Commit Graph

474 Commits (ec73968b5dd8fbadaf06ecaca7a9d919f0188c1f)

Author SHA1 Message Date
Matt Clay f3d1f9544b
Make ansible-test available in the bin directory. (#45876) 6 years ago
Will Thames d2569a3f7d Improve iam_group exception handling (#45599)
* Improve iam_group exception handling

Use AnsibleAWSModule for iam_group and handle BotoCoreErrors
as well as ClientErrors. Use fail_json_aws to improve error messages

* Add minimal iam_group test suite

Update some of the read-only IAM permissions (this is not sufficient
to run the test suite but it gets further than it did until it tries
to add a (non-existent) user)

* Clean up after tests
6 years ago
Michael Scherer 83db157c35 Add a default man path (#45689)
It seems that on some Linux distribution (Fedora 28, Debian), man will
not fallback on a default path if MANPATH is set. So using the env-setup
script will prevent man from working.
6 years ago
Sviatoslav Sydorenko e8731a1f5b
Add a ticket stub for guiding GitHub newcomers
PR #45497
6 years ago
Ed Costello 96c4efcd95 Add missing s3 permissions for s3 module testing. (#43243) 6 years ago
Matt Martz 7a61763fba
Don't require requests in hacking/report.py (#45350)
* Don't require requests in hacking/report.py

* move ansible import
6 years ago
Will Thames 60e3af42d5 sns_topic boto3 port (#39292)
* Port sns_topic to boto3 and add tests
6 years ago
sdubrul 061877d584 added account_alias in the response of module aws_caller_facts (#42345)
* added account_alias in the response of module aws_caller_facts

* added comment to explain list_account_aliases

* renamed caller_identity to caller_facts as the content is extended

* created changelog

* security-policy needs the iam:ListAccountAliases for this module to work

* test now checks for the added field account_alias

* gracefully handle missing iam:ListAccountAliases permission
6 years ago
Matt Clay 0392dbeba1 Fix path handling in hacking/env-setup. 6 years ago
Matt Martz c1c229c6d4
Remove use of simplejson throughout code base (#43548)
* Remove use of simplejson throughout code base. Fixes #42761

* Address failing tests

* Remove simplejson from contrib and other outlying files

* Add changelog fragment for simplejson removal
6 years ago
Joren Vrancken b954917761 Surround top-level function and class definitions with two blank lines. 6 years ago
flowerysong a08668cf00 Port ec2_tag to boto3 (#39712)
* Add volume manipulation to EC2 integration test policy

* Port ec2_tag to boto3
6 years ago
Toshio Kuratomi 52449cc01a AnsiballZ improvements
Now that we don't need to worry about python-2.4 and 2.5, we can make
some improvements to the way AnsiballZ handles modules.

* Change AnsiballZ wrapper to use import to invoke the module
  We need the module to think of itself as a script because it could be
  coded as:

      main()

  or as:

      if __name__ == '__main__':
          main()

  Or even as:

      if __name__ == '__main__':
          random_function_name()

  A script will invoke all of those.  Prior to this change, we invoked
  a second Python interpreter on the module so that it really was
  a script.  However, this means that we have to run python twice (once
  for the AnsiballZ wrapper and once for the module).  This change makes
  the module think that it is a script (because __name__ in the module ==
  '__main__') but it's actually being invoked by us importing the module
  code.

  There's three ways we've come up to do this.
  * The most elegant is to use zipimporter and tell the import mechanism
    that the module being loaded is __main__:
    * 5959f11c9d/lib/ansible/executor/module_common.py (L175)
    * zipimporter is nice because we do not have to extract the module from
      the zip file and save it to the disk when we do that.  The import
      machinery does it all for us.
    * The drawback is that modules do not have a __file__ which points
      to a real file when they do this.  Modules could be using __file__
      to for a variety of reasons, most of those probably have
      replacements (the most common one is to find a writable directory
      for temporary files.  AnsibleModule.tmpdir should be used instead)
      We can monkeypatch __file__ in fom AnsibleModule initialization
      but that's kind of gross.  There's no way I can see to do this
      from the wrapper.

  * Next, there's imp.load_module():
    * https://github.com/abadger/ansible/blob/340edf7489/lib/ansible/executor/module_common.py#L151
    * imp has the nice property of allowing us to set __name__ to
      __main__ without changing the name of the file itself
    * We also don't have to do anything special to set __file__ for
      backwards compatibility (although the reason for that is the
      drawback):
    * Its drawback is that it requires the file to exist on disk so we
      have to explicitly extract it from the zipfile and save it to
      a temporary file

  * The last choice is to use exec to execute the module:
    * https://github.com/abadger/ansible/blob/f47a4ccc76/lib/ansible/executor/module_common.py#L175
    * The code we would have to maintain for this looks pretty clean.
      In the wrapper we create a ModuleType, set __file__ on it, read
      the module's contents in from the zip file and then exec it.
    * Drawbacks: We still have to explicitly extract the file's contents
      from the zip archive instead of letting python's import mechanism
      handle it.
    * Exec also has hidden performance issues and breaks certain
      assumptions that modules could be making about their own code:
      http://lucumr.pocoo.org/2011/2/1/exec-in-python/

  Our plan is to use imp.load_module() for now, deprecate the use of
  __file__ in modules, and switch to zipimport once the deprecation
  period for __file__ is over (without monkeypatching a fake __file__ in
  via AnsibleModule).

* Rename the name of the AnsiBallZ wrapped module
  This makes it obvious that the wrapped module isn't the module file that
  we distribute.  It's part of trying to mitigate the fact that the module
  is now named __main)).py in tracebacks.

* Shield all wrapper symbols inside of a function
  With the new import code, all symbols in the wrapper become visible in
  the module.  To mitigate the chance of collisions, move most symbols
  into a toplevel function.  The only symbols left in the global namespace
  are now _ANSIBALLZ_WRAPPER and _ansiballz_main.

revised porting guide entry

Integrate code coverage collection into AnsiballZ.

ci_coverage
ci_complete
6 years ago
Calvin Wu 7e42e88cc1 ecs_taskdefinition can absent without containers argument (#41398)
* ecs_taskdefinition can absent without containers argument

* add regression test for absent with arn

* Add PassRole privilege for ecs_cluster to pass
6 years ago
Julien Vey 0f612d1b76 efs_facts: improve performance by reducing the number of api calls (#36520)
* efs_facts: improve performance by reducing the number of api calls

* Remove efs_facts tests from running in CI
6 years ago
Troy Murray 15ce7c5bab change OS X to macOS (#41294)
* change OS X to macOS

<!--- Your description here -->

+label: docsite_pr

* Update all Mac OS X references to be macOS

* Drop extra Mac
7 years ago
Jon Dufresne dc7e50fa90 Update additional pypi.python.org URLs to pypi.org (#41373)
For details on the new PyPI, see the blog post:

https://pythoninsider.blogspot.ca/2018/04/new-pypi-launched-legacy-pypi-shutting.html
7 years ago
Will Thames b235cb8734 aws_eks_cluster: New module for managing AWS EKS (#41183)
* aws_eks: New module for managing AWS EKS

aws_eks module is used for creating and removing EKS clusters.

Includes full test suite and updates to IAM policies to enable it.

* Clean up all security groups

* appease shippable

* Rename aws_eks module to aws_eks_cluster
7 years ago
Will Thames a60fe1946c Remove ECS policies from AWS compute policy
The compute policy was exceeding maximum size and contained
policies that already exist in ecs-policy.

Look up suitable AMIs rather than hardcode

We don't want to maintain multiple image IDs for multiple regions
so use ec2_ami_facts to set a suitable image ID

Improve exception handling
7 years ago
Zhikang Zhang b578bf9e20 Fix test-module failing to validate args (#41004)
* Fix test-module failing to validate args

The test-module pass a wrong argument _ansible_tmp cause the validation failed.
Change the argument _ansible_tmp to _ansible_tmpdir to fix this.

* Add a integration test for test-module.

Prior to this change, we don't have a test for test-module.

This change ensure the correctness of test-module script.
7 years ago
Will Thames 809c7404ab Add two missing VPC permissions (#37896)
Remove VPC permissions from network-policy.json as they mostly duplicate
compute-policy.json permissions - separating the VPC and compute permissions
would likely lead to further confusion.
7 years ago
Matt Clay 8deced3e04
Fix shebangs and file modes and update tests. (#40563)
* Add execute bit sanity test and apply fixes.
* Add shebang test for `lib` dirs and apply fixes.
* Shebang and execute bit cleanup.
7 years ago
Matt Davis e4edb2842a 2.6 changelog gen/version/root dir cleanup (#40421)
* patched in changelog gen stuff from stable-2.5
* Makefile updates
* release.py as single-source-of-truth
* Remove obsolete ansible-core-sitemap.xml file.
* Move ROADMAP.rst into README.rst.
* dynamic rpm changelog, zap old deb/rpm changelogs
* fix changelog in MANIFEST.in
* Remove obsolete hacking/update.sh script.
* Remove ref to deleted authors script.
* Remove ref to removed module-formatter script.
* Update headings to match script names.
* MANIFEST.in cleanup
* removed RELEASES.txt and versions.yml
* removed obsolete release generation playbook/bits (not used since 2.5)
* misc Makefile cleanup
* speculative changes to DEB versioning
* allow override of DEB_VERSION/DEB_RELEASE
7 years ago
Toshio Kuratomi 5634dae290 Remove the cherrypick script
We only needed it for migrating cherrypicks between the unified repo and
the ansible-modules-* repos.  Now that we aren't supporting 2.3, we no
longer need this script.
7 years ago
Tim Rupp 548282139f
Fixes incorrect variable name (#40274)
Incorrect variable name was causing a NameError

  NameError: name 'comlpex_args' is not defined
7 years ago
Madhura-CSI b85970b2b0 New Module: ec2_vpc_vpn_facts (#35983)
* New module: ec2_vpc_vpn_facts

* Add integration tests for ec2_vpc_vpn_facts and the IAM permissions

* Add retry to VPC removal

* Use unique name for VGW

* Always clean up after tests and add retries
7 years ago
Jordan Borean 44ab948e5d
create module tmpdir based on remote_tmp (#39833)
* create module tmpdir based on remote_tmp

* Source remote_tmp from controller if possible

* Fixed sanity test and not use lambda

* Added expansion of env vars to the remote tmp

* Fixed sanity issues

* Added note around shell remote_tmp option

* Changed fallback tmp dir to ~/.ansible/tmp to make shell defaults
7 years ago
Will Thames 29770a297a Fail with nice error message if elb target_type=ip not supported (#38313)
* Add helpful failure message if target_type=ip is not supported

Create test case for target_type=ip not supported

* Update elb_target_group module to latest standards

Use AnsibleAWSModule
Improve exception handling
Improve connection handling
7 years ago
mwpeterson efdd92e1c0 Update test-module (#39331)
Update test-module To use C.DEFAULT_LOCAL_TMP
7 years ago
Will Thames 12f2b9506d [aws]Add VPC configuration to ECS modules (#34381)
Enable awsvpc network mode for ECS services and tasks and
their underlying task definitions

Improve test suite to thoroughly test the changes

Use runme.sh technique to run old and new versions of botocore to
ensure that the modules work with older botocore and older network modes
and fail gracefully if awsvpc network mode is used with older botocore
7 years ago
Matt Clay c262dbfd30 Use https for links to ansible.com domains. 7 years ago
Ed Costello 0d31d1cd24 [cloud]Add aws_ses_identity_policy module for managing SES sending policies (#36623)
* Add aws_ses_identity_policy module for managing SES sending policies

* Add option to AnsibleAWSModule for applying a retry decorator to all calls.

* Add per-callsite opt in to retry behaviours in AnsibleAWSModule

* Update aws_ses_identity_policy module to opt in to retries at all callsites.

* Add test for aws_ses_identity_policy module with inline policy.

* Remove implicit retrys on boto resources since they're not working yet.
7 years ago
Will Thames a1d3cf488d [cloud][test]Add missing IAM policy for cloudfront (#38248)
Cloudfront needs CreateOriginAccessIdentity

Add profile parameter to setup-iam.yml. Could arguably just use
AWS_PROFILE but given that other tasks are using profile, should
be consistent.
7 years ago
Pilou 7908f78fa6 module_common: handle None value for templar (#36651)
* module_common: set required parameter templar

Fix the following error (related to b455901):

  $ ./hacking/test-module -m ./lib/ansible/modules/system/ping.py -I ansible_python_interpreter=/usr/bin/python
  Traceback (most recent call last):
    File "./hacking/test-module", line 268, in <module>
      main()
    File "./hacking/test-module", line 249, in main
      (modfile, modname, module_style) = boilerplate_module(options.module_path, options.module_args, interpreters, options.check, options.filename)
    File "./hacking/test-module", line 152, in boilerplate_module
      task_vars=task_vars
    File "ansible/lib/ansible/executor/module_common.py", line 910, in modify_module
      environment=environment)
    File "ansible/lib/ansible/executor/module_common.py", line 736, in _find_module_utils
      shebang, interpreter = _get_shebang(u'/usr/bin/python', task_vars, templar)
    File "ansible/lib/ansible/executor/module_common.py", line 452, in _get_shebang
      interpreter = templar.template(task_vars[interpreter_config].strip())
  AttributeError: 'NoneType' object has no attribute 'template'

* module_common.modify_module: templar is required
7 years ago
Julien Vey 7c07877b1b s3_bucket: add integration tests (#36941)
Also update testing-policies/storage
7 years ago
Julien Vey 51d491f8f0 route53_zone: move to boto3, and enable comment update (#36641) 7 years ago
Ed Costello 645952c139 Add aws_caller_facts module and use it in setup-iam.yml (#36683)
* Add aws_caller_facts module and use it in setup-iam.yml

This removes the dependency on having the command line AWS tools
installed.
7 years ago
Will Thames b5a1643e3d Add new aws_waf_condition module (#33110) 7 years ago
Ed Costello d16bc1c3f4 New aws_ses_identity module to manage AWS Simple Email Service Identity (#31140)
* Add aws_ses_identity module

* Update CI alias, add BotoCoreError exception handling.

* Add SES and SNS permissions to hacking/aws_config to run aws_ses_identity integration tests
7 years ago
Marek 5fa29201a7 Port sts_assume_role to boto3 (#32569)
* Ported sts_assume_role to boto3

* Added integration tests
7 years ago
Adrian Likins ec9769c82f
Facts distribution clear linux 31501 (#32453)
The search string used to look for Clear Linux
was changed in 45a9f96774 to
be more specific, but was too specific. Now finding
a substring match for 'Clear Linux' in /usr/lib/os-release
is enough to consider a match.

Since the details of the full name in os-release varies
('Clear Linux Software for Intel Architecture',
 'Clear Linux OS for Intel Architecture', etc) the
search string match was failing and would fall back to the
'first word in the release file' method resulting in
ansible_distribution='NAME="Clear'

Also add a meta fact indicating which search string
was matched.

Test case info from:
        https://github.com/ansible/ansible/issues/31501#issuecomment-340861535

Fixes #31501
7 years ago
Will Thames 4d58d16793 Add aws_s3 action plugin to find source files as expected (#35028)
People expect to be able to upload files to s3 using standard
locations for files.

Providing an action plugin that effectively rewrites the `src`
key to the result of finding such a file is a great help.

Tests added, and IAM permissions corrected
7 years ago
Will Thames 8d733dbdf0 [cloud] New module cloudfront_distribution (#31284)
* added cloudfont.py, modified cloudfront_facts.py class name and fixed a minor bug

* Improvements to cloudfront_distribution

* Reduce the scope of the cloudfront_distribution module
    * Remove presigning
    * Remove streaming distribution functionality
* Add full test suite for cloudfront distribution
* Meet Ansible AWS guidelines

* Make requested changes

Fix tests

Use built-in waiter

Update copyright
7 years ago
Matt Clay 797664d9cb Python 2.6 `str.format()` compatibility fixes. 7 years ago
Will Thames 866d7fdce9 [cloud] Create ECS integration test suite (#33757)
Tests for:
* ecs_cluster
* ecs_service
* ecs_service_facts
* ecs_taskdefinition
* ecs_taskdefinition_facts

* Add idempotency testing

Test ecs_cluster, ecs_service and ecs_taskdefinition for trivial
idempotency. Add FIXMEs to the tests because the latter two fail.

Remove unused dependencies
7 years ago
Abhijeet Kasurde 36f82ae8cc Replace exit() with sys.exit()
This fix adds replacement for exit() to sys.exit(), as
exit() is not recommended way to exit from the program.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
7 years ago
Sloane Hertel f5471b3dcb [cloud] ec2_vpc_net integration tests (#33111)
* Add some integration tests for ec2_vpc_net module

* Add a couple tests for check mode

fix typo

ensure the DHCP option set is cleaned up

* Add permissions to test policy
7 years ago
Matt Martz 783a09d105
Fix failure to adjust my name when doing copy pasta (#33322) 7 years ago
Matt Martz 4fe08441be Deprecate tests used as filters (#32361)
* Warn on tests used as filters

* Update docs, add aliases for tests that fit more gramatically with test syntax

* Fix rst formatting

* Add successful filter, alias of success

* Remove renamed_deprecation, it was overkill

* Make directory alias for is_dir

* Update tests to use proper jinja test syntax

* Update additional documentation, living outside of YAML files, to reflect proper jinja test syntax

* Add conversion script, porting guide updates, and changelog updates

* Update newly added uses of tests as filters

* No underscore variable

* Convert recent tests as filter changes to win_stat

* Fix some changes related to rebasing a few integration tests

* Make tests_as_filters_warning explicitly accept the name of the test, instead of inferring the name

* Add test for tests_as_filters_warning

* Update tests as filters in newly added/modified tests

* Address recent changes to several integration tests

* Address recent changes in cs_vpc
7 years ago
Will Thames 1ca0c0e7f7 Consolidate IAM policies into fewer, larger policies (#33122)
Due to IAM limits allowing at most 10 policies per group,
need to reduce the number of total policies in use.
7 years ago
Will Thames 0b128e2e29 Add tests for ec2_vpc_route_table (#32036)
* Add tests for ec2_vpc_route_table

Initial tests for ec2_vpc_route_table ready for boto3 porting

* Turn AWS connection information into a YAML block
7 years ago
Pilou a9afb1e19e hacking/test-module: fix Python 3 compatibility (#33069)
Exception was:
Traceback (most recent call last):
  File "./hacking/test-module", line 268, in <module>
    main()
  File "./hacking/test-module", line 249, in main
    (modfile, modname, module_style) = boilerplate_module(options.module_path, options.module_args, interpreters, options.check, options.filename)
  File "./hacking/test-module", line 155, in boilerplate_module
    if module_style == 'new' and 'ANSIBALLZ_WRAPPER = True' in module_data:
TypeError: a bytes-like object is required, not 'str'
7 years ago
Daniel Shepherd cfbe9c8aee [cloud] Add IPv6 support for ec2_vpc_subnet module(#30444)
* Add integration test suite for ec2_vpc_subnet

* wrap boto3 connection in try/except

update module documentation and add RETURN docs

add IPv6 support to VPC subnet module

rename ipv6cidr to ipv6_cidr, use required_if for parameter testing, update some failure messages to be more descriptive

DryRun mode was removed from this function a while ago but exception handling was still checking for it, removed

add wait and timeout for subnet creation process

fixup the ipv6 cidr disassociation logic a bit per review

update RETURN values per review

added module parameter check

removed DryRun parameter from boto3 call since it would always be false here

fix subnet wait loop

add a purge_tags parameter, fix the ensure_tags function, update to use compare_aws_tags func

fix tags type error per review

remove **kwargs use in create_subnet function per review

* rebased on #31870, fixed merge conflicts, and updated error messages

* fixes to pass tests

* add test for failure on invalid ipv6 block and update tags test for purge_tags=true function

* fix pylint issue

* fix exception handling error when run with python3

* add ipv6 tests and fix module code

* Add permissions to hacking/aws_config/testing_policies/ec2-policy.json for adding IPv6 cidr blocks to VPC and subnets

* fix type in tests and update assert conditional to check entire returned value

* add AWS_SESSION_TOKEN into environment for aws cli commands to work in CI

* remove key and value options from call to boto3_tag_list_to_ansible_dict

* remove wait loop and use boto3 EC2 waiter

* remove unused register: result vars

* revert az argument default value to original setting default=None
7 years ago
Will Thames 46c4f6311a [cloud] Add retries/backoff to ec2_vpc_subnet module (#31870)
* Allow backoff for describe_subnets

Improve exception handling to latest standards

* Add integration test suite for ec2_vpc_subnet

* Add test for creating subnet without AZ

Fix bug identified by test

Fixes #31905
7 years ago
Sloane Hertel 1dd55acbc2 ec2_group: add rule description support - fixes #29040 (#30273)
* ec2_group: add support for rule descriptions.

* Document rule description feature and add an example using it.

* Fix removing rule descriptions.

* Add integration tests to verify adding/modifying/removing rule descriptions works as expected.

* Add permissions to hacking/aws_config/testing_policies/ec2-policy.json for updating ingress and egress rule descriptions.

* ec2_group: add backwards compatibility with older versions of botocore for rule descriptions.

* Add compatibility with older version of botocore for ec2_group integration tests.

* ec2_group: move HAS_RULE_DESCRIPTION to be checked first.

* Make requested change

* Pass around a variable instead of client

* Make sure has_rule_description defaults to None

* Fail if rule_desc is in any ingress/egress rules and the the botocore version < 1.7.2

* Remove unnecessary variable

* Fix indentation for changed=True when updating rule descriptions.

* minor refactor to remove duplicate code

* add missing parameter

* Fix pep8

* Update test policy.
7 years ago
Prasad Katti d6737dcdd4 Added info about return_skeleton_generator.py
Added info about return_skeleton_generator.py to hacking/README.md
7 years ago
Will Thames 37736ee87e Allow AWS image and snapshot creation/deletion
Provide all necessary permissions for AMI tests
Allow tests to run in us-east-2
Ensure `always` section gets used
Update tests to ensure that cleanup works better, and add
deletion idempotency test
7 years ago
Will Thames 5e978b0f2b Use JSON returns values to create RETURN docs
After running hacking/test-module to generate some output,
the JSON output can be fed into the return skeletion generator
to create an excellent starting point for RETURN docs
7 years ago
Will Thames 63df0adc17 [cloud] Update RDS parameter group for boto3 (#25345)
* Update RDS parameter group for boto3

* Update to boto3
* Update to latest ansible standards
* Remove choices list for valid engines (See #19221 for context)
* Allow tagging
* Return some useful information, and document that information

* Add tests for rds_param_group

* Improve testing of rds_param_group

* Add purge_tags option for rds_param_group

* Fix remaining broken rds_param_group tests

* Ensure the group name is lowercased. Fixes integration tests when run on OSX
7 years ago
welchwilmerck af40d04247 bring comments and docs up-to-date for invoking hacking/test-module (#20940)
inside test-module, rundebug also needs to know interpreters
7 years ago
Toshio Kuratomi af2073d057 metadata 1.1
* Add network value to support_by field.
* New support_by value, certified
* Deprecate curated in favor of certified
* Add conversion from 1.0 to 1.1 to metadata-tool
* Add supported by Red Hat field to ansible-doc output
7 years ago
Sam Doran aa19563388 Improve fish environment setup (#26151)
* Add test runner to PATH

* Add Python3 support

* Updating env-setup.fish to use more portable '-exec' rather than '-delete'

* Create gen_egg_info function

Move code into a function similar to env-setup.

Silence all output when run with -q
7 years ago
Will Thames f972994662 [cloud] fix VPC behavior for ec2_group module, improve integration tests (#27038)
* Add tests for group in a VPC

* Improve ec2_group output and documentation

Update ec2_group to provide full security group information
Add RETURN documentation to match

* Fix ec2_group creation within a VPC

Ensure VPC ID gets passed when creating security group

* Add test for auto creating SG

* Fix ec2_group auto group creation

* Add backoff to describe_security_groups

Getting LimitExceeded from describe_security_groups is definitely
possible (source: me) so add backoff to increase likelihood of
success.

To ensure that all `describe_security_group` calls are backed off,
remove implicit ones that use `ec2.SecurityGroup`. From there,
the decision to remove the `ec2` boto3 resource and rely on the client
alone makes good sense.

* Tidy up auto created security group

Add resource_prefix to auto created security group and delete
it in the `always` section.
Use YAML argument form for all module parameters
7 years ago
Will Thames f3bc8b84b6 [cloud] Fix setup_iam to use policy_name, not PolicyName (#26880)
Update setup_iam.yml to work with latest iam_managed_policies
module, which correctly snakifies the results
7 years ago
Toshio Kuratomi 225fa5d092 Fix undefined variables, basestring usage, and some associated python3 issues 7 years ago
sramakr b980a5c02a Use Boto3 for ec2_group Fixes #23507 (#25340)
* Use Boto3 for ec2_group

Currently boto doesn't support ipv6. To support ipv6 in ec2_group, we need boto3.
boto3 has significant API changes, which caused more re-factoring for ec2_group module.
Added additional integration test to test_ec2_group role.

* Follow the standard for boto3 ansible

Fixed imports. Use boto3 ansible exception with camel_dict_to_snake_dict.
Refactored the call to authorize/revoke  ingress and egress.

* Removed dependancy with module ipaddress

Added new parameter called cidr_ipv6 for specifying
ipv6 addresses inline with how boto3 handles ipv6 addresses.

* Updated integration test

* Added ipv6 integration test for ec2_group

* Set purge_rules to false for integration test

* Fixed import statements

Added example for ipv6.
Removed defining HAS_BOTO3 variable and import HAS_BOTO3 from ec2.
Cleaned up import statements.

* Fixed exception handling

* Add IAM permissions for ec2_group tests

Missing AuthorizeSecurityGroupEgress necessary for latest tests

* Wrapped botocore import in try/except block

Import just botocore to be more similar to other modules
7 years ago
Matt Clay 1c1527c73f Initial version of source/testing report tool. 7 years ago
Will Thames 0ed1c3ba9c Split up testing IAM policies and automate creating them (#26223)
* Split up testing IAM policies and automate creating them

Move to managed policies to avoid the 5KB limit on policies
for an IAM entity.

The policy file is templated, so need to make sure that there
is an easy mechanism to populate the templates and push the
new policies.

* Update IAM policies for ec2_scaling_policy tests

* Fix RouteTable policies

DescribeRouteTable should be plural
ModifyRouteTable does not exist, but ReplaceRouteTableAssociation
does.

* Some IAM policies do not allow specified Resources

Various IAM policies do not allow Resources
to be specified and should just use `*`. This differs
per service

* [Autoscaling](http://docs.aws.amazon.com/autoscaling/latest/userguide/control-access-using-iam.html#policy-auto-scaling-resources)
* [EC2](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ec2-api-permissions.html#ec2-api-unsupported-resource-permissions)
* [ECR](http://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr-supported-iam-actions-resources.html)
* [ELB](http://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html)

* Finish fixing AWS IAM resource specifications for testing

Update Lambda and RDS policies
7 years ago
hondak db5ec11758 Replace double-quote with single-quote at example (#26667) 7 years ago
Sloane Hertel 113f92548a hacking/test-module: fix for python3 (#26194)
* make hacking/test-module compatible with python3
7 years ago
Toshio Kuratomi 3ee997b720 metadata and doc generator optimization and fixes
* Fix ansible-doc traceback when a plugin doesn't parse correctly
* Change extract_metadata ivocation to take either an ast or source
  code.  When given source code, it can find file offsets for the start
  and end of dict.  When given the ast, it is quicker as it doesn't have
  to reparse the source.  Requires changing the call to the function to
  use a keyword arg.
* Fix reading of metadata to find the last occurrence of
  ANSIBLE_METADATA instead of the first.
* Add some more unittests to get closer to complete coverage
8 years ago
Toshio Kuratomi e27c2860e7 Move metadata extraction into a library function (#26198)
* Move metadata extraction into a library function
* fix the string cases to throw NotImplementedError
* Some python3 fixes
8 years ago
Michael De La Rue 56d33a2967 Fix hacking/test-module to allow running modules with pdb (#23339)
* Fix hacking/test-module to allow running modules with pdb

* add emacs autosave files to gitignore
8 years ago
Yujun Zhang 1f3755f86b Include error message when ansiballz_setup fails (#26127)
It is quite difficult to pinpoint what is wrong without it
8 years ago
Toshio Kuratomi e238ae999b Cyptography pr 20566 rebase (#25560)
Make pyca/cryptography the preferred backend for cryptographic needs (mainly vault) falling back to pycrypto

pyca/cryptography is already implicitly a dependency in many cases
through paramiko (2.0+) as well as the new openssl_publickey module,
which requires pyOpenSSL 16.0+. Additionally, pyca/cryptography is
an optional dep for better performance with vault already.

This commit leverages cryptography's padding, constant time comparisons,
and CBC/CTR modes to reduce the amount of code ansible needs to
maintain.

* Handle wrong password given for VaultAES format

* Do not display deprecation warning for cryptography on python-2.6

* Namespace all of the pycrypto imports and always import them

  Makes unittests better and the code less likely to get stupid mistakes
  (like using HMAC from cryptogrpahy when the one from pycrypto is needed)

* Add back in atfork since we need pycrypto to reinitialize its RNG just in case we're being used with old paramiko

* contrib/inventory/gce: Remove spurious require on pycrypto

(cherry picked from commit 9e16b9db275263b3ea8d1b124966fdebfc9ab271)

* Add cryptography to ec2_win_password module requirements
  * Fix python3 bug which would pass text strings to a function which
    requires byte strings.

* Attempt to add pycrypto version to setup deps

* Change hacking README for dual pycrypto/cryptography

* update dependencies for various CI scripts

* additional CI dockerfile/script updates

* add paramiko to the windows and sanity requirement set

  This is needed because ansible lists it as a requirement. Previously
  the missing dep wasn't enforced, but cryptography imports pkg_resources
  so you can't ignore a requirement any more

* Add integration test cases for old vault and for wrong passwords

* helper script for manual testing of pycrypto/cryptography

* Skip the pycrypto tests so that users without it installed can still run the unittests

* Run unittests for vault with both cryptography and pycrypto backend
8 years ago
Brian Coca 74842adc07 1st part of ansible config, adds ansible-config to view/manage configs (#12797)
* Start of ansible config project

moved configuration definitions to external yaml file vs hardcoded
 * updated constants to be a data strcutures that are looped over and also return origin of setting
changed to manager/data scheme for base classes
new cli ansible-config to view/manage ansible configuration settings
 * prints green for default/unchanged and yellow for those that have been overriden
 * added list action to show all configurable settings and their associated ini and env var names
 * allows specifying config file to see what result would look like
 * TBD update, edit and view options

removed test for functions that have been removed

env_Vars are now list of dicts
allows for version_added and deprecation in future
added a couple of descriptions for future doc autogeneration
ensure test does not fail if delete_me exists
normalized 'path expansion'
added yaml config to setup packaging
removed unused imports
better encoding handling

updated as per feedback

* pep8
8 years ago
Abhijeet Kasurde b89cb95609 Fix spelling mistakes (comments only) (#25564)
Original Author : klemens <ka7@github.com>

Taking over previous PR as per
https://github.com/ansible/ansible/pull/23644#issuecomment-307334525

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
8 years ago
Brian Coca d03b16e88b start of 'profiling utils' 8 years ago
Martyn Ranyard 014f33655c Allows for testing binary modules (#24857) 8 years ago
Michael De La Rue e9e661ebbb aws integration tests - provide an IAM policy for running (#24725)
* aws integration tests - provide an IAM policy that can be used for running them

* move documentation of aws policies into main integration testing documentation + some updates there

* Update testing_integration.rst

Edits
8 years ago
Dag Wieers 9a5a61bdca hacking/: PEP8 compliancy (#24683)
- Make PEP8 compliant
8 years ago
Matt Martz 8e523089ef Speed up env-setup (#24133) 8 years ago
Brian Coca 424e1946f4 moved docs generation and templates to docs/ 8 years ago
Brian Coca 7839f70e36 Enable documentation in plugins
Made ansible-doc more plugin agnostic
We can have docs in lookup, callback, connectionm strategy, etc
Use first docstring and make pepizis happy
generalized module_docs to plugin_docs
documented cartesian, ssh, default, jsonfile, etc as examples
changed lack of docs to warning when listing
made smarter about bad docstrings
better blacklisting
added handling of options/config/envs/etc
move blacklist to find_plugins, only need once
8 years ago
Brian Coca 18cbc3b16b minor doc gen fixes 8 years ago
Brian Coca b606bcec04 Doc directives (#22524)
* draft docs for directives

* updated to document directives
8 years ago
Toshio Kuratomi eb1214baad New metadata 1.0 (#22587)
Changes to the metadata format were approved here:
https://github.com/ansible/proposals/issues/54
* Update documentation to the new metadata format
* Changes to metadata-tool to account for new metadata
  * Add GPL license header
  * Add upgrade subcommand to upgrade metadata version
  * Change default metadata to the new format
  * Fix exclusion of non-modules from the metadata report
* Fix ansible-doc for new module metadata
* Exclude metadata version from ansible-doc output
* Fix website docs generation for the new metadata
* Update metadata schema in valiate-modules test
* Update the metadata in all modules to the new version
8 years ago
John R Barker 04e816e13b Stricter module documentation validation (#22353)
Raise the bar for module `DOCUMENTAION`
This validator update was used to find the issues in https://github.com/ansible/ansible/pull/22297/files

**Validation**
* Updated Validation and docs to enforce more (items fixed in https://github.com/ansible/ansible/pull/22297/files)
* Use `suboptions` to document complex options 
* Validate module name
* Validate deprecated modules have correct ANSIBLE_METADATA

**Module Documentation Generation**
* Document `suboptions:` Example https://gist.github.com/gundalow/4bdc3669d696268328ccc18528cc6718
* Tidy up HTML generation (valid HTML, no empty lists, etc)
 
**Documentation**
* Clarify the steps for deprecating a module
* Use correct RST headings
* Document `suboptions:` (options)
* Document `contains:` (returns)


**Details**
The aim is to get this (and corresponding module updates) complete by the time `devel` becomes `2.4`, as this allows us to raise the bar for new modules

Example `suboptions` https://gist.github.com/gundalow/4bdc3669d696268328ccc18528cc6718

The aim is to get this PR integrated into `devel` *before* we branch `stable-2.3`, this will allows us to:
* Raise the bar for new modules in 2.4
* Ensure the generated module documentation for 2.3 and higher is improved, important as we will be doing versioned docs moving forward.
8 years ago
Matt Clay 48e82b4ca8 Add `test/runner` to $PATH in `hacking/env-setup`. (#22387) 8 years ago
Brian Coca b714f1fc4b made module notes render nicer on docsite 8 years ago
Matt Martz 5942de603d Legacy pep8 clean fixes for contrib and hacking (#21081) 8 years ago
Allan ba39d1158c Update test-module (#20737)
* Update test-module

Ensuring invoke is assigned

Traceback (most recent call last):
  File "ansible/hacking/test-module", line 267, in <module>
    main()
  File "ansible/hacking/test-module", line 263, in main
    runtest(modfile, argspath, modname, module_style, interpreters)
  File "ansible/hacking/test-module", line 207, in runtest
    invoke = "%s%s" % (invoke, modfile)
UnboundLocalError: local variable 'invoke' referenced before assignment

* Update test-module

Made the change to only require a single if, making the function more 'DRY'.
8 years ago
Matt Clay 10d9318de7 PEP 8 indent cleanup. (#20800)
* PEP 8 E121 cleanup.

* PEP 8 E126 cleanup.

* PEP 8 E122 cleanup.
8 years ago
Matt Clay d0d1158c5e PEP 8 cleanup. (#20789)
* PEP 8 E703 cleanup.
* PEP 8 E701 cleanup.
* PEP 8 E711 cleanup.
* PEP 8 W191 and E101 cleanup.
8 years ago
Matt Clay 95789f3949 PEP 8 whitespace cleanup. (#20783)
* PEP 8 E271 whitespace cleanup.
* PEP 8 W293 whitespace cleanup.
* Fix whitespace issue from recent PR.
8 years ago
Matt Clay 63b1e0c277 Fix infrequent PEP 8 issues. 8 years ago
Brian Coca bcdfdc0cc3 minor cleanups
removed redundant print/exits
removed unused import and var
8 years ago
Adam Johnson fbfe66967d Doc module meta grammar fixes (#20446)
* Remove unnecessary 'the'
* End sentences with a period
8 years ago
Will Thames 082082857d Use the python used with test-module to run modules (#19591)
* Use ansible_python_interpreter to run modules

Use ansible_python_interpreter to run modules if
`-I ansible_python_interpreter` is set.

Remove unused default from `-I` help text.

* Update test-module to pep8 standards
8 years ago
Matt Clay cd3fdca540 Switch tests to pytest and ansible-test.
- Replace nose usage with pytest.
- Remove legacy Shippable integration.sh.
- Update Makefile to use pytest and ansible-test.
- Convert most yield unit tests to pytest parametrize.
8 years ago