* Support using importlib on py>=3 to avoid imp deprecation
* Add changelog fragment
* importlib coverage for py3
* Ansiballz execute should use importlib too
* recursive module_utils finder should utilize importlib too
* don't be dumb
* Fix up units
* Clean up tests
* Prefer importlib.util in plugin loader when available
* insert the module into sys.modules
* 3 before 2 for consistency
* ci_complete
* Address importlib.util.find_spec returning None
* prevents accidental templating on intra-action postprocessing of an untrusted module result
* makes the view of a module result within an action consistent with the way it would be stored for future use (eg facts, register)
* Make module not get all nets every time it's executed with net_id
* Add changelog fragment
* Update changelogs/fragments/meraki_static_route_api_calls.yml
Co-Authored-By: kbreit <kevin.breit@kevinbreit.net>
* Start of migration to argparse
* various fixes and improvements
* Linting fixes
* Test fixes
* Fix vault_password_files
* Add PrependAction for argparse
* A bunch of additional tweak/fixes
* Fix ansible-config tests
* Fix man page generation
* linting fix
* More adhoc pattern fixes
* Add changelog fragment
* Add support for argcomplete
* Enable argcomplete global completion
* Rename PrependAction to PrependListAction to better describe what it does
* Add documentation for installing and configuring argcomplete
* Address rebase issues
* Fix display encoding for vault
* Fix line length
* Address rebase issues
* Handle rebase issues
* Use mutually exclusive group instead of handling manually
* Fix rebase issues
* Address rebase issue
* Update version added for argcomplete support
* -e must be given a value
* ci_complete
-Add: Test cases for ansible_parent_role_names and ansible_parent_role_paths
-Add: ansible_parent_role_names/paths variables for when a role is being included by another role.
Ensure inventory plugin loading rel to play
fixes#51033
* clarify paths
* now adding dirs funciton in loader
* better warnings
* each cli should handle adding dirs depending on context
* Solaris WWN parsing cosmetic fix (commit 924f5b5467)
* simplify module.run_command by removing use_unsafe_shell and remove calling of external grep
* add changelog fragment
* Use module_utils.compat.ipaddress where possible.
* Simplify reverse pointer computation.
* Use dummy for unused variables.
* Remove from ignore list.
* Adjust fix.
* Fix text handling for Python 2.
* Add changelog.
Check return value of FindByInventoryPath API which is used for
finding desired folder to deploy OVF.
Fixes: #54823
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* General test improvements.
* Adjust tests to older docker-py versions.
* docker_swarm_server_info: work around problems with older docker-py versions
* Bump minimal docker-py version for options network_filters and disk_usage.
* More general test improvements.
* Correct usage of docker_image.
* Put files into output directory.
* Speed up test.
* Remove old check.
* Version in deprecate calls should be a string. Fixes#55312. Fixes#55313. Fixes#55314. Fixes#55315. Fixes#55316. Fixes#55317.
* Add changelog fragment
* Add test for generating a CSR with everything, and testing idempotency.
* Proper SAN normalization before comparison.
* Fix check in cryptography backend.
* Convert SANs to text. Update comments.
* Add changelog.
* Warn when log_options values are not strings.
* Add changelog.
* Improve message.
* Improve formatting and formulation of other messages.
* Add test for warning.
* Trying double escaping.
After branch, we do the following tasks:
* Remove all old changelog fragments. The devel tree starts fresh.
* Remove all old generated changelog info (CHANGELOG-v2.8.rst and .changes.yaml)
* Set the new codename and version in release.py
* become mixin is no more
since sudo/su keywords are removed in 2.9 .. no need to keep this code around
* also don't need test for code that is removed
* made preprocess_data on base noop
its not used by anything anymore, but kept for backwards compat since other methods of same name are used
* Extend git commit c65909d6db "Add network fact to obtain FC WWN initiator ports"
adding support of enumerating AIX device WWN ports
$ lsdev -Cc adapter -l fcs*
fcs0 Defined 00-00 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
fcs1 Defined 00-01 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
fcs2 Available 04-00 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
fcs3 Available 04-01 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
$ lscfg -vpl fcs3 | grep 'Network Address'
Network Address.............10000090FA551509
* no self in this code
* Two fixes:
- fix run_command execution, passing 'use_unsafe_shell=True' since we have a pipe in it ( | grep )
if we don't set unsafe shell, it will return error on execution.
- strip new line characters at the end of WWNs.
* fix pep8 , E225 missing whitespace around operator
* use module.get_bin_path() instead of hardcoded values
* move module.get_bin_path() out of for loop
* use python string parsing instead of calling external grep
* use in operator instead of find() for simplicity and readability
* add changelog fragment
* Added idempotency logic to openssl_pkcs12
Also decoupled the 'parse' and 'generate' function from the file write
as they are now used in different places that do not need the file to be
written to disk.
* Added idempotency tests for openssl_pkcs12
Also adds a new test for pkcs12 files with multiple certificates
* Regenerate if parsed file is invalid
* pkcs12_other_certificates check was wrong
* Updated ca_certificates to other_certificates
ca_certificates is left as an alias to other_certificates;
friendlyname depends on private key, so it will be ignored while
checking for idempotency if the pkey is not set;
idempotency check only checks for correct certs in the stack
* use different keys for different certs
* Added other_certificates in module docs
* Added changelog and porting guide
* removed unrelated porting guide entry
* renamed ca_cert* occurrence with other_cert
* facts: correctly detect xen paravirt vs hvm cpuinfo
Fixes#49039
Signed-off-by: Adam Miller <admiller@redhat.com>
* provide default val if we IndexError
Signed-off-by: Adam Miller <admiller@redhat.com>
This reverts commit 85d836171b.
As discussed in WWG IRC meeting, we don't want Get-ADObject to be a dependency of win_domain_membership, and we need to be able to authenticate to the DC in some configs. We can revisit this change a different way for 2.9.
* Force pkg_mgr yum for rhel < 8, dnf for rhel > 8
This solves the scenario in which someone using RHEL or a clone
decides to install dnf, which can break their system in certain ways
under certain scenarios (a dnf bug that's been resolved upstream but
left user systems broken happened recently). Currently Red Hat
provides dnf to RHEL7 in an optional Tech Preview Channel under the
YUM4 branding, as does the CentOS Content Management SIG. There may
be others in the ecosystem I'm not familiar with.
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog
Signed-off-by: Adam Miller <admiller@redhat.com>
* Use six from ansible.module_utils for inventory scripts
Remove skips from sanity test
* Change all imports of ConfigParser to use module_utils.six.moves
* Remove commented out lines
* Fix six imports
* mysql_user: fix MySQL/MariaDB version check
To handle properly user management, version check needed refacto, as well as the query used to get existing password hash
* mysql_user: break long query in multiple lines
* mysql_user: fix query fetch existing password hash
* mysql_user: MariaDB version check 100.2 != 10.2
* mysql_user: fix existing password fetch
In some cases, both columns (Password and authentication_string) may exist and be populated.
In other cases one exist, but not the second.
This fix should handle properly all situations
* mysql_user: break long queries
* mysql_user: refactor duplicated code
* mysql_user: handle updates from root with empty passwd to new passwd
* mysql_user: GC debug statement and readd trailing new line
* mysql_user: fix pep8 under indentation
* mysql_user: fix privileges management
https://github.com/ansible/ansible/pull/45355#issuecomment-428200244
* mysql_user: raise exception if exception caught doesn't match the one that is managed
* mysql_user: improve plugins output (add msg field with explicit informations)
* mysql_user: fix old / new password hash comparison
* mysql_user: fix reference to old MySQLdb lib
* mysql_user: fix cursor when root password is left empty (mysql DB invisible)
* mysql_user: add changelog
* ALL privileges comparison
* fixed blank line
* added mysql 8 fixes
* fixed version compatibility
* mysql_user: fix MySQL/MariaDB version check
To handle properly user management, version check needed refacto, as well as the query used to get existing password hash
* mysql_user: break long query in multiple lines
* mysql_user: fix query fetch existing password hash
* mysql_user: MariaDB version check 100.2 != 10.2
* mysql_user: fix existing password fetch
In some cases, both columns (Password and authentication_string) may exist and be populated.
In other cases one exist, but not the second.
This fix should handle properly all situations
* mysql_user: break long queries
* mysql_user: refactor duplicated code
* mysql_user: handle updates from root with empty passwd to new passwd
* mysql_user: GC debug statement and readd trailing new line
* mysql_user: fix pep8 under indentation
* mysql_user: fix privileges management
https://github.com/ansible/ansible/pull/45355#issuecomment-428200244
* mysql_user: raise exception if exception caught doesn't match the one that is managed
* mysql_user: improve plugins output (add msg field with explicit informations)
* mysql_user: fix old / new password hash comparison
* mysql_user: fix reference to old MySQLdb lib
* mysql_user: fix cursor when root password is left empty (mysql DB invisible)
* mysql_user: add contrib
* Rename changelogs/fragments/45355-mysql_user-fix-versions-compatibilities to add YML extension
- Fixed issue #25017,#37567
- Add example for prompt on launch
- Add integration test for prompt on launch
Signed-off-by: Hideki Saito <saito@fgrep.org>
* updated tests and changelog for 54516
* Handle errors if PG does not support partitioning.
* Check for PG > 10 in tasks
* Show changes for partitioned tables in ansible
* Added documentation in the tests
* Update test/integration/targets/postgresql/tasks/postgresql_privs.yml
Co-Authored-By: raymondroelands <raymondroelands@users.noreply.github.com>
* Update test/integration/targets/postgresql/tasks/postgresql_privs.yml
Co-Authored-By: raymondroelands <raymondroelands@users.noreply.github.com>
* Added check for 0 tables after revoking rights
* Added test and moved tests
Added check mode test and moved test right after the change.
* Rebased postgresql_privs.py
* Correct behavior so that direction isn't required for default.
* Add more tests.
* 'disabled' values cannot be changed.
* Include 'not specified' in messages.
* fix missing attribs with dirct module execution
* also make remote tmp handling smarter
update tests
* set default if attrib does not exist
* add simple test
* Remove default use of paramiko connection plugin on macOS
This fix was originally to work around a bug that caused a kernel panic on macOS
that has since been fixed.
* Remove paramiko from requirements.txt
* Move paramiko checking to common place
* Drop the warnings obfiscation code
* Update pip installation instructions to reflect upstream instructions
* Fix tests on CentOS 6 (Python 2.6) that now show Python deprecation warnings
* Add changelog fragment
The controller's fixup_perms2 uses filesystem acls to make the temporary
file for copy readable by an unprivileged become user. On Python3, the
acls are then copied to the destination filename so we have to remove
them from there.
We can't remove them prior to the copy because we may not have
permission to read the file if the acls are not present. We can't
remove them in atomic_move() because the move function shouldn't know
anything about controller features. We may want to generalize this into
a helper function, though.
Fixes#44412
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
* Return UnlockKey
* Add changelog fragment
* Add method to check if a parameter exists in diffs
* Add method to get swarm unlock key
* Add option unlock_key
* Only return unlock key when created or changed
* Rename difference check
* Extend unlock key example
* Assert that unlock_key is a string
* Fix docker_swarm_info authors
* Don’t silence APIErrors
* Test unlock_key on unlocked swarm
* Catch APIError when retrieving unlock key
* Better return value description
* Lint
* Fix UnlockKey return value documentation
Co-Authored-By: hannseman <hannes@5monkeys.se>
* Get unlock key safely
Co-Authored-By: hannseman <hannes@5monkeys.se>
* Return None on empty UnlockKey
* Assert swarm_unlock_key is undefined if unqueried
* Add documentation about swarm_info unlock_key
* Add change log fragment for unlock_key option
* Revert "Add change log fragment for unlock_key option"
This reverts commit e3cb2325b5.
* Use generator expression instead
* Restart docker more decisively
* Use systemctl kill
Co-Authored-By: hannseman <hannes@5monkeys.se>
* Try to restart docker daemon
* cloudstack: remove choice list for hypervisor param
* cloudstack: streamline network_type with returned value by the API
* cloudstack: remove E326
* add changelog fragment
* win_nssm: rename cmdlets to use approved verbs, rename service name parameters
* win_nssm: improve code style and cmdlets ordering
* win_nssm: always escape all command line parameters with Argv-ToString
fix error when the service name contains quotes
* win_nssm: use Fail-Json instead of exceptions and remove global try/catch
* win_nssm: small refactoring, inline some functions
* win_nssm: refactoring - add a generic cmdlet to idempotently set any nssm service parameter
* win_nssm: refactoring - inline some functions
To make the code more malleable for future changes
* win_nssm: change application, stdout_file and stderr_file options type to path
* win_nssm: deprecates app_parameters, rename app_parameters_free_form to arguments, and add support for list of parameters
* win_nssm: add support of check mode
* win_nssm: add working_directory option
* win_nssm: add display_name and description options
* win_nssm: minor changes
* win_nssm: remove some sanity exclusions
* win_nssm: avoid using aliases and minor style fixes
* win_nssm: doc and ui improvements
* win_nssm: remove sanity exclusions
* win_nssm: minor revision
* win_nssm: deprecates dependencies, start_mode, user and password parameters and some choices of state in favor of win_service
* win_nssm: fix style
* win_nssm: add executable option to specify the location of the NSSM utility
* win_nssm: add missing parameter types
* win_nssm: add diff mode support
* win_nssm: avoid displaying depreciation warning if default value is assigned
* win_nssm: fix variable scope
* win_nssm: use the explicit -LiteralPath parameter name instead of -Path
* win_nssm: fix documentation
* win_nssm: add porting guide entries
* win_nssm: add changelog fragment
* Add support for notes
* Add test for notes
* Device notes changes
- Renamed from notes to note
- Modified tests to work
* Comment device test since it only works once
* Remove assertion stanza and move assertion to existing one
* Add version_added to note documentation
* Converted from tabs to spaces
* Added changelog fragment
* Remove changelog file since it's a feature
* Add changelog fragment
* basic plugin loading working (with many hacks)
* task collections working
* play/block-level collection module/action working
* implement PEP302 loader
* implicit package support (no need for __init.py__ in collections)
* provides future options for secure loading of content that shouldn't execute inside controller (eg, actively ignore __init__.py on content/module paths)
* provide hook for synthetic collection setup (eg ansible.core pseudo-collection for specifying built-in plugins without legacy path, etc)
* synthetic package support
* ansible.core.plugins mapping works, others don't
* synthetic collections working for modules/actions
* fix direct-load legacy
* change base package name to ansible_collections
* note
* collection role loading
* expand paths from installed content root vars
* feature complete?
* rename ansible.core to ansible.builtin
* and various sanity fixes
* sanity tweaks
* unittest fixes
* less grabby error handler on has_plugin
* probably need to replace with a or harden callers
* fix win_ping test
* disable module test with explicit file extension; might be able to support in some scenarios, but can't see any other tests that verify that behavior...
* fix unicode conversion issues on py2
* attempt to keep things working-ish on py2.6
* python2.6 test fun round 2
* rename dirs/configs to "collections"
* add wrapper dir for content-adjacent
* fix pythoncheck to use localhost
* unicode tweaks, native/bytes string prefixing
* rename COLLECTION_PATHS to COLLECTIONS_PATHS
* switch to pathspec
* path handling cleanup
* change expensive `all` back to or chain
* unused import cleanup
* quotes tweak
* use wrapped iter/len in Jinja proxy
* var name expansion
* comment seemingly overcomplicated playbook_paths resolution
* drop unnecessary conditional nesting
* eliminate extraneous local
* zap superfluous validation function
* use slice for rolespec NS assembly
* misc naming/unicode fixes
* collection callback loader asks if valid FQ name instead of just '.'
* switch collection role resolution behavior to be internally `text` as much as possible
* misc fixmes
* to_native in exception constructor
* (slightly) detangle tuple accumulation mess in module_utils __init__ walker
* more misc fixmes
* tighten up action dispatch, add unqualified action test
* rename Collection mixin to CollectionSearch
* (attempt to) avoid potential confusion/conflict with builtin collections, etc
* stale fixmes
* tighten up pluginloader collections determination
* sanity test fixes
* ditch regex escape
* clarify comment
* update default collections paths config entry
* use PATH format instead of list
* skip integration tests on Python 2.6
ci_complete
* Add a force_replace_host flag to win_domain_membership
Satisfies https://github.com/ansible/ansible/issues/53539
* Rework backticks
* Bump version_added
* Check for existence of current hostname as well; use LDAPFilter during search
* Rename $force_replace_host to $allow_existing_computer_account
* Added docs, porting guide and minor nit in code
* Catch all request timeouts for winrm connection
The current implementation only catches 'ConnectTimeout' exceptions.
Instead we should catch 'Timout' which also catches ReadTimeout
exceptions.
Improves on: #51744
Co-Authored-By: westphahl <westphahl@gmail.com>
* Changelog for winrm error handling improvement
* Use locking for concurrent file access
This implements locking to be used for modules that are used for
concurrent file access, like lineinfile or known_hosts.
* Reinstate lock_timeout
This commit includes:
- New file locking infrastructure for modules
- Enable timeout tests
- Madifications to support concurrency with lineinfile
* Rebase, update changelog and tests
We need to specify ansible_python_interpreter to avoid running interpreter discovery and selecting the incorrect interpreter.
Remove the import of lock in known_hosts since it is not used.
* adding (optionally) image information to inventory var
* add boot image mapping to gcp_compute instance data for all disk
image data in the configured zones
Signed-off-by: Adam Miller <admiller@redhat.com>
* start fixing gcp inv plugin
* minor fixes
* added clog
* ajust comments
* link indv zone/project
* separate specific zone/project from other params
* restoring zones query per project
* also work when zones given
* fixed scopes, removed incorrect docs as not option
* Added support for types parameter
- Parameter is used to specify multiple network types
* Fix documentation
* Apply suggestions from code review
Co-Authored-By: kbreit <kevin.breit@kevinbreit.net>
* Reworked type parameter to be a list so types isn't needed
* Re-add tags documentation
* Fix documentation around compatibility
* Convert tags to list from string
* Add changelog fragment
When using before and after in combination, the opposite behavior was induced. This PR makes the the replacement happen between the specified patterns as intended.
* Added integration tests
* Add changelog, porting guide entry, and minor doc fixes
* Removed required_together, updated tests
Since required_together: privatekey_path -> friendly_name, is not always
required it has been removed.
Updated openssl_pkcs12 integration tests to be in line with other
openssl_* modules, and added a test for export with no privatekey_path.
* linter fixes
* Removed cryptography from tests
* Added changelog fragment
* Removed non-necessary select_crypto_backend
* fix AWS plugin credential precedence for environment variables
* Allow aliases in direct plugins options
Consolidate precedence fix just in the doc fragment using aliases for mismatched options
* Access options with the option name rather than alias
* fix indentation
* update unit tests
* Improve readability
* Adding networks_cli_compatible option.
* Move network tests into own test file.
* Extend tests (for networks_cli_compatible=no).
* Adding tests for networks_cli_compatible=yes.
* There seems to be no way to create a container without at least one network attached.
* Integrate networks / purge_networks with comparisons.
* Speed up tests.
* Removing double dot.
* Add changelog.
* Use comparisons value only if the networks option has been specified. purge_networks on the other hand also removes networks if it has not been specified.
* Add write helper.
* Adjust modules (except openssl_certificate).
* Adding tests for mode (with openssl_privatekey).
* Add openssl_certificate support.
* Never, ever remove the output file before actually trying to generate new content for it.
Removal is only allowed when state=absent, or when the object has been regenerated and the result needs to be written to that place.
* Add changelog.
* Extend test.
* New cryptography backend for openssl_certificate
load_* functions in module_utils/crypto.py now have a backend paramter
which when set to 'cryptography' will return cryptography objects so
they can be used for both pyopenssl and cryptography backends.
Added a select_message_digest function too returning a cryptography
digest hash from `cryptography.hazmat.primitives.hashes`
Added new classes for Cryptography backend
* Run test with various backends.
* Prefixing tests.
* Make sure we have the correct backend available.
* Linting (flake8).
* Moved cryptography import to separate try/except
* Make sure certificate is actually valid at some time in the past.
* Improve error handling.
* Trying to fix validation for cryptography backend.
* Fixed issue with keyUsage test in assertonly
* Fixed CI/Lint issues
* Fix private key problem for OwnCA.
* Cryptography backend doesn't support v2 certs.
* issue an expired cert with command when using cryptography backend
* Added warning when backend is auto and v2 cert is requested
* Bumped min cryptography version to 1.6
* Correctly check for failure when backend is cryptography and cert is v2
* Use self.backend where possible
* Use secp521r1 EC when testing on CentOS6
* Fixed pylint issue
* AcmeCertificate support for both backends
* Review fixes
* Fixed missing '(' when raising error
* Fixed date_fmt loop
* Updated docs and requirements with cryptography
* Add openssl_certificate to changelog.
Fixes#40060
* Fix coding style errors
* Use CONNECTION LIMIT (no underscore)
* From review done by amenonsen and bcoca - Set default at None, make the change detection less confusing
* Added EXAMPLE on how to apply a database specific connection limit
* Added some basic tests for conn_limit applied to a database
* Check that conn_limit has actually been set / updated to 200
* Add changelog fragment regarding postgresql_db conn_limit parameter
* cs_volume: add volumes extraction and upload features
* cs_volume: Update doc, remove deprecated code
* cs_volume: Add unit tests for extract and upload features
* Fixes flatpak module to work with flatpak >=1.2.0, fixes#51481
This keeps backwards-compatibility for flatpak versions before 1.2.0
* Fixes typeo
Co-Authored-By: oolongbrothers <oolongbrothers@zeibar.net>
* #50877:
* add support to postgresql_privs to use "FOR { ROLE | USER } target_role"
in "ALTER DEFAULT PRIVILEGES"
* fix sanity errors
* #50877: fix documentation and add a check for correct usage
of target_roles
* #50877: fix missing absent option for default privs with target_role
* #50877: add clear description, when target_roles can be used
* #50877: fix conflicts, formatting, and add a changelog fragment
* #50877: fix sanity error E335
* #50877: swap conditions and fix error to warning msg
* #50877: add tests for default privileges
* #50877: fix tests for default privileges
* #50877: fix tests for default privileges on centos 6
The output of pw.getpwnam() does not distinbuish between local and remote accounts. It will return a result if an account exists locally or in the directory. When local is set to True in the task parameters, look through the local password database explicitly.
* Ensure luseradd is present for tests
* Add docs and warnings about local mode
* Allow parent groups to be variables or literal, requires {{ }}
* Check strict before failing on templating errors
* Don't add a group if an invalid parent group was provided
* avoid using Postgres formatting function
* add tests for ALL FUNCTIONS IN SCHEMA
* documentation and changelog
* requested changes in tests
* fixed changelog
* Add source option.
* Split force parameter into force_source, force_absent and force_tag.
* Move all build-related options into a suboption called build.
* Add changelog.
In pyyaml versions before 5.1 the default_flow_style for yaml.dump
was None. Starting with 5.1 it is now False. This change explicitly
sets the value to None to maintain the original to_yaml behavior.
The change to pyyaml was made in the following commit:
507a464ce6
When user specifies the JUMP value to 'tee', gateway is required.
This fix adds new parameter 'gateway' to support this functionality.
Fixes: #53170
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Adding support for IP identifiers according to https://tools.ietf.org/html/draft-ietf-acme-ip-05.
* Add changelog.
* Make sure that the authorizations return value is unchanged for CSRs with DNS-only SANs.
* Remove unneeded import.
* type -> identifier_type
* Python 2.6 compatibility.
* Fix unit tests.
* Add IP address normalization.
* Extend tests.
* Move data into fixtures.
* Adjust BOTMETA.
function changed to do in place replacement, should be less expensive even with copy as it avoids 'sub copies', can compose with module_args_copy to create replacement for old behavior
attempt to fix#52910
* handle lists and subdicts correctly
* added missing exception case, which was not noticed since 'cleaning' was not working
* added comments to clarify exceptions
* create overridable sanitation function
* now used in aws, gce and azure plugins
* added new option to these plugins to work in conjunction with general toggle to make it easier
to emulate inventory script behavior.
* Don't raise AnsibleConnectionFailure if the ssh_process has already died. Fixes#53487
* Better support for file not found messages
* Add changelog fragment
* changelog
* combine provided variables and host vars inside of constructing groups to take into account composed variables
let composed variables "win"
* fix whitespace
* Allow user to control hash behavior
* Remove dependency to psycopg2 with dump/restore
'dump' and 'restore' state only need pg_dump and pg_restore. These tools
don't use psycopg2 so this change tries to avoid the use of it in these
cases.
The db_exists test was replaced with an error detection when piping to
compression program, using a FIFO file. This effectively reverts #39483,
that was a fix for #39412.
* Fix typo
* Add changelog fragment
* Add note for dump and restore not requiring psycopg2
* Fix YAML syntax
* Update lib/ansible/modules/database/postgresql/postgresql_db.py
Co-Authored-By: Glandos <bugs-github@antipoul.fr>
* Output warnings from docker daemon on container create and update.
* Accept warning for blkio_weight instead of idempotency.
* Value quoting.
* Avoid loop variable conflict.
* Add changelog.
* Make one test case faster.
* Add 'Docker warning: ' prefix.
* Add a generalized warning reporting function.
* Add rollback_config
* Add change log fragment
* Fix broken test
* Actually fix broken tests
* Add rollback_config example
* Default rollback_config as None
* Abort early if rollback_config does not exist
* Add mount options
* Remove mount readonly default
* Fix driver_config test
* Add documentation
* Add changelog fragment
* Properly indent tmpfs_ options
* Use correct service suffix for mount tests
* Check for None value on tmpfs usage check
* Document change of mounts.readonly return key
* Use correct change log type
* Really use correct change log type
* Revert changing mount.readonly to read_only
* Raise OpenSSLBadPassphraseError if passphrase is wrong.
* Improve handling of passphrase errors.
Current behavior for modules is: if passphrase is wrong (or wrongly specified), fail.
Current behavior for openssl_privatekey is: if passphrase is worng (or wrongly specified), regenerate.
* Add changelog.
* Add tests.
* Adjustments for some versions of PyOpenSSL.
* Update lib/ansible/modules/crypto/openssl_certificate.py
Improve text.
Co-Authored-By: felixfontein <felix@fontein.de>
Fixes a bug where parse_distribution_file_ClearLinux() was called on CoreOS (and probably many other distros) and it returned True since it successfully parses the distribution file. Since this file exists on many Linux distributions and they are a very similar format, add an additional check to make sure it is Clear Linux.
Change the order in which distribution files are processed so NA is last. This prevents a match on CoreOS hosts since they also have /etc/os-release and the called matching function for NA is very general and will match CoreOS.
* Add changelog
* Add unit tests
Only add tests for Clear Linux parsing since that was the cause of this issue.
* Support FOREIGN DATA WRAPPER and FOREIGN SERVER in postgresql_privs module
* Added available from note to fdw and fs object types
* Integration tests, examples in documentation
* Complete integration tests
* [docker_image] fix the changed state for tagging and pushing
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docker_image] add tests for (force) tagging and force pushing
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* [docker_image] add a news fragment for the fixed force tag/push behavior
Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
* Fix for "AttributeError: 'module' object has no attribute 'cursors'" (#49191) (#1)
* Fix for "AttributeError: 'module' object has no attribute 'cursors'" (#49191)
* Adding changelog fragment for issue #49191 and the following PR.
* Update lib/ansible/module_utils/mysql.py
Co-Authored-By: timorunge <timorunge@users.noreply.github.com>
* Fixed crash with hidden files
added "-force" parameter on "Get-Item" cmdlet. this is needed to get file info if the file is "hidden"
without this option modules like win_file, win_template, win_copy crashes on hidden files. this is because with "test-path" it sees that the file exists, but "get-item" can't get the file info.
for more information on "-force option": https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-item
* Add changelog and integration tests
* fix tests for older Windows versions
* Add dnsrecord_show method for supporting base domain record
* Replace dnsrecord_show with conditional in dnsrecord_find
* Added changelog entry for MX and SRV
Signed-off-by: synical <sjohnsondot@gmail.com>
* Add support for Windows hosts in the SSH connection plugin
* fix Python 2.6 unit test and sanity issues
* fix up connection tests in CI, disable SCP for now
* ensure we don't pollute the existing environment during the test
* Add connection_windows_ssh to classifier
* use test dir for inventory file
* Required powershell as default shell and fix tests
* Remove exlicit become_methods on connection
* clarify console encoding comment
* ignore recent SCP errors in integration tests
* Add cmd shell type and added more tests
* Fix some doc issues
* revises windows faq
* add anchors for windows links
* revises windows setup page
* Update changelogs/fragments/windows-ssh.yaml
Co-Authored-By: jborean93 <jborean93@gmail.com>
* Document and validate mode choices
* Update examples
* Test cpu float values
* Test correct option
* Fix module return sample
* Add secrets and user to module return value
* Order options alphabetically
* Add changelog
* yaml indentation
* Revert "Order options alphabetically"
This reverts commit 51dabccda7.
* Be consistent with choices type
* win_domain: fix issue when running without credential delegation
* Add check for reboot is required to complete role e install
* Fix changelog sanity issue
* removed meta file accidentally committed
* Fix version checks in tests
* Set minimum version to 2.0.2
* Networks can only be updated >= docker-py 2.7
* Constraints require docker-py 2.4.0
* Healthchecks require docker-py 2.6.0
* Properly run tests different docker_py_versions
* Add changelog fragment
* Specify lowest version on placement.constraints
* Fix running new tests on older docker-py
* Handle different hosts formats returned by docker
* FIx test naming
* Quote str options
* secrets options require docker-py 2.4.0
* Replace InventoryFileCacheModule with a better developer-interface
Use new interface for inventory plugins with backwards compatibility
Auto-update the backing cache-plugin if the cache has changed after parsing the inventory plugin
* Update CacheModules to use the config system and add a deprecation warning if they are being imported directly rather than using cache_loader
* Fix foreman inventory caching
* Add tests
* Add integration test to check that fact caching works normally with cache plugins using ansible.constants and inventory caching provides a helpful error for non-compatible cache plugins
* Add some developer documentation for inventory and cache plugins
* Add user documentation for inventory caching
* Add deprecation docs
* Apply suggestions from docs review
* Add changelog
* made adding package managers easier
added portage support
* moar pkg mgrs and moar info
- added 'pkg' pkg manager (freebsd)
- added pip
- more apt info
* updated clgo
* Updates from feedback
Co-Authored-By: bcoca <bcoca@users.noreply.github.com>
* incorporated more feedback and added docstrings
* moar from feedback
- made manager list dynamic and names based on class
- better not found msg
- made abstract metaclass again
- test is now init exception
- module to global
- better dedupe comments
* more targetted errors/warnings
* added strategy, reordered to conserve priority
* rpm > apt
* move break to top
* fix trate
* piping it
* lines and meta
* refactored common functions
- moved pip into it's own module
- cleaned up base clases
- ensure 'lower' match in package_facts
* missing license
* avoid facts
* update clog
* addressed feedback
* fix clog
* cleanup
* upd
* removed pip as that was removed
* renamed cpan
* added a single line since 2 lines are needed to be
readabnle instead of just 1 line, it is a huge problem otherwise
* fix internal ref
* not intended in this round
* updated as per fb
* make add_group return proper name
* ensure central transform/check
* added 'silent' option to avoid spamming current users
those already using the plugins were used to the transformations, so no need to alert them
* centralized valid var names
* dont display dupes
* comment on regex
* added regex tests
ini and script will now warn about deprecation
* more complete errormsg
* Do not return 'instances' when wait is false
* Added integration tests for wait: false
* Added changelog fragment
* Fix test suite to work with ec2_instance
* Additional permissions
* Enforce boto3 version
* Fix broken tests
* Improve error messages
* fix linter issues
* adds fargate launch_type to ecs_task module
* White space changes
* fix documentation for running ecs task on fargate
* remove extraneous example from ecs_task
* White space changes
* Adds changelog fragment
* Pluralize minor_changes in changelog fragment
* Add Stop and Start task permissions
* set valid_until equal to current time + spot_wait_timeout
* Add checksum check for downloaded file.
* refactoring
* fix typo
* add fixes
* mart try,catch handling
* revert lib/ansible/modules/cloud/amazon/ec2.py from upstream
* refactoring
* remove empty lines
* add checksum verification for existing file
* fix current file check
* refactoring destination file check
* add handling exceptions
* refactoring
* Added download file hash data from url
* fix string aligning
* fix bug with uri
* Added get hash from multy-string file
* Added URI support for checksum file location
* refactoing
* Remove any non-alphanumeric characters for hash from url
* fix discussions; add support for PS3
* refactoring
* add size return value
* checkout from upstream for lib/ansible/modules/cloud/amazon/ec2.py
* add Ansible.ModuleUtils.Legacy support; refactoring
* Copyright added
* Checking files size before and after downloading added.
* remove unused code
* Corrected regexp for dotted slashed file name prefix in hash-file
* hotfix typo error; add int tests
* remove legacy module support; split checksum to checksum, checksum_algorithm, checksum_url
* changed default hash algorithm
* Fixed case for ContentLength = -1
* Old comment removed
* fix typo
* Remove file size check before downloading
* add alias to ; fix tests
* adjust tests; fix lint warnings from PSScritpAnalyzer
* workaround for bug in win_chocolatey module on win2008
* remove win_get_url.ps1 from /test/sanity/pslint/ignore.txt
* add checksum_algorithm as retuen value
* first normalise before return Result
* resolve discussions
Signed-off-by: Viktor Utkin <viktor.utkin7@yandex.ru>
* fix discussions
fix http tests as discussed
* fix last discussions
* Reduce code duplication and add idempotency check
* fix sanity issue and remove testing code
* move back to using tmp file for checksum comparison
* Decreasing docker_swarm requirements.
* Fixing docker-py / docker API version requirements, and some comments.
* Add changelog.
* Only send parameters specified by user to docker daemon.
* Extend labels test: not specifying == keep labels.
* Bump minimally required docker-py version for docker_node and docker_node_facts to 2.4.0.
* Prevent crashing when publish or healthcheck is not provided.
* Similarly to docker_swarm tests, only execute docker_node tests on real VMs and restart docker daemon when tests are done.
* replace uses of sort_json_policy_dict with compare_policies which is compatible with Python 3 and remove sort_json_policy_dict from the AWS guidelines since it only works on Python 2
* Sort any lists containing only strings
* Sort the original policy too
* Look in /lib/molly-guard for shutdown command
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add parameter for extra_search_paths
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Change option to search_paths
- Update docs
- Make the parameter replace the default values
- Add some sanity checking on the data type
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Correct parameter in tests, change conditional for molly-guard tasks
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Address feedback
* Simplify field validation
Needed the try except in case a non-iterable type is put in the search_paths field
* adding quiet option to assert (ansible#27124)
* adding doc for quiet to assert.py
* fixing PEP8 failure
* improving example
* improving docs
* adding changelog fragment
* adding . at end of descriptions
* removing trailing blank line
* adding integration test for assert
* fixing CI complaints
* disabling gather_facts in quiet.yml test
* rerunning to capture skip
* cleaning up python 2 vs 3
* following rebase
* fixing CI complaints
* fixing CI complaints
* fixing CI complaints
* fixing CI complaints
* fixing CI complaints
* Change the retry_files_enabled to False and modify the comments to reflect that
this has been disabled.
* Change the default action of retry_files_enabled to False
* Update porting guide to reflect change in default state of retry_files_enabled variable
* Change log documenting a change in default behaviour of retry_files_enabled
* Revert config change to comment out the retry_files_enabled line to let the user decided what is best.
Comment above still states how to change.
* postgresql_privs change fail to warn if role does not exists
* postgresql_privs change fail to warn if role does not exists: fix sanity
* postgresql_privs change fail to warn if role does not exists: add changelog fragment
* postgresql_privs change fail to warn if role does not exists: fixes
* postgresql_privs change fail to warn if role does not exists: added fail_on_role param
* Revert "use list instead of tuple and remove md5 on ValueError (#51357)" c459f040da.
* Modify the correct variable when determining available hashing algorithms
* Python interpreter discovery
* No longer blindly default to only `/usr/bin/python`
* `ansible_python_interpreter` defaults to `auto_legacy`, which will discover the platform Python interpreter on some platforms (but still favor `/usr/bin/python` if present for backward compatibility). Use `auto` to always use the discovered interpreter, append `_silent` to either value to suppress warnings.
* includes new doc utility method `get_versioned_doclink` to generate a major.minor versioned doclink against docs.ansible.com (or some other config-overridden URL)
* docs revisions for python interpreter discovery
(cherry picked from commit 5b53c0012ab7212304c28fdd24cb33fd8ff755c2)
* verify output on some distros, cleanup
* Ensure play order is obeyed
it was being ignored depending on other options
also added tests for each order (except shuffle) both serial and not
fixes#49846
All openSUSE distributions changed to the way they are returned from distro.id().
This patches fix the openSUSE Leap and SLES distro names, and adds one entry for Tumbleweed.
These descriptions are capitilized, as expected by Ansible's hostname module.
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
* add boto3_tag_list_to_ansible_dict to ec2_vpc_peering_facts.py
* Add parameter checking to ec2_vpc_peer and give helpful error message
* Fixed modules --> module typo in ec2_vpc_peer
* Added required_if logic and fixed incorrect boolean check for absent peering connection
* Changed error message to one of the following is
* Added changelog fragments for ec2_vpc_peer changes
* Changed changelog fragment as per request
* Support UpdateService forceNewDeployment in ecs_service module
* Fixes for review
* Add force_new_deployment option to ecs_service.py
cherrypicks changes from via/ansible
Adds tests for pull request #42518
fixes backwards compatability with boto<1.8.4
* WIP commit so I don't have to stash
* WIP commit for healthcheck grace period
* WIP commit; ecs_module handles service registries
* Fix bad check for desired_count
* Add scheduling strategy test, comment out service registry test
* Fix names in ecs_cluster role main task.
* move full test run back to the end
* Change botocore version for full test to support scheduling strategy
* fix bug with desired_count==0 in amazon/ecs_service
* Fix changed checking for scheduling strategy DAEMON in ecs_service
* Pass testS
* Fix some unhelpful comments
* Add changelog for ecs_service
* Add diff support to docker_swarm.
* Add changelog.
* Using diff mode for docker_swarm tests. This improves debugging, since the the module now outputs more information on *why* it did certain actions.
* Improve idempotency checking: only consider parameters which are part of the generated spec.
* Properly handle rotate_worker_token and rotate_manager_token.
* patch state 'planned' outputs and perform minor refactor
* reconcile with pep8 and pylint
* remove a space...
* update changed to only flip when >0 added, changed, or destroyed is detected
* add state dependecy to conditional change check
* fix typo
* reconcile with pep8[E317]
* add a changelog fragment
* Revert "Clear failed state in always only if we did rescue (#52829)"
This reverts commit f135960fc2.
* Add tests for failed scenario
* Set failed task with EXPECTED FAILURE
Leave it up to the module to return the state in the results.
I went through all the modules in files/ and only found one case where the module needed to return this. No other modules return paths that do not exists.
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Allow configuration templates when using net_id...for reals
- Didn't work before, I had bad code. I'm sorry.
- Cleaned up code and simplified functions
- Added integration tests to test for net_id actions
* Add changelog
* Add module name to changelog
* Fix indentation
* Add new module property to Windows modules
* Add brief pause to file tests to ensure the stat times are not equal, which was happening sometimes.
* Raise TypeError on error rather than fail_json()
* Rework error message to be less verbose
* Add porting guide entry
* #49664 Added npm ci command
* Update lib/ansible/modules/packaging/language/npm.py
Sure
Co-Authored-By: Bramzor <bramverdonck@telenet.be>
* Moved ci_install so it would work for specific packages
Would this work?
* Reverted last commit
npm ci will remove node_modules so cannot be used it to install a specific module.
* Update lib/ansible/modules/packaging/language/npm.py
Co-Authored-By: Bramzor <bramverdonck@telenet.be>
* Update lib/ansible/modules/packaging/language/npm.py
Co-Authored-By: Bramzor <bramverdonck@telenet.be>
* Update lib/ansible/modules/packaging/language/npm.py
Co-Authored-By: Bramzor <bramverdonck@telenet.be>
When no repos are defined, the `repo` variable is undefined. Therefore
append it only to the result if a repo was found. Otherwise Ansible will
fail with an UnboundLocalError.
* Filter DNSimple request by record name.
The request was not filtered and DNSimple returns only the first 100
records so if the number of records is larger the check could fail.
This patch fixes the issue and also makes the check to perform better.
* Add changelog fragment.
* Added product to the dict choices.
Following issue 48594 where product is not a recognised choice: https://github.com/ansible/ansible/issues/48594
* fixed doc
added - product to the doc
* split line 549
to correct ci test splitting line 549
* Create 49776-product_fix_katello_foreman_module.yaml
changelog fragment creation
* Don’t remove service when networks change
* Add changelog fragment
* Some more network integration tests
* Add hannseman as author
* Remove return on self.client.fail
* Facts parsing for cmdline can now handle multiple values for a single key.
* Unit tests for cmdline fact parsing
* Review comments
Fixes: #22766
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Fix bug when specifying SSID by number
- Migrated integration test to blocks with always
- Minor URL fixes
(cherry picked from commit ed79c294f2e3f82d4828226004c055dcd7ce9f63)
* Create changelog file
* Add new line
According to the OpenStack Networking API
the attribute provider:segmentation_id of a network has to be
an integer.
Even if neutron accepts provider:segmentation_id to be a
string, other implementations may not.
* Performance fixes for net and org lookups
- Both methods had duplicate lookups
- This should significantly improve performance
- Currently untested
* Add ChangeLog file
* Change from bugfix to bugfixes and change indent
* First pass at allowing unix socket with urls/uri. See #42341
* Only insert handler as needed
* Fix and add tests
* Add HTTPS functionality for unix sockets
* Additional test fixes
* Create context manager for monkey patching HTTPConnection.connect, de-dupe code, raise better errors
* doc
* Add a few more tests
* Fix __call__
* Remove unused import
* Patch HTTPConnection.connect with the functionality we want, instead of duplicating code and disabling
* Fix var name
* Remove unused var
* Add changelog fragment
* Update uri docs
* Fix rebase indentation issue
* Work around problem with Docker daemon that sometimes won't find image if prefixed with docker.io repo name.
* When tring library/xxx, docker-py also doesn't sometimes find the image.
* Add changelog.
* Fixing unexpected keyword argument 'cursorclass' error after migration from MySQLdb to PyMySQL
* Adoptions for mysql.py as suggested by felixfontein.
* Adding changelog fragment.
Previously the yum module would provide a `changes` dict when
executed in check mode but omit it when not in check mode in favor
of the `results` data which is raw output from the yum command. This
pull request makes that output uniform.
Fixes#51724
Signed-off-by: Adam Miller <admiller@redhat.com>
* Raise AnsibleConnectionError on winrm con errors
Currently all uncaught exceptions of the requests library that is used
in winrm will lead to an "Unexpected failure during module execution".
Instead of letting all exceptions bubble up we catch the connection
related errors (inkl. timeouts) and re-raise them as
AnsibleConnectionError so Ansible will mark the host as unreachable and
exit with the correct return code.
This is especially important for Zuul (https://zuul-ci.org) to
distinguish between failures and connection/host related errors.
* Update lib/ansible/plugins/connection/winrm.py
Co-Authored-By: westphahl <westphahl@gmail.com>
* Add changelog fragment
* identity: Add GSSAPI suport for FreeIPA authentication
This enables the usage of GSSAPI for authentication, instead of having
to pass the username and password as part of the playbook run.
If there is GSSAPI support, this makes the password optional, and will
be able to use the KRB5_CLIENT_KTNAME or the KRB5CCNAME environment
variables; which are standard when using kerberos authentication.
Note that this depends on the urllib_gssapi library, and will only
enable this if that library is available.
* identity: Add documentation for GSSAPI authentication for FreeIPA
This documentation describes how to use GSSAPI authentication with the
IPA identity modules.
* identity: Add changelog for GSSAPI support for IPA
This adds the changelog entry for the GSSAPI authentication feature for
the IPA identity module.
* Allow creation and deletion of keys (deletion just schedules for
deletion, recreating an old key is just cancelling its deletion)
* Allow grants to be set, thus enabling encryption contexts to be
used with keys
* Allow tags to be added and modified
* Add testing for KMS module
* Tidy up aws_kms module to latest standards
There are other chat systems with hook implementations more or less
compatible with Slack, such as Rocket.Chat. The latter requires the
Content-Type header to be set to "application/json" (the body is JSON).
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
* [WIP] become plugins
Move from hardcoded method to plugins for ease of use, expansion and overrides
- load into connection as it is going to be the main consumer
- play_context will also use to keep backwards compat API
- ensure shell is used to construct commands when needed
- migrate settings remove from base config in favor of plugin specific configs
- cleanup ansible-doc
- add become plugin docs
- remove deprecated sudo/su code and keywords
- adjust become options for cli
- set plugin options from context
- ensure config defs are avaialbe before instance
- refactored getting the shell plugin, fixed tests
- changed into regex as they were string matching, which does not work with random string generation
- explicitly set flags for play context tests
- moved plugin loading up front
- now loads for basedir also
- allow pyc/o for non m modules
- fixes to tests and some plugins
- migrate to play objects fro play_context
- simiplify gathering
- added utf8 headers
- moved option setting
- add fail msg to dzdo
- use tuple for multiple options on fail/missing
- fix relative plugin paths
- shift from play context to play
- all tasks already inherit this from play directly
- remove obsolete 'set play'
- correct environment handling
- add wrap_exe option to pfexec
- fix runas to noop
- fixed setting play context
- added password configs
- removed required false
- remove from doc building till they are ready
future development:
- deal with 'enable' and 'runas' which are not 'command wrappers' but 'state flags' and currently hardcoded in diff subsystems
* cleanup
remove callers to removed func
removed --sudo cli doc refs
remove runas become_exe
ensure keyerorr on plugin
also fix backwards compat, missing method is attributeerror, not ansible error
get remote_user consistently
ignore missing system_tmpdirs on plugin load
correct config precedence
add deprecation
fix networking imports
backwards compat for plugins using BECOME_METHODS
* Port become_plugins to context.CLIARGS
This is a work in progress:
* Stop passing options around everywhere as we can use context.CLIARGS
instead
* Refactor make_become_commands as asked for by alikins
* Typo in comment fix
* Stop loading values from the cli in more than one place
Both play and play_context were saving default values from the cli
arguments directly. This changes things so that the default values are
loaded into the play and then play_context takes them from there.
* Rename BECOME_PLUGIN_PATH to DEFAULT_BECOME_PLUGIN_PATH
As alikins said, all other plugin paths are named
DEFAULT_plugintype_PLUGIN_PATH. If we're going to rename these, that
should be done all at one time rather than piecemeal.
* One to throw away
This is a set of hacks to get setting FieldAttribute defaults to command
line args to work. It's not fully done yet.
After talking it over with sivel and jimi-c this should be done by
fixing FieldAttributeBase and _get_parent_attribute() calls to do the
right thing when there is a non-None default.
What we want to be able to do ideally is something like this:
class Base(FieldAttributeBase):
_check_mode = FieldAttribute([..] default=lambda: context.CLIARGS['check'])
class Play(Base):
# lambda so that we have a chance to parse the command line args
# before we get here. In the future we might be able to restructure
# this so that the cli parsing code runs before these classes are
# defined.
class Task(Base):
pass
And still have a playbook like this function:
---
- hosts:
tasks:
- command: whoami
check_mode: True
(The check_mode test that is added as a separate commit in this PR will
let you test variations on this case).
There's a few separate reasons that the code doesn't let us do this or
a non-ugly workaround for this as written right now. The fix that
jimi-c, sivel, and I talked about may let us do this or it may still
require a workaround (but less ugly) (having one class that has the
FieldAttributes with default values and one class that inherits from
that but just overrides the FieldAttributes which now have defaults)
* Revert "One to throw away"
This reverts commit 23aa883cbed11429ef1be2a2d0ed18f83a3b8064.
* Set FieldAttr defaults directly from CLIARGS
* Remove dead code
* Move timeout directly to PlayContext, it's never needed on Play
* just for backwards compat, add a static version of BECOME_METHODS to constants
* Make the become attr on the connection public, since it's used outside of the connection
* Logic fix
* Nuke connection testing if it supports specific become methods
* Remove unused vars
* Address rebase issues
* Fix path encoding issue
* Remove unused import
* Various cleanups
* Restore network_cli check in _low_level_execute_command
* type improvements for cliargs_deferred_get and swap shallowcopy to default to False
* minor cleanups
* Allow the su plugin to work, since it doesn't define a prompt the same way
* Fix up ksu become plugin
* Only set prompt if build_become_command was called
* Add helper to assist connection plugins in knowing they need to wait for a prompt
* Fix tests and code expectations
* Doc updates
* Various additional minor cleanups
* Make doas functional
* Don't change connection signature, load become plugin from TaskExecutor
* Remove unused imports
* Add comment about setting the become plugin on the playcontext
* Fix up tests for recent changes
* Support 'Password:' natively for the doas plugin
* Make default prompts raw
* wording cleanups. ci_complete
* Remove unrelated changes
* Address spelling mistake
* Restore removed test, and udpate to use new functionality
* Add changelog fragment
* Don't hard fail in set_attributes_from_cli on missing CLI keys
* Remove unrelated change to loader
* Remove internal deprecated FieldAttributes now
* Emit deprecation warnings now
* standardize user/password connection vars
* docs: use ansible_user and ansible_password
* docs: var precedence for connection vars
* docs: ansible_become_pass -> ansible_become_password etc
* Enable 'changed' var with ufw check mode
* Fix from comment of the PR + Unit Test
* Fix on ufw module after the second review
- delete rules change works in check mode
- simplify execute def & use it on every call process
- improved regexp
- rename vars defaults to current_default_values
* Add ignore error to execute() and use it in get_current_rules()
* Update after third code review (introduce change in changed status)
* Adjust tests and fix some problems (#1)
* 'active' also appears in 'inactive'.
* 'reject' is also a valid option here.
* For example for reloaded, changed will be set back to False here.
* Improve and adjust tests.
* Fix after merging integration test
* handle "disabled" on default routed
* Add /var/lib/ufw/.. rules files
* add unit test
* Fix pep8 formatting error
* Separate ipv6 and ipv4 rules process from checkmode
* fix non-ascii error on ci
* Some change after review
* Add unit test with sub network mask
* rename is_match function by is_starting
* add changelog fragment
Previously it was assumed that the Amazon system-release
number was the final value of the string. This isn't always
the case. Some releases have the name at the end.
Amazon Linux release 2
Amazon Linux release 2 (Karoo)
Fix by instead looking for a number in the string.
Fixes#48823
Check the path /run/ostree-booted which I'm told by upstream that it
will always be present when a host system is Fedora/RHEL/CentOS
Atomic/CoreOS vs "traditional" distro instance to detect the
non-traditional instance and ensure pkg_mgr selection is correct
Signed-off-by: Adam Miller <admiller@redhat.com>
* use list instead of tuple and remove md5 on ValueError
Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>
* convert algorithms to list and add comment
Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>
* only convert to list if algorithms is not None
Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>
* new fragment for PR 51357
Signed-off-by: michael.sgarbossa <msgarbossa@cvs.com>
* fix lint: remove blank line
Fixes: #51534
* set valid_until equal to current time + spot_wait_timeout
* add setting ValidUntil to value
* add changelog fragment
* fix shebang issue
* uri: fix TypeError when file can't be saved
Fix the following exception (and others):
Traceback (most recent call last):
File "/home/lilou/debug_dir/__main__.py", line 604, in <module>
main()
File "/home/lilou/debug_dir/__main__.py", line 554, in main
write_file(module, url, dest, content, resp)
File "/home/lilou/debug_dir/__main__.py", line 320, in write_file
module.fail_json(msg="Destination dir '%s' not writable" % os.path.dirname(dest), **resp)
TypeError: fail_json() got multiple values for keyword argument 'msg'
I would rather remove **resp from returned values but this module is
flagged as stableinterface.
* Static imports are more straight forward and preferred unless dynamic inclusion is required.
Added support for username and password authentication in hashi_vault
lookup plugin.
Fixes: #38878
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add coherency between check and normal mode see issue #24633
* Add changelog fragment for the PR
* Make change following PR comment
* Remove trailing whitespace
* Always check envvars when auth parameter is not provided
This will make it so that all code using the get_api_client
method will make use of the environment variables, instead of
silently ignoring them if default values haven't been set. This
affects at least the k8s lookup plugin.
* Add changelog
* move extravars and option vars loading into VM
also safedir setting, all these are intrinsic to VM
avoid uneeded and inefectual shallow copy
remove setters/getters as VM now does most of the work in init
updated and added tests
* feedback + fixes
* keep extra_vars property for vars_prompt
* pass values not objects
* remove bare var handling in conditionals
this makes top level and multilevel vars (dicts keys) behave the same
it will require adding |bool for 'string comparissons' in indirect templates
- added new tests to ensure uniform handling
- switched to 'is' testing for status
- changed warning to 'conditional' as 'when:' is not only place it gets triggered
* updated to include toggle and deprecation
* fix deprecated
* updated tests to handle toggle
* fixed typo and added note about the future
* aws_ec2 Implement the missing 'region discovery'
fixes#45288
tries to use api as documented (which seems to fail in latest boto3 versions)
and fallback to boto3 'hardcoded' list of regions
* fixes and cleanup, add error for worst case scenario
* fix tests, remove more unused code
* add load_name
* acually load the plugin
* set plugin as required
* reverted test changes, removed options tests
* fixes as per feedback and cleanup
* add static facility and apply to register
* added warning
* added test for templated register
* test register 'static' status
* rely on subshell to deal with quote context
* use corrects pb for test
* bring constants back cause new code in devel
* Add tests for check_mode at play and task level
These test inheritance of check_mode from the various levels (command
line, as a play attribute and as a task attribute) so they will be
useful for checking that the change to fieldattribute inheritance with
defaults works
* Add a sentinel object
The Sentinel object can be used in place of None when we need to mark an
entry as being special (usually used to mark something as not having
been set)
* Start of using a Sentinel object instead of None.
* Handle edge cases around use of Sentinel
* _get_parent_attribute needs to deal in Sentinel not None
* No need to special case any_errors_fatal in task.py any longer
* Handle more edge cases around Sentinel
* Use Sentinel instead of None in TaskInclude
* Update code to clarify the vars we are copying are class attrs
* Add changelog fragment
* Use a default of Sentinel for delegate_to, this also allows 'delegate_to: ~' now to unset inherited delegate_to
* Explain Sentinel stripping in _extend_value
* Fix ModuleArgsParser tests to compare with Sentinel
* Fixes for tasks inside of roles inheriting from play
* Remove incorrect note. ci_complete
* Remove commented code
* Catch SSH authentication errors and don't retry multiple times to prevent account lock out
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Subclass AnsibleAuthenticationFailure from AnsibleConnectionFailure
Use comparison rather than range() because it's much more efficient.
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add tests
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Make paramiko_ssh connection plugin behave the same way
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Add changelog
Signed-off-by: Sam Doran <sdoran@redhat.com>
* Move relative time handling to module_utils and rewrite it
* Fix cases with no seconds defined
* fix a small typo along the way
* add relative time handling to the ownca provider in openssl_certificate
* add initial integration test for relative time ownca
* quote the documentation to produce valid yaml
* move timespec conversion and validation to the init function
* fix small edge case in conversion function
* add relative timestamp handling to the selfsigned provider
* add get_relative_time_option
* add relative timestamp handling to valid_in
* pep8 fix indentation
* add quotes in error message
* add changelog fragment
* Update changelogs/fragments/50570-relative_time_crypto.yaml
Co-Authored-By: MarkusTeufelberger <mteufelberger@mgit.at>
* Added support for labels for Docker Network
* Fixed missing comma in Docker Network module
* Specified minimal versions for dependencies and added changelog
* Fixes based on suggestions after code review
* Added integration tests
* Add command option
* Fix test task name
* Changelog fragment
* Fix indendation
* Add version_added
* Better command description
* Test passing command as list
* Handle invalid command types
* Cleaner command type checking
* Check that all items in command list are strings
* Better error about command list items
* Better type checking errors
* Add tests for command type checking
* Update command tests
* Fix messed up rebase
* Fix publish idempotency when mode is None
* Add changelog fragment
* Python 2.6 compat
* Use self.publish
* Check length of publish before comparing content
* Sort publish lists before zipping
* Enable publish tests
* python3 compat
* Don’t sort by mode as it is not safe
* Document publish suboptions and add them to args
* Add type to publish documentation
* Add choices to publish argument_spec suboptions
* Make tcp the default protocol
* Make documentation reflect protocol default
* Simplify setting mode
* Remove redundant string quoting
* Test order of publish
* Add comment about publish change detection
* Revert "Revert "openssl_csr: Allow to use cryptography as backend (#50324)""
This reverts commit bbd2e31e9f.
* Remove more complicated selection copy'n'pasted from openssl_privatekey.
* Add tests for backend selection.
* Add openssl_csr test for arbitrary string commonName.
* Allow to disable commonName -> SAN copying (fixes#36690).
* Increase persistent command_timeout default value
* Increase command_timeout default value from 10 to 30 sec
to reduce frequent timeout issue for network connection
types (netconf/network_cli/httpapi/napalm)
* Fix review comments
* Corner case in which import_role would add another instance of a role with the same signature into roles: when it already existed there.
roles:
- name: a
tasks:
- import_role: name=a
would execute role 'a' 3 times instead of the intended 2 (x2 in roles: phase +1 in tasks:)
* added tests
* Add object_type param to checkpoint_object_facts
* Add changelog fragment
* Fix sanity
* Fix sanity
* Pass type param to payload
Otherwise it does not do what is expected to do
* Add ip-only default to docstring
* Revert "avoid x2 setting of set_fact when 'cacheable' (#50564)"
This reverts commit 207848f354.
* clarify clear_facts with set_fact cacheable
revert previous 'fix' as it will break playbooks by changing precedence
opted to leave current behaviour but document it on both plugins to mitigate confusion
fixes#50556
also fix grammer, add comment, remove unused e
* Bubble up import exception content for k8s module
Signed-off-by: Fabian von Feilitzsch <fabian@fabianism.us>
* Track down other places import exception is reported
* Add changelog fragment
When a user home dir is not created with `useradd`, the home dir will now
be created with umask from /etc/login.defs. Also fixed a bug in which
after a local user is deleted, and the same user exists in the central
user management system, the module would create that user's home.
* check for result['status'] in systemd module
* instead of checking for result['state'], actually check for chroot and warn
* allow systemctl status to work if in a chroot, update warn text
* simply change warning message
* Allow to use cryptography as backend for openssl_csr.
* Use different curve.
* Adding changelog.
Includes changelog fragment for #49416, which didn't include one.
* Describe labels and container_labels correctly
* Clarify reserve_memory and limit_memory docs
* Remove default from container_labels doc
* Remove trailing whitespace
* Document min api version for configs and secrets
* Add changelog fragment
* Specify type on labels and container_labels
* Consolidate required API version descriptions
* Update reserve and limit memory docs
* Use correct power-of-two units
* Remove description about limit_memory minimum 4mb
* docker_swarm_service: use exact name match when finding services
The Docker API's filtering support allows filtering for substring
matches which means that when we filter the list of running services we
may accidentally match a service called "foobar" when looking for a
service named "foo".
Fix this by filtering the list of services returned from the Docker API
so that name matches are exact. It is still worth passing the filter
parameter to the Docker API because it reduces the number of results
passed back which may be important for remote Docker connections.
Closes 50654.
* add changelog fragment for #50654
* Added documentation around using vmware dynamic inventory plugin
* Fixed bug for populating host_ip in hostvars for given inventory host
* VMware: Add properties in vmware_vm_inventory
Fixes: #50249
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fixes issue 50296
* fixes the indentation of the return statement
* Adds a conditional test into `_find_systems_resource()` to check the existence
of the Members of System resource
* updates the error message
* harden the conditional test
* Add a changelog
Provide toggle flag to allow display of unreachable task to stderr
using default callback plugin.
Fixes: #48069
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Add auth_timeout parameter when supported
Paramiko 2.2 introduces the auth_timeout parameter. This will set the
parameter to the same value of the timeout parameter to prevent
"Authentication timeout" errors.
* Conditionally add auth_timeout to ssh.connect
Renamed sock_kwarg to ssh_connect_kwargs and conditionally added the
auth_timeout parameter based on the installed paramiko version.
* Add changelog fragment
* Add a porting guide entry for ansible_distribution facts
Switching away from platform.distro() will cause changes sometimes due
to the new code using new sources of information that may be out of sync
with the old ones. Just have to make people aware of that and also what
we are doing to mitigate it when appropriate.
* wordsmithed, added links for new distro backend
* Once cli args are parsed, they're constant. So, save the parsed args
into the global context for everyone else to use them from now on.
* Port cli scripts to use the CLIARGS in the context
* Refactor call to parse cli args into the run() method
* Fix unittests for changes to the internals of CLI arg parsing
* Port callback plugins to use context.CLIARGS
* Got rid of the private self._options attribute
* Use context.CLIARGS in the individual callback plugins instead.
* Also output positional arguments in default and unixy plugins
* Code has been simplified since we're now dealing with a dict rather
than Optparse.Value
Added examples in playbooks_error_handling doc for handlining
multiple conditions in changed_when and failed_when
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fix order of dnf api operations so transactions don't fail
Previously dnf.base.fill_sack() was called before
dnf.base.update_cache() which apparently breaks dnf transaction
logic as per https://bugzilla.redhat.com/show_bug.cgi?id=1658694Fixes#49060
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog and test case
Signed-off-by: Adam Miller <admiller@redhat.com>
* Combine systemd units/unit-files output for service_facts
Fixes#47118
Previously we were only taking the output of `systemd units` which
would leave out information about the service units that were
disabled, static, masked, etc. Now we're aggregating the results so
that anything not active/inactive/dead at least is pulled as fact
data with it's state provided.
Signed-off-by: Adam Miller <admiller@redhat.com>
* provide state and status information about services
Fixes#45730
Signed-off-by: Adam Miller <admiller@redhat.com>
conn_limit type is set to 'int'. This will allow module to compare conn_limit with record value without type casting.
Fixes: #38118
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Without this modprobe always reports changed when modprobe-ing a builtin module.
With this, if a kernel module is a builtin, the modprobe module will:
- succeed (without incorrectly reporting changed) if ``state`` is ``present``;
- fail if ``state`` is ``absent``
The failure will have whatever error message modprobe returns when
attempting to remove a builtin module. For example:
``modprobe: ERROR: Module nfs is builtin.``
* Handle 'latest' version when installing module for first time
Otherwise, a fresh install of a plugin with 'version: latest' gets installed without its dependencies, rendering the plugin effectively useless.
* Add changelog
* Refactor integration test for lvg module to introduce grow/reduce test
* List correctly current PV in lvg module: fix lvg reduce
Previous behaviour was to only take into account PV passed in 'pvs'
argument. This lead to reduce not working as expecting:
* with state=present and list of wanted pvs, lvg found only the pvs to
add or already present and ignored the pv to remove (obviously absent
from the list of given PV)
* with state=absent and a pv to remove, lvg found that the remaining pvs
list is empty (ignoring possible other PV in the vg) and decides to
remove the vg entirely (as supposely no PV are left anymore to store
lvm metadata)
* Add changelog fragment
When the security group the rule belongs to does not exist and
the state is absent, the module is not properly exited, leading
to a playbook execution failure.
Fixes issue #50057
* Added organization in the scm_credential get
* Fallback looking for cred in project org
* Tests project with multi org credential
* Fixed CI issue
* Added changelog fragment
* Change test suite to fit expected behaviour
This reverts some changes from ansible/ansible@723daf3
If a line is found in the file, exactly or via regexp matching, it must
not be added again.
insertafter/insertbefore options are used only when a line is to be
inserted, to specify where it must be added.
* Implement the change in behaviour mentioned in the previous commit
* Fix comment to reflect what the code does
* Set the correct return message.
In these cases, the lines are added, not replaced.
* Add a changelog
* Allow tags to be templated from a variable. Fixes#49825
* Restore _load_tags to ensure we do csv tag splitting
* Add tests for csv tags and templated tags
* evaluate_tags doesn't need to accept strings, because _load_tags handles this
* Windows Privileges - moved util code to it's own C# util
* Rename Enabler class to PrivilegeEnabler to remove ambiguity
* rename Utils to PrivilegeUtil
* fix missing util name changes
* win become: refactor and add support for passwordless become
* make tests more stable
* fix up dep message for Load-CommandUtils
* Add further check for System impersonation token
* re-add support for become with accounts that have no password
* doc fixes and slight code improvements
* fix doc sanity issue
- Require username and password for unregistering and avoid "cannot marshal None unless allow_none is enabled" error when using an activation key and no channels specified.
- Update test fixtures and add changelog
Co-authored-by: WhyIsThisOpen <WhyIsThisOpen@users.noreply.github.com>
* Fix various bugs related in reboot
- Use format strings for consistency and improve debug log messages
- Use local variables instead of class attributes in order to be thread safe
- Run setup module to get distribution and version
- Run find module to get full path of shutdown command
- Use ansible_os_family and ansible_distribution to find commands and args
- Use same command for all Solaris/SunOS distributions
- Move delay calculations to properties
- Reliably check for module run failure
- Fix bug in run_test_command() that accidentally made the method work properly
- Use better exceptions rather than Exception
- Use dict literals rather than constructors
- Correct _check_delay() so it always returns a value, not None
- Don't store and return result in run_test_command() because it's not used anywhere
- add test for post reboot command that fails
- test negative values for delay parameters
fixes to ansible-doc
- change json to always be type dependent
- change changelog generation to loop over the options
- warn about ignoring module path
* ensure idempotency for user set to None
* Update `user` documentation and add changelog fragment
* clarify changelog fragments and parameters documentation
* use restructuredtext syntax in changelog fragment
* Add info about loop based on jinja2 loop var
* ansible_loop
* Update test count
* Add extended loop_control that defines whether ansible_loop should be added
* Extended needs to be defaulted
* Revert "Update test count"
This reverts commit f1e93ee469825f4cdcd90fb28667d29aa088275c.
* Add docs about loop_control.extended
* Add revindex and revindex0
* Document ansible_loop in special vars
* Add changelog fragment
* Add tests, change items to allitems so that dot notation works, fix logic error with previtem
Incorporating the abandoned work from PRs #35288 and #45552. Also adding in
the version checking from `docker_container.py`, which should be abstracted
out to `docker_common.py`.
* fix py3 scope for unique filter errors, enable filters integration tests on rhel8 beta
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog
Signed-off-by: Adam Miller <admiller@redhat.com>
* Changed $IpAddress to $Gateway
* Tweaked win_route unit tests
Checks to see if new static route has the correct gateway
* Create win_route.yaml
* Fixed incorrect variable name
* Fix FactCache to conform to the dict API
* update needs to take a dict rather than a key and a value
* __init__ needs to allow for setting the intial dictionary
* Remove unneeded _display and _cache attributes
* Move ansible.plugins.cache.FactCache to
ansible.vars.fact_cache.FactCache because this isn't part of the cache
plugin API.
* Add backwards compatibility when calling update on the new FactCache
* Remove code for calling old FactCache. There's no way to call the old
FactCache so there's no need for backwards compatible code for calling
code. Backwards compatibility is handling things which are calling
the new FactCache.
* Port our code to the new FactCache location.
* Some types of 1Password items have a 'password' field alongside the 'fields' attribute, not inside it, so we need to search there as well.
* Add changelog fragement for onepassword_facts PR #47213.
* Fix for changes in clearlinux
clearlinux is now providing /etc/os-release file and ansible is identifying as NA
then this change allow ansible to find it
Signed-off-by: Josue David Hernandez Gutierrez <josue.d.hernandez.gutierrez@intel.com>
* Add changelog fragment for clearlinux changes
Signed-off-by: Josue David Hernandez Gutierrez <josue.d.hernandez.gutierrez@intel.com>
* Add parameters to module vmware_guest for conversion of disk to thin or thick when vm is cloned or deployed with template
* unit test for convert clone vm
Co-Authored-By: chris93111 <christopheferreira@ymail.com>
* Fix win_nssm credentials quoting
Fix credential quoting for win_nssm after changes to the way nssm command is invoked in Ansible 2.7.1.
* Updating nssm command to update credentials to use Argv-ToString to properly escape password variable.
* Adding changelog fragment for fix of #48728.
* Add error message for k=v and YAML in a single task
Find the correct line, column, and position for k=v errors since they are different than the position reported initially.
Document bug in quoting syntax check.
* Change tense or error message
Since the error still exists, switch to present tense rather than past tense.
* Remove double spaces after periods in error messages.
http://www.slate.com/articles/technology/technology/2011/01/space_invaders.html
* Add changelog fragment
* Add tests for new error message
* Fix tests
* Add clarifying comments to unit test
* VMware: Fix module usages in module_utils
* Skip test for Python 2.6 as SSL context is not available in Python 2.6
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Implement test case prefix to filter test cases
* Cut line to not exceed 160 chars
* Replace tabs with spaces
* Add version_added field
* Include changelog file
* Support for pids_limit parameter in docker_container module
This add pids_limit parameter support in docker_container module
Fixes#43337
Signed-off-by: Akshay <akshay@localhost.localdomain>
* Add changelog for pids_limit parameter
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* Remove unnecessary lines of code
The map is needed if the names are different.
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* Update pids_limit option tests
It also run for docker-py < 1.10.0
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* Only one exit point.
* Refactoring account handling.
* Add diff support for acme_account.
* Insert public_account_key into acme_account_facts result and into acme_account diff.
* Add changelog.
* require git when trying to use it in ansible-galaxy cli
Previously we weren't setting `required=True` when calling
`get_bin_path` and the path would return `None`, this would cause
a traceback when attempting to ' '.join() to create a string
representation of the failed command for error output
Fixes#49200
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog
Signed-off-by: Adam Miller <admiller@redhat.com>
* Don't check options for idempotency which are not supported.
This check should be superfluous if every option would adhere to
the convention that options not specified should have value None.
Unfortunately, some options (such as init) which correspond to
container properties have an explicit default set.
* Add append_hash functionality to k8s module
append_hash adds a hash based on the contents of a ConfigMap
or Secret to the name - this enables immutable ConfigMaps and
Secrets.
* Provide k8s_config_resource_name plugin
The k8s_config_resource_name filter plugin provides a means of determining
the name of ConfigMaps and Secrets created with append_hash
* Add changelog fragment
* fix failing tests
* Update openshift version needed for append_hash
* win_mapped_drive - refactor module and docs
* Updated code to work with become and split tokens
* use win_credential_manager instead of cmdkey
* updated credential manager module name
* harden the system token impersonation process
* Add difference tracking tool
* Improve --diff mode for docker_container.
* Improve diffs of sets by ordering the sets.
* Rewrite imports, get rid of HAS_DOCKER_PY_x variables and use docker_version instead.
* Rename container -> active (more generic).
* Add --diff for docker_volume. Change old diff output.
* Add --diff for docker_network. Change old diff output.
* Add --diff for docker_swarm_service.
* Add changelog.
* Add entry for porting guide on docker_network and docker_volume.
* port win-say to use CSharpUtil AnsibleBasic and add warning when requested voice not found
* win_say: fixes following code review: use C# style properties consistently; prefix changelog fragments
* fix invalid yaml in change log fragment
* win_say: fixes following code review: use generic module parameter validation where possible
* remove redundant setting of Result.changed to false, simplified some logic for readability.
* fix serialisation issue when message text is drawn from a file; allows tests to be run not in check mode and fix up some test descriptions
* Provide Kubernetes resource validation to k8s module
Use kubernetes-validate to validate Kubernetes resource
definitions against the published schema
* Additional tests for kubernetes-validate
* Improve k8s error messages on exceptions
Parse the response body for the message rather than returning
a JSON blob
If we've validated and there are warnings, return those too - they
can be more helpful
```
"msg": "Failed to patch object: {\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},
\"status\":\"Failure\",\"message\":\"[pos 334]: json: decNum: got first char 'h'\",\"code\":500}\n",
```
vs
```
"msg": "Failed to patch object: [pos 334]: json: decNum: got first char 'h'\nresource
validation error at spec.replicas: 'hello' is not of type u'integer'",
```
* Update versions used
In particular openshift/origin:3.9.0
* Add changelog for k8s validate change
* -Change: Include dependency role names in `role_names`.
-Add: `play_role_names` magic variable to include only explicitly named roles (formerly `role_names`).
-Add: `dependent_role_names` magic variable to include all dependency names for all roles.
* -Change: use the ansible_ prefix for new magic variables.
-Change: keep `role_names` as a deprecated variable, using the old functionality.
* -Add: changelog fragment for the role_names rework.
* -Add: Tests for the role_names (and ansible_*role_names) special variables
* -Fix: resolve erroneous documentation snippet that was introduced after rebasing.
* -Fix: explicitly sort to ensure list comparison works in test.
* make yum update_only option actually work
Fixes#40615
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix changlog fragment for sanity check
Signed-off-by: Adam Miller <admiller@redhat.com>
* only attempt an update when there are packages to update
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix logic to properly handle the precedent of operations
Signed-off-by: Adam Miller <admiller@redhat.com>
* remove q debug statements
Signed-off-by: Adam Miller <admiller@redhat.com>
* Fix tests: use same command if not testing command option.
* Fix idempotency of init option.
* Fix shm_size idempotency (it is included in inspect results from docker API version 1.22 on).
* Add changelog.
* clarify port.mode paramter requiremets, fail if unmet
* changelog fragment
* shorten too long line
* remove unnecessary indentation
* test version on docker_version for better maintainability
* normalize imports
* changelog fragment: minor_changes -> bugfixes
* rollback e96a7e57dfefd566fa47cf465a759637affd4795
* typo
Co-Authored-By: dariko <dariko@users.noreply.github.com>
* fix tagged implicit gathering
- None is not tHe default anymore, its an empty list
* Update changelogs/fragments/fix_taggged_gather.yml
Co-Authored-By: bcoca <bcoca@users.noreply.github.com>
* Simplify logic and add FreeBSD & NetBSD
* Remove incorrect flag for lock and unlock on FreeBSD
* Add tests and changelog
Co-authored-by: Chris Gadd <gaddman@email.com>
PIP package names must be case insensitive, and must consider hyphens
and underscores to be equivalent
(https://www.python.org/dev/peps/pep-0426/#name), because of this the
module didn't work correctly in check mode. For example if the passed
package name had a different case or an underscore instead of a hyphen
(or the other way around) compared to the installed package, check mode
reported as changed, even though packages were installed. Now the module
ignores case and hyphens/underscores in package names, so check mode
works correctly.
* Always use /proc/sys/kernel/random/boot_id to confirm reboot on Linux
/proc/sys/kernel/random/boot_id is available since kernel 2.3.16 and
should be safe to rely on.
The previously used method by checking the system boot time using who -b
turned out to be unreliable: Some systems lacking an RTC report the Unix
epoch as boot time, but the code trying to detect that did't always
work.
Closes#46562
* Change DEFAULT_BOOT_TIME_COMMAND
- change to usinsg /proc by default
- add BOOT_TIME_COMMANDS for BSD, Solaris, and macOS
* Complie regular expressions for better performance
* Skip on empty lines
This fixes a bug where the previous repo would be inserted in the result twice since an empty line did not match any of the conditions that would exit the loop iteration.
* win_update: Add post search category matching to support product matching
* win_updates: Return categories of each update
* win_updates: Documentation fix-up
* win_updates: Adjusted documentation to reflect regex vs sub-string match of post-cat strings
* win_updates: Sped up post-category checking
* win_updates: Updated documentation to suggest querying post-category strings
* win_updates: Simplified saving and checking post-categories
* fixed some issues and added filtered categories to return value
* win_updates: Moved all category matching to occur after initial search
* win_updates: Adjustments to satisfy PowerShell lint checks
* win_updates: Dropped category validation from action plugin
* win_updates: Documentation updates
* win_updates: Fixed plugin unit tests
* Added basic equivalent to PowerShell modules
* changes based on latest review
* Added tests
* ignore sanity test due to how tests are set up
* Changes to work with PSCore
* Added documentation and change updated more modules
* Add some speed optimisations to AddType
* fix some issues in the doc changes
* doc changes
* yum also parse obsolete package output
This is a rebase of the patch originally proposed in
https://github.com/ansible/ansible/pull/40001 by machacekondra
Fixes#39978
Signed-off-by: Adam Miller <admiller@redhat.com>
* properly parse the obsoletes, provide a new output entry, add changelog
Signed-off-by: Adam Miller <admiller@redhat.com>
* make pep8 happy
Signed-off-by: Adam Miller <admiller@redhat.com>
* remove q debugging output
Signed-off-by: Adam Miller <admiller@redhat.com>
* First pass at a toml inventory
* Make EXAMPLES yaml
* Remove unnecessary comment
* Small formatting changes
* Add ansible-inventory option to list as TOML
* TOML inventory improvements, to allow a more simple inventory, specifically related to children
* changelog
* Simplify logic
* Dedupe _expand_hostpattern, making it available to all inventory plugins
* Don't make the TOML inventory dependent on the YAML inventory
* Quote IP address values
* Add more TOML examples
* Further cleanups
* Enable the toml inventory to run by default
* Create toml specific dumper
* 2.8
* Clean up imports
* No toml pygments lexer
* Don't raise an exception early when toml isn't present, and move toml to the end, since it requires an external dep
* Require toml>=0.10.0
* Further clean up of empty data
* Don't require toml>=0.10.0, but prefer it, add code for fallback in older versions
* Ensure we actually pass an encoder to toml.dumps
* Simplify recursive data converter
* Appease tests, since we haven't limited controller testing to 2.7+
* Update docstring for convert_yaml_objects_to_native
* remove outdated catching of AttributeError
* We don't need to catch ImportError when import ansible.plugins.inventory.toml
* Add note about what self.dump_funcs.update is doing
* Address some things
* A little extra comment
* Fix toml availability check
* Don't create an intermediate list
* Require toml file extension
* Add metadata
* Remove TOML docs from intro_inventory to prevent people from getting the wrong idea
* It's in defaults, remove note
* core supported, indicate very clearly that this is preview status
* Allow bang and exclamation without warning
Allow the password field to be ! or * without warning when using this feature to create accounts that are locked.
Add documentation and tests to cover this.
* Use set() rather than braces for Python 2.6
* Correct yum and dnf autoremove behavior
Sanity check args passed to autoremove
Fixes#47184
Signed-off-by: Adam Miller <admiller@redhat.com>
* fix docs
Signed-off-by: Adam Miller <admiller@redhat.com>
* Store parsed docker-py / docker API versions in client.
* Began refactoring 'minimal required version' for docker_container options.
* Removing some fake defaults.
* Added changelog.
* Improve tests (check older docker versions).
* Fix comparison. The breaking point is not docker-py 2.0.0, but 1.10.0.
(Verified by testing with these versions.)
* Move docker-py/API version detection to setup_docker.
* Add YAML document starter.
* docker_network requirement for docker-py was bumped to 1.10.0 in #47492.
Handle exception when there is no snapshot available in virtual machine or template while cloning using vmware_guest.
Fixes: #47920
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Support for device read write limit parameters
* Add following options in docker_container module
- device_read_bps
- device_write_bps
- device_read_iops
- device_write_iops
Fixes#36831
* test for device_read_iops
* combined test for device_write_bps and device_write_iops
Don't fail when policy, requestPayment, tagging or versioning API is not
implemented by the endpoint and if related parameters policy, requester_pays,
tags or versioning are None.
* cleanup is already tested.
* Add test for paused.
* Add recreate and restart tests.
* timeout is a common docker option
* Implement paused and fix paused test.
* Add changelog.
* Improve paused test.
* New v2_runner_on_start callback added to indicate the start of execution for a host in a specific task
* Add changelog fragment
* Minor docstring clarification
* Parsing plugin filter may raise TypeError, gracefully handle this exception
and let user know about the syntax error in plugin filter file.
* Test for plugin_filtering
Fixes: #46658
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* docker_image: Fix up 'changed' event in force mode
This is the same as https://github.com/ansible/ansible/pull/19235 except it applies to all image-building modes (building the image locally, loading the image from an archive, or pulling the image), rather than only when pulling the image.
* Use 'dummy' rather than '_' as unused variable name.
* Add changelog fragment for pull request #33754
* integration test for docker_swarm_service
* ensure stack de-initialization
* Set default value for 'configs' parameter to None
Docker-py uses None as a default value for configs.
Using the same default here allows to create services on older docker
setups (docker_api<1.30).
* Set default value for 'update_order' parameter to None
Docker-py uses None as a default value for update_order.
Using the same default here allows to create services on older docker
setups (docker_api<1.29)
* Set default value for 'publish.mode' parameter to None
Docker-py uses None as a default value for publish_mode.
Using the same default here allows to create services on older docker
setups (docker_api<1.32)
* Allow tests to run on older version of docker.
* remove workarounds for old docker versions
* test correct swarm cleanup
* changelog fragment for docker_swarm_service defaults change
* Add support for POST-as-GET if GET fails with 405.
* Bumping ACME test container version to 1.4. This includes letsencrypt/pebble#162 and letsencrypt/pebble#168.
* Also use POST-as-GET for account data retrival.
This is not yet supported by any ACME server (see letsencrypt/pebble#171),
so we fall back to a regular empty update if a 'malformedRequest' error is
returned.
* Using newest ACME test container image.
Includes letsencrypt/pebble#171 and letsencrypt/pebble#172, which make Pebble behave closer to the current specs.
* Remove workaround for old Pebble version.
* Add changelog entry.
* First try POST-as-GET, then fall back to unauthenticated GET.
* Don't die when get_container is called for container which is terminating during get_container call.
If it terminates between client.containers() and client.inspect_container(),
the module will fail with an error such as
Error inspecting container: 404 Client Error: Not Found ("No such container: xxx")
* Add changelog.
* Add Support of healthcheck in docker_container module
Fixes#33622
Now container can be started with healthcheck enabled
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* Extend docker_container healthcheck (#1)
* Allowing to disable healthcheck.
* Added test for healthcheck.
* Make sure correct types are used.
* Healthcheck needs to be explicitly disabled with test: ['NONE'].
* pep8 fixes
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* Fix bug if healthcheck interval is 1 day or more
`timedelta` object has days too and seconds are up to one day.
Therefore use `total_seconds()` to convert time into seconds.
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* Add test for healthcheck when healthcheck is not specified
This is to avoid the situation when healthcheck is not specified and
treat this as healthcheck is changed or removed.
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* Convert string syntax for healthcheck test to CMD-SHELL
Also add another test case to check idempotency when healthcheck test
is specified as string
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* Playbook fails if minimun docker version is not satisfy for healthcheck
This is to make more consistent with other non-supported options.
Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com>
* WinRM/PSRP: Ensure shell returns UTF-8 output
This PR makes UTF-8 output work in PSRP shells.
* Add win_command and win_shell integration tests
* Fix tests
* more test fixes
* Behave better if auto_remove and output_logs are combined. Warn if output cannot be retrieved because of auto_remove.
* Add tests.
* Added changelog.
This reverts commit 0e933f76ba.
The tests for this were broken on centos6 because jinja2 does not have
a map filter on that platform. Tests need to be rewritten
* Fix AWS EC2 inventory plugin caching of groups
* Added changelog fragment for aws_ec2 caching fix
* Store the AWS query results
The underlying inventory object contains inventory from other sources,
so caching it as ours would be wrong.
It seems easiest and safest to just cache the boto query results
instead.
* Remove unused functions
* Add runtime option to docker_container module
Signed-off-by: Antoine Bardoux <abardoux@nvidia.com>
* Add changelog fragment
Signed-off-by: Antoine Bardoux <abardoux@nvidia.com>
* Add idempotency test for docker_container.runtime
Signed-off-by: Antoine Bardoux <abardoux@nvidia.com>
This should provide a startup time speed boost at the expense of making
it harder to get ansible to use newer versions of packages than are
provided by the platform.
* reboot: Add timeout in error to help troubleshooting
So we've been hit by 'Timed out waiting for boot_time check' and it was
unclear what timeout was used for the boot_time check. By adding the
timeout value it is easier to understand the used value, and verify if a
change to the timeout is reflected in the output.
* Add changelog fragment
* removed hardcoded loader/plugins list
* updated a few errors to keep orig object
* fix httpapi/cliconf listing
* ansible-doc fixes
* show undocumented as UNDOCUMENTEd
* added missing undoc
* An earlier optimization of ansible-doc -l caused failures.
The optimization quickly searches the plugin code for short_description
fields and then uses that in the -l output. The searching was a bit too
naive and ended up pulling out malformed yaml. This caused those
plugins to be omitted from the list of plugins of that type with
a warning that their documentation strings were wrong.
This change makes the documentation parser aware that the documentation
string could have a relative indent for all of its fields which makes it
robust in the face of this particular problem.
* Don't search for space after short_description:
Any whitespace would be valid. In particular newline
Python sets the SIGPIPE handler to SIG_IGN. On execv() signal handlers are
reset to their defaults, EXCEPT those that are SIG_IGN which are left ignored.
In Python 3 subprocess.popen explicitly resets the SIGPIPE handler to SIG_DFL,
but unfortunately in Python 2.7 it does not. This leads to subprocesses being
executed with SIGPIPE ignored. This is often a problem with bash scripts which
rely on SIGPIPE to terminate commands in a pipe, but can easily be a problem
with other applications.
This implements the Python 3 behaviour for Python 2.7 by using a preexec_fn.
* Locate prtdiag even when absent from /usr/bin
On Solaris 8 hosts, this prevents fact collection from aborting with:
Argument 'args' to run_command must be list or string
* Lint fix.
* Style: pass /usr/platform/.../sbin as optional path to get_bin_path().
* allow update_cache as stand alone operation for yum/dnf
Fixes#40068
Signed-off-by: Adam Miller <admiller@redhat.com>
* make sanity tests happy
Signed-off-by: Adam Miller <admiller@redhat.com>
* Add chdir support to win_package
* Add chdir support to uninstall too.
* Update docs to account for uninstall.
* Correct variable substitution for hashtable.
* added changelog fragment
* Allow to specify images by hash for docker_container and docker_image_facts.
* flake8
* More sanity checks.
* Added changelog.
* Added test.
* Make compatible with Python < 3.4.
* Remove out-commented imports.
* Don't simply ignore container in present() if image is not specified.
* Use image from existing container for recreation if not specified.
* Added changelog.
* Improve comment.
* macports: Replace update_ports with selfupdate
- Macports discourages use of `port sync` and recommends using `port
selfupdate` instead.
- Keep `update_cache` and `update_ports` as aliases.
- No longer require the `name` parameter so that `selfupdate` can be
used in a task by itself.
* macports: Add upgrade parameter
- New upgrade parameter which can be used to upgrade all outdated ports.
* Add changelog fragment
* win_exec: refactor PS exec runner
* more changes for PSCore compatibility
* made some changes based on the recent review
* split up module exec scripts for smaller payload
* removed C# module support to focus on just error msg improvement
* cleaned up c# test classifier code
* fix callback Plugin json to support global stat set by set_stats module
* refactor to not break compatiblity, add trailing comma on output dict
* Remove sorted, as it not needed
* refactor, to sivels better code
* clean some code messup
* add changelog fragment
* added missing new line
* fix pep8 stuff
* docker_container: Honour stop_timeout when creating docker containers (#43814)
* Adjusting description to what actually happens.
See docker-py changelog for 2.7.0: 'APIClient.stop will
no longer override the stop_timeout value present in the
container’s configuration.'
* Add a test whether stop_timeout can be configured for the container.
* Added changelog.
* Integrate with comparisons (by default, ignore stop_timeout value for restarts; will be configurable with PR ansible/ansible#44789).
* Fix config change code and tests (#2)
* Improving wildcard test.
* Using correct config.
This prevents a stack trace in Python 3 when the result is an empty file since
the file is open in binary mode and a native string in Python 3 is str,
not bytes.
The stdout and stderr values returned from self._low_level_execute() are text, not bytes. This results in an error in Python 3 since str and bytes cannot be concatenated.
Changing to unicode type allows this to work without error on Python 2 and Python 3.
* Ensure that the value of PLUGIN_FILTERS_CFG is treated as type=path, and that we use the standard section of 'defaults' instead of 'default'
* deprecate the default section
* Don't add version_added for the corrected section
* Sorting args.
* Doing comparisons of options with container parameters in a more context-sensitive way.
This prevents unnecessary restarts, or missing restarts (f.ex. if parameters are removed from ``cmd``).
* Make blkio_weight work.
* Fix cap_drop idempotency problem.
* Making groups idempotent if it contains integers.
* Make cpuset_mems work.
* Make dns_opts work.
* Fixing log_opts: docker expects string values, returns error for integer.
* Adding tests from felixfontein/ansible-docker_container-test#2.
* Make uts work.
* Adding changelog entry.
* Forgot option security_opts.
* Fixing typo.
* Explain strict set(dict) comparison a bit more.
* Improving idempotency tests.
* Making dns_servers a list, since the ordering is relevant.
* Making dns_search_domains a list, since the ordering is relevant.
* Improving dns_search_domains/dns_servers.
* Fixing entrypoint test.
* Making sure options are only supported for correct docker-py versions.
* fixes#45941
* corrects regression introduced by #26104; when the resource group doesn't exist, the module exits prematurely with an error instead of creating it.
* Ensure that the src file contents is converted to unicode in diff info. Fixes#45717
* Fix up and cleanup
* The diff functionality in the callback plugins should have the
to_text() calls removed since we're now doing it in ActionBase
* catching of UnicodeError and warnings in the callback diff
functionality from 61d01f549f haven't been
needed since we switched to to_text so remove them.
* Add a note to ActionBase's diff function giving an example of when the
diff function will be inaccurate and how to fix it
* Fix callback get_diff() tests
I believe the unittests of callback's get_diff() were wrong. They were
sending in a list where strings were expected. Because previous code
was transforming the lists into strings via their repr, the previous
tests did not fail but they would have formatted the test cases output
in an odd way if we had looked at it.
* win async: use async_dir for the async results file directory
* tried to unify POSIX and PowerShell async implementations of async_dir
* fix sanity issue
* Fix targets that may be a list containing strings and lists which worked prior to 2.6.
* Add ec2_group integration tests for lists of nested targets
* changelog
* Add diff mode support for lists of targets containing strings and lists.
* win_script: add support for become and centralise exec wrapper builder
* satisfying the pep8 gods
* do not scan for module dependencies when running as a script
* expect ssh_key_data to be a string instead of path
ssh_key_data should be a string filled with the private key
the old behavior can be archived with a lookup
Fixes#45119
* clarifies ssh_key_data description, adds newline
* Add definitive to valid_simple_controls in pamd module
* Add changelog fragment for issue 44278
* Adjusted module name to not include path or extension
* Add elapsed return value to select modules
It can be quite useful to know exactly how much time has elapsed
downloading/waiting. This improves existing modules or updates
documentation.
* Ensure elapsed is always returned
* Added changelog fragment
* Add new session parameter to win_psexec
* Indicate which version the session option was added in
* Added changelog fragment and minor edit on doc entry
* YUM4/DNF compatibility via yum action plugin
DNF does not natively support allow_downgrade as an option, instead
that is always the default (not configurable by the administrator)
so it had to be implemented
- Fixed group actions in check mode to report correct changed state
- Better error handling for depsolve and transaction errors in DNF
- Fixed group action idempotent transactions
- Add use_backend to yum module/action plugin
- Fix dnf handling of autoremove (didn't used to work nor had a
default value specified, now does work and matches default
behavior of yum)
- Enable installroot tests for yum4(dnf) integration testing, dnf
backend now supports that
- Switch from zip to bc for certain package install/remove test
cases in yum integration tests. The dnf depsolver downgrades
python when you uninstall zip which alters the test environment
and we have no control over that.
- Add changelog fragment
- Return a pkg_mgr fact if it was not previously set.
* Share the implementation of hashing for both vars_prompt and password_hash.
* vars_prompt with encrypt does not require passlib for the algorithms
supported by crypt.
* Additional checks ensure that there is always a result.
This works around issues in the crypt.crypt python function that returns
None for algorithms it does not know.
Some modules (like user module) interprets None as no password at all,
which is misleading.
* The password_hash filter supports all parameters of passlib.
This allows users to provide a rounds parameter, fixing #15326.
* password_hash is not restricted to the subset provided by crypt.crypt,
fixing one half of #17266.
* Updated documentation fixes other half of #17266.
* password_hash does not hard-code the salt-length, which fixes bcrypt
in connection with passlib.
bcrypt requires a salt with length 22, which fixes#25347
* Salts are only generated by ansible when using crypt.crypt.
Otherwise passlib generates them.
* Avoids deprecated functionality of passlib with newer library versions.
* When no rounds are specified for sha256/sha256_crypt and sha512/sha512_crypt
always uses the default values used by crypt, i.e. 5000 rounds.
Before when installed passlibs' defaults were used.
passlib changes its defaults with newer library versions, leading to non
idempotent behavior.
NOTE: This will lead to the recalculation of existing hashes generated
with passlib and without a rounds parameter.
Yet henceforth the hashes will remain the same.
No matter the installed passlib version.
Making these hashes idempotent.
Fixes#15326Fixes#17266Fixes#25347 except bcrypt still uses 2a, instead of the suggested 2b.
* random_salt is solely handled by encrypt.py.
There is no _random_salt function there anymore.
Also the test moved to test_encrypt.py.
* Uses pytest.skip when passlib is not available, instead of a silent return.
* More checks are executed when passlib is not available.
* Moves tests that require passlib into their own test-function.
* Uses the six library to reraise the exception.
* Fixes integration test.
When no rounds are provided the defaults of crypt are used.
In that case the rounds are not part of the resulting MCF output.
* Switch to LiteralPath instead of Path. Closes#44508
* add changelog fragment
* fix line endings and remove final empty line
* Minor text changes in changelog
* elb_application_lb: fix dangerous default of deleting an ELB if state is omitted by changing state to default to present to be more like other AWS modules
* expend checksum format to <algorithm>:(<checksum>|<url>)
* continue to code at office
* ALPHA - expend checksum format to <algorithm>:(<checksum>|<url>)
* clean up tmpfile and comment
* try to add test code for 27617
* try to add test code for 27617
* try to add test code for 27617
* try to fix [Could not find or access 'testserver.py']
* fix test code [Could not find or access 'testserver.py']
* fix test code [add files dir]
* fix test code [files dir not exists]
* as [connection was closed before a valid response was received]
* [connection was closed before a valid response was received]
* [connection was closed before a valid response was received]
* add test item [sha1 and sha256]
* since [connection was closed before a valid response was received]
* fix [connection was closed before a valid response was received]
* fix test code typo
* add docs for #27617
* PR #43751 is minor change
* fix pep8 issue.
* fix test code style.
* fix unexpected quote
* Add (preview) diff mode support ec2_group
* Add diff mode to some ec2_group integration tests
* Remove unnecessary arguments and add comment to the module notes
* Add changelog
In python 3.7.0, changes in `ssl.py` breaks `smtplib.SMTP_SSL`, which
then breaks `mail` module in ansible.
Run this line in python shell:
import smtplib;smtplib.SMTP_SSL().connect(host='smtp.gmail.com', port=465)
Before python 3.7.0, we will get:
(220, b'smtp.gmail.com ESMTP j13-v6sm3086685pgq.56 - gsmtp')
In python 3.7.0, we get such error at `lib/python3.7/ssl.py` line 843, method `_create`:
ValueError: server_hostname cannot be an empty string or start with a leading dot.
The ssl module is using host info on SMTP_SSL instance, which is not set.
The fix/workaround is simple, just pass host info to it:
import smtplib;smtplib.SMTP_SSL(host='smtp.gmail.com').connect(host='smtp.gmail.com', port=465)
Fixes: #44550
Signed-off-by: Guo Qiao <guoqiao@gmail.com>
Extends `module_defaults` by adding a prefix to defaults `group/` which denotes a builtin list of modules. Initial groups are: `group/aws`, `group/azure`, and `group/gcp`
* added account_alias in the response of module aws_caller_facts
* added comment to explain list_account_aliases
* renamed caller_identity to caller_facts as the content is extended
* created changelog
* security-policy needs the iam:ListAccountAliases for this module to work
* test now checks for the added field account_alias
* gracefully handle missing iam:ListAccountAliases permission
* Use newer is_sequence function instead of MutableSequence. Fixes#44327
* Add changelog for #44331
* Update changelog fragment to describe the fix in more detail
* Don't use copy.deepcopy in high workload areas, use deepishcopy. ci_complete
* Add tests
* Add changelog fragment
* rename to naive_deepcopy and add extra docs
* Rename to module_response_deepcopy and move to vars/clean
One can install alternate packages managers on debuntu machines.
However, doing so doesn't mean you want to suddenly start using them.
Add in a check similar to the fedora yum/dnf check that sets apt as the
pkg_mgr if the ansible_os_family is Debian.
* Add backup option
* Only backup shadow file when the OS has one
* Only backup shadow file for SunOS
* Update docs on backup feature
* Add changelog fragment
* Add tests for shadow backup
* Remove backup option, make it automatic
Remove the option to enable/disable backups and make it automatic. Add note to docs describing this behavior.
Change tests to account for new module behavior.
Change section name in changelog fragment since minor_features is not a valid section.
* strip additional comments from /etc/default/passwd
Strip trailling comments from /etc/default/passwd like
MINWEEKS=1 #MINWEEKS=2
MAXWEEKS=12 # MAXWEEKS=8
Which otherwise cause failures with "failed to read /etc/default/passwd: too many values to unpack"
* fix carriage return typo in commit
* yet another typo in commit
* Fix indent problem
* add changelog fragment for PR 43931
* 29891 use os.path.realpath to follow keyfile symlinks
* 29891 add parameter follow
* updated changelog fragment
* add documentation and set default to false
* Only template values in vars_prompt rather than all vars
This allows the use of variables in vars_prompt fields but allows variables entered in the prompt to affect play vars rather than throwing an undefined error.
Only post validate if there was a vars_prompt
* Add tests for vars_prompt
* Check the password format
Check the password format and notify user if they
input unencrypted password.
* Fix sanity error
* Add integration test
* Missed a task name
* Hard code the testing password
Since some testing platfrom has no passlib installed
* Add changelog fragment
* Rework some English sentences
* Fix a grammar mistake
The bundled selectors library which is used by the local and ssh
connection plugins had a bug which caused a traceback in a cornercase.
If selectors were in use and a syscall was interrupted, selectors would
attempt to restart the syscall after the interrupt was processed. if
the attempt determined that the timeout for running the syscall had
already expired, the code attempted to raise OSError. The raise was
using a Python3-ism and needed to be ported to work on Python2.
Fixes#41630
* Collecting PEM -> DER conversions.
* Using cryptography instead of OpenSSL binary in some situations.
* Moving key-to-disk writing for key content to parse_account_key.
* Rename parse_account_key -> parse_key.
* Move OpenSSL specific code for key parsing and request signing into global functions.
* Also using cryptography for key parsing and request signing.
* Remove assert statements.
* Fixing handling of key contents for cryptography code path.
* Allow to disable the use of cryptography.
* Updating documentation.
* 1.5 seems to work as well (earlier versions don't have EC sign function). Making Python 2.x adjustments.
* Changing option to select_crypto_backend.
* Python 2.6 compatibility.
* Trying to test both backends separately for acme_account.
* Also testing both backends separately for acme_certificate and acme_certificate_revoke.
* Adding changelog entry which informs about select_crypto_backend option in case autodetect fails.
* Fixing YAML.
they dropped the Linux so now it only shows as ALT, it should still be backwards compatible
pkg_mgr detection relies on `Altlinux` string, so properly setting os_distribution should take care of it as side effect
fixes#43539
* Remove use of simplejson throughout code base. Fixes#42761
* Address failing tests
* Remove simplejson from contrib and other outlying files
* Add changelog fragment for simplejson removal
Only print warning when ansible.cfg is actually skipped
* Also add unittests for the find_ini_config_file function
* Add documentation on world writable current working directory
config files can no longer be loaded from a world writable current
working directory but the end user is allowed to specify that
explicitly. Give appropriate warnings and information on how.
Fixes#42388
On Python3, these would be text strings already. On Python2, we need to
convert them from bytes.
Use a new helper function py3compat to do this.
Fixes#43207
Some distribtuions like SUSE has the rc%.d directories under /etc/init.d
Quote of /etc/rc.d.README on SLES11.
"Some people expect the system startup scripts in /etc/rc.d/.
We use a slightly different structure for better LSB compliance."
* Add Ansible.ModuleUtils.PrivilegeUtil and converted code to use it
* Changed namespace and class to be a better standard and fixed some typos
* Changes from review
* changes to avoid out of bound mem of server 2008
* changes to detect failure when setting a privileged not allowed
Now that we don't need to worry about python-2.4 and 2.5, we can make
some improvements to the way AnsiballZ handles modules.
* Change AnsiballZ wrapper to use import to invoke the module
We need the module to think of itself as a script because it could be
coded as:
main()
or as:
if __name__ == '__main__':
main()
Or even as:
if __name__ == '__main__':
random_function_name()
A script will invoke all of those. Prior to this change, we invoked
a second Python interpreter on the module so that it really was
a script. However, this means that we have to run python twice (once
for the AnsiballZ wrapper and once for the module). This change makes
the module think that it is a script (because __name__ in the module ==
'__main__') but it's actually being invoked by us importing the module
code.
There's three ways we've come up to do this.
* The most elegant is to use zipimporter and tell the import mechanism
that the module being loaded is __main__:
* 5959f11c9d/lib/ansible/executor/module_common.py (L175)
* zipimporter is nice because we do not have to extract the module from
the zip file and save it to the disk when we do that. The import
machinery does it all for us.
* The drawback is that modules do not have a __file__ which points
to a real file when they do this. Modules could be using __file__
to for a variety of reasons, most of those probably have
replacements (the most common one is to find a writable directory
for temporary files. AnsibleModule.tmpdir should be used instead)
We can monkeypatch __file__ in fom AnsibleModule initialization
but that's kind of gross. There's no way I can see to do this
from the wrapper.
* Next, there's imp.load_module():
* https://github.com/abadger/ansible/blob/340edf7489/lib/ansible/executor/module_common.py#L151
* imp has the nice property of allowing us to set __name__ to
__main__ without changing the name of the file itself
* We also don't have to do anything special to set __file__ for
backwards compatibility (although the reason for that is the
drawback):
* Its drawback is that it requires the file to exist on disk so we
have to explicitly extract it from the zipfile and save it to
a temporary file
* The last choice is to use exec to execute the module:
* https://github.com/abadger/ansible/blob/f47a4ccc76/lib/ansible/executor/module_common.py#L175
* The code we would have to maintain for this looks pretty clean.
In the wrapper we create a ModuleType, set __file__ on it, read
the module's contents in from the zip file and then exec it.
* Drawbacks: We still have to explicitly extract the file's contents
from the zip archive instead of letting python's import mechanism
handle it.
* Exec also has hidden performance issues and breaks certain
assumptions that modules could be making about their own code:
http://lucumr.pocoo.org/2011/2/1/exec-in-python/
Our plan is to use imp.load_module() for now, deprecate the use of
__file__ in modules, and switch to zipimport once the deprecation
period for __file__ is over (without monkeypatching a fake __file__ in
via AnsibleModule).
* Rename the name of the AnsiBallZ wrapped module
This makes it obvious that the wrapped module isn't the module file that
we distribute. It's part of trying to mitigate the fact that the module
is now named __main)).py in tracebacks.
* Shield all wrapper symbols inside of a function
With the new import code, all symbols in the wrapper become visible in
the module. To mitigate the chance of collisions, move most symbols
into a toplevel function. The only symbols left in the global namespace
are now _ANSIBALLZ_WRAPPER and _ansiballz_main.
revised porting guide entry
Integrate code coverage collection into AnsiballZ.
ci_coverage
ci_complete
One of the earlier implementation of unified temp for 2.4 passed the
temp diretory to the remote side using this environment variable. We
later changed it to be passed via a module parameter but forgot to
remove the environment variable.
* Support multi-doc yaml in the from_yaml filter
* Most automatic method of handling multidoc
* Only use safe_load_all
* Implement separate filter
* Update plugin docs and changelog
Allow specifying the source and destination files' encodings in the template module
* Added output_encoding to the template module, default to utf-8
* Added documentation for the new variables
* Leveraged the encoding argument on to_text() and to_bytes() to keep the implementation as simple as possible
* Added integration tests with files in utf-8 and windows-1252 encodings, testing all combinations
* fix bad smell test by excluding windows-1252 files from the utf8 checks
* fix bad smell test by excluding valid files from the smart quote test
* win_user: use different method to validate credentials that does not rely on SMB/RPC
* Use Add-Type as SetLastError on .net reflection not working on 2012 R2
* win_chocolatey: refactor module to fix bugs and add new features
* Fix some typos and only emit install warning not in check mode
* Fixes when testing out installing chocolatey from a server
* Added changelog fragment
* Enable check_mode in command module
This only works if supplying creates or removes since it needs
something to base the heuristic off. If none are supplied it will just
skip as usual.
Fixes#15828
* Add documentation for new check_mode behavior
* Update nclu.py
Stop module from running `net` on empty commands.
* Update nclu.py
Updated the copyright date
* Update nclu.py
Returned metadata version to 1.1
* Update nclu.py
Fix indentation to be a multiple of 4.
* Create changelog fragment
* Only report change when home directory is different
Add tests with home: parameter
Have to skip macOS for now since there is a bug when specifying the home directory path for an existing user that results in a module failure. That needs to be fixed in a separate PR.
* fix a (forgotten?) change in moving createhome -> create_home
Fix for following bug on FreeBSD host whith user module:
```
fatal: [webssp]: FAILED! => {"changed": false, "module_stderr": "X11 forwarding request failed
Traceback (most recent call last):
File \"/tmp/ansible_2rmlBl/ansible_module_user.py\", line 2487, in <module>
main()\n File \"/tmp/ansible_2rmlBl/ansible_module_user.py\", line 2426, in main
(rc, out, err) = user.modify_user()
File \"/tmp/ansible_2rmlBl/ansible_module_user.py\", line 1011, in modify_user
if (info[5] != self.home and self.move_home) or (not os.path.exists(self.home) and self.createhome):
AttributeError: 'FreeBsdUser' object has no attribute 'createhome'
", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1}
```
It happenned with 'createhome' AND with 'create_home' form, with python 2.7 AND python 3.6
* Add changelog
Co-authored-by: dgeo <dgeo@users.noreply.github.com>
* win_reboot: fix 2.6 issues and better handle post reboot reboot
* changed winrm _reset to reset
* Add handler to reset calls when .reset() throws an AnsibleError on older hosts
* Moving back to _reset to get the issue fixed
The ssh connection plugin is overzealous in thinking that error code 255
can only come from ssh. Python can return 255 in some circumstances and
error from php does as well.
* __file__ won't work if we want to invoke modules via -m or if we
figure out how to keep modules from hitting the disk with pipelining.
* module.tmpdir is the new way to place a file where it will be cleaned
automatically.
Change format string to not depend on __file__:
* cloud/amazon/ec2_elb_lb.py
* cloud/amazon/elb_classic_lb.py
Use module.tempdir:
* packaging/os/apt.py
* files/unarchive.py
* Add additional puppet options
Add support for puppet options --debug, --verbose, --summary,
and extend logdest to support logging to stdout and syslog at
the same time.
Fixes issue: #37986
* Fix docs
* Doc fix, add release note
* Fix silly yaml error
* Correct changelog, add C() to params in doc
* Fix tmpdir on non root become
- also avoid exception if tmpdir and remote_tmp are None
- give 'None' on deescalation so tempfile will fallback to it's default behaviour
and use system dirs
- fix issue with bad tempdir (not existing/not createable/not writeable)
i.e nobody and ~/.ansible/tmp
- added tests for blockfile case
* Revert "Temporarily revert c119d54"
This reverts commit 5c614a59a6.
* changes based on PR feedback and changelog fragment
* changes based on the review
* Fix tmpdir when makedirs failed so we just use the system tmp
* Let missing remote_tmp fail
If remote_tmp is missing then there's something more basic wrong in the
communication from the controller to the module-side. It's better to
be alerted in this case than to silently ignore it.
jborean and I have independently checked what happens if the user sets
ansible_remote_tmp to empty string and !!null and both cases work fine.
(null is turned into a default value controller-side. empty string
triggers the warning because it is probably not a directory that the
become user is able to use).
* Revert "Account for empty string regexp in lineinfile (#41451)"
This reverts commit 4b5b4a760c.
* Use context managers for interacting with files
* Store line and regexp parameters in a variable
* Add warning when regexp is an empty string
* Remove '=' from error messages
* Update warning message and add changelog
* Add tests
* Improve warning message
Offer an equivalent regexp that won't trigger the warning.
Update tests to match new warning.
* Add porting guide entry for lineinfile change
* elasticsearch_plugin - Show STDERR on module failures.
I tried to install a ES plugin without
become: yes
and found after debugging the module that the module failed ude to permission issues.
The only error message I got was
Is analysis-icu a valid plugin name?
That was strange considering I followed the example documentation by the letter.
I found out that when this module fails, it hides the real reason for failure.
This patch replaces the generic error with more meaningful diagnostics.
* elasticsearch_plugin - Show STDERR on module failures. Changelog fragment
samdoran commented 2 days ago
This looks good. Please create a changelog fragment to go along with this change. See fragments for examples.
* runas + async - get working on older hosts
* fixed up sanity issues
* Moved first task to end of test for CI race issues
* Minor change to async test to be more stable, change to runas become to not touch the disk
* moved async test back to normal spot