Python < 2.7.9 does not have the ssl.SSLContext attribute.
ssl.SSLContext is only required when we want to validate the SSL
connection. If `validate_certs` is false, we don't initialize the
`ssl_context` variable.
Add unit-test coverage and a little refactoring:
- avoid the use of `mocker`, when we can push `monkeypatch` which is
`pytest`'s default.
- use `mock.Mocker()` when possible
closes: #57072
(cherry picked from commit 3ea8e0a144)
On OpenBSD, 13 asterisk characters as a password hash, marks the
account as disabled. Otherwise daily(8) script which executes
security(8) will email operator about not properly locked accounts.
Before the diff, we see following warning:
> [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
After the diff, warning is gone..
(cherry picked from commit 1dea661ce8)
Co-authored-by: kucharskim <mikolaj@kucharski.name>
* Make sure postgresql tests are run for all postgres_* modules (#61647)
(cherry picked from commit 4d057e0331)
* Make sure postgresql tests are run for all postgres_* modules (#61647), remove non-existent
This should be ansible_connection, not connection_type. We can also
update local testing logic.
Remove nxos_install_os/tasks/network_local.yaml as it is nolonger used.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
(cherry picked from commit 9e1b19e364)
* Backport to stable-2.8: Fix#56640: Map k8s ansible keys to api keys (#57418)
* Fix#56643: Map ansible keys to api keys
* Remove errant print line
* Fix pep8 issue
* Fix doc line
* Added test for validate_certs -> verify_ssl translation for k8s module
(cherry picked from commit 6e94b472e8)
* Removed proxy from AUTH_ARG_MAP and added fragment for backport
* Rename backport-57418.yaml to 60683-backport-57418.yaml
* Update 60683-backport-57418.yaml
* fix: docker_swarm_service does not publish both tcp and udp ports for same published port
* fix the linting problems and add the changelog fragment.
* add test
* modify test to ensure result rather than return value
(cherry picked from commit 064cd63f3d)
* [stable-2.8] Fix sanity tests based on newer version of shellcheck (#60423)
- change egrep to grep -E
- store exit codes and check them directly
- ignore SC1091.
(cherry picked from commit c485a1b91e)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* Fix sanity test
- Split the key validation to separate private and public.
- In case public key does not exist, recreate it.
- Validate comment of the key.
- In case comment changed, update the private and public keys.
(cherry picked from commit 27e414200f)
On POWER systems, /proc/cpuinfo provides a 'processor' entry as a
counter, and a 'cpu' entry with a description (similar to 'model name'
on x86). Support for POWER in get_cpu_facts was added via the 'cpu'
entry in commit 8746e692c1. Subsequent
support for ARM64 in commit ce4ada93f9
used the 'processor' entry, resulting in double-counting of cores on
POWER systems.
When unit tests were later written for this code in
commit 55306906cf, the erroneous values
were just accepted in the test instead of being diagnosed.
Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>
(cherry picked from commit 93d9d64038)
* Better cidr_ipv6 validation in ec2_group.py
* Improve warning/error handling, add changelog
* Update unit test for ipv6 validation
* Fix logic that was causing non /128 cidrs with host bits to not be handled
(cherry picked from commit 4308b87d72)
* Move plugin loader playbook dir additions back to Playbook instead of PlaybookCLI. Fixes#59548
* Restore cli additions
(cherry picked from commit 923e218)
Co-authored-by: Matt Martz <matt@sivel.net>
When targeting 'foo*' in tests, it pulled in packages other than the dummy packages in our testing repo that have many dependencies, some of which were causing tests to fail.
Also change 'bar' package name to avoid the same issue in the future.
(cherry picked from commit 47796af64f)
Co-authored-by: Sam Doran <sdoran@redhat.com>
Only error out if the gid exists with a different group name as
otherwise it will error out if the group with this gid already
exists, like on a rerun of the playbook. This fixes a regression
introduced by 4898b0a4a298448677c2aee2a03157ba5b662759.(cherry picked from commit f94772f807)
* cosmetic: Remove useless call to ec2_argument_spec()
* aws_s3: Improve ETag handling
* Extract ETag calculation into a utility function for reuse by
aws_s3_sync.
* Reduce code duplication in put/get by restructuring the logic
* Only calculate ETag when overwrite == different
* Fail gracefully when overwrite == different and MD5 isn't available
(e.g. due to FIPS-140-2).
* aws_s3: clean up integration tests
Clean up tests, add tests for overwrite settings in both directions.
(cherry picked from commit c513c1e2d3)
This fixes the unit tests hanging when run with Python 3.8 with coverage enabled
(cherry picked from commit ed4a729fd6)
Co-authored-by: Sam Doran <sdoran@redhat.com>
If the 'local' parameter of the 'user' Ansible module is enabled, and
the user has been found in the local user database, don't emit
a warning, because this is an expected outcome.
Add changelog and integration tests
Co-authored-by: drybed <drybjed@gmail.com>
(cherry picked from commit 75be309242)
Co-authored-by: Maciej Delmanowski <drybjed@drybjed.net>
A recent update to lxml for Python >= 3.6 now preserves key order. Change the test input so the input is sorted, making tests pass on previous versions of lxml as well as the latest version.
(cherry picked from commit 19299f3310)
Co-authored-by: Sam Doran <sdoran@redhat.com>
* consul_session: Python 2.6 is always required on managed node
* consul_session: document all types
* consul_session: add doc for 'id' parameter
* consul_session: improve parameter descriptions
- use formatting functions in descriptions
- 'name' parameter is required when state=node
* consul_session: use required_if
* consul_session: add integration tests
* consul_session: use 'retry' with network dependent tasks
* Use ansible-ci-files bucket for consul binaries
Co-Authored-By: Matt Clay <matt@mystile.com>
(cherry picked from commit 5f8080aaa0)
* add a changelog fragment
Previously if `sysctl_set=no` (which is the default) this module only
checked for changes in the sysctl.conf file to decide whether it should
reload it or not. This means that if the values in the conf file are the
same as they are set with the module, but the current values on the
system are different, that this module wouldn't apply the changes on the
system and thus the value set with the module wouldn't be applied on the
OS. This isn't obvious and it doesn't make sense that the module works
like that by default, especially because there is a separate option
`reload`. Now sysctl will also check if the current value differs on the
system and if it does, it will reload the file again.
(cherry picked from commit 5fc769f6b1)
* Clear 'connection related' plugin vars for next loop iteration (#59024)
Fixes#58876
(cherry picked from commit a752e2a467)
* Preserve original variables when using a loop (#59426)
Fixes#59414
(cherry picked from commit 1010363c0b)
pytest.raises has two parameters, message and match. message is meant
to be the error message that pytest gives when the tested code does not
raise the expected exception. match is the string that pytest expects
to be a match for the repr of the exception. Unfortunately, it seems
that message is often mistakenly used where match is meant. Fix those
cases.
message is also deprecated so removed our usage of it. Perhaps we
should write a sanity test later that prevents the use of
pytest.raises(message) to avoid this mistake.
seealso: https://docs.pytest.org/en/4.6-maintenance/deprecations.html#message-parameter-of-pytest-raises
Also update the exception message tested for as we're now properly
detecting that the messages have changed.
(cherry picked from commit 87601969a3)
Fix root filter test
On python-2.6 the error message is different
(cherry picked from commit 67fb3a8215)
Fix the pytest match test for python-2.6
(cherry picked from commit 8a880d6032)
Correct variable name for skipping of the gitlab test when gitlab python
client is not installed.
(cherry picked from commit 0c992d5ae4)
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
* Mark Docker tests unstable
- docker_swarm is unstable on RHEL 8
- docker_container is unstable on RHEL 7
* Disable docker_container test.
(cherry picked from commit 67c69f3)
Co-authored-by: Sam Doran <sdoran@redhat.com>
Gonéri Le Bouder