Commit Graph

251 Commits (dfd8b659c0fbf9032e2ca24c0e36bd8755d27614)

Author SHA1 Message Date
Brian Coca 50b40c47df aws_ec2 Implement the missing 'region discovery' (#51333)
* aws_ec2 Implement the missing 'region discovery'

  fixes #45288

  tries to use api as documented (which seems to fail in latest boto3 versions)
  and fallback to boto3 'hardcoded' list of regions

* fixes and cleanup, add error for worst case scenario

* fix tests, remove more unused code

* add load_name

* acually load the plugin

* set plugin as required

* reverted test changes, removed options tests

* fixes as per feedback and cleanup
6 years ago
Sam Doran 9d4c0dc111 Catch sshpass authentication errors and don't retry multiple times to prevent account lockout (#50776)
* Catch SSH authentication errors and don't retry multiple times to prevent account lock out

Signed-off-by: Sam Doran <sdoran@redhat.com>

* Subclass AnsibleAuthenticationFailure from AnsibleConnectionFailure

Use comparison rather than range() because it's much more efficient.

Signed-off-by: Sam Doran <sdoran@redhat.com>

* Add tests

Signed-off-by: Sam Doran <sdoran@redhat.com>

* Make paramiko_ssh connection plugin behave the same way

Signed-off-by: Sam Doran <sdoran@redhat.com>

* Add changelog

Signed-off-by: Sam Doran <sdoran@redhat.com>
6 years ago
Martin Krizek 4c72ef124b tqm._initialize_notified_handlers() is noop now (#50713) 6 years ago
Ricardo Carrillo Cruz f9079274e7
Checkpoint httpapi plugin (#49929)
* Add checkpoint httpapi plugin and access rule facts module

* WIP checkpoint_access_rule module

* Add publish and install policy, plus fix empty json object request for publish

* Refactor publish and install_policy onto module_utils

* Add update resource logic

* Add checkpoint_host_facts module

* Return code and response on get_acess_rule function

* Add checkpoint_host module

* Add checkpoint_run_script module

* Add checkpoint_task_facts module

* Show all tasks if no task id is passed

Note, this is only available on v1.3 of Checkpoint WS API

* Add update logic to checkpoint host

* Add full details on get task call

* Add checkpoint httpapi plugin

* Fix pep8

* Use auth instead of sid property and return False on handle_httperror method

* Fix version in docstring

* Remove constructor

* Remove Accept from base headers

* Do not override http error handler and assign Checkpoint sid to connection _auth

There is scaffolding in the base class to autoappend the token, given
it is assigned to connection _send

* Use new connection queue message method instead of display

* Remove unused display

* Catch ValueError, since it's a parent of JSONDecodeError

* Make static methods that are not used outside the class regular methods

* Add missing self to previously static methods

* Fix logout

Was carrying copy pasta from ftd plugin

* Remove send_auth_request

* Use BASE_HEADERS constant

* Simplify copyright header on httpapi plugin

* Remove access rule module

* Remove unused imports

* Add unit test

* Fix pep8

* Add test

* Add test

* Fix pep8
6 years ago
Toshio Kuratomi afdbb0d9d5 Save the command line arguments into a global context
* Once cli args are parsed, they're constant.  So, save the parsed args
  into the global context for everyone else to use them from now on.
* Port cli scripts to use the CLIARGS in the context
* Refactor call to parse cli args into the run() method
* Fix unittests for changes to the internals of CLI arg parsing
* Port callback plugins to use context.CLIARGS
  * Got rid of the private self._options attribute
  * Use context.CLIARGS in the individual callback plugins instead.
  * Also output positional arguments in default and unixy plugins
  * Code has been simplified since we're now dealing with a dict rather
    than Optparse.Value
6 years ago
Yannig Perré 6b41588e93 Fix with_ini example and unittest
* Fix example in ini.py
* Fix unittest in test_ini.py to pass CI as latest ansible returns list in
  different order. To prevent such issues in future results are sorted
* PEP8 E501 styling improvements

Co-Authored-By: Sergii Golovatiuk <sgolovat@redhat.com>
6 years ago
Toshio Kuratomi 3fba006207 Update bare exceptions to specify Exception.
This will keep us from accidentally catching program-exiting exceptions
like KeyboardInterupt and SystemExit.
6 years ago
Abhijeet Kasurde 013c42b14f
Misc typo fixes (#49816)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
6 years ago
Matt Martz 2a469fd959 Consolidate handler tracking (#49338)
* Consolidate handler tracking
  -  Remove unused code. ci_complete
  - unit test fixes. ci_complete
  - Restore previous behavior of matching a single handler
  - when notifying a host for a handler, return True if it was added, False otherwise, to reduce copied logic
  - rename funcitons for clarity. ci_complete
  - Remove handler logic for static includes which was disabled previously
6 years ago
Toshio Kuratomi c817bef3ae Fix for callback plugins on Python3 when a module returns dictionary keys that aren't strings
This fixes one of the problems reported in https://github.com/ansible/ansible/issues/49343

Upstream Python3 bug for the json traceback:
https://bugs.python.org/issue25457

and PR that may fix it:
https://github.com/python/cpython/pull/8011
6 years ago
Lars Kellogg-Stedman bafc1f8a41 fix constructed functionality in openstack inventory plugin (#48833)
* test for openstack inventory constructed functionality

this adds unit tests for the compose, groups, and keyed_var features
of the openstack inventory plugin

* fix constructed functionality in openstack inventory plugin

The compose, groups, and keyed_groups functionality of the openstack
inventory plugin was broken:

- the plugin was not passing the correct variables to the
  Constructable methods for compose and groups
- the plugin was simply never calling the appropriate method for
  implementing keyed_groups

This commit fixes both issues.
6 years ago
Anton Nikulin 9770ac70f9 FTD modules: upsert functionality and bug fixes (#47747)
* FTD modules: bug fixes and upsert functionality

* Fix sanity checks

* Fix unit tests for Python 2.6

* Log status code for login/logout

* Use string formatting in logging
6 years ago
Jack Haden-Enneking 15e77ebfe8 ipaddr filter - return a network address when given an address with /32 subnet (#47539)
* fix #17872

* add changelog fragment and enable unit test
6 years ago
Michael Cassaniti a2f3f16930 win_updates: Add post search category matching to support product matching (#45708)
* win_update: Add post search category matching to support product matching

* win_updates: Return categories of each update

* win_updates: Documentation fix-up

* win_updates: Adjusted documentation to reflect regex vs sub-string match of post-cat strings

* win_updates: Sped up post-category checking

* win_updates: Updated documentation to suggest querying post-category strings

* win_updates: Simplified saving and checking post-categories

* fixed some issues and added filtered categories to return value

* win_updates: Moved all category matching to occur after initial search

* win_updates: Adjustments to satisfy PowerShell lint checks

* win_updates: Dropped category validation from action plugin

* win_updates: Documentation updates

* win_updates: Fixed plugin unit tests
6 years ago
Ganesh Nalawade 17fea30841
Revert "enhance recv calls in network_cli (#47345)" (#47731)
This reverts commit c649d0ea32.

The change results in deadlock in network_cli while it is
waiting to check the return value of recv_ready() which
was added in this commit to improve performance
6 years ago
f-bor c649d0ea32 enhance recv calls in network_cli (#47345)
* enhance recv calls in network_cli

* updated network_cli test unit

* enhance recv calls in network_cli

* fix mistake

* better timeout management

* remove exception trigger

* test

* test2

* restore exception and timeout

* ganeshrn's way

* correction

* timeout and exception return
6 years ago
Ganesh Nalawade 335a979f1d
Fix prompt mismatch issue for ios (#47004)
* Fix prompt mismatch issue for ios

Fixes #40884 #44463

*  If the command prompt is matched check if data is
   still pending to be read from buffer.
*  This fix adds a new timer `buffer_read_timeout`
   which will be trigerred after command prompt
   is matched and data is attempted to be read from channel.
   If not data is present of channel the timer will expire
   and response we be returned to calling function.

* Fix unit test failure

* Update to make buffer timeout float

* Update doc and fix review comment

* Fix CI issues

* Update doc

* Fix review comments

* Fix review comments
6 years ago
Matt Clay 37b013aca3
Enable additional pylint rules and resolve issues found. (#47221)
* Resolve unneeded-not.
* Resolve global-at-module-level.
* Resolve useless-import-alias.
* Resolve bad-whitespace.
* Resolve global-variable-not-assigned.
* Resolve logging-not-lazy.
* Resolve comparison-with-itself.
6 years ago
Steve Dodd ee6ab5d5aa Add support for IOS vlan parsing filter. (#40555)
* Add support for IOS vlan parsing filter.
Example usage below:

{% set parsed_vlans = vlans | vlan_parser %}
switchport trunk allowed vlan {{ parsed_vlans[0] }}
{% for i in range (1, parsed_vlans | count) %}
switchport trunk allowed vlan add {{ parsed_vlans[i] }}

* Update test_network.py

Add import statement for filter

* Fixed PEP8 issues relating to comments

* Fix PEP8 issues related to blank lines

* Removed magic numbers for line lengths. This should generalize support
to other IOS-like NOS that use similar methods for listing vlans. The
default arguments for line lengths will still be specific to Cisco IOS.
The unit tests for line length are still specific to Cisco IOS.
6 years ago
Fran Fitzpatrick ab8ed2f84d Add unit tests for junos terminal (#47103) 6 years ago
Matt Clay 3033fd96b0
Move unit test compat code out of `lib/ansible/`. (#46996)
* Move ansible.compat.tests to test/units/compat/.
* Fix unit test references to ansible.compat.tests.
* Move builtins compat to separate file.
* Fix classification of test/units/compat/ dir.
6 years ago
lwm 8d0f823de0 Add a Linode v4 dynamic inventory plugin. (#45902)
* Add a Linode v4 dynamic inventory plugin.

Closes https://github.com/ansible/ansible/issues/44721.

* Use the latest API for accessing host variables.

References:

  * https://github.com/linode/linode_api4-python/issues/141

* Minor docs formating
6 years ago
Brian Coca d3d812b604 avoid tests when ncclient is not installed 6 years ago
Brian Coca 32ec69d827
allow jinja2 unique filter compat (#45637)
* allow jinja2 unique filter compat
* detect if unique is provided, fallback with warning
* handle j2 specific params
* now all filters using unique must pass environment
* added env to tests

also normalized on how we normally import and use exceptoins
6 years ago
Sam Doran b60854357b
Unify terms and UI between 1Password lookups and facts module (#45427)
* Unify login behavior between 1Password lookup plugins and module

- Use the same names for all credential aspects
- Only require the minimal amount of information for each
- Add more examples

* Change parameter terms

- use terms in line with 1Password documentation.
- update examples
- update tests

* Improve error messages in lookup plugin

* Unify onepassword_facts with lookup plugins

- use same methods and logic for signing in or reusing existing session
- unify terms with lookup plugins

* Change rc test for determing login

An rc other than 1 can be returned when a current login session does not exist.

* Create AnsibleModuleError class

ansible.errors is not available to modules, so create an AnsibleModuleError class within the module

Do not user os.path.expanduser since this is already done by virtue of the type being "path" in the argument spec.

* Add note about risk with fact caching sensitive data

* Add note on op version that was used for testing
6 years ago
Matt Martz 95e77ac853
Ensure that the src file contents is converted to unicode in diff info (#45744)
* Ensure that the src file contents is converted to unicode in diff info. Fixes #45717

* Fix up and cleanup

* The diff functionality in the callback plugins should have the
  to_text() calls removed since we're now doing it in ActionBase
* catching of UnicodeError and warnings in the callback diff
  functionality from 61d01f549f haven't been
  needed since we switched to to_text so remove them.
* Add a note to ActionBase's diff function giving an example of when the
  diff function will be inaccurate and how to fix it

* Fix callback get_diff() tests

I believe the unittests of callback's get_diff() were wrong.  They were
sending in a list where strings were expected.  Because previous code
was transforming the lists into strings via their repr, the previous
tests did not fail but they would have formatted the test cases output
in an odd way if we had looked at it.
6 years ago
Nathaniel Case 406b59aeba
Move persistent connections to only use registered variables (#45616)
* Try to intuit proper plugins to send to ansible-connection

* Move sub-plugins to init so that vars will be populated in executor

* Fix connection unit tests
6 years ago
Anton Nikulin b7263eab1d Store Authorization header inside HttpApi connection plugin (#45598) 6 years ago
Jon Dufresne ef67d4074b Prefer io.BytesIO over six; available on all supported Pythons (#45388)
On all supported Pythons, the io.BytesIO is always a stream
implementation using an in-memory bytes buffer. Makes code slightly more
forward compatible by reducing use of the six module.
6 years ago
Matt Clay f7979e4938 Skip ipaddr test that fails on Python 3.7+. 6 years ago
Ganesh Nalawade c0326aea2f
Fix cli_command multiple prompt issue (#44922)
* Add check in network_cli to handle all prompts

* Add check_all flag to mandatory handle all the command prompt
  in prompts list. By default if any one prompt is handled
  remaining prompts are ignored.

* Fix cli_command multiple prompt issue

* If multiple prompt and answers are given as input network_cli
  handles only the first prompt that matched by default
* If a command execution results in muliple prompt the fix
  add support to set a boolean option C(check_all) to indicate
  network_cli to wait till all the prompts and answers are processed.

* Update cli_command

* Update api doc

* Fix unit test failure

* Fix CI failure

* Update network_cli

* Fix review comment
6 years ago
Deepak Agrawal 50c7702e46
cisco firepower : Make API endpoints configurable via hostvars (#44952)
* httpapi host vars

* Make configurable end-points for firepower

* pep8 fix
6 years ago
Sam Doran 8cd8d17980
Add ability to unlock 1Password vault to lookup plugins (#44923)
* Add ability to use login to 1Password vault to 1Password lookups

* Adjust unit tests

* Add changelog
6 years ago
pierremahot d11e078366 adding an option for the filter ipsubnet and testing (#40670)
* adding an option for the filter ipsubnet
6 years ago
Anton Nikulin 40a97d43d1 New modules and updated HTTP API plugin for FTD devices (#44578)
* Add common and Swagger client utils for FTD modules

* Update FTD HTTP API plugin and add unit tests for it

* Add configuration layer handling object idempotency

* Add ftd_configuration module with unit tests

* Add ftd_file_download and ftd_file_upload modules with unit tests

* Validate operation data and parameters

* Fix ansible-doc, boilerplate and import errors

* Fix pip8 sanity errors

* Update object comparison to work recursively

* Add copyright
6 years ago
Matthias Fuchs 7871027c9d Share the implementation of hashing for both vars_prompt and password_hash (#21215)
* Share the implementation of hashing for both vars_prompt and password_hash.
* vars_prompt with encrypt does not require passlib for the algorithms
  supported by crypt.
* Additional checks ensure that there is always a result.
  This works around issues in the crypt.crypt python function that returns
  None for algorithms it does not know.
  Some modules (like user module) interprets None as no password at all,
  which is misleading.
* The password_hash filter supports all parameters of passlib.
  This allows users to provide a rounds parameter, fixing #15326.
* password_hash is not restricted to the subset provided by crypt.crypt,
  fixing one half of #17266.
* Updated documentation fixes other half of #17266.
* password_hash does not hard-code the salt-length, which fixes bcrypt
  in connection with passlib.
  bcrypt requires a salt with length 22, which fixes #25347
* Salts are only generated by ansible when using crypt.crypt.
  Otherwise passlib generates them.
* Avoids deprecated functionality of passlib with newer library versions.
* When no rounds are specified for sha256/sha256_crypt and sha512/sha512_crypt
  always uses the default values used by crypt, i.e. 5000 rounds.
  Before when installed passlibs' defaults were used.
  passlib changes its defaults with newer library versions, leading to non
  idempotent behavior.

  NOTE: This will lead to the recalculation of existing hashes generated
        with passlib and without a rounds parameter.
        Yet henceforth the hashes will remain the same.
        No matter the installed passlib version.
        Making these hashes idempotent.

Fixes #15326
Fixes #17266
Fixes #25347 except bcrypt still uses 2a, instead of the suggested 2b.

* random_salt is solely handled by encrypt.py.
  There is no _random_salt function there anymore.
  Also the test moved to test_encrypt.py.
* Uses pytest.skip when passlib is not available, instead of a silent return.
* More checks are executed when passlib is not available.

* Moves tests that require passlib into their own test-function.

* Uses the six library to reraise the exception.

* Fixes integration test.

When no rounds are provided the defaults of crypt are used.
In that case the rounds are not part of the resulting MCF output.
6 years ago
jctanner 653d9c0f87 New keyword: ignore_unreachable (#43857) 6 years ago
Jordan Borean 6982dfc756 psrp: Added new Windows connection plugin (#41729)
* psrp: Added new Windows connection plugin

* Tweaks to connection options from review
6 years ago
Artem Leshchev 8323f3e3b7 Fix module name in error text at parse_xml filter (#44313)
* Fix module name in error text at parse_xml filter

* Fix test that includes erroneous module name in error text at parse_xml filter
6 years ago
Zhikang Zhang 0971a342d8
Solve race condition in password lookup (#42529)
NOTE:
1. use os.open() with os.O_CREAT|os.O_EXCL to check existence
and create a lock file if not exists, it's an atomic operation
2. the fastest process will create the lock file and others will
wait until the lock file is removed
3. after the writer finished writing to the password file, all the reading
operations use built-in open so processes can read the file parallel
6 years ago
Lindsay Hill 5981a7489b new nos_command module (#43056) 6 years ago
Zhikang Zhang 3a3869f4c8
Clarify usage of encrypt arg (#43330)
According to the do_encrypt interface, encrypt arg should be the hash method name used for encrypting returning password. But in the doc and lookup code it's a boolean flag, correct it to string.
6 years ago
Joren Vrancken b954917761 Surround top-level function and class definitions with two blank lines. 6 years ago
Fran Fitzpatrick 5928ec04ca Adds an ipmath filter (#41985) 6 years ago
Jordan Borean 940d4a0e89
win_reboot: fix 2.6 issues and better handle post reboot reboot (#42330)
* win_reboot: fix 2.6 issues and better handle post reboot reboot

* changed winrm _reset to reset

* Add handler to reset calls when .reset() throws an AnsibleError on older hosts

* Moving back to _reset to get the issue fixed
6 years ago
Jordan Borean 8bdd04c147 Fix remote_tmp when become with non admin user (#42396)
* Fix tmpdir on non root become

 - also avoid exception if tmpdir and remote_tmp are None
 - give 'None' on deescalation so tempfile will fallback to it's default behaviour
   and use system dirs
 - fix issue with bad tempdir (not existing/not createable/not writeable)
   i.e nobody and ~/.ansible/tmp
 - added tests for blockfile case

* Revert "Temporarily revert c119d54"

This reverts commit 5c614a59a6.

* changes based on PR feedback and changelog fragment

* changes based on the review

* Fix tmpdir when makedirs failed so we just use the system tmp

* Let missing remote_tmp fail

If remote_tmp is missing then there's something more basic wrong in the
communication from the controller to the module-side.  It's better to
be alerted in this case than to silently ignore it.

jborean and I have independently checked what happens if the user sets
ansible_remote_tmp to empty string and !!null and both cases work fine.
(null is turned into a default value controller-side.  empty string
triggers the warning because it is probably not a directory that the
become user is able to use).
6 years ago
Nathaniel Case 5850591d14
Base connection class for network-style connections (#41839)
* Create base class for network-style connections

* clean up some differences

* Move NetworkConnectionBase

* Tweak netconf for tests

* Tweak when network_os is checked to avoid failing tests

* Pull back exec_command
7 years ago
Jordan Borean 9b7b564d75
Stop displaying kinit pass input on a failure (#41882)
* Stop displaying kinit pass input on a failure

* Fixed up minor logic info and added tests
7 years ago
Brian Coca 27c43daab8
fix minor issues with debug and item labels (#41331)
* fix minor issues with debug and item labels

 - no more `item=None`, we always have a label now
 - debug should only show expected information, either msg= or the var in var=
 - also fixed method name, deprecated misleading _get_item
7 years ago
Jordan Borean 11bd3fd318 win_updates fix when win_updates is run with async (#41756) 7 years ago