* [cloud] ec2_vpc_route_table: ignore routes without DestinationCidrBlock
Add module warnings rather than silently skipping
* Permit warnings for routes tables containing vpc endpoints to be turned off
* Add tests to ensure a VPC endpoint associated with a route table does not result in a traceback
(cherry picked from commit da3f7a8db1)
* win_file: Handle [] in paths, fix touch in check mode (#37901)
* win_file: Handle [] in paths, fix touch in check mode
* Fixed typo for p/invoke command
(cherry picked from commit 4b57fa91d0)
* Added changelog fragment for win_file special char fix
(cherry picked from commit 61bcf4740f)
* Ansible.ModuleUtils.FileUtil - Add ability to test non file system provider paths (#39200)
(cherry picked from commit b6afe6946d)
* Added changelog fragment
* Skip self._parent on dynamic, defer to grandparent for attr lookup (#38827)
* Skip self._parent on dynamic, defer to grandparent for attr lookup
* Revert _inheritable
* Add tests for include inheritance from static blocks
Fixes#38037#36194
(cherry picked from commit 354aa8d602)
* Add changelog for #38827
* Consider parent also when comparing IncludedFile (#37083)
* Consider parent also when comparing IncludedFile
* Add new tests for IncludedFile and convert to pytest
(cherry picked from commit cdb79b0e3a)
* Add changelog for #37083
* module_common: set required parameter templar
Fix the following error (related to b455901):
$ ./hacking/test-module -m ./lib/ansible/modules/system/ping.py -I ansible_python_interpreter=/usr/bin/python
Traceback (most recent call last):
File "./hacking/test-module", line 268, in <module>
main()
File "./hacking/test-module", line 249, in main
(modfile, modname, module_style) = boilerplate_module(options.module_path, options.module_args, interpreters, options.check, options.filename)
File "./hacking/test-module", line 152, in boilerplate_module
task_vars=task_vars
File "ansible/lib/ansible/executor/module_common.py", line 910, in modify_module
environment=environment)
File "ansible/lib/ansible/executor/module_common.py", line 736, in _find_module_utils
shebang, interpreter = _get_shebang(u'/usr/bin/python', task_vars, templar)
File "ansible/lib/ansible/executor/module_common.py", line 452, in _get_shebang
interpreter = templar.template(task_vars[interpreter_config].strip())
AttributeError: 'NoneType' object has no attribute 'template'
* module_common.modify_module: templar is required
(cherry picked from commit 7908f78fa6)
* fix inventory plugin source caching
- avoid caching invetnory sources in loader in base
- same fix for yaml plugin
- idem for 'auto' plugin
fixes#37162
* fix mock dataloader func sig
(cherry picked from commit 886c4edfb9)
This offers an optimization that allows loading larger
inventories of various structure by improving the
scaling laws involved for adding hosts and groups.
The primary speed benefit is the elimination of duplicate
recusion from traversing converging paths.
(cherry picked from commit 153c9bd539)
If user does not specify any network type then set network type
to dhcp. There are additional checks around 'ip', 'netmask' and
'type' in network spec.
Fixes: #38466
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 9b139baacb)
* fix for when status codes are provided as a comma separated list (#38080)
* fix for when status codes are provided as an array of strings
* convert status codes to int, additional tests
(cherry picked from commit c38617a736)
* Added changelog fragment
* Fix 'New Vault password' on vault 'edit'
ffe0ddea96 introduce a
change on 'ansible-vault edit' that tried to check
for --encrypt-vault-id in that mode. But '--encrypt-vault-id'
is not intended for 'edit' since the 'edit' should always
reuse the vault secret that was used to decrypt the text.
Change cli to not check for --encrypt-vault-id on 'edit'.
VaultLib.decrypt_and_get_vault_id() was change to return
the vault secret used to decrypt (in addition to vault_id
and the plaintext).
VaultEditor.edit_file() will now use 'vault_secret_used'
as returned from decrypt_and_get_vault_id() so that
an edited file always gets reencrypted with the same
secret, regardless of any vault id configuration or
cli options.
Fixes#35834
(cherry picked from commit 6e737c8cb6)
* openssl_certificate: Handle dump() in check_mode (#38386)
Currently, when ones run the module in check_mode it tries to retrieve
values from the actual certificate generated in the generate() function.
Since in check_mode we call dump() without calling generate(), self.cert
is None, leading to self.cert.get_notBefore(), self.cert.get_notAfter()
and self.cert.get_serial_number() raising an error.
> NoneType' object has no attribute 'get_notBefore'
The solution is to have two way to handle dump() method, whether its run
in check_mode=True or check_mode=False leading to different way the
information is retrieved.
(cherry picked from commit 99497ce54c)
* added eos_smoke tests
* removed left over file
* added note to uncomment broken eapi test when #36919 is fixed
* uncommented fixed test, added unbecome test
* skip become tests when connection=local
(cherry picked from commit 712d30f46c)
* Eos :do not push config to device if check_mode is enabled (#37287)
* eos can not check config without config session support
* add testcase for check_mode without config session
* fix eos eapi to read use_session env var
(cherry picked from commit a1026dbce5)
* Backport/2.5/37287 - Eos do not push config is check_mode is enabled
* Close & remove paramiko connection where appropriate (#37528)
* Update unit test
(cherry picked from commit 594840c1d6)
* Put back $PATH checking in ansible-connection call (#37933)
(cherry picked from commit 169209c32a)
* issue:38167 add support for onyx version 3.6.6000 for onyx_linkagg (#38191)
Signed-off-by: Samer Deeb <samerd@mellanox.com>
(cherry picked from commit 72d42bd065)
* fragment
* issue:37307 Add support for changes in pfc output in onyx 3.6.6000 (#37651)
* issue:37307 Add support for changes in pfc output in onyx 3.6.6000
Signed-off-by: Samer Deeb <samerd@mellanox.com>
(cherry picked from commit 9dfb665e43)
* fragment
* issue:37306 Fix issue with vlan support for onyx version 3.6.6000
Signed-off-by: Samer Deeb <samerd@mellanox.com>
(cherry picked from commit a89bafce2e)
* nso_verify handle leaf-list in 4.5 and identityref (#37393)
NSO verify did not handle leaf-list value verification in 4.5 and
later due to changes made for configuration writing made.
map prefix for identityref types in verification.
(cherry picked from commit 6308047dc9)
* Remove timeout
* win_service: fix when dealing with paths with special chars and change WMI to CIM cmdlets (#37897)
* win_service: fix when dealing with paths with special chars and change WMI to CIM cmdlets
* compare username in lowercase for test
(cherry picked from commit f37a44430f)
* Added changelog fragment
* azure_rm_networkinterface: fixed issue when public ip address should not be created (#36824)
* fixed issue when public ip address should not be created
* adding test for public ip address
* fixed samples
* another fix to sample formatting
* fixed test
* fix test
* fixed test
* another attempt to fix test
* maybe it works now
* still wrong
* improved check per customer request
* removed stupid semicolon
* updated test to match main scenario
* changed ip configurations to list
* another attempt
(cherry picked from commit 89401f13f7)
* Added changelog fragment
* Fix redundant yaml error blurbs on ModArgs parse errors
Some of the AnsibleParserErrors from parsing.mod_args
are created with the obj=some_yaml_ds options but
some are not.
If they were, we don't want to add another yaml_ds to
it, because that will result in double yaml error blurbs.
And since we dont need to add info, we can just re raise it.
But if there is no ._obj, add it here so we get the extra
detail in the error message (see issue #14790) and raise
a new AnsibleParserError instance.
Fixes#36848
* cleanup existing test_tasks pep8/sanity issues
(cherry picked from commit e166946a0a)
This fix adds environment variables for connection in vmware_*
modules.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 0ae7a0e88c)
The generated file was completely unusable by the system
therefore the fix which ensures that diffing the file
prior to changes and after only shows diffs
Furthermore the code did not work for Python 3.6
> f.writelines(to_bytes(lines, errors='surrogate_or_strict'))
E TypeError: a bytes-like object is required, not 'int'
The other modifications (lambda variable renaming) is to
comply with default flake8 rules
(cherry picked from commit 612d0d6634)
Fixes#37208
If check_mode is enabled instead of committing th config need to
discard all the chnages to cnadidate db
In case of cli to discard changes issue `rollback 0` command
and for netconf execute `discard-changes` rpc call
(cherry picked from commit 8eaa9cc938)
Fixes#36979
If `abort` is not issued in the top level session prompt
the existing session goes to pending state.
The fix is to come out of config mode by issuing `end` command
and again to same config session and execute `abort` which
`abort` is issued at the top level session prompt.
(cherry picked from commit 017ea018d0)
SGs created when a VPC ID was not specified would not necessarily
get the default egress rule, even when no explicit egress rules
were set.
Add some checks for egress rules in results from existing tests
(cherry picked from commit 98b29f8ad6)
Fixes#35993 - Changes to update_size in commit eb4cc31 made it so
the group dict passed into update_size was not modified. As a result,
the 'replace' call does not see an updated min_size like it previously
did and doesn't pause to wait for any new instances to spin up. Instead,
it moves straight into terminating old instances. Fix is to add batch_size
to min_size when calling wait_for_new_inst.
Fixes#28087 - Make replace_all_instances and replace_instances behave
exactly the same by setting replace_instances = current list of instances
when replace_all_instances used. Root cause of issue was that without lc_check
terminate_batch will terminate all instances passed to it and after updating
the asg size we were querying the asg again for the list of instances - so terminate batch
saw the list including new ones just spun up.
When creating new asg with replace_all_instances: yes and lc_check: false
the instances that are initially created are then subsequently replaced.
This change makes it so replace only occurs if the asg already existed.
Add integration tests for #28087 and #35993.
(cherry picked from commit a2b3120e85)
* Fix name parameter templating in include_role module (#36372)
An IncludedFile() object built using the original_task will have
its _task bound to the original_task. The iterative reassignment of
original_task._role_name during with_item loops leaves all returned
included_files with the same ._task._role_name (the final name from
the with_items list). This commit builds IncludedFile() objects
from an original_task.copy() to avoid the problematic binding.
(cherry picked from commit 54e70fc783)
* Test include role with items in name #36372 (#37001)
* Tests for #36372
* Tests for #36372
* Tests for #36372
(cherry picked from commit 8c4f349743)
* Add changelog for #36372
* Connection error messages are unsafe: wrap them (#37329)
* Check that connection error msg are not unsafe
* Connection error messages are unsafe: wrap them
For example, in case of error, docker connection plugin returns exception
message containing Go template. These messages weren't tagged as unsafe
and were consequently rendered:
The conditional check 'result is failed' failed. The error was:
{
'msg': u'Docker version check ([\'/usr/bin/docker\', \'version\', \'--format\', "\'{{.Server.Version}}\'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied\n',
'failed': True
}:
template error while templating string: unexpected '.'.
String: Docker version check (['/usr/bin/docker', 'version', '--format', "'{{.Server.Version}}'"]) failed: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.35/version: dial unix /var/run/docker.sock: connect: permission denied
(cherry picked from commit 4378542ac7)
* Add a changelog for the no-template error message fix
* win: handle non string as an environment value (#37215)
* win: handle non string as an environment value
* Changed powershell environment handler to use .net function instead for special chars
(cherry picked from commit 708869edd6)
* Added changelog fragement for powershell environment handler fix
* typo in changelog
* win_uri: return response info on non 200 responses, convert DateTime values to ISO 8601 (#37104)
(cherry picked from commit c1f5e11cdf)
* Added changelog fragment for win_uri return value fix
* Win lineinfile fix (#35100)
* win_lineinfile: fix#33858. Removed conversion from \r\n
* win_lineinfile: added test for #33858
* win_lineinfile: added documentation and more tests for change
* win_lineinfile: fixed wrong hash in testing
(cherry picked from commit e15a903bdf)
* Added changelog for win_lineinfile fix
* fix typo in changelog
* Remove default admin_distance and fix the idempotence thereof
Fixes#33290
* Fix tests and use yaml anchors to shorten tests
* Add test for undefined admin_distance
* Read config from `show run` if `show ip static route` fails
* Restore flags to ios.get_config & use get_config where appropriate
(cherry picked from commit 7016b3b9ca)
False assumption that values can not have cyclic dependencies. Fix by
removing dependency on self and look for cycles, if found remove
dependency to get a partial sort done.
(cherry picked from commit 042c111563)
Fix issues in ValueBuilder used in nso_config and nso_verify so that it
can handle leaf-list in NSO 4.5 and detect identityref types from
unions.
Fail gracefully if a type is not found.
(cherry picked from commit 2789cc5c09)
* allows ib_spec attrs to be filtered in update
This change will allow the ib_spec entries to be be filtered on a change
object by setting the update keyword to false. The default value for
update is true. When the update keyword is set to false, the keyed
entry will be removed from the update object before it is sent to the
api endpoint.
fixes#36563
* fix up pep8 issues
(cherry picked from commit 93b795baf0)
* Decouple config and state check in {network_os }_vlan and { network_os }_vrf modules
Fixes#35567Fixes#34754
`interfaces` option is used for configuration as well as operational state
check. If interface is configured to given vlan or vrf but if
operational state of interface is disabled it results in module failure.
Fix is to decouple same option usage for config and state.
With this fix `interfaces` is used as config option and a new
option named `associated_interfaces` will be used for intent check
for assigned interfaces.
* Fix CI failures
* Fix review comment
* Fixed integration test failure
(cherry picked from commit 5a6b893240)
* win_feature: better error handling to make it easier to debug issues (#36491)
* win_feature: better error handling to make it easier to debug issues
* removed ignroed pslint rules that are no longer needed
(cherry picked from commit ef4f8851dc)
* Added changelog for win_feature error handling fix
Matt Clay