* AnsibleAWSModule related cleanup - s3_bucket
* Add extra information to s3_bucket timeout failures, it's possible the comparisons are doing something weird...
* Move Bucket Encryption boto support logic into the pre-flight checks
* Use the built in required_by logic
* Rework s3_bucket integration tests
* Add a retry around put_bucket_encryption
s3_client.put_bucket_encryption is occasionally dropped on the floor
by Amazon add some logic to retry s3_client.put_bucket_encryption call
* Catch OperationAborted and retry, it is caused by a conflicting change
still being in progress. (For example an Encryption setting applying)
* Make sure we don't explode if the botocore version's too old
* Review tweaks
* Cleanup tests
* Auto-Retry on ResourceNotFound and RequestInProgress exceptions
* Use AnsibleModule options for required_if logic
* changelog
* Remove (now) duplicate RequestInProgressException catching
* Allow a single retry when attempting to fetch the information about a cert directly after deleting it.
There is a small chance that it goes away while we pull the details.
* add key rotation option
* add changelog fragment
* provide version added as string
* change changelog to minor_changes
* Update changelogs/fragments/67651-aws-kms-key-rotation.yml
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* prevent key upgrade if key rotation was enabled manually. In that case, the key rotation would be disabled, if not mentioned in the playbook
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
* Update lib/ansible/modules/cloud/amazon/aws_kms.py
Co-Authored-By: Mark Chappell <mchappel@redhat.com>
Co-authored-by: Mark Chappell <mchappel@redhat.com>
* Initial copy of incidental network tests.
* Update incidental test aliases.
* Add incidental tests to CI.
* Rewrite module references in tests.
This should not be necessary once module redirection is supported.
* Rewrite target references for renamed targets.
* Add support collections for incidental tests.
* Add ignores for test support code.
* Remove echo used for debugging.
* fixed#47050
* added changelog fragment
* added quick and basic test
* Revert "added quick and basic test"
This reverts commit 75f4141656.
* added better tests
* now also creating files to copy on the remote
* removed tests for recursive copying which is not supported by remote_src
* sns_topic: (integration tests) Move the tests over to using module defaults
* sns_topic: (integration tests) Add test for behaviour of changed when using delivery_policy
* sns_topic: ensure "changed" behaves properly when managing delivery policies
- a delivery_policy isn't an IAM policy, so compare_policies didn't cope with it
- AWS automatically adds an additional option when you set an HTTP delivery
policy
* Parse the delivery policies so we can test the changes properly
* Update AWS policy to enable management of TargetGroups
* elb_target: (integration tests) migrate to using module_defaults
* elb_target: (integration tests) lookup the AMI by name rather than hard coding AMI IDs
* elb_target_info: (integration tests) finish rename of integration test role
* elb_target: (integration tests) rename various resources to consistently use {{ resource_prefix }}
* elb_target_info: (integration tests) Migrate to using module_defaults
* elb_target_info: (integration tests) Lookup AMI by name rather than hard coding AMI IDs
* Apply suggestions from code review
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
* elb_target: (integration tests) Remove the 'unsupported' alias
* Try bumping up the timeout
* Rules don't permit 'shippable' (resource_prefix uses this when run in shippable)
* Try bumping up more timeouts :/
* Avoid double evaluation of target_health assertion
* Simplify target_type usage a little (rather than constantly performing a lookup)
* mark elb_target tests 'unstable' for now, they're slow
Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
* cloudfront_distribution: (integration tests) Migrate to using module_defaults
* cloudfront_distribution: (integration tests) Use the ID rather than the alias
Using aliases requires providing a valid SSL certificate, as such we're not longer able to test using an arbitrary hostname
* cloudfront_distribution: (integration tests) Make sure we delete the test s3 bucket when tests fail
* cloudfront_distribution: field_level_encryption_id is now a mandatory field always add it
Setting the field to an empty string has the same effect as the original behaviour.
* Copy & Paste fixup
Co-Authored-By: Jill R <4121322+jillr@users.noreply.github.com>
Co-authored-by: Jill R <4121322+jillr@users.noreply.github.com>
* Run Ed25519 and Ed448 tests for openssl_csr and openssl_certificate only if key generation succeeded.
* Make openssl_privatekey tests more robust: allow special key generation tests to fail with 'algorithm not supported' on FreeBSD.
These tests rely on the AWS S3 modules, but will not be migrated along with those modules into an AWS collection.
Since these tests will not reside in a collection alongside the modules under test they are being moved to the legacy tests directory.
The legacy tests directory will soon be migrated to a separate repository.
* Add x509_crl module.
* Add integration tests.
* Fix some errors.
* Fix inversion.
* Compare name instead of tpye.
* Fix fail_json() calls.
* Work around rename of serial_number attribute for cryptography 1.4.
* Don't die for non-cert loading errors.
* One more.
* Fix function call.
* Fixed/improved descriptions.
* Don't read issuer from certificate file.
* Allow to ignore timestamps.
* Default value for revocation_date.
* Update tests.
* Mention ignore_timestamps in update docs.
* Support privatekey_content, and require some options only if state is present.
* Allow to pass certificate in directly.
* Add tests.
* Fix required_if.
* Forgot to encode content.
* Forgot to adjust type.
* Allow to return CRL's content directly.
* return_crl_content -> return_content (as in #65400).
* Fix elements.
* Fix messages.
* Use required_one_of and mutually_exclusive instead of doing the checks by hand.
* Fix format.
* Skip tests on AIX.
* Fix typo.
* Fix DHCP support in win_dns_client + more
* Fix bugs and test failures, add changelog fragment
* Add idempotency tests for DHCP
* Address review feedback; dedup address-family code
* Remove legacy function
* Remove old reference
* Create ipwcli_dns.py
* add newline at the end
* Update after review and support AAAA
* Update lib/ansible/modules/net_tools/ipwcli_dns.py
Co-Authored-By: Felix Fontein <felix@fontein.de>
* add integration tests and change param user to username
Co-authored-by: Felix Fontein <felix@fontein.de>
* ec2_snapshot and ec2_snapshot_info test suite
* Add a fact to make tests easier to follow.
Test all return values, and add missing RETURN docs to module.
* bumped zabbix integration tests to be run against current LTS 4.4
* macros and tags tests for zabbix host + naming changes due to switch to zabbix 4.4
* Add AWSRetry decorator to ec2_vpc_nacl
* Also add a decorator to ec2_vpc_nacl_info to catch things like API rate limit errors.
* add double-removal integration tests to make sure things don't get too slow
* Fixup retry usage for _info
* Simplify changed logic when modifying a NACL
* tweak error message
* Fix for shared snapshot parameter
Fixing this bug:
`Unknown parameter in input: "IsShared", must be one of: DBInstanceIdentifier, DBSnapshotIdentifier, SnapshotType, Filters, MaxRecords, Marker, IncludeShared, IncludePublic, DbiResourceId`
* Updated documentation for shared snapshots
Tags can't get accessed for shared snapshots
* fixed indentation
* added test for shared snapshot
* fixed isPublic parameter to correct IncludePublic parameter
Co-authored-by: Oliver Kastler <oliver@realestate.co.nz>
This avoids confusion with tests named `inventory_*` which do not test inventory plugins.
Tests for inventory scripts are now prefixed with `script_inventory_`.
User can now specify tag and category using dict in vmware_tag_manager
module. This is useful when tag or category name contains colon.
Fixes: #65765
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Start adding ansible-galaxy collection list options
* Working list all collections and list a specific collection
* Nuke debugging cruft
* Use to_text to get a string of the FQCN for sorting
* Improve collection output formatting
- add header
- display collection name and version in separate columns
- width of columns is dynamic based on collection name and version length
* Make role list output match collection output list
- add header
- add columns for role name and version
- make column width dynamic based on name and version length
* remove debug statemnt and extra header
* Revert "Make role list output match collection output list"
This reverts commit a0b3db47bb3b198aafd34c1f1be5b6561af2f928.
* Add validate_collection_path function
Utility function for ensuring a collection target ends with 'ansible_collection'
* Use validate_collection_path
* Do not warn if a specific collection in found in any search path
* Fix extraneous warning and remove duplicate code
Do not warn when listing a specific collection and it does not exist
in other collection paths.
Restructure the code that loops through collection paths to remove
duplicate conditional code.
* Indicate role path was found
* Use new function name
* WIP Save Point
* Use separate functions for role and collection list
* Wrap error message
There may be a better way to do this besides hard coding a line break, but this
does make the message a lot more readable.
* Add validate_collection_path function (#66441)
* Add validate_collection_path function
Utility function for ensuring a collection target ends with 'ansible_collection'
* Fix bad syntax
* Correct docstring
* Bikeshed the names
* Properly list a single role
* Simplify _display_warnings()
Only display warnings. Move exception raise back to each caller.
* Move private methods to private functions
They don't need self, so it makes sense to have them as functions
Get rid of _display_warnings() function since it doesn't do anything worthy of
an independent function.
* Add integration tests for ansible-galaxy collection list
* Fix docs sanity test
* Fix bug where ansible_collections dir does not exist
The path may exist, but if there is no ansible_collections dir inside that path,
an exception was raised in find_existing_collections().
Add integration test for this scenario
* Put execute_list() method back
* Add some informational messages for debugging
* Add unit tests
Units tests for the various private methods in support of collection list
* Start adding unit tests for test_execute_list
* Display collection path when listing specific collection
* Add unit tests for listing all collections and specific collection
- Create fixture for creating test objects
- Add function for controlling os.path.isdir results
* Set defaults for minimum collection widths
Ensure that collections with small FQCNs display correctly.
Add unit tests
* Split up unit tests and fix fixtures
Add more fixtures for mocking objects during the specific collection tests
* Change help message for -p in list subcommand
Give accurate description of what it actually does rather than trying to use language shared between sub commands.
* Disable colorized output in unit test
* Add docs for collection list
* Fix integration test on macOS
The temp file path is really long on macOS, so the warning message gets wrapped
across multiple lines. That make seth grep fail. Switch to matching on a smaller
part of the warning.
* Recreate common path options for collections
Improve help about what the '-p' option does and how it works.
* Remove unnecessary elif after continue statements
* Account for duplicate paths in collections_searh_paths
If someone specifies the same path via '-p' that is the COLLECTIONS_PATHS,
do not list the collections twice.
* Docs updates
us-east-1e is sometimes picked at random, and has no support for
t3/m5 instance types, which breaks some tests.
Because availability_zones is returned in a consistent (sorted) order,
we should at least get either consistent success or consistent failure.
* win_package - Refactor with msp, appx support
* Added msi test for ALLUSERS
* Added some msix tests, refactored tests
* Added remaining msix tests
* Enable msix sideloading for tests
* Added remaining exe path tests
* Added basic msp tests
* Remove url options now the util no longer has them
* Fix file version check for older Windows hosts
* Remove no_proxy ansible-test setting
* Use same mechanism of become to copy the file with explicit creds
* Added Ansible.Service util and win_service_info
* Fix up util test
* Sigh forgot to update the test and fix sanity
* Try to make tests more robust
* That didn't work, just check the username
* Betraying Queen and country with this doc fix
* More changes for compat
* More OS compatibility
* AnsibleAWSModule related cleanup - redshift
* Apply a backoff on modify_cluster to cope with concurrent operations
* Add AWS 'hacking' policy to allow creation of Redshift ServiceRole
* Adding the retry policies makes the redshift test suite more reliable
Only one integration test target is supported per module. Since there is already a `mysql_replication` integration test, the `mariadb_replication` tests will not execute for the same module.
To avoid issues with tests not running on changes to the `mysql_replication` module and then failing after changes are made and all tests are executed, the test has been marked `unsupported` to prevent it from running in CI.
To re-enable this test for CI it will need to be merged into the `mysql_replication` tests, which will require working around conflicts between the packages required by the two sets of tests.
* Split up lookup integration tests.
* Rename lookup_paths integration test.
This will avoid confusing it for a test of the `paths` lookup plugin, which does not exist.
* Fix lookup_pipe integration test.
The test now verifies it receives the correct output.
Adding a second task also causes code coverage to be properly registered for the lookup plugin.
* Rename ini lookup test to match plugin name.
* Update sanity ignore path.
Modules and plugins can only have one integration test target associated with them.
When there is a conflict between alias(es) and/or the target name, only one target will trigger on changes to the module or plugin.
The test fails in the CI with a timeout of vmware_guest_tools_wait. It's
still unclear if this comes from:
- the ESXi environment
- the VM configuration, e.g: the amount of the RAM
- the ISO image itself
Ideally, we should have a light VM with the vmware-tools.
I didn't properly update the commit message via github UI. Revert, to
open a new PR.
This reverts commit 2794142eb3.
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This looks to be causing issues for our new ansible.netcommon
collection. Revert for now, until we can properly address.
This reverts commit 53c7f8cbde.
Since https://github.com/ansible/ansible/pull/61006 `vmware_cluster_info`
exposes a new key called `hosts`. The deprecated module
`vmware_cluster_facts` keeps the previous behaviour, and so we must keep
its test-suite unchanged.
Add integration test
There are a number of other parameters that result in stack traces as well when this module is used ad-hoc. I'm not sure if we're interested in fixing them all since this module isn't meant to be run ad-hoc.
* Remove redundant use of ec2_argument_spec where we're using AnsibleAWSModule
* Use module.client() instead of the get_aws_connection_info/boto3_conn combo.
* AnsibleAWSModule handles 'HAS_BOTO3'
* Remove unused imports
* Update error message that lambda_policy integration test is looking for when the region's missing
* Revert redshift and s3_bucket
* Added integrations test for ecs_tag
Testing invalid cluster test for the expected message.
Add idempotency test is for adding tests to service and task_definition.
* throttle tests: fix detection of parallel execution
The test wasn't able to detect if too many workers were running.
On my laptop:
- without this change, the 'throttle' target takes ~20 seconds
- with this change, the 'throttle' target takes ~70 seconds
- 1 second isn't long enough to encounter the issue
* Fix throttle test when strategy is 'free' based
'free' strategy allows multiple tasks to be executed in parallel: use
one 'throttledir' per task.
Use 'linear' strategy with a dedicated play for cleanup/setup tasks
* throttle: reset worker idx before queuing a new task
* TestStrategyBase: define task.throttle
otherwise '1' will be used instead of the default value due to the
following expression being equal to '1':
int(templar.template(task_mock.throttle))
Co-authored-by: James Cammarata <jimi@sngx.net>
vmware_tag_info used to return dict of tag information which caused
data loss when there are multiple tags with same name and different category ids.
This fix will add additional fact "tag_info" which will deprecated existing fact
"tag_facts".
The "tag_info" is a list which handles multiple tags with same name.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
When HostVars are part of the data that goes through (de)serialization
when being passed from a worker process to the main process, its
variable manager reference loses some of its attributes due to the
implementation of __getstate__ and __setstate__ (perf utilization).
Since HostVars already has those attributes, use __setstate__ to assign
them.
Fixes#65365
Fixes#66549
The inefficiency improvement
https://github.com/ansible/ansible/pull/63713 introduced a bug where
`enablerepo` was not being honored if combined with
`disablerepo="*"`. This fixes that issue.
Signed-off-by: Adam Miller <admiller@redhat.com>
This commit address a problem in static mode, if the hostname change,
`host.name` value with change too. And as a result:
results['dns_config_result'][host.name]
will be initialized.
We now record the initial hostname first, and uses it as the key for the
results.
This commit also ensures hostname and search domain change are detected if
`instance.dnsConfig.dhcp` is true.
Finally, if we target a cluster, the `changed` result will depend on the
number of nodes.
By using a `rescue` block, we can potentially hide a really problem in the
block and return a success. This is a bit problematic for a functional
test.
* Add integration tests
* Handle error in _get_diff_data()
* Change to warning rather than error
* Also change failure to warning in assemble action plugin
* Adding documentation and integration test for the new module
* Correcting typo
* removed unused if else block
* changing error messages
* Addressed review comments
* resolving sanity error
* fixed typo in vmware.py
* Added support for datastore cluster
* adding state parameter instead of power on fixed few more review comments
* Documentation update
* Updating argument
For a refresh of the datastore list on the vcenter, this before we
check the present of the newly attached datastores.
A lot of tests depend on the presence of the DS, and this little
change allow us to save =~ 45s everytime.
- remove the unsupported alias
- refactoring
- move the hosts outside of the cluster to avoid any conflict with DRS
- import the `prepare_vmware_tests` role
- does not work with govcsim
While this does properly pass our testing for ansible/ansible devel
branch, it is currently breaking our collection testing for 2.10.
Specifically, this would mean ansible.netcommon would need to directly
import arista.eos or cisco.nxos collections, causing a circular dependency.
This reverts commit e266e5f8b6.
Some adjustments to be able to run the test-suite properly:
- Starts with the ESXi out of the cluster to be able to deploy the
VM on a proper host consistently
- Ensure the resource pool exists
- The resource pool is called `DC0_C0_RP1`, not `Resources`
- Avoid an exception if we try to move a non existing VM.
Put the test in the zuul/vmware/vcenter_2esxi group.