* winrm: add better exception handling for krb5 auth with pexpect
* Added changelog fragment
* Added exception handler in case kinit path isn't valid, added test cases
* fixed for Python 2 compatibility
(cherry picked from commit 5e28e282a5)
* Ios test fixes (#40503)
* Return messages generated from edit_config to module
* This does not seem to work that way
* Change test IP addresses to not conflict with device config
* Add test for idempotency with multiple ipv6 addresses assigned
* Do not join flag parameters
This put a comma between every character of the tcp flag parameters, resulting in a bad iptables command.
Fixes#36490
* Use suboptions to ensure tcp_flags options are lists
* Add unit tests for tcp_flags
* Add example of how to use tcp_flags
(cherry picked from commit c9d3bb59a4)
* winrm: source user from options than remote_user (#40467)
* winrm: source user from options than remote_user
* fixed up mock for kerberos import
* Added changelog fragment
* get hostname from option as well
(cherry picked from commit 1ac180c74d)
* Also removed uneeded method that wasn't backported
* ec2_vpc_route_table: Update matching_count parsing on find_subnets function and tests
* ec2_vpc_route_table: Update matching_count parsing on find_subnets function
(cherry picked from commit 1905a6e8fb)
* Fixing lack of failure when uploaded source is invalid (#37461)
Checking the response status for 400 and throwing exception.
Unit tests updated.
Fixes#37406
(cherry picked from commit 5e990301bb)
* changelog
Previously the test framework (DCI, Zuul) were installing the various
dependencies, this meant the list of what was required was duplicated.
Having everything defined in ansible-test makes it easier for people to
run tests locally.
Also this allows the test to work correctly on Python 2 & Python 3
(cherry picked from commit 27942d937f)
* Fix nested noop block padding in dynamic includes (#38814)
* Fix nested noop block padding in dynamic includes
* Address issues from the review
* Fix typo
(cherry picked from commit 5dd8977cfa)
* Add changelog/fragment for 38814
* [cloud] Make ec2_vpc_route_table wait for the route to propagate (#35975)
* Stabilize ec2_vpc_route_table
Wait for route table to be present before attempting to use it
Sleep before getting the final state of the route table in case modifications are incomplete
* Conditionally wait if changes were made
* Simplify logic
(cherry picked from commit 8fb31ac2f01e7c75d5181510290c99aee22be7ef)
* Route custom waiter (#36922)
This creates a way for us to use boto3's data-driven waiter support to use custom waiters where Boto3 hasn't implemented them yet.
The only waiter implemented so far is for VPC Route Tables to check that they exist, and this replaces some custom retry code.
(cherry picked from commit a40bce2bcbd5a40aee0de2b6ab5f6197bb1c5237)
* Use NormalizedOperationMethod to catch ClientErrors so the waiter can handle them properly (#37356)
(cherry picked from commit c9e8aca26cfc7559e7e8c7970acf06cd30cc7629)
* [cloud] Add custom waiters to stabilize ec2_vpc_subnet module - Fixes#36083 (#37534)
* stabilize ec2_vpc_subnet module
* Add waiters for ec2_vpc_subnet
Clean up integration tests
* Reenable CI for stabilized ec2_vpc_subnet tests
* rename waiters
* Use module_json_aws where applicable
Handle WaiterError first if waiting failed
* Fix traceback when tagging with keys/values that look like booleans
* Fix check mode with tags
* Add integration tests for tags that look like booleans and check mode
* Add waiter for deleting subnet
* Sleep a few seconds after using aws command line
(cherry picked from commit ea943e454c783c6b0ffb91b78131f27cd9bce269)
* Fix sporadic errors in ec2_vpc_subnet integration tests (#38473)
(cherry picked from commit 46f13d343786fa3985cc16cc770762984c7884ac)
* [aws] Skip ec2_vpc_subnet waiters for old botocore versions (#39171)
Fix ec2_vpc_subnet for botocore versions that do not accept the WaiterConfig parameter
(cherry picked from commit 6b91dae21c20006677e1e4adf2a9ff7ad55ca49c)
* [aws] Increase possible wait time for nonmonotonic subnet attributes (#38960)
(cherry picked from commit c4f010704890581a4974e83af03c2e81fb29e58e)
* changelog
* Fixes to improve ios_system idempotency (#38303)
Added detection of additional formatting for domain_name, domain_search,
lookup_source, and lookup_enabled on some software versions. In each
case they failed to detect existing commands with a '-' in it.
Fix: #38301
(cherry picked from commit 67acffb5f2)
* Nxos fixes (#40117)
* Alter nxos_nxapi tests to test the right thing
* Defend #40027
(cherry picked from commit f04c876ecd)
- Works with the --remote option.
- Can be disabled with the --disable-httptester option.
- Change image with the --httptester option.
- Only load and run httptester for targets that require it.
(cherry picked from commit c1f9efabf4)
* Only change expiration date if it is different
Modify user_info() method to also return the password expiration.
Compare current and desired expiration times and only change if they are different.
* Improve formatting on user tests
* Add integration test for expiration
* Add changelog fragment
* Improve integration test
Skip macOS and use getent module for validating expiration date.
* Fix expiration change for FreeBSD
* Don't use datetime since the total_seconds method isn't available on CentOS 6
* Use better name for expiration index field
Use separate tasks for verifying expiration date on BSD
* Use calendar.timegm() rather than time.mktime()
calendar.timegm() is the inverse of time.gmtime() and returns a timestamp in UTC not localtime
Add tests that change the system timezone away from UTC
* Mark tests as destructive and use test for change status
* Fix account expiration for FreeBSD
Use DATE_FORMAT when setting expiration date on FreeBSD. Previously the argument passed to -e was an integer of days since epoch when the account will expire which was inserted directly into master.passwd. This value is interpreted as seconds since epoch by the system, meaning the account expiration was actually set to a few hours past epoch.
Greatly simply comparing desired and current expiration time by using the first three values of the struct_time tuple rather than doing a whole bunch of manipulations of the seconds since epoch.
(cherry picked from commit 5a6bdef76b)
* Remove provider (and transport, where applicable) from consideration
* Add tests that misplaced transport does not fail task
(cherry picked from commit c6270e15a6)
* show version brief does not work on iosxr virtual (#37609)
* show version brief does not work on iosxr virtual
* ci failures fix
(cherry picked from commit 66b389a00d)
* changelog entry
* Handling of configurations blocks with end-* at the end of the block (#39673)
* handle end-policy issue
* revert changes in iosxr cliconf
* fix trailing parents not included in difference
* Moving fix to platform specific fix
* pep 8 issues
(cherry picked from commit ef577b71cc)
* changelog entry
* Fix eos_vlan associated interface check
Fix eos_vlan associated interface check by comparing
the interface in want and have without converting the
interface name to lower
* Update eos_vlan docs
* Update changelog
(cherry picked from commit afdc2364f2)
Fix ios integration test failures in CI. Since the packet transfer and receive rate
on the interface is not determined to remove the tx_rate and rx_rate test conditions
to prevent intermittent failure.
(cherry picked from commit 4c5ac16447)
There was a traceback when setting permissions on a directory tree when
there were broken symlinks inside of the tree and follow=true. chmod -R
ignores broken symlinks inside of the tree so we've fixed the file
module to do the same.
Fixes#39456
(cherry picked from commit 6b159fdb03)
* Fix for file module with symlinks to nonexistent target
When creating a symlink to a nonexistent target, creating the symlink
would work but subsequent runs of the task would fail because it was
trying to operate on the target instead of the symlink.
Fixes#39558
(cherry picked from commit 4f664f8ff6)
* vyos_interface require multiple network nodes to run
We don't have the ability to run these currently, so disable them.
The original logic was also incorrect, the tests don't pass on lab, DCI
nor single instance nodepool, so disable
https://github.com/ansible/ansible/issues/39667 tracks getting these
enabled again
* eth0 -> Gi0/0
* Correctly detect if we should run lldp
* Correctly detect if we should run lldp
(cherry picked from commit 923a81e9e5)
* removed additional check for name parameter
(cherry picked from commit 91357d07f4)
* Added empty default
Fix for issue https://github.com/ansible/ansible/issues/38482
(cherry picked from commit 60a3277103)
* [ec2_ami] Ensure name or image_id is provided for state=present (#38972)
Add integration tests for backward compatibility and ensuring name or image_id is provided
(cherry picked from commit e2aa1155ba)
Fixes#27262
(cherry picked from commit 81b2529159)
Add tests for template with non-ascii filenames
This is a test in response to #27262 but I could not provoke the error
so it only shows that the current code is working with non-ascii
filenames in this case. It doesn't show whether there's some other bug
somewhere.
(cherry picked from commit f91d961cb4)
* [cloud] ec2_vpc_route_table: ignore routes without DestinationCidrBlock
Add module warnings rather than silently skipping
* Permit warnings for routes tables containing vpc endpoints to be turned off
* Add tests to ensure a VPC endpoint associated with a route table does not result in a traceback
(cherry picked from commit da3f7a8db1)
* win_file: Handle [] in paths, fix touch in check mode (#37901)
* win_file: Handle [] in paths, fix touch in check mode
* Fixed typo for p/invoke command
(cherry picked from commit 4b57fa91d0)
* Added changelog fragment for win_file special char fix
(cherry picked from commit 61bcf4740f)
* Ansible.ModuleUtils.FileUtil - Add ability to test non file system provider paths (#39200)
(cherry picked from commit b6afe6946d)
* Added changelog fragment
* Skip self._parent on dynamic, defer to grandparent for attr lookup (#38827)
* Skip self._parent on dynamic, defer to grandparent for attr lookup
* Revert _inheritable
* Add tests for include inheritance from static blocks
Fixes#38037#36194
(cherry picked from commit 354aa8d602)
* Add changelog for #38827
* Consider parent also when comparing IncludedFile (#37083)
* Consider parent also when comparing IncludedFile
* Add new tests for IncludedFile and convert to pytest
(cherry picked from commit cdb79b0e3a)
* Add changelog for #37083
* module_common: set required parameter templar
Fix the following error (related to b455901):
$ ./hacking/test-module -m ./lib/ansible/modules/system/ping.py -I ansible_python_interpreter=/usr/bin/python
Traceback (most recent call last):
File "./hacking/test-module", line 268, in <module>
main()
File "./hacking/test-module", line 249, in main
(modfile, modname, module_style) = boilerplate_module(options.module_path, options.module_args, interpreters, options.check, options.filename)
File "./hacking/test-module", line 152, in boilerplate_module
task_vars=task_vars
File "ansible/lib/ansible/executor/module_common.py", line 910, in modify_module
environment=environment)
File "ansible/lib/ansible/executor/module_common.py", line 736, in _find_module_utils
shebang, interpreter = _get_shebang(u'/usr/bin/python', task_vars, templar)
File "ansible/lib/ansible/executor/module_common.py", line 452, in _get_shebang
interpreter = templar.template(task_vars[interpreter_config].strip())
AttributeError: 'NoneType' object has no attribute 'template'
* module_common.modify_module: templar is required
(cherry picked from commit 7908f78fa6)
* fix inventory plugin source caching
- avoid caching invetnory sources in loader in base
- same fix for yaml plugin
- idem for 'auto' plugin
fixes#37162
* fix mock dataloader func sig
(cherry picked from commit 886c4edfb9)
This offers an optimization that allows loading larger
inventories of various structure by improving the
scaling laws involved for adding hosts and groups.
The primary speed benefit is the elimination of duplicate
recusion from traversing converging paths.
(cherry picked from commit 153c9bd539)
If user does not specify any network type then set network type
to dhcp. There are additional checks around 'ip', 'netmask' and
'type' in network spec.
Fixes: #38466
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 9b139baacb)
* fix for when status codes are provided as a comma separated list (#38080)
* fix for when status codes are provided as an array of strings
* convert status codes to int, additional tests
(cherry picked from commit c38617a736)
* Added changelog fragment
* Fix 'New Vault password' on vault 'edit'
ffe0ddea96 introduce a
change on 'ansible-vault edit' that tried to check
for --encrypt-vault-id in that mode. But '--encrypt-vault-id'
is not intended for 'edit' since the 'edit' should always
reuse the vault secret that was used to decrypt the text.
Change cli to not check for --encrypt-vault-id on 'edit'.
VaultLib.decrypt_and_get_vault_id() was change to return
the vault secret used to decrypt (in addition to vault_id
and the plaintext).
VaultEditor.edit_file() will now use 'vault_secret_used'
as returned from decrypt_and_get_vault_id() so that
an edited file always gets reencrypted with the same
secret, regardless of any vault id configuration or
cli options.
Fixes#35834
(cherry picked from commit 6e737c8cb6)
* openssl_certificate: Handle dump() in check_mode (#38386)
Currently, when ones run the module in check_mode it tries to retrieve
values from the actual certificate generated in the generate() function.
Since in check_mode we call dump() without calling generate(), self.cert
is None, leading to self.cert.get_notBefore(), self.cert.get_notAfter()
and self.cert.get_serial_number() raising an error.
> NoneType' object has no attribute 'get_notBefore'
The solution is to have two way to handle dump() method, whether its run
in check_mode=True or check_mode=False leading to different way the
information is retrieved.
(cherry picked from commit 99497ce54c)
* added eos_smoke tests
* removed left over file
* added note to uncomment broken eapi test when #36919 is fixed
* uncommented fixed test, added unbecome test
* skip become tests when connection=local
(cherry picked from commit 712d30f46c)
Jordan Borean