Change:
- By default the dnf API does not gpg-verify packages. This is a feature
that is executed in its CLI code. It never made it into Ansible's
usage of the API, so packages were previously not verified.
- This fixes CVE-2020-14365.
Test Plan:
- New integration tests
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- Now sends meta tasks to the task start callback
- Lets callback plugins opt-in to receiving implicit tasks
Test Plan:
- New integration tests
Tickets:
- Indirectly fixes#71007 by allowing custom callbacks with this data
Signed-off-by: Rick Elrod <rick@elrod.me>
* check run state of current block only
* Add changelog and test
* Add test for issue 29047
* Fix for both tests
* blerg
* Change test messages
* fix tests
* Add multi-level block in rescue test case
* Add recursive rescue check and multi-level test
* Should probably run the new test
* ci_complete
* Merge new tests
* ci_complete
This would be a partial solution for #69364 in that the SHASUMS file can be downloaded and gpg verified but then used from the downloaded location to verify the get_url's file.
* Make checksum url parsing more explicit
Use urlsplit to test if the checksum string has a (currently tested and) supported url scheme.
* Fix whitespace
* Changelog fragment
* Added tests
* Fix typo in test setup
The message generated by systemctl has been updated in 9321e23c40, which requires a corresponding change in the systemd module.
In addition, this fixes the module when the SYSTEMD_OFFLINE environment variable is set.
* POC for supporting callback events that come from the worker
* linting fixes. ci_complete
* fix up units. ci_complete
* Try moving the sentinel put higher. ci_complete
* safeguards. ci_complete
* Move queue killing to terminate
* LINTING. ci_complete
* Subclass Queue, to add helper send_callback method
* Just use _final_q instead of adding another queue and thread
* Revert a few changes
* Add helper for inserting a TaskResult into the _final_q
* Add changelog fragment
* Address rebase issue
* ci_complete
* Add test to assert async poll callback from fork
* Don't use full path
* ci_complete
* Use _results_lock as a context manager
* Add new generic lock decorator, and use it with send_callback
* Revert "Change default file permissions so they are not world readable (#70221)"
This reverts commit 5260527c4a.
* Revert "Fix warning for new default permissions when mode is not specified (#70976)"
This reverts commit dc79528cc6.
* Ensure -k is set to delegated hosts without a pass
* Fix up some broken tests
* Update task_executor.py
one possible fix, the other is updating winrm to normalize on 'password' like the other connection plugins
* Add alias for winrm and fix incorrect assumption
* Make sure aliases are used for keyword options
* Conditionally run test if sshpass is present, fix sanity
Co-authored-by: Brian Coca <bcoca@users.noreply.github.com>
* Start of alpine testing
* More updates
* Add forgotten file
* remove debug
* Add alpine3
* equal
* group 4
* group 4
* group 5
* Try to decrease test length
* libuser only available in testing
* Remove debug
* Make loops target work on hosts without gnu date
* Enable alpine testing
* ci_complete
* Don't specify uid for creating test user
* ci_complete
* Re-sort docker completion
* use newer container image
* ci_complete
* fix indentation
Co-authored-by: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* add jinja2 global to reserved names
also allow expansion by additional context provided from caller
fixes#41955
Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
Change:
- Use `chmod +a` in the fallback chain to allow MacOS to use ACLs to
allow an unprivileged user to become an unprivileged user.
Test Plan:
- CI, new tests
Tickets:
- Fixes#70648
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- Adds some intentional coverage around PluginLoader for cases that
incidental_azure_rm_resource covered.
- Specifically, modules starting with an underscore, and starting with
an underscore but a symlink.
Test Plan:
- CI
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- Add hardware_facts test target which manually sets up some LVM devices
and tests facts against them.
Test Plan:
- New integration tests
Tickets:
- Refs #71041 and #71042 both of which I discovered during this
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- Add a parameter `read_whole_file` which allows for reading the whole
file when doing a `contains` regex search.
- This allows for (for example) matching a pattern at the very end of
a file.
Test Plan:
- New integration tests
Tickets:
- Fixes#63378
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- Previously, `cache_timeout=0` was seen as falsey and not passed along
to cache plugins as an option. Now only "nulley" values are not sent.
Test Plan:
- New integration tests
Tickets:
- Fixes#70702
Signed-off-by: Rick Elrod <rick@elrod.me>
* Strip spaces in module names in explicit actions
Change:
- When an action is called like "action: copy foo=bar", strip spaces
around the action name.
- This allows "action: copy foo=bar" to work as expected.
Test Plan:
- New integration tests
Tickets:
- Fixes#62136
Signed-off-by: Rick Elrod <rick@elrod.me>
* Incase of network integration test for connection local
test the paramiko_ssh auth_timeout is the value of timeout
under defaults section which is 10 seconds.
* For slower connection 10sec timout value result in authentication
timeout error hence increase the timeout value to 90 seconds
Add integration tests for unarchiving as unprivileged user
Break tasks into separate files for easier reading and maintenance
Create a user by specifying a default group of 'staff' for macOS.
The user module does not actually remove the user directory on macOS,
so explicitly remove it.
Put the removal tasks in an always block to ensure they always run
Co-authored-by: Philip Douglass <philip.douglass@amadeus.com>
Co-authored-by: Sam Doran <sdoran@redhat.com>
Follow up to #70221
Related to #67794
CVE-2020-1736
When set_mode_if_different() is called with mode of 'None', ensure we issue
a warning about the change in default permissions.
Add integration tests to ensure the warning works properly.
* Fix tests
- actually use custom module 🤦♂️
- verify file permission on created files
- use remote_tmp_dir so we're ready for split controller
- improve test module so we can skip the call to set_fs_attributes_if_different()
- fix tests for CentOS 6
Change:
- Clarify that not passing `--tags` will cause `ansible_run_tags` to
default to `["all"]`.
- Add some extra coverage around `ansible_run_tags`
Test Plan:
- New integration and unit tests
Tickets:
- Fixes#69619
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- Allow older git to verify tags again
- Enable verification tests everywhere, even if most of them only work
on newer git. Some of them work on older git and they test the --raw
parameter.
Test Plan:
- Re-enabled subset of git tests
Tickets:
- Fixes#64469
Signed-off-by: Rick Elrod <rick@elrod.me>
* Fix verbosity for var_templating test
Display the subtests
* fix specificity and set ANSIBLE_BECOME_ALLOW_SAME_USER
Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: Matt Martz <matt@sivel.net>
Change:
- Previously, we only showed that something would have changed, not what
would have changed. This allows us to show what will chang as well.
Test Plan:
- Local RHEL8 VM
- New integration tests
Tickets:
- Fixes#66132
Signed-off-by: Rick Elrod <rick@elrod.me>
* dnf: Add nobest option
* dnf: Fix indent, add nobest specifically to dnf not yum
* Add changelog for dnf: add nobest option
* dnf: Add nobest to yumdnf module argument_spec
* dnf: remove nobest from module paramaters in yumdnf.py
* dnf: Add test for nobest option
* dnf: Cleanup packages in nobest test at last
* dnf: Cleanup manually added repos in nobest test at last
* dnf: Remove dnf-plugins-core as well in nobest test
* dnf: Change nobest release version to 2.11
* Change changelog number according to change in PR number
* Change changelog number according to change in PR number
* Change default file permissions so they are not world readable
CVE-2020-1736
Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.
A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.
- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions
* ensure hostvars are available on delegation
* also inventory_hostname must point to current host and not delegated one
* fix get_connection since it was still mixing original host vars and delegated ones
* also return connection vars for delegation and non delegation alike
* add test to ensure we have expected usage when directly assigning for non delegated host
* Encode/Decode files in UTF-8
* Use helper function in ansible
* Add an integration test
* Use emoji in test data.
* add changelog
* Also support non-ascii chars in filepath and add tests about this.
* Also use non-ascii chars in replaced text and ensure not to break cron syntax.
* rename self.existing to self.n_existing
* rename crontab.existing to crontab.n_existing
Change:
- Refactoring to make it harder to get wrong and easier to read.
- Generalize become_unprivileged tests and fix some that never worked
but also never failed.
Test Plan:
- CI, new units/integration tests
Signed-off-by: Rick Elrod <rick@elrod.me>
* Fix missing quoting for remote_tmp in second mkdir of shell module. Issue #69577
* adding changelog
* fixing typo in changelog entry
* adding test case
Adding test case written by bmillemayhias.
* using $HOME instead of ~
* fixing commit measage
* Update 69578-shell-remote_tmp-quoting.yaml
Co-authored-by: Brian Kohles <me@briankohles.com>
A recent updated to psutil, which is a dependency of ansible-runner, fails
to install on older versions of pip.
Commit with the breaking change:
135628639b
* Get m_u.facts.utils coverage up to 100%
Change:
- Add tests to 'gathering_facts' integration target to get
module_utils.facts.utils coverage up to 100%.
- This also clears incidental coverage from incidental_selinux.
Test Plan:
- CI
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- Test async_wrapper when the module it runs has stderr output
Test Plan:
- CI
- Looked at coverage report and saw green for a few lines that weren't
previously green.
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- Add integration tests for various cases
- Fix wrong use of "its" in an exception thrown in varnames when it
throws an AnsibleError, given a term of the wrong type.
Test Plan:
- new tests, CI
Tickets:
- Fixes#70546
Signed-off-by: Rick Elrod <rick@elrod.me>
- ensure we preserve the typeerror part of the exception so loop defereed error handling
can postpone those caused by undefined variables until the when check is done.
- fix tests to comply with the 'new normal'
- human_to_bytes and others can issue TypeError not only on 'non string'
but also bad string that is not convertable.
Co-authored-by: Sloane Hertel <shertel@redhat.com>
Co-authored-by: Sloane Hertel <shertel@redhat.com>
Change:
- Use parse_kv() for parsing in the csvfile lookup plugin. This allows
us to handle multi-word search keys and filenames. Previously, the
plugin split on space and so none of these things worked as expected.
- Add integration tests for csvfile, testing a plethora of weird cases.
Test Plan:
- New integration tests, CI
Tickets:
- Fixes#70545
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
- Move hostnamectl check out of GenericStrategy because it was incorrect
for everything except the SystemdStrategy which is where it belongs.
- Add some initial tests for the hostname module, though we are limited
by the fact that we can't do much testing with it in containers.
Test Plan:
- new hostname integration tests
Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Sam Doran <sdoran@redhat.com>
Change:
- The command warnings feature which suggests that users use modules
instead of certain commands is now deprecated. Its `warn` paramater
and `COMMAND_WARNINGS` configuration options are also deprecated.
Their use will become an error in version 2.13.
Test Plan:
- CI
Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Sam Doran <sdoran@redhat.com>
Change:
- module_utils.basic.is_special_selinux_path() used a string ==
bytestring comparison which returned False and made Ansible think that
certain filesystems aren't, in fact, special-cased, when they should
be. Ensure both sides of the == are bytestrings.
Test Plan:
- Added `copy` integration tests for this case.
Tickets:
- Fixes#70244
Signed-off-by: Rick Elrod <rick@elrod.me>
* ansible-doc man formatter: do not crash when description isn't there.
* Change to report a better error message when description is not there.
* Add test.
* Test against galaxy_ng
* Switch container image
* Remove redundant |default
* Re-enable
* Update image
* Update wording
* Don't use pulp as the container name
Change:
- In certain situations, such as when the input string contains null
bytes (\0), syslog.syslog will throw a TypeError. Handle that and
fail_json instead.
Test Plan:
- New test
- ansible-test --docker centos[68] (for py2 and py3 respectively)
Tickets:
- Refs #70269
Signed-off-by: Rick Elrod <rick@elrod.me>
* Ensure not to remove existing packages while installing apt packages.
* Make all lines shorter than 160 characters
* Allow removing packages only when upgrading.
* Add integration tests
Change:
- Fix a UnicodeDecodeError in executor.module_common that could get
triggered with -vvvvv.
Test Plan:
- `ansible-test integration --docker centos7 module_utils -vvvvv`
This would show the error previously, and no loner does after this
patch.
Signed-off-by: Rick Elrod <rick@elrod.me>
In some usecases, we want to be able to clone a single branch
of a repository, without using --depth (which implies --single-branch).
* Use branch name when available
- update description of parameter
- consolidate branch or tag checking for easy reuse
* Add changelog
* Use static task imports rather than dynamic includes
* Add integration tests for single_branch
* Account for older versions of git
* Minor tweak to warnings
Co-authored-by: Laurent Coustet <laurent.coustet@clarisys.fr>
Co-authored-by: Sam Doran <sdoran@redhat.com>
Handle colon appearing in filename while parsing the mimetype and charset
using file command.
Fixes: #70256
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Test galaxy cli against pulp
* linting fix
* Renames and small fixes
* Better handling for resetting pulp
* Clean up some things, add a comment
* I can't spell
* Bump fallaxy, use alternate pulp image
* Only reset pulp when we're are executing against pulp
* Update for updated pulp container
* Update some comments with correct URLs and typos
* Linting fix
* Pin pulp-fedora31 to a digest
* Address review comments for documentation
* try to load unqualified plugins from whitelist
* necessary for backcompat loading of unqualified collectionized callback plugins redirected from <= 2.9 core
* also added de-duping from actual loaded name
* add tests
* add warning test
* group test script entries by topic
* shorten warning text grep because wrapping is dumb
* fix adhoc callback loading behavior
* collections pass over whitelist wasn't respecting `_run_additional_callbacks`
* adds regression tests for same
* avoid `grep -L` in tests since it breaks the world
* Validate ansible-base & collection's runtime.yml
Add new test `runtime-metadata`
* Schema validation of file
* Error if a a legacy meta/routing.yml exist in a collection
* removal_date OR removal_version
* Add tombstone validation.
* Allow both ISO 8601 date strings and datetime.date objects (from YAML dates).
* Address review comments.
* Add metadata to test collection.
* Add requirements file.
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Matt Clay <matt@mystile.com>
When using 'remote_src: yes' and 'mode: preserve', the code handling
the file modes has to be handled on the remote node because it's
the one that has access to the source files. This means that the
copy module itself must handle this, rather than the copy action
plugin (which is where all that logic exists). The copy module
handles this when we copy a single file over. But when it is a
directory as the src parameter value, the mode of the files
beneath it are not considered. Subdirectories are copied with
shutil.copytree() which will preserve permissions automatically.
Individual files are copied with shutil.copyfile() which does NOT
preserve permissions. We need to add some calls to shutil.copymode()
to correct that.
Note: This *always* retains individial file permissions. Specifying
a 'mode' other than 'preserve' when giving a source directory for
the 'src' param does not make sense so will be ignored in that case
only.
Fixes#69783
* Add changelog and test
* config: singular ANSIBLE_COLLECTIONS_PATH
Every other *_PATH setting in ansible is singular, and the traditional
$PATH variable is also singular despite containing a list of
directories. Let's be consistent both internally and with POSIX
tradition.
* update all ANSIBLE_COLLECTIONS_PATHS env references to be singular
* deprecate plural ANSIBLE_COLLECTIONS_PATHS setting
* Tag return value docs if they are a dict (and not str/None).
* Try to parse return docs as YAML.
* Properly dump return values in ansible-doc.
* Adjust plugin formatter.
* Add changelog fragment.
* Don't add 'default' for return values.
* Fix plugin_formatter.
* Only try to parse return docs if they are still a string.
* Add tests.
* Warn if RETURN cannot be parsed.
* Adjust tests. Also test for warning.
* if -> elif (otherwise EXAMPLE will be parsed too).
* Always parse return documentation, and fail if it is invalid YAML.
* Polishing.
* Mostly re-enable ansible-doc tests.
Listing from the local collection seems to be somewhat broken. I assume this
is why the test was disabled.
* Lint and make tests work with Python 2.
* Keep FQCNs in plugins (not modules), i.e. restore previous state.
* Support removed_at_date in ansible-doc
Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
Changes:
* ansible-doc does not support `removed_at_date` and assumes that
deprecated dict will either have `removed_in` or `version`. This
results in ansible-doc (and hence "sanity --test=ansible-doc")
failing for modules having only `removed_at_date`.
* This patch adds support for `removed_at_date` and also gives it
precedence over `removed_in` or `version`.
* Add tests and changelog
Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
Ensure the vcenter provider initialize the `module_defaults` of all
the vmware modules, not just `vmware_guest`.
The VMware CI relies on this for the authentication of the different
VMware modules.
The commit adjust `incidental_vmware_prepare_tests/tasks/init_vcsim.yml`.
The test-suite uses a copy of `vmware_guest` that is not in the
`group/vmware` group. As a result, we need to manually pass the
authentification parameter.
* ansible-galaxy - Fix role info when role is not installed
Only report the role not found if in offline mode, otherwise query the galaxy API
to get role information.
Fixes#69867
* Improve error message when role is not found in Ansible Galaxy
* Extra whitespace around imported playbook filename are stripped.
* Corrected call for display.deprecated
* Changed warning type & added test
* Added auto verification of raised warning
* More accurate warning message
* Only allow groups which were hardcoded in module_defaults.yml
only load action groups from the collection if module_defaults contains a potential group for the action
* Fix tests using modules that override those whitelisted in lib/ansible/config/module_defaults.yml
Third party modules should not be using group/ - use the action name instead
* add externalized module_defaults tests
add the missing group and collections
ci_complete
Co-authored-by: Matt Davis <mrd@redhat.com>
* changelog
ci_complete
* Fix import in tests
ci_complete
* Update with requested changes
ci_complete
* don't traceback since we don't validate the contents of module_defaults
ci_complete
Co-authored-by: Matt Davis <mrd@redhat.com>
* Allow to specify collection_name separately for deprecation.
* Use new functionality in Ansible.
* Use new functionality in tests.
* Update tagging/untagging functions.
* Update pylint deprecated sanity test.
* Update validate-modules. Missing are basic checks for version_added (validate semantic version format for collections).
* Improve version validation. Re-add version_added validation.
* Make sure collection names are added to return docs before schema validation.
* Extra checks to avoid crashes on bad data.
* Make C# module utils code work, and update/extend tests.
* Add changelog fragment.
* Stop extracting collection name from potentially tagged versions/dates.
* Simplify C# code.
* Update Windows modules docs.
* Forgot semicolons.
* Split out sanity test requirements.
* Run each --venv test separately.
This provides verification that the requirements for each test are properly specified.
* Use a separate requirements file per sanity test.
* Skip setuptools/cryptography setup for sanity.
* Eliminate pyyaml missing warning.
* Eliminate more pip noise.
* Fix conflicting generate_pip_install commands.
* Add changelog fragment.
* Make AnsibleVaultEncryptedUnicode work more like a string. Fixes#24425
* Remove debugging
* Wrap some things
* Reduce diff
* data should always result in text
* add tests
* Don't just copy and paste, kids
* Add eq and ne back
* Go full UserString copy/paste
* Various version related fixes
* Remove trailing newline
* py2v3
* Add a test that can evaluate whether a variable is vault encrypted
* map was introduces in jinja2 2.7
* moar jinja
* type fix
Co-Authored-By: Sam Doran <sdoran@redhat.com>
* Remove duplicate __hash__
* Fix typo
* Add changelog fragment
* ci_complete
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Auto unroll generators produced by jinja filters
* Unroll for native in finalize
* Fix indentation
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Add changelog fragment
* ci_complete
* Always unroll regardless of jinja2
* ci_complete
Co-authored-by: Sam Doran <sdoran@redhat.com>
* various deprecation, display, warning, error fixes
* Update lib/ansible/utils/display.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update lib/ansible/utils/display.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update lib/ansible/utils/display.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* cleanup, test fixes
* add collection name to deprecated() calls
* clean up redirect entries from uncommitted tests
* fix dep warning/error header text to match previous
Co-authored-by: Felix Fontein <felix@fontein.de>
Change:
- The `add_host` action now shows an accurate change status.
Test Plan:
- Added a plethora of integration tests.
Tickets:
Fixes#69881
Signed-off-by: Rick Elrod <rick@elrod.me>
* starting metadata sunset
- purged metadata from any requirements
- fix indent in generic handler for yaml content (whey metadata display was off)
- make more resilient against bad formed docs
- removed all metadata from docs template
- remove metadata from schemas
- removed mdata tests and from unrelated tests
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Rick Elrod <rick@elrod.me>
In the case of a free style strategy, it is possible to end up with
multiple hosts trying to include from the same role, however the tasks
being included may be different with the use of tasks_from. Previously
if you had two hosts that were included the same role when the
process_include_results function tries to determine if a included needs
to be run on a specific host, it would end up merging two different
tasks into which ever one was processed first.
This change updates the equality check to also check if the task uuid
associated with the IncludedFile is the same. The previous check only
checked if the task's parent uuid was the same. This breaks down when
both includes have the same parent.
- hosts: all
strategy: free
gather_facts: false
tasks:
- include_role:
name: random_sleep
- block:
- name: set a fact (1)
include_role:
name: set_a_fact
tasks_from: fact1.yml
- name: set a fact (2)
include_role:
name: set_a_fact
tasks_from: fact2.yml
- name: include didn't run
fail:
msg: >
set_a_fact didn't run
fact1: {{ fact1 | default('not defined')}}
fact2: {{ fact2 | default('not defined') }}"
when: (fact1 is not defined or fact2 is not defined)
Closes#69521
* do not return the body even if it failed
* add some tests for this and rebase
* import test task
* ignore_errors when fails
Co-authored-by: Jack Zhang <jack.zhang@aspiraconnect.com>
* Enable installing collections from git repositories
* Add tests for installing individual and multiple collections from git repositories
* Test to make sure recursive dependencies with different syntax are deduplicated
* Add documentation
* add a changelog
* Skip Python 2.6
* Only fail if no collections are located in a git repository
Add support for a 'type' key for collections in requirement.yml files.
Update the changelog and document the supported keys and allowed values for the type.
Add a note that the collection(s) in the repo must contain a galaxy.yml
* Add a warning about embedding credentials in SCM URLs
* Update with review suggestions
* suppress sanity compile failure for Python 2.6
Change:
Rather than only using config, have base connection plugins fall back to
play_context.
Test Plan:
- Tested ansible-connection logic against an IOS device
- Tested -k against a VM
- CI
Signed-off-by: Rick Elrod <rick@elrod.me>
* Track collection for version_added.
Validate *all* version numbers in validate-modules.
For tagged version numbers (i.e. version_added), consider source collection to chose validation.
* Make tagging/untagging functions more flexible.
* Tag all versions in doc fragments.
* Tag all deprecation versions issued by code.
* Make Display.deprecated() understand tagged versions.
* Extend validation to enforce tagged version numbers.
* Tag versions in tests.
* Lint and fix test.
* Mention collection name in collection loader's deprecation/removal messages.
* Fix error IDs.
* Handle tagged dates in Display.deprecated().
* Also require that removed_at_date and deprecated_aliases.date are tagged.
* Also automatically tag/untag removed_at_date; fix sanity module removal version check.
* Improve error message when invalid version number is used (like '2.14' in collections).
PR #66461 introduced a regression that resulted in an in correct block in the file
if the block to be inserted did not end with a line separator. Fix this bug and add
tests to cover this scenario.
Fixes#64966
* Fix "TypeError: splitlines() takes no keyword arguments" on Python2.7
* Add changelog fragment
* Don't use `grep -P` for BSD/macOS compatibility
* Fix sanity checks complaining about test fixtures with mixed line endings
* Update changelogs/fragments/66461-blockinfile_preserve_line_endings.yaml
Change:
Allows the user to configure sshpass (1.06+) to look for a different
substring than the default "assword" that it comes with.
Test Plan:
Set a custom ssh password prompt on a VM with PAM and tried connecting to
it. Without `ansible_sshpass_prompt` set in inventory: experienced hang.
With `ansible_sshpass_prompt` in inventory: connected successfully.
Tried setting `ansible_sshpass_prompt` with an older `sshpass` in PATH
and got a loud error, as expected.
Tickets:
Fixes#34722, fixes#54743, refs #11565.
Signed-off-by: Rick Elrod <rick@elrod.me>
* Allow to deprecate options and aliases by date instead of only by version.
* Update display.deprecate().
* Adjust behavior to conform to tested behavior, extend tests, and improve C# style.
* Parse date and fail on invalid date.
This is mainly to make sure that people start using invalid dates, and we eventually have a mess to clean up.
* C# code: improve validation and update/extend tests.
* Make sure that deprecate() is not called with both date and version.
* Forgot to remove no longer necessary formatting.
* Adjust order of warnings in C# code.
* Adjust unrelated test.
* Fix grammar (and make that test pass).
* Don't parse date, and adjust message to be same as in #67684.
* Sanity tests: disable date in past test.
* Validate-modules: validate ISO 8601 date format.
* Validate-modules: switch schema declaration for deprecated_aliases to improve error messages for invalid dates.
* Use DateTime instead of string for date deprecation.
* Validate that date in deprecated_aliases is actually a DateTime.
* Fix tests.
* Fix rebasing error.
* Adjust error codes for pylint, and add removed_at_date and deprecated_aliases.date checks to validate-modules.
* Make deprecation date in the past error codes optional.
* Make sure not both version and date are specified for AnsibleModule.deprecate() calls.
* Stop using Python 3.7+ API.
* Make sure errors are actually reported. Re-add 'ansible-' prefix.
* Avoid crashing when 'name' isn't there.
* Linting.
* Update lib/ansible/module_utils/csharp/Ansible.Basic.cs
Co-authored-by: Jordan Borean <jborean93@gmail.com>
* Adjust test to latest change.
* Prefer date over version if both end up in Display.deprecated().
Co-authored-by: Jordan Borean <jborean93@gmail.com>
* [yum] Make package removal confirmation strict
Change:
After removing packages, the yum module does a final check to ensure the
packages are really installed. The check would include packages that
were RPM `Provides:` values of another package.
This means that, for example, if a third-party kernel RPM spec had
`Provides: kernel` in it, removing the stock kernel would be successful
but the check to see if it was really removed would fail and cause
Ansible to report a failure.
Test Plan:
Tested on local CentOS 7 VM with kernel from elrepo which is known to
`Provides: kernel`.
Tickets:
Fixes#69237
Refs #35672
Refs #40723
Signed-off-by: Rick Elrod <rick@elrod.me>
* `meta/` directory in collections
* runtime metadata for redirection/deprecation/removal of plugin loads
* a compatibility layer to keep existing content working on ansible-base + collections
* a Python import redirection layer to keep collections-hosted (and otherwise moved) content importable by things that don't know better
* supported Ansible version validation on collection loads
* Fix `ansible -K` become_pass regression
Change:
- This fixes a breaking change introduced in
2165f9ac40
Test Plan:
- Local VM for now, with plans to add an integration test for -K going
forward.
Tickets:
Refs #69244
* fix delegated interpeter
* allow returning fact if it is 'the right host'
* added note for future fix/efficiency
as it stands we rerun discovery for the delegated host
unless its saving facts to itself
* fixed test lacking delegate_to mock
When mixed with the free strategy (or any custom strategy that does not behave in
a lock-step manner), the linear methodology of _wait_on_handler_results may cause
race conditions with regular task result processing if the strategy uses
_process_pending_results directly. This patch addresses that by splitting the queues
used for results and adding a flag to _process_pending_results to determine which
queue to check.
Fixes#69457
* Add multipart/form-data functionality
* Fix some linting issues
* Fix error message
* Allow filename to be provided with content
* Add integration test
* Update examples
* General improvements to multipart handling
* Use prepare_multipart for galaxy collection publish
* Properly account for py2 vs py3, ensuring no max header length
* Address test assumptions
* Add unit tests
* Add changelog
* Ensure to use CRLF instead of NL
* Ignore line-endings in fixture
* Consolidate code, add comment
* Bump fallaxy container version
* ci_complete
* Unify ansible-galaxy install -r
* Minor nit fixes for docs
* Re-align warnings
* Fix up integration test
* Fix up test where no roles/collections were in file
* fix delegation vars usage and reporting
- just pass delegated host vars + task vars to plugins
and avoid poluting with original host vars
- updated tests
Since Ansible 2.9.8, if the fileglob plugin is passed a path containing
a subdirectory of a non-existent directory, it will fail. For example:
lookup('fileglob', '/'): ok
lookup('fileglob', '/foo'): (non-existent): ok
lookup('fileglob', '/foo/bar'): (non-existent): FAIL
The exact error depends on Python 2 or 3, but here is the error on
Python 2:
AttributeError: 'NoneType' object has no attribute 'endswith'
And on Python 3:
TypeError: expected str, bytes or os.PathLike object, not NoneType
This change fixes the issue by skipping paths that are falsey before
passing them to os.path.join().
Fixes: #69450
Change:
Adds Fedora 32 to shippable and alters tests slightly for new Fedora.
Test Plan:
CI
Tickets:
Fixes#69230
Co-authored-by: Matt Clay <matt@mystile.com>
* Metadata defaults were not being set if only a few fields were missing.
* ansible-doc with no documentation and no status in metadata should
return empty, just like if there was no documentation and no metadata
at all.
* Do not pass file mode during recursive copy on symlink files.
The 'file' module cannot deal with mode=preserve. Do not pass that
mode to the module when 'preserve' is used.
* Fix changelog fragment filename
Change:
We were only testing dnf on RHEL previously.
Test on CentOS 8 as well.
Test Plan:
Ran locally in docker.
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
Extend the logic for custom error handling in the dnf module, so that on
newer DNF (such as DNF that ships with modern Fedora 31 container
images, and ships with RHEL 8.2) we report errors consistently with
older DNF.
Test Plan:
Ran dnf integration tests against an old Fedora 31 container image and a
brand new Fedora 32 container image; tess passed on both.
Signed-off-by: Rick Elrod <rick@elrod.me>
* Make sure collection is a list if a str is given
* Call field validation early on collections
Because we are doing work on modifying the collections value before
it is actually validated, we can validate it ourselves early to make
sure the user supplies either a string or list. Dicts are not valid.
The new validation allows us to simplify the _ensure_default_collection()
function. And since the field is now static, we no longer need to specify
a default for it, which also allows us to simplify the function. Since
the default is now removed, we can also remove the sanity/ignore.txt entry
for collectionsearch.py.
New unit tests are added (and the existing one modified) that allow us to
make sure that we throw a parser error if a user specifies something other
than a string or list for the collections value everywhere it can be specified.
* Revert removing the collection default
The default is actually used, so restore it.
* Fix unit tests in test_helpers.py affected by early collection validation
This patch covers a few changes to get the yum test case working on ppc64le
CentOS. Specifically we needed to enable the EPEL repository on CentOS
as well as ensure some of the architecture-specific tasks use the right
set of binaries during their test.
Currently if virtualenv_command has arguments, then the
search for the binary in the path does not work so the
user has to specify the full path to it.
To allow arguments to be used without having to specify
the path to the binary, we split the module argument into
the command and anything after the first space.
This makes using this module argument more flexible and
user friendly.
Fixes: #52275
Change:
Rather than hardcoding .pyo and .pyc, filter on all BLACKLIST_EXTS in
the non-legacy logic of PluginLoader (_find_fq_plugin). The two harcoded
extensions are part of BLACKLIST_EXTS already and this simply adds the
rest of the blacklisted extensions to the check.
In addition, check .endswith() instead of an exact match of the suffix,
like everywhere else that uses BLACKLIST_EXTS. This allows for
blacklisting, for example, emacs's backup files which can appear after
any extension, leading to things like `foo.py~`.
Test Plan:
Ran `ansible-playbook` against a collection where a `foo.py~` module was
getting executed instead of `foo.py` which also appeared in the same
directory. `foo.py~` is no longer executed.
Tickets:
Fixes#22268
Refs #27235
Signed-off-by: Rick Elrod <rick@elrod.me>
* Allow a collection role to call a standalone role by default. Fixes#69101
* tweaked changelog text
* Guard against NoneType
Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>
* update ActionBase._low_level_execute_command to honor executable
* adding changelog fragment
* renaming changelog fragment to .yml
* noop change to bump shippable
* adding raw_executable integration test
* copying aliases from raw
* removing blank lines
* skipping aix and freebsd
* noop to bump shippable
* moving tests to raw/
* removing become_method: sudo ; it doesn't work on AIX
* removing trailing blank line
* forcing become_method: su to try to get AIX to work
Co-authored-by: Rob Wagner <rob.wagner@sas.com>
Change:
New `cryptography` statically links an openssl that is too new for macOS
10.11, so limit to an older cryptography for now.
Test Plan:
Ran the test with `--remote osx/10.11` and it passed.
Signed-off-by: Rick Elrod <rick@elrod.me>
Change:
Adds some missing coverage for the copy module when `check_mode: True`.
Test Plan:
Ran test with --coverage and looked at the resulting report.
Signed-off-by: Rick Elrod <rick@elrod.me>
* Enable service integration tests for FreeBSD
Change:
Adds necessary rc file for freebsd, and gets tests passing for it.
Test Plan:
Ran test with `--remote freebsd/12.1` and `--remote freebsd/11.1`. Both
passed.
Signed-off-by: Rick Elrod <rick@elrod.me>
* Update test/integration/targets/service/tasks/rc_setup.yml
Co-Authored-By: Matt Clay <matt@mystile.com>
* fix up comment
Signed-off-by: Rick Elrod <rick@elrod.me>
Co-authored-by: Matt Clay <matt@mystile.com>
With https://github.com/pallets/jinja/pull/1190 merged our short-circuit
is no longer valid (has it ever been?) as now data like ' True ' may go
through our ansible_native_concat function as opposed to going through
intermediate call to Jinja2's native_concat before. Now we need to always
send data through literal_eval to ensure native types are returned.
* Testing: Add CentOS Linux On Power platform
* Add arch designation to remotes.
This avoids overloading the provider with the arch.
Also add a changelog entry.
Co-authored-by: Matt Clay <matt@mystile.com>
* ansible-galaxy - fix listing specific role
If the role was not in the first search path, it was reported as not found
* Properly display role description
Default to description to top level description, falling back to the description from within galaxy_info
* Display proper message when a role does not exist
* Add integration tests
* Use context manager
* BSD and macOS ruining all the fun
* subversion module - provide password securely with svn command line option --password-from-stdin when possible, and provide a warning otherwise.
* Update lib/ansible/modules/source_control/subversion.py.
* Add a test.
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Update docker.txt to use the OpenSUSE 15.1 container image
Signed-off-by: Rick Elrod <rick@elrod.me>
* handle installing mysql on suse
Signed-off-by: Rick Elrod <rick@elrod.me>
* add changelog fragment
Signed-off-by: Rick Elrod <rick@elrod.me>
* Update changelogs/fragments/ansible-test-opensuse-15.1.yml
Co-Authored-By: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* Update tests to use RHEL 7.8.
Keeping support for RHEL 7.6 since collections are still using it.
* Fix tests for RHEL 7.7+ due to extras repo name change.
* fixed fetch traversal from slurp
* ignore slurp result for dest
* fixed naming when source is relative
* fixed bug in local connection plugin
* added tests with fake slurp
* moved existing role tests into runme.sh
* normalized on action excepts
* moved dest transform down to when needed
* added is_subpath check
* fixed bug in local connection
fixes#67793
CVE-2019-3828
* Allow tasks to notify a fqcn handler name
* Add tests. Fixes#68181
* Add changelog fragment
* Add test to ensure handlers are deduped properly with fqcn, role, and just handler names
* Add some docs about new special vars
* Allow custom inventory plugins and cache plugins
If _load_name is not set correctly the cache plugin can't load the documentation (which is also the arg spec)
Fix the existing inventory plugin in the collections tests
Add integration tests for using a cache plugin in a collection
* Set the attribute on the instance instead of the class
Deprecate importing custom CacheModules directly - they should use the cache_loader
* Add some more test coverage for unarchive
This moves over (and slightly extends) coverage which was found in
incidental_flatpak_remote.
Signed-off-by: Rick Elrod <rick@elrod.me>
* add a group for testing too, user creation does not mean group creation on all platforms
Signed-off-by: Rick Elrod <rick@elrod.me>
* update the test group assert
Signed-off-by: Rick Elrod <rick@elrod.me>
* Fix style
Signed-off-by: Rick Elrod <rick@elrod.me>
* block/always
Signed-off-by: Rick Elrod <rick@elrod.me>
* fix vault tmpe file handling
* use local temp dir instead of system temp
* ensure each worker clears dataloader temp files
* added test for dangling temp files
* added notes to data loader
CVE-2020-10685
* Remove some unreachable code in the file module
Remove some cases in file.py which are covered by conditionals a few
lines earlier. Remove the duplicate code which will never be hit.
Signed-off-by: Rick Elrod <rick@elrod.me>
* Restore incidental file coverage from timezone module
Signed-off-by: Rick Elrod <rick@elrod.me>
* Combine two conditionals, add a changelog entry
Signed-off-by: Rick Elrod <rick@elrod.me>
* Make new test syntax consistent, add two stat tests
Signed-off-by: Rick Elrod <rick@elrod.me>
* Support pre-releases via new SemanticVersion. Fixes#64905
* Don't treat buildmeta as prerelease
* Don't inherit from str and int
* Add helper method to try and construct a SemanticVersion from a LooseVersion
* Don't count major 0 as pre-release, it's different
* Guard against invalid or no version in LooseVersion
* return a bool
* Add integration tests for pre-release
* Fix up lingering issues with comparisons
* typo fix
* Always allow pre-releases in verify
* Move pre-release filtering into CollectionRequirement, add messaging when a collection only contains pre-releases
* Update changelog
* If explicit requirement allow pre releases
* Enable pre-releases for tar installs, and collections already installed when they are pre-releases
* Drop --pre-release alias, make arg name more clear
* Simplify code into a single line
* Remove build metadata precedence, add some comments, and is_stable helper
* Improve from_loose_version
* Increase test coverage
* linting fix
* Update changelog
* Rename `tests` test to match plugin type.
* Rename `test_infra` test to avoid confusion.
This test target is not a test for test plugins.
* Rename `vars_prompt` test to avoid confusion.
* Update sanity ignores.
* Address compat issue for collection loading on py26
* Move import_module shim to utils for compat across the codebase
* Enable collection tests on py2.6
* Update changelog fragment
* Simplify code using sys.moduls
* Move compat to module_utils/compat/importlib
* Add back errantly deleted newline
* Remove hack comment
Co-Authored-By: Matt Clay <matt@mystile.com>
Co-authored-by: Matt Clay <matt@mystile.com>
* Create a dedicated windows-minimal test target.
The windows-minimal target is a copy of the win_ping test, taking the place of that test as the windows minimal test run on multiple python versions.
It includes a private copy of the win_ping module so it will work after migration.
This will keep tests passing during the migration prep process.
* Update sanity ignores.
* Split fallaxy tests into their own group.
This keeps expected pass/fail tests separate during migration prep.
* Move network tests down in matrix.
This will help keep pass/fail tests grouped together during migration prep.
* Group all incidental tests together.
This will keep pass/fail tests separate leading up to migration.
* win_timezone - Allow for _dstoff timezones
* Update win_timezone-Allow-dstoff.yml
* Added doc entry for new format
Co-authored-by: Jordan Borean <jborean93@gmail.com>
* Added nxos_lldp_interfaces module
* Linting
* Added RTT, resolved shippable errors
* Added new states
* New states edit
* Updated states
* Updated tests
* Show all interfaces in facts
* Test changes
* Added unit tests
* Linting
* Handled portchannel failing condition
* ansible-galaxy - optimise some paths and use fake galaxy int tests
* Added init, built, and publish tests
* Test against both mocked Galaxy and AH server
* Finish off writing the install tests
* Fix up broken tests
* Rename test target and add migrated tests
* Use cloud provider for Galaxy implementation
* Added blank static config
* Use correct alias group
* Set release version and fix copy typo
* Remove reset step as it is no longer needed
* Use sane env var names for test container name
* reworked sqs_queue
* Switch default purge_tags behaviour to false.
This matches the behaviour of ec2_tag and ecs_tag.
* Minor lint / review fixups
* Add missing AWS IAM policy for SQS tests
* Move integration tests to using module_defaults: group/aws:...
* add changelog
* Break out the 'compatability' map from our spec definition (gets flagged by the schema validation)
* Tweaks based on review
* add basic examples
* Lint fixups
* Switch out NonExistentQueue logic so it's easier to follow
* Reorder name argument options for consistency
Co-authored-by: Dennis Podkovyrin <dennis.podkovyrin@gmail.com>
Use PostgreSQL 9.5 on FreeBSD 12.0, and PostgreSQL 11 on FreeBSD 12.1 and 11.3 due to the Python packages having a dependency on that version of PostgreSQL and automatically uninstalling PostgreSQL 9.5.
* Use separate PostgreSQL versions for 12.0 and 12.1
* Allow passing through of (almost) all params available on boto methods in aws_api_gateway
* Linting and docs fixes
* Refactored method signature of create_deployment() to use keyword args instead of named args
* Updated version_added flags to 2.10
* Cleanup and improve aws_api__gateway integration test play. Also included new params into test.
* Fixed RETURN docs and some ttests
* Completed RETURN docs and made integration tests match
* Fixed variable names in test and YAML syntax in docs
* Comment out critical sections of integration test
* Fixed update test after figuring out what the error message means. Also updated error message to be more descriptive.
* Fixed test assertion
* Update docs and make tests reflect that endpoint type wont be changed on updates
* Syntax fix
* Add changelog fragment
* Improve aws_api_gateway docs, fix typos.
* Quote doc lines with colon
* AnsibleAWSModule related cleanup - s3_bucket
* Add extra information to s3_bucket timeout failures, it's possible the comparisons are doing something weird...
* Move Bucket Encryption boto support logic into the pre-flight checks
* Use the built in required_by logic
* Rework s3_bucket integration tests
* Add a retry around put_bucket_encryption
s3_client.put_bucket_encryption is occasionally dropped on the floor
by Amazon add some logic to retry s3_client.put_bucket_encryption call
* Catch OperationAborted and retry, it is caused by a conflicting change
still being in progress. (For example an Encryption setting applying)
* Make sure we don't explode if the botocore version's too old
* Review tweaks
* Cleanup tests
* Auto-Retry on ResourceNotFound and RequestInProgress exceptions
* Use AnsibleModule options for required_if logic
* changelog
* Remove (now) duplicate RequestInProgressException catching
* Allow a single retry when attempting to fetch the information about a cert directly after deleting it.
There is a small chance that it goes away while we pull the details.
* add key rotation option
* add changelog fragment
* provide version added as string
* change changelog to minor_changes
* Update changelogs/fragments/67651-aws-kms-key-rotation.yml
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* prevent key upgrade if key rotation was enabled manually. In that case, the key rotation would be disabled, if not mentioned in the playbook
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
Co-authored-by: Mark Chappell <mchappel@redhat.com>
* Initial copy of incidental network tests.
* Update incidental test aliases.
* Add incidental tests to CI.
* Rewrite module references in tests.
This should not be necessary once module redirection is supported.
* Rewrite target references for renamed targets.
* Add support collections for incidental tests.
* Add ignores for test support code.
* Remove echo used for debugging.
* fixed#47050
* added changelog fragment
* added quick and basic test
* Revert "added quick and basic test"
This reverts commit 75f4141656.
* added better tests
* now also creating files to copy on the remote
* removed tests for recursive copying which is not supported by remote_src
* sns_topic: (integration tests) Move the tests over to using module defaults
* sns_topic: (integration tests) Add test for behaviour of changed when using delivery_policy
* sns_topic: ensure "changed" behaves properly when managing delivery policies
- a delivery_policy isn't an IAM policy, so compare_policies didn't cope with it
- AWS automatically adds an additional option when you set an HTTP delivery
policy
* Parse the delivery policies so we can test the changes properly
* Update AWS policy to enable management of TargetGroups
* elb_target: (integration tests) migrate to using module_defaults
* elb_target: (integration tests) lookup the AMI by name rather than hard coding AMI IDs
* elb_target_info: (integration tests) finish rename of integration test role
* elb_target: (integration tests) rename various resources to consistently use {{ resource_prefix }}
* elb_target_info: (integration tests) Migrate to using module_defaults
* elb_target_info: (integration tests) Lookup AMI by name rather than hard coding AMI IDs
* Apply suggestions from code review
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
* elb_target: (integration tests) Remove the 'unsupported' alias
* Try bumping up the timeout
* Rules don't permit 'shippable' (resource_prefix uses this when run in shippable)
* Try bumping up more timeouts :/
* Avoid double evaluation of target_health assertion
* Simplify target_type usage a little (rather than constantly performing a lookup)
* mark elb_target tests 'unstable' for now, they're slow
Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
* cloudfront_distribution: (integration tests) Migrate to using module_defaults
* cloudfront_distribution: (integration tests) Use the ID rather than the alias
Using aliases requires providing a valid SSL certificate, as such we're not longer able to test using an arbitrary hostname
* cloudfront_distribution: (integration tests) Make sure we delete the test s3 bucket when tests fail
* cloudfront_distribution: field_level_encryption_id is now a mandatory field always add it
Setting the field to an empty string has the same effect as the original behaviour.
* Copy & Paste fixup
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
* Run Ed25519 and Ed448 tests for openssl_csr and openssl_certificate only if key generation succeeded.
* Make openssl_privatekey tests more robust: allow special key generation tests to fail with 'algorithm not supported' on FreeBSD.
These tests rely on the AWS S3 modules, but will not be migrated along with those modules into an AWS collection.
Since these tests will not reside in a collection alongside the modules under test they are being moved to the legacy tests directory.
The legacy tests directory will soon be migrated to a separate repository.
* Add x509_crl module.
* Add integration tests.
* Fix some errors.
* Fix inversion.
* Compare name instead of tpye.
* Fix fail_json() calls.
* Work around rename of serial_number attribute for cryptography 1.4.
* Don't die for non-cert loading errors.
* One more.
* Fix function call.
* Fixed/improved descriptions.
* Don't read issuer from certificate file.
* Allow to ignore timestamps.
* Default value for revocation_date.
* Update tests.
* Mention ignore_timestamps in update docs.
* Support privatekey_content, and require some options only if state is present.
* Allow to pass certificate in directly.
* Add tests.
* Fix required_if.
* Forgot to encode content.
* Forgot to adjust type.
* Allow to return CRL's content directly.
* return_crl_content -> return_content (as in #65400).
* Fix elements.
* Fix messages.
* Use required_one_of and mutually_exclusive instead of doing the checks by hand.
* Fix format.
* Skip tests on AIX.
* Fix typo.
* Fix DHCP support in win_dns_client + more
* Fix bugs and test failures, add changelog fragment
* Add idempotency tests for DHCP
* Address review feedback; dedup address-family code
* Remove legacy function
* Remove old reference
* Create ipwcli_dns.py
* add newline at the end
* Update after review and support AAAA
* Update lib/ansible/modules/net_tools/ipwcli_dns.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* add integration tests and change param user to username
Co-authored-by: Felix Fontein <felix@fontein.de>
* ec2_snapshot and ec2_snapshot_info test suite
* Add a fact to make tests easier to follow.
Test all return values, and add missing RETURN docs to module.
* bumped zabbix integration tests to be run against current LTS 4.4
* macros and tags tests for zabbix host + naming changes due to switch to zabbix 4.4
* Add AWSRetry decorator to ec2_vpc_nacl
* Also add a decorator to ec2_vpc_nacl_info to catch things like API rate limit errors.
* add double-removal integration tests to make sure things don't get too slow
* Fixup retry usage for _info
* Simplify changed logic when modifying a NACL
* tweak error message
* Fix for shared snapshot parameter
Fixing this bug:
`Unknown parameter in input: "IsShared", must be one of: DBInstanceIdentifier, DBSnapshotIdentifier, SnapshotType, Filters, MaxRecords, Marker, IncludeShared, IncludePublic, DbiResourceId`
* Updated documentation for shared snapshots
Tags can't get accessed for shared snapshots
* fixed indentation
* added test for shared snapshot
* fixed isPublic parameter to correct IncludePublic parameter
Co-authored-by: Oliver Kastler <oliver@realestate.co.nz>
This avoids confusion with tests named `inventory_*` which do not test inventory plugins.
Tests for inventory scripts are now prefixed with `script_inventory_`.
User can now specify tag and category using dict in vmware_tag_manager
module. This is useful when tag or category name contains colon.
Fixes: #65765
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Start adding ansible-galaxy collection list options
* Working list all collections and list a specific collection
* Nuke debugging cruft
* Use to_text to get a string of the FQCN for sorting
* Improve collection output formatting
- add header
- display collection name and version in separate columns
- width of columns is dynamic based on collection name and version length
* Make role list output match collection output list
- add header
- add columns for role name and version
- make column width dynamic based on name and version length
* remove debug statemnt and extra header
* Revert "Make role list output match collection output list"
This reverts commit a0b3db47bb3b198aafd34c1f1be5b6561af2f928.
* Add validate_collection_path function
Utility function for ensuring a collection target ends with 'ansible_collection'
* Use validate_collection_path
* Do not warn if a specific collection in found in any search path
* Fix extraneous warning and remove duplicate code
Do not warn when listing a specific collection and it does not exist
in other collection paths.
Restructure the code that loops through collection paths to remove
duplicate conditional code.
* Indicate role path was found
* Use new function name
* WIP Save Point
* Use separate functions for role and collection list
* Wrap error message
There may be a better way to do this besides hard coding a line break, but this
does make the message a lot more readable.
* Add validate_collection_path function (#66441)
* Add validate_collection_path function
Utility function for ensuring a collection target ends with 'ansible_collection'
* Fix bad syntax
* Correct docstring
* Bikeshed the names
* Properly list a single role
* Simplify _display_warnings()
Only display warnings. Move exception raise back to each caller.
* Move private methods to private functions
They don't need self, so it makes sense to have them as functions
Get rid of _display_warnings() function since it doesn't do anything worthy of
an independent function.
* Add integration tests for ansible-galaxy collection list
* Fix docs sanity test
* Fix bug where ansible_collections dir does not exist
The path may exist, but if there is no ansible_collections dir inside that path,
an exception was raised in find_existing_collections().
Add integration test for this scenario
* Put execute_list() method back
* Add some informational messages for debugging
* Add unit tests
Units tests for the various private methods in support of collection list
* Start adding unit tests for test_execute_list
* Display collection path when listing specific collection
* Add unit tests for listing all collections and specific collection
- Create fixture for creating test objects
- Add function for controlling os.path.isdir results
* Set defaults for minimum collection widths
Ensure that collections with small FQCNs display correctly.
Add unit tests
* Split up unit tests and fix fixtures
Add more fixtures for mocking objects during the specific collection tests
* Change help message for -p in list subcommand
Give accurate description of what it actually does rather than trying to use language shared between sub commands.
* Disable colorized output in unit test
* Add docs for collection list
* Fix integration test on macOS
The temp file path is really long on macOS, so the warning message gets wrapped
across multiple lines. That make seth grep fail. Switch to matching on a smaller
part of the warning.
* Recreate common path options for collections
Improve help about what the '-p' option does and how it works.
* Remove unnecessary elif after continue statements
* Account for duplicate paths in collections_searh_paths
If someone specifies the same path via '-p' that is the COLLECTIONS_PATHS,
do not list the collections twice.
* Docs updates
us-east-1e is sometimes picked at random, and has no support for
t3/m5 instance types, which breaks some tests.
Because availability_zones is returned in a consistent (sorted) order,
we should at least get either consistent success or consistent failure.
* win_package - Refactor with msp, appx support
* Added msi test for ALLUSERS
* Added some msix tests, refactored tests
* Added remaining msix tests
* Enable msix sideloading for tests
* Added remaining exe path tests
* Added basic msp tests
* Remove url options now the util no longer has them
* Fix file version check for older Windows hosts
* Remove no_proxy ansible-test setting
* Use same mechanism of become to copy the file with explicit creds
* Added Ansible.Service util and win_service_info
* Fix up util test
* Sigh forgot to update the test and fix sanity
* Try to make tests more robust
* That didn't work, just check the username
* Betraying Queen and country with this doc fix
* More changes for compat
* More OS compatibility
* AnsibleAWSModule related cleanup - redshift
* Apply a backoff on modify_cluster to cope with concurrent operations
* Add AWS 'hacking' policy to allow creation of Redshift ServiceRole
* Adding the retry policies makes the redshift test suite more reliable
Only one integration test target is supported per module. Since there is already a `mysql_replication` integration test, the `mariadb_replication` tests will not execute for the same module.
To avoid issues with tests not running on changes to the `mysql_replication` module and then failing after changes are made and all tests are executed, the test has been marked `unsupported` to prevent it from running in CI.
To re-enable this test for CI it will need to be merged into the `mysql_replication` tests, which will require working around conflicts between the packages required by the two sets of tests.
* Split up lookup integration tests.
* Rename lookup_paths integration test.
This will avoid confusing it for a test of the `paths` lookup plugin, which does not exist.
* Fix lookup_pipe integration test.
The test now verifies it receives the correct output.
Adding a second task also causes code coverage to be properly registered for the lookup plugin.
* Rename ini lookup test to match plugin name.
* Update sanity ignore path.
Modules and plugins can only have one integration test target associated with them.
When there is a conflict between alias(es) and/or the target name, only one target will trigger on changes to the module or plugin.
The test fails in the CI with a timeout of vmware_guest_tools_wait. It's
still unclear if this comes from:
- the ESXi environment
- the VM configuration, e.g: the amount of the RAM
- the ISO image itself
Ideally, we should have a light VM with the vmware-tools.
I didn't properly update the commit message via github UI. Revert, to
open a new PR.
This reverts commit 2794142eb3.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This looks to be causing issues for our new ansible.netcommon
collection. Revert for now, until we can properly address.
This reverts commit 53c7f8cbde.
Since https://github.com/ansible/ansible/pull/61006 `vmware_cluster_info`
exposes a new key called `hosts`. The deprecated module
`vmware_cluster_facts` keeps the previous behaviour, and so we must keep
its test-suite unchanged.
Add integration test
There are a number of other parameters that result in stack traces as well when this module is used ad-hoc. I'm not sure if we're interested in fixing them all since this module isn't meant to be run ad-hoc.
* Remove redundant use of ec2_argument_spec where we're using AnsibleAWSModule
* Use module.client() instead of the get_aws_connection_info/boto3_conn combo.
* AnsibleAWSModule handles 'HAS_BOTO3'
* Remove unused imports
* Update error message that lambda_policy integration test is looking for when the region's missing
* Revert redshift and s3_bucket
* Added integrations test for ecs_tag
Testing invalid cluster test for the expected message.
Add idempotency test is for adding tests to service and task_definition.
* throttle tests: fix detection of parallel execution
The test wasn't able to detect if too many workers were running.
On my laptop:
- without this change, the 'throttle' target takes ~20 seconds
- with this change, the 'throttle' target takes ~70 seconds
- 1 second isn't long enough to encounter the issue
* Fix throttle test when strategy is 'free' based
'free' strategy allows multiple tasks to be executed in parallel: use
one 'throttledir' per task.
Use 'linear' strategy with a dedicated play for cleanup/setup tasks
* throttle: reset worker idx before queuing a new task
* TestStrategyBase: define task.throttle
otherwise '1' will be used instead of the default value due to the
following expression being equal to '1':
int(templar.template(task_mock.throttle))
Co-authored-by: James Cammarata <jimi@sngx.net>
vmware_tag_info used to return dict of tag information which caused
data loss when there are multiple tags with same name and different category ids.
This fix will add additional fact "tag_info" which will deprecated existing fact
"tag_facts".
The "tag_info" is a list which handles multiple tags with same name.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
When HostVars are part of the data that goes through (de)serialization
when being passed from a worker process to the main process, its
variable manager reference loses some of its attributes due to the
implementation of __getstate__ and __setstate__ (perf utilization).
Since HostVars already has those attributes, use __setstate__ to assign
them.
Fixes#65365
Fixes#66549
The inefficiency improvement
https://github.com/ansible/ansible/pull/63713 introduced a bug where
`enablerepo` was not being honored if combined with
`disablerepo="*"`. This fixes that issue.
Signed-off-by: Adam Miller <admiller@redhat.com>
This commit address a problem in static mode, if the hostname change,
`host.name` value with change too. And as a result:
results['dns_config_result'][host.name]
will be initialized.
We now record the initial hostname first, and uses it as the key for the
results.
This commit also ensures hostname and search domain change are detected if
`instance.dnsConfig.dhcp` is true.
Finally, if we target a cluster, the `changed` result will depend on the
number of nodes.
By using a `rescue` block, we can potentially hide a really problem in the
block and return a success. This is a bit problematic for a functional
test.
* Add integration tests
* Handle error in _get_diff_data()
* Change to warning rather than error
* Also change failure to warning in assemble action plugin
* Adding documentation and integration test for the new module
* Correcting typo
* removed unused if else block
* changing error messages
* Addressed review comments
* resolving sanity error
* fixed typo in vmware.py
* Added support for datastore cluster
* adding state parameter instead of power on fixed few more review comments
* Documentation update
* Updating argument
For a refresh of the datastore list on the vcenter, this before we
check the present of the newly attached datastores.
A lot of tests depend on the presence of the DS, and this little
change allow us to save =~ 45s everytime.
- remove the unsupported alias
- refactoring
- move the hosts outside of the cluster to avoid any conflict with DRS
- import the `prepare_vmware_tests` role
- does not work with govcsim
While this does properly pass our testing for ansible/ansible devel
branch, it is currently breaking our collection testing for 2.10.
Specifically, this would mean ansible.netcommon would need to directly
import arista.eos or cisco.nxos collections, causing a circular dependency.
This reverts commit e266e5f8b6.
Some adjustments to be able to run the test-suite properly:
- Starts with the ESXi out of the cluster to be able to deploy the
VM on a proper host consistently
- Ensure the resource pool exists
- The resource pool is called `DC0_C0_RP1`, not `Resources`
- Avoid an exception if we try to move a non existing VM.
Put the test in the zuul/vmware/vcenter_2esxi group.
* Allow to not read content from file.
* Allow to feed content directly into _info modules.
* Allow to feed non-primary content into openssl_certificate, openssl_csr and openssl_publickey.
* Rename changelog.
* Bugfix of 65367: postgresql_query doesn't support non-ASCII characters in SQL files with Python3
* add changelog
* fix
* change changelog fragment, add example
* new connection plugin aws_ssm
Return code may be at the end of the last command output line.
Marking regex.
Ensure command status code is on it's owm line - last 3 lines are not part of command stdout.
* Adding timeout parameter - aws_ssm_timeout
Default 10 second timeout (https://docs.ansible.com/ansible/2.4/intro_configuration.html#timeout) is marginal.
This avoids changing this default and allowing the SSM timeout to be controlled via inventory.
This change wraps commands so commands which may never return do timeout.
* Added integration tests
Added AWS SSM Executor, target and config functions
Fixed more code for integration tests
Improved execution
Added S3 bucket name
Fixed pylint
Reverted lib changes
Reverted few more changes
Improved support for integration test execution
added ansible role for aws_ssm_integration_test setup and teardown and modifiled runme.sh
Reset to 17fa565 commit
inventory file location changed
change inventory file location
deleted meta and handlers folder as it is not required
deleted main.yml inside vars, removed extra space from tasks/main.yml, Added appropriate tags for ec2 and delete test folder as it is not required
deleted main.yml inside vars, removed extra space from tasks/main.yml, Added appropriate tags for ec2 and delete test folder as it is not required
modified task/main.yml
added region variable and fixed pattern for using variable
modified policy for IAM role
moved to first line of scrip set -eux
Updated Session Manager plugin installation
edited custme policy
Included tags for Session Manager plugin installation
Added README.md
Upddated README and added support for ssm-plugin for Amazon-Linux
Added Windows Integration test support
Improved user data for Linux
Added random value generation for the role and policy,delete vars_to_delete.yml
upadte README in vars
fixed typo
update policy
Updated IAM policy file
update playbook
Updated playbook to include ssm-agent userdata
modified jing2 template
modified jing2 template
modified jing2 template and fixed role deletion
fixed role name issue while deleting and task name
Updated playbook to include wait_connection for ec2
Corrected Synatx changes and updated ssm-plugin debian file
Changed region variable to us-east-1
Removed vars file and updated to /tmp dir
fixed typo
Improved setup
Fixed boto3 dependency
Fixed missing tag
Added boto as dependency as well
Improved execution workflow
Trying other way of defining tags
Fixed undefined var
Changed AMI ID to Amazon Linux
Improved Tags
Ok, created different directory for WIndows test execution
Fixed IAM Role Name for Windows
Fixed inventory not found
Improved integration test execution
Fixed Windows Inventory path
Fixed wrong Windows AMI ID
Fixes issue for windows test execution
* Don't attempt to terminate sessions without a session id.
* Added Unit test cases file for AWS SSM Connection plugin
updated test file with close
updated unit test file with start_session
updated test files
* Eliminate AWS CLI dependency for terminal session.
* Removing unused code, cleanup logic.
Reduce mark length - 52^26 should be plenty
Be explicit about subprocess.Popen options
Simplify if/else for mark end
_stdin_readline is not used now
* updated test file
Added exec command and fixed close session unit tests
updated test files
Improved ansible ssm test command
updated file for lint checks
updated for pylint checks
New Unit_testcases for pre-signed URL file
removing additonal spaces and white spaces
remaning error changes
fixed changes
fixed spaces issues
python 2.7 version and whitespaces
python 2.7 version and whitespaces
python 2.7 skip if
space issue with 16:1
Unit test cases for windows and linux
Unit test cases for windows and linux with issues fixed issues
Unit test cases for windows and linux with issues fixed issues1
* Added support for S3 Pre-signed URLs
* Updated documentation and comments
* Documentation and curl dependency removal for controller machine
Fixing lint errors and removing requirements.
* Adding support for Windows remote EC2 instances.
* Added Encoding fixes
* Updating author section and adding obvious requirement for the SSM agent.
* Refactor stdout post processing
Attempt to get real return code on error (test using ansible -m raw -a 'cmd /c exit 99'.
Fixes problem at terminal width (ansible windows -i ./hosts.yml -m setup).
* Refactor back to a single module.
* Fixed fetch file for windows
* ssm usage examples for linux and windows
* Update aws_ssm.py
Service state corrected.
* Strip line continuation when at terminal width - otherwise replace.
Strip ANSI control sequences only for Windows.
Test playbook:
---
- name: test
hosts: windows
gather_facts: False
vars:
small: 'abc'
tasks:
- name:
set_fact:
large: "{{ lookup('password', '/dev/null length=2000 chars=ascii_letters,digits,hexdigits,punctuation') }}"
- name: small fixed
raw: echo '{{ small }}'
register: small_result
changed_when: False
- name: check
assert:
that:
- "(item | length) == (small | length)"
- "item == small"
msg: "'{{ item | length }} must equal '{{ small | length }}' and '{{ item }}' must match '{{ small }}'"
with_items:
- "{{ small_result.stdout_lines[0] }}"
- name: large random
raw: echo '{{ large }}'
register: large_result
changed_when: False
- name: check
assert:
that:
- "(item | length) == (large | length)"
- "item == large"
msg: "'{{ item | length }} must equal '{{ large | length }}' and '{{ item }}' must match '{{ large }}'"
with_items:
- "{{ large_result.stdout_lines[0] }}"
- name: gather facts
setup:
* Correct module parameter names.
* Updated Windows Executable variable.
Updated Windows Executable variable to "ansible_shell_type".
Fixing Examples with raw declaration
Updated the plugin timeout variable.
* Fix to work with dynamic inventory plug-in
* IntegrationTest template updates
* Removing unsupported flag for integration tests.
Fixing unit test.
* Adding shippable group.
* SSM Usage examples with dynamic inventory plugin
* Fixing yamllint errors.
* Fixed Integration tests
* Fixed Integration tests
* Updates for python3.
Removing python3 restriction.
* Remove python3 restriction.
Change block from retry to always
* Fixed Integration tests with Python 3
* Fixed shellcheck
* Fix for Windows which could pick up end mark prematurely
Move debug to _wrap_command and use a single return point
Single-quotes not needed around linux marks
Fix typo in comment
End mark to new command.
* Unit test cases now works on Python2 and Python3
* Skip tests on Python 2.6
* Fix for wait_for_connection module for windows.
* Updated changes as per review comments
* Fixing broken pipe error seen with session-manager-plugin version 1.1.17.0.
Eliminating sleep as this looks to be fixed in session-manager-plugin version 1.1.17.0.
* Adding back delays for Windows with session-manager-plugin 1.1.17.0.
* Updating Windows AMI ID for integration Test
* Upgrading windows ssm agent to the latest
* Adding boilerplate code.
* Windows ami and integration test updates
* Revert "Windows ami and integration test updates"
This reverts commit cd6ca3579b7cda584bd9c065f9c0835bddb23627.
* Updating windows ami for Integration tests
* Integration test suite updates and fixes.
* Updates and fixes
* Eliminate duplicate processing for exit code on failed command.
* Add powershell wrap.
* Refactor windows post_process.
* AMI Lookup, aliases, OSC filter, test suite updates
Co-authored-by: Gaurav Ashtikar <gau1991@gmail.com>
Co-authored-by: Deepak Choudhary <40276333+deepsvc@users.noreply.github.com>
Co-authored-by: Hanumanth <46720371+hanumantharaomvl@users.noreply.github.com>
Co-authored-by: KUMAR MAYANK <mayank@flux7.com>
* (WIP) nxos_l3_interfaces: fix states, add new minor attributes
* sa cleanup
* more regression fixes
* test_8 for add'l code coverage
* Fix regressions to handle mgmt w/o IP
* add 'no system default switchport' to regression setups
* add err msg to terminal_stderr_re so that cli_config will catch L2 failures
* regression test change: /int4/int3/
* Add default rsvd_intf_len for Zuul CI
* Fix replaced-with-no-ipaddr and ip redirect issues
This was previously removed in PR ##60083 but was added again in
PR #61257. This will cause a lot of things to fail if it is uninstalled
during cleanup after the test role, which is why it was originally removed
from the test.
* Add final commits
* End of night commit
* Add further tests
* What is this doing here?
* Remove file from commit
* Change os check
* Change version check
This avoids installing dnf-plugins-core, which breaks the yum and dnf modules
when uninstalling packages using a wildcard after they have already been removed.
This should resolve issues with the yum integration tests failing after docker tests run.
Ensure we already create the `test_vm3` VM in the `{{ f0 }}` directory.
This to be sure the teardown playbook will be able to clean it up at the
end. This to avoid problem like this one:
```
Multiple virtual machines with same name [test_vm3] found, Folder value is a required parameter to find uniqueness of the virtual machine
```
* Add test for reboot & wait_for_connection
* Add test for ios
* Collection-proof block test
* Add junos test
* Don't try to evaluate cli context unless using the connection
* Prevent infinite recursion
* #42292 first draft.
* fix some documentation
* use snake dict keynames
* return metric filter variable
* rework documentation
* try to fix documentation. fix condition when defaultValue is 0. update version string
* fix intenion, syntax and undefined
* try solve state documentation
* define type for state in doc
* rework integration test and fix minor typos
* add defaults for integration test
* update documentation, integration tests, and return value
* fix code formatting and documentation
* irgnore errors in ignore block
* Update lib/ansible/modules/cloud/amazon/cloudwatchlogs_log_group_metric_filter.py
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
* add options to metric_transformation
* fix pep-8
Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
* Add support for timeout while waiting for state.
* Allow to limit removal wait time.
* Add changelog.
* Forgot version_added.
* Add some check mode tests.
* Use removal_wait_timeout in tests.
* Parse Healthcheck.StartPeriod properly
* Add changelog fragment
* Use proper markup in changelog
Co-Authored-By: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix multiple subnet (of same IP version) idempotence for docker_network.
* Add changelog.
* Unit tests no longer make sense, since the part of the code they test has been removed.
* Re-add CIDR validation. Move it to better position (module setup instead of idempotence check).
* Update changelog.
* Only run new tests on VM test images.
* Actually do what is documented. Especially since an empty object is a valid value for aux_addresses.
* Fixed issue 64479 with lambda_info module
* Added integration tests for lambda_info module
* Moved lambda_info tests into already existing aws_lamda testsuite for easier test setup.
Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
* Move ec2_vpc_net tests to group1, group2 is running much longer
* Allow for VPC CIDRs to be "associat*ing*", things in AWS are "eventually consistent" and occasionally take longer than we would like
elb_network_lb.py: allow UDP and TCP_UDP protocols
- Fixing documentation
- Add support to UDP and TCP_UDP as described on AWS SDK
elb_target_group.py: allow UDP, TLS, TCP_UDP proto
- Fixing documentation
- Making health checks with response codes and paths only in HTTP/HTTPS
- Allow UDP, TLS, TCP_UDP protocols as described on AWS SDK.
others:
- Added changelog fragments
- Integration test
Fixes: #65265
Signed-off-by: Alexandre Mulatinho <alex@mulatinho.net>
* free strategy - include failed hosts that were notified so --force-handlers is used
* trim line length a bit
* Loop over the force handler tests with the strategies linear and free
* rename changelog
* Use the play iterator instead of TQM for accurate failure representation in blocks
* Remove hack in a backwards compatible way for 3rd party plugins
Some teardown tasks are now enabled only if we have ESXi in the configuration
file. On my system and in a vcenter only scenario, `vcenter_folder` goes from
42.7 to 31.2s.
* Fix copy/pasta for ecs_ecr test names
* Add support for lifecycle policies to ecs_ecr
New feature for ecs_ecr to support [ECR Lifecycle Policies][].
Fixes#32003
[ECR Lifecycle Policies]: https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html
* Improve error message for ecs_ecr parsing errors
Replaces the exception and stack trace with a description of what's
actually going wrong from a user perspective.
* Rename delete policy to purge policy
Marks the `delete_policy` parameter as deprecated, to be removed in
Ansible 2.6.
* Add version_added to purge_policy
* Remove changing results based on verbosity
What I really want is --diff support, and changing results based on
verbosity is abnormal.
* Ensure repository name is lowercase
* Fix deprecation cycle to 4 releases
* Use a YAML anchor for credentials
* Remove filters from assertions
* Add minimal permissions needed
* Updating version_added and deprecation cycle
The original PR sat while a few releases happened.
* Bumping version added and deprecation version
We missed the 2.8 release.
* Removing bare except:
This is not allowed and is generally bad practice.
* Fix lint errors
* update ansible release metadata
* Use the new alias deprecation scheme
This was added in the time the PR has been in development, so rework
things to use it.
* Add test coverage
This makes sure that lifecycle_policy is produced when passed in.
*Also a minor suggestion for simplification from PR.
* Restore changes from 62871 lost in rebase
* Add changelog
* Remove version_added for new purge_policy option
Per sanity test fail.
* set supports_check_mode=True
I don't see any reason why this module cannot run in check mode. The following API calls are made, none of which modify configurations
All using boto3.client('cloudformation')
describe_change_set
describe_stacks
describe_stack_events
get_paginator
get_stack_policy
get_template
list_change_sets
list_stack_resources
* duplicate cloudformation_info tasks with checkmode
Duplicated all existing cloudformation_info tests and added check_mode: yes to them
* delete duplicate empty line
* Move new Ansible cli options '--ask-vault-password' and '--vault-pass-file' to the existing calls to add_argument
* Add changelog fragement
* Change order of ansible cli arguments to use --ask-vault-password and --vault-password-file by default
* Update runme.sh in vault integration tests to test new options --ask-vault-password and --vault-pass-file
Rather than silently processing extra_vars filename without @ sign,
CLI now fails with appropriate warning about requirement.
Fixes: #51857
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Run ec2_instance tests in parallel
* Make sure we spin up the iam_instance_role instances in the dedicated VPC
* Rework a little to only build one VPC while still running in parallel
* Start running the tests within shippable
* We only use setup_remote_tmp_dir for the version_fail tests, so only set it up once
* Make sure we clean up if we fail during Environment Setup
* Add a warning about running in parallel
* Minor review tweaks
* Remove unused file
* cloudformation_info updates
Add ability to retrieve stack change sets
Update module to use AnsibleAWSModule
Update backoff to use new decorator style
Updated exceptions to use fail_json_aws
Converted outputs to snake_case where appropriate, for cloudformation_info only to preserve cloudformation_facts functionality.
Unconverted keys are stack_outputs, stack_parameters, stack_policy,
stack_resources, stack_tags and stack_template
* cloudformation_info updates
Add ability to retrieve stack change sets
Update module to use AnsibleAWSModule
Update backoff to use new decorator style
Updated exceptions to use fail_json_aws
Converted outputs to snake_case where appropriate, for cloudformation_info only to preserve cloudformation_facts functionality.
Unconverted keys are stack_outputs, stack_parameters, stack_policy,
stack_resources, stack_tags and stack_template
* Adding integration tests
* Remove unneeded debug statement
* Add myself to Authors
* rename stack-name to match iam policy limits
aws-terminator permission for cloudformation have the following resource
Resource: arn:aws:cloudformation:us-east-1:{{ aws_account_id }}:stack/ansible-test*
updating test stack name to match
* removing .orig file from rebase
* fix stack name, underscore not allowed
* rename integration testsuite to cloudformation
rename per request
* add resource_prefix to resource names
* prefix stack name with ansible-test
IAM policy in aws-terminator requires the stack name to begin with ansible-test
* add single quotes around variable in test
* fix test for display name
mistakenly updated when changing topic_name to use resource_prefix. The test is to check the display name, which is what the stack update changes
* fix value to display name test
* rename main.yaml to main.yml before rebase
* Merge tests with #65643
remove uneeded files
using tests from #65643 with added check to validate changeset is present in info when requested
* fix assert on chageset check
* remove trailing blank line
This allows to group tests by connections, which allow us to disable
local connection testing in collections for the moment.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
* win_cert_stat initial commit with tests
* documentation fix.
first attempt windows server 2008 compatibility
* add formatted dates
removed debug tests
* make choices generic list
* return a list of certificates
use .net x509 store instead of PS cert provider
* fixed tests file
* fix timestamps returning null
* rename to win_certificate_info
* rename tests win_certificate_info
* return certificates as a sorted array
open the store with readonly privileges
* extensions always returned as an array
* Simply sorting of Windows files below other plugin types
Using the sort method with a custom key function uses less memory than creating multiple lists then joining them.
This seemed to be an acceptable use of a lamdba, even though I geneally try to avoid them.
* Fix sorting of plugins inside of collections
Explicitly sort Windows files below others, mimicking what we do in plugin/loader.py
* Add documentation about ansible.builtin and ansible.legacy
Also document to the two different methods used for searching based on the candidate type.
* Add changelog
* Add integration test
* Update comment with expected sort order
* adding the modules to /nxos/storage/ folder
* fix pep8 stuff
* fixed provider specific information from doc
* Fix integration tests
* Added tested against note
* Review comments
* added assertions for the commands sent in the integration tests
interface.port should be a string to be able to use macros in that
value.
This fixes the case when interface.port is a macro (eg.: "{$MACRO}" and
force=false.
Because, until now, setting the interface.port to an integer was the correct way to work with force=false, a type validation has been added
to that parameter.
Previously, if a string was used for interface.port, it was converted
to an integer, the comparison didn't work (if interface not in interfaces)
and the module tried to register the same interface twice, returning an
error.
Zabbix API manual specifies that only 'main, 'type', 'useip' and 'bulk'
are integers.
https://www.zabbix.com/documentation/current/manual/api/reference/hostinterface/object
Tests are changed to use always str in the interface.port.
Two new tests are added.
The first one is to show that now registering a host with force=false and
a macro in interface.port works.
The other one tests that interfaces defined using string for port are
compared correctly when force=false is used. Previously it was
a comparison between int and str, interfaces were seen as different
and an error was thrown because we were trying to create twice a main
interface.
* Try to kindly convert interface port to the string
As suggested, the previous behaviour could break current configurations. This solution accepts integers and strings.
Co-Authored-By: Dusan Matejka <D3DeFi@users.noreply.github.com>
* adding prefix-list to ios_bgp
* adding prefix-list to ios_bgp
* Fix copy-paste bug in test
* Adding neigbor 10.10.20.20 to global neighbor pool
* Added prefix_list_in and _out to documentation
* Rewrite bgp prefix_list test
* Bugfix in yaml data
* More test, assert neighbor 10.10.20.20
* Fix nxos_file_copy option value path validation
* Modify `local_file`, `local_file_directory` and
`remote_file` option type from `str` to `path`
so that the option value is validated in Ansible
for a legitimate path value
* Fix review comments
* Add tags to ecs_task
remove older reference to credentials
* uncomment shell commands to enable/disable account settings
* Fix documentation and pep8 issues
* fix review items for ecs_task tags
use missing_required_lib for tags
change fail_json message to suggested message
switch from task_tags to tags for consisitency
* Add import for missing_required_lib function
* Tidy put-account-setting tasks and add permission
Using `environment` and `command` rather than `shell` avoids the
need for `no_log` and means that people can fix the problem
* update version added for ecs_task tags
* fix tests after removal of ansible_facts from ecs_service_info, add delay when service is still draining
* Add documentation for sanity tests
* nxos_interfaces: RMB state fixes
* shippable fixes
* Add add'l comments per review
* fix long line
* Fix mode/enabled system defaults handling
* fix N3L test skips
* lint
* test updates for titanium images
* doc fix
* Converted ec2_metric_alarm to boto3. Added treat_missing_data option.
* Handle potentially non-existent alarm keys in ec2_metric_alarm module
* Add treat missing data to ec2_metric_alarms wth some tests
Continues the work of #23407
* Clean up ec2_metric_alarm main test playbook
* fix test suite and sanity checks
* more fixes for sanity tests
* fixes to ec2_metric_alarms requested in code review
* import ClientError from botocore, catch generic ClientError
* more fixes from review
drops extra dict in argument spec and set_facts for aws access
* Fix pep8 blank line issue
* switch to fail_json_aws, add idempotency test
* fix under indented continuation
* remove unsupported alias
* Add group to ec2_metric_alarm aliases
* Put alarm prefix before resource prefix to match aws-terminator pr 63
* Add type for treat_missing_data
User can specify associable object types while creating the categories.
VMware API does not allow to modify associable object types after creation of
category.
Fixes: #61220
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This should cut down about 1hour worth of test time, due to not looping
over the set_fact functions more then 60 times.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
* add module aws_step_functions_state_machine_execution
* AWS step functions tests - Use module defaults
* Return all attributes from aws api calls as ansible task output
* aws_sfn - make start and stop execution idempotent and fix check mode
* aws sfn - use build_full_result method of the paginator
* aws sfn - remove changes made to help with local debugging
There is no longer the need to warn on password, it is not supported any
more.
Update nxos_user tests not to purge current SSH user for nxos, otherwise
we loose access for testing.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Fedora 31 tests are failing due to a missing packages error. I am unable to duplicate this issue when running locally, so it is possibly an issue with a mirror that is being used when run from Shippable
* Use correct var, move cleanup for async
* Add changelog and tests. Fixes#65393. Fixes#65277.
* Kill off all long running async tasks from listen_ports_facts
* Update task to work with older jinja2
Depends-On: ansible/ansible-zuul-jobs#253
We cannot run the following tests without any ESXi host:
- vmware_drs_rule_info
- vmware_drs_rule_facts
- vmware_host_acceptance
- vmware_host_active_directory
- vmware_host_powerstate
* Don't return module error when mysql_connect fails (#64560)
mysql_user expects an Exception when using check_implicit_admin.
* Adds integration tests for mysql_user check_implicit_admin (#64560)
* win_find - refactor to make more performance and use newer style
* win_find - refactor for performance improvements and alignment to find
* More path alignment to find
* Fix yamllint error
* win_auto_logon - check, diff and store pass in LSA
* Ensure baseline keys are set for test
* Skip remove item prop on check mode due to win bug
* Start at a cleared baseline to ensure old LSA secrets are cleared
* add new modul
* correct password var
* fix for linting issues
* add return values documentation
* linting fixes
* Get tests working and simplify a bit
Add the `vmware/scenario/vcenter_only` alias to be able to identify the
vmware test roles that can be tested with just on vcenter instance.
Also, add a check to be sure we don't try to attach ESXi hosts if none
has been defined.
* win_description Module
Module to change Windows description and Windows license owner information.
* LiteralPath updated
changed -path to -LiteralPath in the script
* Version and metadata_version
version_added updated to 2.10
Metadata_version set to 1.1
* version updated
version_added changed to '2.10'
* Changes based on feedback
* removed some redundant checks
* Rename win_description.ps1 to win_computer_description.ps1
* Rename win_description.py to win_computer_description.py
* Module name change
* Integration tests added
* added aliases file
* Change compatibility from 2008 to 2008R2
* Update aliases
* win_data_deduplication initial commit
* Ansible version added bump
* integration tests
* missing aliases
* Fixing documentation
* license and metadata
* documentation formating
* removing win_format ref
* documentation fixes
* trailing whitespace
* Fixing more documentation :(
* missing return
* documentation cleanup
* align copyright with doc
* indentation fixes...
* updated examples
* ignore meta and future for python doc
* removing when
* use Get-PSVolume
* Get-Volume not PSVolume
* missing updated var
* updated old drive refs
* make sure that the T drive is formated as NTFS
* path and drive_letter are exclusive
* idempotence test fix
* changing task order + reboot timeout
* implementing the requested changes to the code
* updating documentation to reflect code changes
* simplifying tests
* missing feature install before running the tasks
* pslint trailing whitespace
* putting old tests back
* missing win_format
* skip windows 2012
* Fixing message for OS check
* pass settings and dedup_job variables
* Removing unnecessary module
* logic issue
* replacing tabs with double space
* documentation fix + removing tabs
* Update documentation with recent changes
* Apply changes requested
* switch feature install with partition format
* replace tabs with spaces
* trailing whitespace
* we don't need those ignores anymore
* minor fixes
* updated test to match latest code changes
* removing dedup job task
* adding check mode yes test
* fixes for check_mode support
* updating examples in documentation
* wrong indentation for check_mode in tests
* convert indentation to spaces
* -not $check_mode
* removing unneeded spec in documentation
* Switch to Ansible.Basic
* 2.9 is already gone, so let's add this module to 2.10...
* removing useless else condition
* updated documentation
* fixing specs and removing useless try/catch + fix exit/fail
* spaces indentation
* $null check is actually needed if volume never had dedup
* Missing check_mode update
* removing required for default state in documentation
* converted tabs to spaces
* win_share - Implement append paramtere for access rules
* changed fragment
* add test
* missing bracket
* removed whitespace
* Wrong number of lines
* Forgot the actual new parameter in the test
* community review
* Change option names
* version update
* Update tests.yml
* Add idempotence to rule_action: add
* add win_initialize_disk module
* Add ability to specify disk by path or uniqueid
* Fix documentation
* fix shippable failures
* Update anisble version
* Slight tweaks to the documentation
* Small documentation fixes
* Ensure `allow_duplicates: true` enables to run single role multiple times(#64902)
* Changed return value in `_load_roles` . Fixes#64902
* Add changelog fragment
* Add an integration test for the issue
* Fix changelog generation error and integration test.
* Fix yaml syntax error in changelog fragment
* lightsail - Use AnsibleAWSModule
- Use AnsibleAWSModule
- Refactor the logic for wait into a separate function (Fixes#63869)
- Handle exceptions in find_instance_info and add a fail_if_not_found parameter
- Add a new state `rebooted` as an alias for `restarted`. AWS calls the action Reboot.
- Add required_if clause for when state is present
* lightsail - Use the default keypair if one is not provided
* lightsail - add a required_if for when state=present
* Update short description for lightsail module
* The ssh key may be created manually prior the task execution with a
passphrase. And the task will be executed on the same key.
* The ssh key may be broken and not usable.
The module will check the private key and if the key is password
protected or broken, it will be overridden.
The check of the ssh key performed by retrieve the public key from the
private key.
Set the "self.force" check before the "isPrivateKeyValid" check.
In case of any issue with the "isPrivateKeyValid" function, the user
will be able to force the regeneration of the key with the "force: yes"
argument.
* ufw: escalate privileges in integration tests
A few of the integration tests for the UFW module forgot to `become`.
This is problematic if the test suite is executed as a non-privileged
user. This commit amends that by adding `become` when appropriate.
* ufw: add unit tests for direction and interface
Extend the unit tests for the UFW module to test the `direction` and
`interface` parameters. This will help in the implementation of a fix
for issue #63903.
* ufw: add support for interface_in and interface_out
The UFW module has support for specifying `direction` and `interface`
for UFW rules. Rules with these parameters are built such that
per-interface filtering only apply to a single direction based on the
value of `direction`.
Not being able to specify multiple interfaces complicates things for
`routed` rules where one might want to apply filtering only for a
specific combination of `in` and `out` interfaces.
This commit introduces two new parameters to the UFW module:
`interface_in` and `interface_out`. These rules are mutually exclusive
with the old `direction` and `interface` parameter because of the
ambiguity of having e.g.:
direction: XXX
interface: foo
interface_XXX: bar
Fixes#63903
* Elevate privileges for luks_device integration tests
Several tests in `key-management.yml` don't `become` before executing,
despite needing elevated privileges. This commit fixes that.
* Add passphrase support for luks_device
Previously, the luks_device module only worked with keyfiles. The
implication was that the key had to be written to disk before the module
could be used.
This commit implements support for opening, adding and removing
passphrases supplied as strings to the module.
Closes#52408
* adding encoding dump/import support for the mysql_db module, with updated documentation, and full test suite
* fixing lint issue test #3
* fixing lint issue test #1
* fixing lint issue test #1 second time
* Improving Test to be re-entrant
* improving test to not fail on centos/6
* Update test/integration/targets/mysql_db/tasks/encoding_dump_import.yml
Comminting suggestion
Co-Authored-By: Benjamin MALYNOVYTCH <bmalynovytch@users.noreply.github.com>
* Update test/integration/targets/mysql_db/tasks/encoding_dump_import.yml
comminting suggestion
Co-Authored-By: Benjamin MALYNOVYTCH <bmalynovytch@users.noreply.github.com>
* adding comment
Adding comment to explain test strategy
* Update test/integration/targets/mysql_db/tasks/encoding_dump_import.yml
Co-Authored-By: Benjamin MALYNOVYTCH <bmalynovytch@users.noreply.github.com>
* Update test/integration/targets/mysql_db/tasks/encoding_dump_import.yml
Co-Authored-By: Benjamin MALYNOVYTCH <bmalynovytch@users.noreply.github.com>
* Update test/integration/targets/mysql_db/tasks/encoding_dump_import.yml
accepted
Co-Authored-By: Andrey Klychkov <aaklychkov@mail.ru>
* Update test/integration/targets/mysql_db/tasks/encoding_dump_import.yml
Co-Authored-By: Andrey Klychkov <aaklychkov@mail.ru>
* Update encoding_dump_import.yml
* Fixing typoo
Lookup 'first_found' returns empty list which results in
raw_params checking. Check NoneType for 'raw_params' before
proceeding.
Fixes: #64939
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Allow updating of ec2_group rules with EC2 classic ELB targets
Fix regression introduced in #45296 with EC2 Classic SGs
Fixes: #57247
Also add (unsupported) ec2 classic test suite with test case for this scenario
* move ec2 classic tests to conditional within ec2_group target
* clean up ec2_classic tests
* ec2_classic account can't run most ec2_group tests
* Fix cli context check for network_cli connection
Fixes#64575
* Check cli context for network_cli connection
at the start of new task run only.
* Pass task_uuid around to identify start of new task run
* Handle for local connection
* add win_compact module
* fixed line endings
* fix documentation
* Use cim method instead of wmi method
* renamed to win_file_compression
added single file support
added force option to avoid traversing large directory structures
* fixed end of file
* fixed renaming.
bench test still had win_compact as a module
* Removed more NTFS references and slight test tweaks
* Inventory CLI - Ignore settings for when vars plugins should run and just always run them
* Add note to porting guide
* Fix loading vars plugins
* changelog
* Remove a staging test for ansible-inventory since it ignores that setting
* docker_swarm_service: Sort lists when checking for changes
When two lists are checked for changes in this module, the lists are
reported changed when the order of the items is different. This PR
resolves this issue.
* docker_swarm_service: Minor typo fix
* docker_swarm_service: Another minor typo
* docker_swarm_service: Should use sorted(), not sort()
* docker_swarm_service: Sort lists of dictionaries
* docker_swarm_service: Fix style issues in tests
* docker_swarm_service: Updates to integration tests
* docker_swarm_service: Casting string types within lists when comparing
* docker_swarm_service: Special handling of unordered networks with ordered aliases
* docker_swarm_service: Sorting network lists
* docker_swarm_serivce: Better unit test code coverage for lists and networks
* docker_swarm_service: Fixed coding style for sanity tests
* docker_swarm_service: More coding style fixes
* docker_swarm_service: Ignoring test for Python < 3
* docker_swarm_service: Update to version info check for backwards compatibility
* docker_swarm_service: Added change fragment #63887
* docker_swarm_service: Better handling of missing sort key for dictionary of lists
* docker_swarm_service: Preventing sorts from modifying in-place
Co-Authored-By: Felix Fontein <felix@fontein.de>
* docker_swarm_service: Removed spurious import in test
* docker_swarm_service: Preventing sorts from modifying more data in-place
Co-Authored-By: Felix Fontein <felix@fontein.de>
self._get_user_property returns a string, so when doing a comparison
using this value, cast the second variable to a string so that the
comparison behaves correctly
* Add changelog
* Add to_text import
* Add integration test
VM relocate to destination host works without pool param when hosts are part of same cluster. but spec.pool is required when hosts are part different clusters.
Closes: #64503
* Add integration tests for aws lightsail
* lightsail - use module_defaults instead of aws_connection_info
* lightsail tests - assert instance state on create
* Fix yaml syntax error
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
* [lightsail] create keypair as part of the testsuite
* Fix lightsail actions in compute-policy
* Add ability to delete keypair in lightsail_keypair
* reworked iam_policy
* Deprecate policy_document option
* deprecate defaulting skip_duplicates to true
* No longer explicitly catch ParamValidationError.
ParamValidationErrror is already caught by ClientError
* Work with complex policy objects rather than json documents
comparisons can better cope with the special cases (eg True vs "True" )
* Enable check_mode tests and fix related 'changed' bug
* changelog
* doc cleanup based on review
If two tags with same name and different category exists, vmware_tag_manager
used to take first found tag.
This commit use combination of tag and category to identify the category.
Fixes: #59379
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* iam_role tags support
* Make sure we don't Camel -> Snake tags in our return values
* Minor documentation tweaks
* Add tagging tests
* Make sure we return the state of tags once we updated them
* Update lib/ansible/modules/cloud/amazon/iam_role.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Move boto3/botocore before we start making changes
podman 1.4 now installs docker man pages. Add handler to remove docker packages to avoid test failure due to this conflict.
Adjust inventory_docker_swarm integration test
Add conditional to cleanup handlers to allow use of the setup_docker role without removing packages at the end of the play. The inventory_docker_swarm integration tests does its own cleanup.
* Only search inside the role for files to include
When a role is called as a dependency, both roles are searched. This can cause the incorrect file to be included if it is picked up from the parent role.
* Add full IPv6 support to win_dns_client - Fixes#55962
* Fix missing cast
* Add type to win_dns_client.py
* Remove version_added again, to hopefully make ansibot happy. Even though it was added as a response to the bot...
* Fix $params undefined error, that was introduced by fixing the "global variable" linting issue
* Fix casting error
* Fix inverted logic
* Fix rebase error
* Fix assignment to readonly variable
* Fix "reset IPv4 DNS back to DHCP adapter_name"
* Fix legacy windows server support (2008/2008R2)
* Fix 2k8
* Remove unecessary pslint ignore
* Added IPv6 tests, changelog fragment and further docs
* Restore module vmware_dns_config
* Remove domainname and change_hostname_to
* Changed version_added from 2.10 to '2.10'
* Add setup_attach_host: true to test case
* Add 'vcsim is not defined' block to integration tests
* Change 'result' to 'dns_config_result'
* Bugfix: Changing some static configurations while keeping others can crash the module
* Implement changing DNS config from DHCP to static on a cluster
* Update documentation for vmware_host_dns
* vmware_host_dns integration tests: Always revert to original DNS configuration, even if a test fails
* Deprecate vmware_dns_config
- use setup_epel role rather than task which contains correct URL now since it has changed for EL8
- add conditional to setup_epel to prevent attempted installation on non-RHEL distros
* add connect_as, username, password parameters
add tests
* fixed reference to undefined variable.
added version added to new options.
* add changelog fragment
* fix line endings
* use ansible facts to determine os version
remove unused iis version check
test checksum of iis configuration after backup
* correct assertion
* added more cleanup tasks.
* version added is now 2.10
* skip server 2008 r2 for now
* run tests on server 2012 and higher
* Adds win32_disk_drive object to win_disk_facts
* Names class parameter for Get-CimInstance as requested in the devdocs
* Maps whole class and adds docs
* Improve matching of disks when UniqueID is different format
* Improve logic for PNPDeviceID mapping
* Adds test for win32_disk_drive
In the VMware tests, we call the datastores `ds1` and `ds2`. The first
one is read-only, the second is read-write and can be used to deploy
VMs. The naming convention was not clear enough and source of a lot
confusion and mistake.
We now have two better names:
- ro_datastore, which is ... read-only
- rw_datastore, the one that we can use to deploy new VM.
* ec2_vpc_net: (integration tests) migrate to using module_defaults
* ec2_vpc_net: (integration tests) use a private subnet for the tests
* ec2_vpc_net_info: Add integration tests
* ec2_vpc_net_info: add cidr_block_association_set to documentation
* Update AWS hacking test policy to allow VPC CIDR disassociation
* Update test/integration/targets/ec2_vpc_net/tasks/main.yml
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
* Store vpc2 ID to make it clearer which VPC we're changing
* Be more consistent with our quoting
* Explicitly test that the VPC IDs haven't changed
The ask was to add an option in the vmware_guest itself. Upon inspection, a serial port can
be created in multiple ways and so can be a module in itself. Therefore, created a new module
called vmware_serial_port.
Fixes: #54956
* Add a random component to state machine name in aws_step_functions_state_machine testsuite
* Pick a random number from a bigger set to avoid conflicts between parallel runs
Co-Authored-By: Matt Clay <matt@mystile.com>
This is a fix for a regression introduced by Perfy. Since then we mainly
operate on host.name instead of the Host object. In a call to
set_nonpersistent_facts where we set ansible_failed_task and
ansible_failed_result variables we were still passing the object which
led to those vars being undefined.
Fixes#64789
* win_domain_computer module: Minor documentation error
* Fix idempotence when name != samaccountname
* Added changelog
* Added unsupported alias for CI check
* ec2_eip: (integration tests) move to using module_defaults
* ec2_eip: (integration tests) expand integration tests
Also clean up a little
- Delete EIPs when we finish testing them (reduce the chance of hitting limits)
- Rejig deletion so that it works when runs fail
- Add tests for ec2_eip_info
* ec2_eip: Minor doc tweaks
* ec2_eip: Don't throw an exception when we try to disassociate an already disassociated EIP
* ec2_eip: Add missing IAM policy (manage IGWs)
* ec2_eip: (integration tests) Use the VPC as a crude lock to avoid running parallel tests
We test that untagged EIPs come and go as we expect, if multiple tests are
running in parallel this confuses things
* Fix ec2_eip association
* Fix eos_facts over local eapi
* Much better feedback when querying resources over local
* No need for that anymore
* Update comment
* Mkae sure facts are tested on local
resource modules might break this otherwise
* This test was not checking anything
* Pass over nxos_facts as well
* Add output_encoding_override params to win_command/win_shell (#54896)
This enhancement enables Ansible to parse the output of
localized commands that ignore the prompt code page.
* Added changelog and minor nits
* feature enhancement: make a snapshot from an existing managed disk.
* remove default creation option in argu_spec of azure_rm_snapshot
* fix pep8 related issue
* fixing broken integration test
* Set alter_sys=True instead of False to address backwards incompat
* ci_complete
* Add integration test
* ci_complete
* sanity
* ci_complete
* Changelog fragment
* Update import test and validate-modules to match
* Updated nxos_lacp tests to handle platforms not supporting lacp system mac command
* nxos_lacp: addressing comments
* nxos_lacp: Updating image tag search to include more tags
* nxos_lacp_interfaces: Updating the tests to handle platforms that dont support - lacp mode delay
* nxos_lacp_interfaces: Updating search string to include all 9500 series switches
* nxos_lacp_interfaces: Adding a comment about chassis_type
* route53_info max_items and next_marker should be a str
Type was changed in #64358, however boto3 takes a str for this option
Add some basic tests for route53_info.
Fixes: #64534
Use an alias to access the datastore host. This way, it's easier
to use an existing NFS server.
We can also disable the `write` access on the iso datastore.
This fixes a regression that was caused by switching from copy() to
deepcopy() when 'saving' variables before templating. Since HostVars
did not implement the __deepcopy__() method, deepcopy returned incorrect
results when host vars were present in the variables.
Fixes#63940
This is a change to the regression tests only. These tests were failing because of leftover device settings from previous tests:
- existing `channel-group` configurations on non-test interfaces were included in the before/after counts
- fixed by using the `nxos_lag_interfaces` module with `state: deleted` to remove `channel-group` configur
ations from all interfaces
- existing `L2` `port-channel` interfaces with the same ID as the test `channel-group` ID may prevent configuring `channel-group` on the test ethernet interface
- fixed by removing `port-channel` interfaces with the same ID; e.g.
```
interface port-channel98
switchport
switchport mode trunk
nx-1(config-if)# interface Ethernet1/19
nx-1(config-if)# channel-group 98
command failed: port not compatible [switching port]
```
Fixes passed on `N6K,N7K,N9K,N3K` (internal TBs: `dt-n9k5-1,n6k-77,n7k-99,n7k-j,n3k-173,evergreen-nx-1,greensboro-nx-1,hamilton-nx-1,camden-nx-1`)
The error below occurs when attempting to run `ansible-playbook` with nxos regression tests.
```
fatal: [dt-n9k5-1.cisco.com]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"commands": [
"show interface brief | json"
],
"timeout": 60
}
},
"msg": "Unsupported parameters for (nxos_command) module: timeout Supported parameters include: commands, interval, match, provider, retries, wait_for"
}
```
This error appears to be a result of https://github.com/ansible/ansible/pull/62625, but that has not been verified.
* convert aws_acm_facts to AnsibleAWSModule
* factor aws_acm_facts into module_utils
* add more filtering options for aws_acm_info
* add aws_acm module and tests
* uncomment aws_acm test
* fix linting for aws_acm
* fix __future__ linting for aws_acm
* fix linting for aws_acm
* fix linting for aws_acm
* fix linting for aws_acm
* fix linting for aws_acm
* fix aws_acm_info arg type
* remove test for old module name aws_acm_facts
* simplify AWS ACM client creation
* fix indent typo in aws_acm test
* catch BotoCoreError in aws_acm
* fix indent typo in aws_acm test
* tighten AWS ACM test policy resource
* move aws acm int test to venv
* remove errant file
* fix AWS ACM int test perms
* undo copyright addition to wrong file
* fix invalid log message in aws_acm
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
* rephrase aws_acm_info doc from facts to information
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
* rename aws_facts var to aws_info
* remove case insensitivity for aws_acm pem compare
* add no_log for aws_acm credential setting
* add per-test prefix to aws_acm test resource names
* make aws_acm use crypto module_util
* clarify copyright for aws_acm
* make aws_acm int test clearer
* add explicit crypto dependency to aws_acm
* change requests for aws_acm pr
* fix wrong copyright owner aws_acm test
* fix wrong copyright owner aws_acm test
* rewrite aws_acm cert chain compare with regex, no dependency
* fix linting for aws_acm unit test
* fix linting for aws_acm unit test
* fix linting and duplicate ignore
* fix failed cert chain split in aws_acm, add more tests
* remove errant file
* more linting fixes for aws_acm
* fix sanity ignore
* rewrite cert compare in aws_acm to use base64 decode
* improve regex for pem cert chain split in aws_acm
* undo changes to crypto module util for aws_acm
* increment ansible version for new aws_acm module
* convert aws_acm return(x) to return x
* increment version added for aws_acm_info new features
* fix linting
* fix bugs with AWS ACM
* fix bad rebase
* disable AWS ACM integration test, due to AWS account limit issue
* remove aws acm integration test from shippable group
* Move var plugins handling to a separate file
* Allow var plugins to require whitelisting
* Add global configuration ('demand', 'start') for users to control when they execute
* Add 'stage' configuration ('all', 'task', 'inventory') for users to control on a per-plugin basis when they execute
* Update ansible-inventory and InventoryManager to the global and stage configuration
* Update host_group_vars to use stage configuration and whitelisting
* Add documentation for using new options and to the developer's guide
* Add integration tests to exercise whitelisting and the new configuration options, using vars plugins in collections, and maintain backward compatibility
* Changelog
Co-Authored-By: Brian Coca <brian.coca+git@gmail.com>
Co-Authored-By: Sandra McCann <samccann@redhat.com>
Add module podman_volume_info that collects data about podman
volumes on the host. Acts as docker_volume_info module.
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
* Move X25519, X448, Ed25519 and Ed448 feature tests to module_utils.
* Correctly sign with Ed25519 and Ed448 keys.
* Fix public key comparison. Ed25519 and Ed448 do not have public_numbers().
* Add tests.
* Add changelog.
* Give better errors for cryptography 2.6.x and 2.7.x.
* Test for new errors.
* Forgot one.
* Used wrong private key.
* Use private key password for CA key. Add more stuff to its certificate.
* Add tests that were originally part of pr59079 before being lost in a rebase
* missed a needed check_mode: yes and a test with a wrong group
* Clarify test name, fix resource, add user delete test
* Use AWSDenyAll for benign policy, chech policy with non-full ARN path works, fix wrong module copy-pasta
Since https://github.com/ansible/ansible/pull/56733, we were not able to apply
firewall rules with no `allowed_hosts` key.
closes: #61332
In addition, this patch ensures the `allowed_hosts` key accepts a dict,
instead of a dict in a single entry list.
```yaml
vmware_host_firewall_manager:
esxi_hostname: "{{ esxi1 }}"
rules:
- name: NFC
enabled: True
allowed_hosts:
- all_ip: False
ip_address:
- "1.2.3.4"
```
Should be written:
```yaml
vmware_host_firewall_manager:
esxi_hostname: "{{ esxi1 }}"
rules:
- name: NFC
enabled: True
allowed_hosts:
all_ip: False
ip_address:
- "1.2.3.4"
```
* postgresql_db: allow to pass users names with dots
* postgresql_db: allow to pass users names with dots, add changelog fragment
* postgresql_db: allow to pass users names with dots, fix ci
* Make banner detection non-greedy in ios_banner
* Added ios_banner unit test to detect bug #63091
* Corrected PEP8 errors
* Added integration test
* Corrected typo in integration test
* adjusted setup_zabbix integration tests role to work on distributions from Debian family
* bumped zabbix_host integration tests role to be run against bionic
* Add more kubernetes Service tests
Services can often go wrong, and one of the main motivations for
apply was being able to correctly modify them, so more tests are good
* Remove a port from a service for k8s testing
* Add a Service check mode to k8s tests
* Eh, 2.10 is close enough
* drop top-level authorize
* Remove from documentation
* Remove load_params
* Centralize this junos thing
* Fixup user modules
* I'm 95% sure this did not do what it was supposed to
* nxos_hsrp: I don't think this is an actual module parameter
* Try to fix junos_package tests
* Move local params to provider
* Promote 'timeout' to a real parameter for eos_eapi
* Don't assume provider exists?
* move another timeout
* Provider now always has auth_pass
* Fix junos tests to avoid NameErrors
* DNF Handle Empty AppStream stream definition
Fixes#63683
Signed-off-by: Adam Miller <admiller@redhat.com>
* Switch Fedora dnf test target modularity to stratis
In Fedora 29, the metadata was not properly set for a default stream
for ripgrep even though there is a profile called "default", however
that's an arbitrary string and the module maintainer must set the
default stream (which it never was for the ripgrep module, thus
failing the "empty stream" install test)
Signed-off-by: Adam Miller <admiller@redhat.com>
* ec2_vpc_route_table_info integration tests
Make sure ec2_vpc_route_table_info return value has the right attributes.
* ec2_vpc_route_table_info integration tests for tags
* Added missing param to lambda module to pass it through to boto3
* Allow updating of runtime, because there is no reason why not
* Updated version_added to 2.10 to make tests green again
* Updated RETURN docs of Lambda module
* Added tests to aws_lambda test-suite.
Use a separate variable for the boolean test rather than having the same variable sometimes be a boolean and sometimes be a regular expression match object
Add integration tests to cover this scenario
* s3_bucket: Allow empty encryption_key_id with aws:kms to use KMS master key
* Add idempotency check and cleanup example, dont require encryption_key_id
* ec2_instance/ec2_instance_info : Fixup sanity test errors
* Move ec2_instance integration tests to use aws_defaults
* Search for the AMI instead of hardcoding an AMI
* Make our VPC CIDR variable
* Remove AZ assumptions - no guarantees about specific AZs being available
* Make sure we terminate instances when we're done with them.
* Add a 10 second pause for IAM roles to become available before using them
* Wait on instance changes by default
* Switch out t2 instances for t3 they're cheaper and have more CPU available
* Pull t3.nano instance info a little earlier
* rework vpc_name and vpc_cidr a little
* Mark ec2_instance tests unsupported for now, they take too long
* s3_logging: (integration tests) updated AWS policy
* s3_logging: fix sanity test issues
* s3_logging: Integration tests
* Add pauses to cope with evenual consistency
* Mark s3_logging tests as 'unsupported' for now due to testing instability