verify_ssl -> validate_certs

* oc connection: standardize tls params

- oc_cert_file -> client_cert
- oc_key_file -> client_key
- oc_ssl_ca_cert -> ca_cert
- oc_verify_ssl -> validate_certs

* psrp connection: cert_trust_path -> ca_cert

TODO: cert_validation -> validate_certs (multi-valued vs bool)

* k8s inventory: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* openshift inventory: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* tower inventory: verify_ssl -> validate_certs

* hashi_vault lookup: cacert -> ca_cert

* k8s lookup: standardize tls params

- cert_file -> client_cert
- key_file -> client_key
- ca_cert -> ca_cert
- verify_ssl -> validate_certs

* laps_passord lookup: cacert_file -> ca_cert

* changelog for TLS parameter standardization
6 years ago
Slava Maslennikov 85d836171b Add a force_replace_host flag to win_domain_membership (#53542)
* Add a force_replace_host flag to win_domain_membership

Satisfies https://github.com/ansible/ansible/issues/53539

* Rework backticks

* Bump version_added

* Check for existence of current hostname as well; use LDAPFilter during search

* Rename $force_replace_host to $allow_existing_computer_account

* Added docs, porting guide and minor nit in code
6 years ago
Simon Westphahl a44dfed570 Catch all request timeouts for winrm connection (#54104)
* Catch all request timeouts for winrm connection

The current implementation only catches 'ConnectTimeout' exceptions.
Instead we should catch 'Timout' which also catches ReadTimeout
exceptions.

Improves on: #51744

Co-Authored-By: westphahl <westphahl@gmail.com>

* Changelog for winrm error handling improvement
6 years ago
Jordan Borean e2d2874d81
win_user_right - fix non json output issue (#54495) 6 years ago
Dag Wieers e152b277cf Use locking for concurrent file access (#52567)
* Use locking for concurrent file access

This implements locking to be used for modules that are used for
concurrent file access, like lineinfile or known_hosts.

* Reinstate lock_timeout

This commit includes:
- New file locking infrastructure for modules
- Enable timeout tests
- Madifications to support concurrency with lineinfile

* Rebase, update changelog and tests

We need to specify ansible_python_interpreter to avoid running interpreter discovery and selecting the incorrect interpreter.

Remove the import of lock in known_hosts since it is not used.
6 years ago
Brian Coca fee4a0df94
Handle errors correctly in rhn_channel (#54194)
* Handle errors correctly in rhn_channel

* also fail if required info is not available
6 years ago
Brian Coca 3637ce4538
Handle gracefully a bad module 'results' key (#53973)
* Handle gracefully a bad module 'results' key

  fixes #53962
6 years ago
Brian Coca f9876f3450 fixing gcp inv plugin (#54426)
* start fixing gcp inv plugin

* minor fixes

* added clog

* ajust comments

* link indv zone/project

* separate specific zone/project from other params

* restoring zones query per project

* also work when zones given

* fixed scopes, removed incorrect docs as not option
6 years ago
Kevin Breit 17fc6c6ff1 meraki_network - Parameter change for combined network type (#49160)
* Added support for types parameter
- Parameter is used to specify multiple network types

* Fix documentation

* Apply suggestions from code review

Co-Authored-By: kbreit <kevin.breit@kevinbreit.net>

* Reworked type parameter to be a list so types isn't needed

* Re-add tags documentation

* Fix documentation around compatibility

* Convert tags to list from string

* Add changelog fragment
6 years ago
James Cassell 92139a01df rename dellemc_idrac_firmware -> idrac_firmware (#54421) 6 years ago
James Cassell 51f2065df5 use ANSIBLE_ prefix on all ansible-defined env vars (#54272)
mark old version deprecated in all places referenced via docs
6 years ago
James Cassell 9040fa0235 openstack: add os module_defaults group (#54319) 6 years ago
Alan Rominger 461737e2da Allow using Azure rm legacy hostnames (#54060) 6 years ago
Anton Roman 1e3428a766 fix issue in random_mac filter with short prefixes (#53928) 6 years ago
Matt Martz 6996926d89
Expose loop_control.loop_var as ansible_loop_var (#54240)
* Expose the loop_var as ansible_loop_var

* Add docs

* fix assert test

* Indicate version added
6 years ago
Evan Kaufman cf69ec5db0 replace - fixed combined before and after usage (#31452)
When using before and after in combination, the opposite behavior was induced. This PR makes the the replacement happen between the specified patterns as intended.

* Added integration tests
* Add changelog, porting guide entry, and minor doc fixes
6 years ago
Andrea Tartaglia df86b9ec3d openssl_pkcs12: privatekey_path and friendly_name are not always required together (#54370)
* Removed required_together, updated tests

Since required_together: privatekey_path -> friendly_name, is not always
required it has been removed.
Updated openssl_pkcs12 integration tests to be in line with other
openssl_* modules, and added a test for export with no privatekey_path.

* linter fixes

* Removed cryptography from tests

* Added changelog fragment

* Removed non-necessary select_crypto_backend
6 years ago
Hannes Ljungberg be293fbe50 docker_swarm_service: Remove configs and secrets defaults (#54361)
* Remove defaults

* Skip redundant casting

* Indentation fix

* Use generic compare functions

* Add tests for compare functions

* Remove extra whitespace

* Add changelog fragment
6 years ago
Sloane Hertel 54be769e8d fix AWS plugin credential precedence for environment variables (#52945)
* fix AWS plugin credential precedence for environment variables

* Allow aliases in direct plugins options

Consolidate precedence fix just in the doc fragment using aliases for mismatched options

* Access options with the option name rather than alias

* fix indentation

* update unit tests

* Improve readability
6 years ago
Felix Fontein 4fac91bed5 docker_container: add networks_cli_compatible option (#54198)
* Adding networks_cli_compatible option.

* Move network tests into own test file.

* Extend tests (for networks_cli_compatible=no).

* Adding tests for networks_cli_compatible=yes.

* There seems to be no way to create a container without at least one network attached.

* Integrate networks / purge_networks with comparisons.

* Speed up tests.

* Removing double dot.

* Add changelog.

* Use comparisons value only if the networks option has been specified. purge_networks on the other hand also removes networks if it has not been specified.
6 years ago
Felix Fontein 121990d8c5 openssl_dhparam: fix state=absent (#54296)
* Fix remove.

* Add changelog.
6 years ago
Abhijeet Kasurde 5db7501ebd
VMware: Change in update tag API (#54304)
Changed update tag API as per new changes.

Fixes: #53060

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
6 years ago
Felix Fontein d7a273273a openssl_*: proper mode support (#54085)
* Add write helper.

* Adjust modules (except openssl_certificate).

* Adding tests for mode (with openssl_privatekey).

* Add openssl_certificate support.

* Never, ever remove the output file before actually trying to generate new content for it.

Removal is only allowed when state=absent, or when the object has been regenerated and the result needs to be written to that place.

* Add changelog.

* Extend test.
6 years ago
Felix Fontein 534c833bb3 openssl_certificate: fix state=absent (#54298)
* Fix state=absent.

* Add changelog.
6 years ago
Felix Fontein 752db43b2d Rename return of docker_compose. (#54171) 6 years ago
Martin Krizek bafa291af9 uri: do not write the file after failure (#53515)
* uri: do not write the file after failure

Fixes #53491

* Add changelog
6 years ago
Martin Krizek 63ea96d5f1 assemble: avoid extra newline on Python 3 (#54176)
Fixes #44739
6 years ago
Andrea Tartaglia 36a790dcde New cryptography backend for openssl_certificate (#53924)
* New cryptography backend for openssl_certificate

load_* functions in module_utils/crypto.py now have a backend paramter
which when set to 'cryptography' will return cryptography objects so
they can be used for both pyopenssl and cryptography backends.
Added a select_message_digest function too returning a cryptography
digest hash from `cryptography.hazmat.primitives.hashes`
Added new classes for Cryptography backend

* Run test with various backends.

* Prefixing tests.

* Make sure we have the correct backend available.

* Linting (flake8).

* Moved cryptography import to separate try/except

* Make sure certificate is actually valid at some time in the past.

* Improve error handling.

* Trying to fix validation for cryptography backend.

* Fixed issue with keyUsage test in assertonly

* Fixed CI/Lint issues

* Fix private key problem for OwnCA.

* Cryptography backend doesn't support v2 certs.

* issue an expired cert with command when using cryptography backend

* Added warning when backend is auto and v2 cert is requested

* Bumped min cryptography version to  1.6

* Correctly check for failure when backend is cryptography and cert is v2

* Use self.backend where possible

* Use secp521r1 EC when testing on CentOS6

* Fixed pylint issue

* AcmeCertificate support for both backends

* Review fixes

* Fixed missing '(' when raising error

* Fixed date_fmt loop

* Updated docs and requirements with cryptography

* Add openssl_certificate to changelog.
6 years ago
Christian Rohmann 90c092a104 Allow configuration of connection_limit per postgresql database (postgresql_db) (#40345)
Fixes #40060

* Fix coding style errors
* Use CONNECTION LIMIT (no underscore)
* From review done by amenonsen and bcoca - Set default at None, make the change detection less confusing
* Added EXAMPLE on how to apply a database specific connection limit
* Added some basic tests for conn_limit applied to a database
* Check that conn_limit has actually been set / updated to 200
* Add changelog fragment regarding postgresql_db conn_limit parameter
6 years ago
Felix Fontein 1a94cf140c openssl_publickey: fix handling of OpenSSH private keys with passphrase (#54192)
* Cleanup.
* Make sure that OpenSSH passphrases are handled correctly.
* Add changelog.
6 years ago
David Passante aa32164d15 cs_volume: add volumes extraction and upload features (#54111)
* cs_volume: add volumes extraction and upload features

* cs_volume: Update doc, remove deprecated code

* cs_volume: Add unit tests for extract and upload features
6 years ago
Alexander Bethke f9c7ccbb41 Fixes flatpak module to work with flatpak >=1.2.0, fixes #51485 (#51482)
* Fixes flatpak module to work with flatpak >=1.2.0, fixes #51481

This keeps backwards-compatibility for flatpak versions before 1.2.0

* Fixes typeo

Co-Authored-By: oolongbrothers <oolongbrothers@zeibar.net>
6 years ago
tcraxs bb61d7527f #50877: add support to postgresql_privs to use "FOR { ROLE | USER } target_role" in "ALTER DEFAULT PRIVILEGES" (#51073)
* #50877:
* add support to postgresql_privs to use "FOR { ROLE | USER } target_role"
   in "ALTER DEFAULT PRIVILEGES"

* fix sanity errors

* #50877: fix documentation and add a check for correct usage
of target_roles

*  #50877: fix missing absent option for default privs with target_role

* #50877: add clear description, when target_roles can be used

* #50877: fix conflicts, formatting, and add a changelog fragment

* #50877: fix sanity error E335

* #50877: swap conditions and fix error to warning msg

*  #50877: add tests for default privileges

* #50877: fix tests for default privileges

* #50877: fix tests for default privileges on centos 6
6 years ago
René Moser f885717f74 fix typo (#54166) 6 years ago
Felix Fontein 8d62794f91 docker: rename docker_*_facts -> docker_*_info (#54124)
* Rename docker_*_facts -> docker_*_info.

* Add changelog.

* Update scenario guide.
6 years ago
René Moser c5609c51bf
include_tasks: fix traceback if no file specified (#54044) 6 years ago
Martin Krizek 0e28ab4528
Template run_once for handlers (#54030)
Fixes #27237
6 years ago
Brian Coca d1a688b1d7
dict is dict (#54057) 6 years ago
Felix Fontein 05bca95ab1 ACME: rename acme_account_facts -> acme_account_info (#54082)
* Rename acme_account_facts -> acme_account_info.

* Add changelog fragment.
6 years ago
Hannes Ljungberg 7a3f9456ef docker_swarm_service: Make resolve_image default to false (#54018)
* Make resolve_image default to false

* Check resolve_image versions regularly
6 years ago
Felix Fontein 847a86beef docker_image: allow proxy config (#53905)
* Simplify checks.

* Add use_config_proxy option.

* Add changelog.

* Avoid docker-py crash.
6 years ago
Sorin Sbarnea 014cb73694 Facts: Use vm_stat instead of sysctl for free memory (#52917)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
6 years ago
Jordan Borean 7ab77f6c8a
win_psexec - support paths with a space (#54009) 6 years ago
Jordan Borean cf24542e9f
win_get_url - fix glob like paths (#54008) 6 years ago
Jordan Borean eb18df1a0f
win_certificate_store - fix glob like paths (#54007) 6 years ago
Jordan Borean 2f1bc34589
win_copy - fix glob like paths (#54006) 6 years ago
Jordan Borean 8a4079ddbf
win_find - fix glob like paths (#54005) 6 years ago
Jordan Borean c053bc1fc7
win_file - fix glob like paths (#54003) 6 years ago
Felix Fontein e00f315358 openssl_privatekey: add backup option (#53593)
* Add backup option to openssl_privatekey.

* Add changelog fragment.

* Make module available in remove().

* Add tests for backup.

* Update lib/ansible/modules/crypto/openssl_privatekey.py

Co-Authored-By: felixfontein <felix@fontein.de>

* Update lib/ansible/modules/crypto/openssl_privatekey.py

Co-Authored-By: felixfontein <felix@fontein.de>

* Update lib/ansible/modules/crypto/openssl_privatekey.py

Co-Authored-By: felixfontein <felix@fontein.de>

* Update lib/ansible/modules/crypto/openssl_privatekey.py
6 years ago
MonsieurBon eb790cd3c6 Added support for iptables module iprange (#53732) (#53732) 6 years ago
Felix Fontein 50d56ca89d docker_image: stop pulling by default on build (#53911)
* Prepare to change default of build.pull from yes to no in Ansible 2.12.

* Specify build.pull.

* Add changelog.

* Fix bad indent.
6 years ago
David Passante e62fc508ad cs_network_offering: Add choice list for supported_services in arg_spec (#53901) 6 years ago
Jordan Borean 980ca564ce
windows - Fix module utils with glob paths (#53835)
* windows - Fix module utils with glob paths

* fix link util tests when using DOS 8.3 paths
6 years ago
Jordan Borean cac3c6efcf
win_chocolatey - Fix incompatibilities with latest Chocolatey release (#53841) 6 years ago
Jordan Borean d00418c924
win_slurp - fix glob like paths (#53831) 6 years ago
Jordan Borean d063cefb64
win_owner - fix glob like paths (#53830)
* win_owner - fix glob like paths

* Fix issues on older PS versions
6 years ago
Jordan Borean 3cfa71bff0
win_acl_inheritance - fix glob like paths (#53829) 6 years ago
Jordan Borean aba6f5f50d
win_acl - fix glob file paths (#53828) 6 years ago
Jordan Borean 4f9de45785
win_tempfile - return absolute path on created temp file (#53827)
* win_tempfile - return absolute path on created temp file

* Fix tests for CI
6 years ago
Sloane Hertel 87ebc56de6 Allow parent groups to be variables or literal (#53649)
* Allow parent groups to be variables or literal, requires {{ }}
* Check strict before failing on templating errors
* Don't add a group if an invalid parent group was provided
6 years ago
Brian Coca e280f2f7b0
Try to get correct buffer size to avoid races (#53547)
* Try to get correct buffer size to avoid races

  fixes #51393

* fix test, mock buffer function since all is mocked
6 years ago
Matteo Ferrando 86405b8fe4 (postgresql_privs) accept 'ALL_IN_SCHEMA' objs for 'function' type (#35331)
* avoid using Postgres formatting function
* add tests for ALL FUNCTIONS IN SCHEMA
* documentation and changelog
* requested changes in tests
* fixed changelog
6 years ago
Felix Fontein fbbab7429e docker_*: report more warnings (#53710)
* More warnings.

* Add changelog.

* Improve docstring.
6 years ago
Felix Fontein 35e7fb776a docker_image: improve usage (#52894)
* Add source option.

* Split force parameter into force_source, force_absent and force_tag.

* Move all build-related options into a suboption called build.

* Add changelog.
6 years ago
Matt Clay f6d12fc918 Fix changelog entries using strings for sections. 6 years ago
Matt Clay 7f0e09aa31
Keep existing to_yaml behavior with pyyaml >= 5.1. (#53772)
In pyyaml versions before 5.1 the default_flow_style for yaml.dump
was None. Starting with 5.1 it is now False. This change explicitly
sets the value to None to maintain the original to_yaml behavior.

The change to pyyaml was made in the following commit:

507a464ce6
6 years ago
Brian Coca 42e6700a71 Undeprecate force handlers (#53705)
* removed deprecation notice, made comment instead

* remove noisy deprecation

* space
6 years ago
David Passante 244a9a83aa cs_iso: fix missing param "is_public" (#53740)
* cs_iso: fix missing param "is_public"

* add changelog fragment
6 years ago
Andrey Klychkov d30879a0b7 postgresql_db - Handle pg_dump return code (#52985)
Handle return code return by pg_dump command

Fixes: #40424
6 years ago
Abhijeet Kasurde f0ef4dae05
iptables: Add support for gateway parameter (#53465)
When user specifies the JUMP value to 'tee', gateway is required.
This fix adds new parameter 'gateway' to support this functionality.

Fixes: #53170

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
6 years ago