* nxos_vlan: vlan names containing regex ctl chars should be escaped (#55463)
The `nxos_vlan` module may raise with regex error `sre_constants.error: multiple repeat` in the non_structured codepath if the device has existing vlan names with certain regex control characters; e.g.
```
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Eth1/3
14 my-vlan-name-is-*** active
```
(cherry picked from commit de8ce08fd8)
* fix nxos_vlan mode idempotence bug (#55144)
* fix nxos_vlan mode idempotence bug
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Fix CI failure
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
(cherry picked from commit 57e0567310)
* nxos_vlan fix 2.8 backport
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* `nxos_acl` may fail with `IndexError: list index out of range` while attempting to delete a non-existent ACL.
The failure occurs when the `acl` var is an empty list.
* nxos_acl: catch 501 'Structured output unsupported' when no ACLs present
With some older image versions, `show ip access-list | json` will raise a 501 error indicating `'Structured output unsupported'` when there are no access-lists configured. This change turns off the `check_rc` and then looks for the failure condition.
* Fix kwarg
* Fix lint issues
(cherry picked from commit 869fdcd7d4)
mem_reservation and memory_reservation has redundant implementation.
Combining them together.
Fixes: #54335
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 193f69064f)
* To fix the issue where nios_zone module was running second time for same object (#55595)
* fix for 55128 issue
Signed-off-by: Sumit Jaiswal <sjaiswal@redhat.com>
* review comment fix
Signed-off-by: Sumit Jaiswal <sjaiswal@redhat.com>
(cherry picked from commit 661f7be0fe)
* changelog for 2.8
Signed-off-by: Sumit Jaiswal <sjaiswal@redhat.com>
* connection/docker: add privilege escalation support (#55816)
As described in #53385 (and #31759), the docker connection driver did
not support privilege escalation. This commit is a shameless
cut-and-paste of the privilege escalation support from the `local`
connection plugin into the `docker` plugin.
Closes: #53385
(cherry picked from commit 61e476b908)
* docker connection plugin: make privilege escalation code more similar to local.py (#56288)
* Make more similar to local.py
* Fix typo.
(cherry picked from commit 708bda06aa)
* sysctl will now return an error if the value is invalid
sysctl can fail to set a value even if it returns an exit status 0. More
details: https://bugzilla.redhat.com/show_bug.cgi?id=1264080. Because of
this in case of an invalid value or a read-only file system, sysctl
module would return OK, even though it didn't set anything. To be sure
that sysctl correctly applied the changes we also need to check the
output of stderr.
(cherry picked from commit 0432b7f2522dbf82c4fabdb3fd17f7ac83f34e62)
* Run sysctl with LANG=C
Because we are parsing sysctl stderr we need to make sure that errors
are persistent across different system language settings.
(cherry picked from commit a16128f778b1e7574c5986aed26e146ac0561533)
* Add changelog fragment for sysctl
(cherry picked from commit 3ad9d4d83c1d2bbfccefb8388904c596d98f8731)
* Fix loading namespaced doc_fragments
The syntax for specifying a different fragment name was already
using '.' as a separator, so the code needed to be tweaked to
avoid choking on names like `testns.testcoll.fragname` and
`testns.testcoll.fragname.altvar`.
`get_plugin_class()` returns 'docfragment' for the fragment loader;
mangling `subdir` provides consistent alignment with the normal plugin
directory names and avoids needing special handling of plugin types
with 'module' in the name.
* Add changelog entry
(cherry picked from commit 2ef8b297ff)
* Correct link to Thomas' GitHub account (#55587) from tstringer to trstringer
(cherry picked from commit 158452661a)
* Add changelog fragments for #44811 (#55427)
(cherry picked from commit 7e0603282d)
* Speed up the Sphinx documentation build (#55593)
* speeds up the docs build by changing the navigation collapse setting
(cherry picked from commit 47a440774f)
* Improve rendering of default lists (#56041)
(cherry picked from commit 53ed1bfc49)
* Fix net_get and net_put task run failure (#56145)
* net_get and net_put action plugin class need
to inherit from ActionBase class as the action
class implements the entire get and put logic
(cherry picked from commit 9271b4e368)
* backport changelog
Signed-off-by: Sumit Jaiswal <sjaiswal@redhat.com>
The current code was not properly checking for the active state when
checking any_errors_fatal, so if the error occurred in a sub-block
or included file it is not properly detected.
Fixes#55515
* Make module not get all nets every time it's executed with net_id
* Add changelog fragment
* Update changelogs/fragments/meraki_static_route_api_calls.yml
Co-Authored-By: kbreit <kevin.breit@kevinbreit.net>
(cherry picked from commit 7b7d6a1fef)
* prevents accidental templating on intra-action postprocessing of an untrusted module result
* makes the view of a module result within an action consistent with the way it would be stored for future use (eg facts, register)
(cherry picked from commit 03cac394cc)
Implement a new method for shadow file parsing so it can be subclassed.
(cherry picked from commit f27eccabbd)
Co-authored-by: Sam Doran <sdoran@redhat.com>
Ensure inventory plugin loading rel to play
fixes#51033
* clarify paths
* now adding dirs funciton in loader
* better warnings
* each cli should handle adding dirs depending on context
(cherry picked from commit 780ee45819)
* [stable-2.8] Move missing library abort to use rather than import for netconf (#55384)
(cherry picked from commit b442706)
Co-authored-by: Nathaniel Case <this.is@nathanielca.se>
* Add changelog
* Use module_utils.compat.ipaddress where possible.
* Simplify reverse pointer computation.
* Use dummy for unused variables.
* Remove from ignore list.
* Adjust fix.
* Fix text handling for Python 2.
* Add changelog.
(cherry picked from commit c8a15b9dbc)
* General test improvements.
* Adjust tests to older docker-py versions.
* docker_swarm_server_info: work around problems with older docker-py versions
* Bump minimal docker-py version for options network_filters and disk_usage.
* More general test improvements.
* Correct usage of docker_image.
* Put files into output directory.
* Speed up test.
* Remove old check.
(cherry picked from commit 12d26eceb1)
* vsphere_guest: corrected fix#19716 misbehaviour
* creating machines without vm_extra_config is possible
* power state operation on absent machines will fail
* changelog fragment for PR #55285 (vsphere_guest bugfix)
* psrp - Fix raw and script tests for connection plugin
* Fix error propagation with raw in psrp
* uncomment test
(cherry picked from commit fdf9df89f5)
* postgresql_idx: improved doc, tests, remove useless lines from code (#55131)
* postgresql_idx: improve doc
* postgresql_idx: improve doc, removed unuseless rows from code
* postgresql_idx: misc doc fix
* postgresql_idx: moved common params where they were
* postgresql_idx: moved common params where they were 2
(cherry picked from commit d790285e80)
* postgresql_idx: added changelog about removing useless lines from code
* Version in deprecate calls should be a string. Fixes#55312. Fixes#55313. Fixes#55314. Fixes#55315. Fixes#55316. Fixes#55317.
* Add changelog fragment
(cherry picked from commit ca83a5c)
Co-authored-by: Matt Martz <matt@sivel.net>
* Add test for generating a CSR with everything, and testing idempotency.
* Proper SAN normalization before comparison.
* Fix check in cryptography backend.
* Convert SANs to text. Update comments.
* Add changelog.
(cherry picked from commit cb5c57bcd5)
vmware_portgroup accepts list of hosts, get_all_host_objs API modified
to accept list of hosts.
(cherry picked from commit 6ff4547489)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Warn when log_options values are not strings.
* Add changelog.
* Improve message.
* Improve formatting and formulation of other messages.
* Add test for warning.
* Trying double escaping.
(cherry picked from commit d64b17731d)
* Extend git commit c65909d6db "Add network fact to obtain FC WWN initiator ports"
adding support of enumerating AIX device WWN ports
$ lsdev -Cc adapter -l fcs*
fcs0 Defined 00-00 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
fcs1 Defined 00-01 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
fcs2 Available 04-00 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
fcs3 Available 04-01 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)
$ lscfg -vpl fcs3 | grep 'Network Address'
Network Address.............10000090FA551509
* no self in this code
* Two fixes:
- fix run_command execution, passing 'use_unsafe_shell=True' since we have a pipe in it ( | grep )
if we don't set unsafe shell, it will return error on execution.
- strip new line characters at the end of WWNs.
* fix pep8 , E225 missing whitespace around operator
* use module.get_bin_path() instead of hardcoded values
* move module.get_bin_path() out of for loop
* use python string parsing instead of calling external grep
* use in operator instead of find() for simplicity and readability
* add changelog fragment
* Added idempotency logic to openssl_pkcs12
Also decoupled the 'parse' and 'generate' function from the file write
as they are now used in different places that do not need the file to be
written to disk.
* Added idempotency tests for openssl_pkcs12
Also adds a new test for pkcs12 files with multiple certificates
* Regenerate if parsed file is invalid
* pkcs12_other_certificates check was wrong
* Updated ca_certificates to other_certificates
ca_certificates is left as an alias to other_certificates;
friendlyname depends on private key, so it will be ignored while
checking for idempotency if the pkey is not set;
idempotency check only checks for correct certs in the stack
* use different keys for different certs
* Added other_certificates in module docs
* Added changelog and porting guide
* removed unrelated porting guide entry
* renamed ca_cert* occurrence with other_cert
* facts: correctly detect xen paravirt vs hvm cpuinfo
Fixes#49039
Signed-off-by: Adam Miller <admiller@redhat.com>
* provide default val if we IndexError
Signed-off-by: Adam Miller <admiller@redhat.com>
This reverts commit 85d836171b.
As discussed in WWG IRC meeting, we don't want Get-ADObject to be a dependency of win_domain_membership, and we need to be able to authenticate to the DC in some configs. We can revisit this change a different way for 2.9.
* Force pkg_mgr yum for rhel < 8, dnf for rhel > 8
This solves the scenario in which someone using RHEL or a clone
decides to install dnf, which can break their system in certain ways
under certain scenarios (a dnf bug that's been resolved upstream but
left user systems broken happened recently). Currently Red Hat
provides dnf to RHEL7 in an optional Tech Preview Channel under the
YUM4 branding, as does the CentOS Content Management SIG. There may
be others in the ecosystem I'm not familiar with.
Signed-off-by: Adam Miller <admiller@redhat.com>
* add changelog
Signed-off-by: Adam Miller <admiller@redhat.com>
* Use six from ansible.module_utils for inventory scripts
Remove skips from sanity test
* Change all imports of ConfigParser to use module_utils.six.moves
* Remove commented out lines
* Fix six imports
* mysql_user: fix MySQL/MariaDB version check
To handle properly user management, version check needed refacto, as well as the query used to get existing password hash
* mysql_user: break long query in multiple lines
* mysql_user: fix query fetch existing password hash
* mysql_user: MariaDB version check 100.2 != 10.2
* mysql_user: fix existing password fetch
In some cases, both columns (Password and authentication_string) may exist and be populated.
In other cases one exist, but not the second.
This fix should handle properly all situations
* mysql_user: break long queries
* mysql_user: refactor duplicated code
* mysql_user: handle updates from root with empty passwd to new passwd
* mysql_user: GC debug statement and readd trailing new line
* mysql_user: fix pep8 under indentation
* mysql_user: fix privileges management
https://github.com/ansible/ansible/pull/45355#issuecomment-428200244
* mysql_user: raise exception if exception caught doesn't match the one that is managed
* mysql_user: improve plugins output (add msg field with explicit informations)
* mysql_user: fix old / new password hash comparison
* mysql_user: fix reference to old MySQLdb lib
* mysql_user: fix cursor when root password is left empty (mysql DB invisible)
* mysql_user: add changelog
* ALL privileges comparison
* fixed blank line
* added mysql 8 fixes
* fixed version compatibility
* mysql_user: fix MySQL/MariaDB version check
To handle properly user management, version check needed refacto, as well as the query used to get existing password hash
* mysql_user: break long query in multiple lines
* mysql_user: fix query fetch existing password hash
* mysql_user: MariaDB version check 100.2 != 10.2
* mysql_user: fix existing password fetch
In some cases, both columns (Password and authentication_string) may exist and be populated.
In other cases one exist, but not the second.
This fix should handle properly all situations
* mysql_user: break long queries
* mysql_user: refactor duplicated code
* mysql_user: handle updates from root with empty passwd to new passwd
* mysql_user: GC debug statement and readd trailing new line
* mysql_user: fix pep8 under indentation
* mysql_user: fix privileges management
https://github.com/ansible/ansible/pull/45355#issuecomment-428200244
* mysql_user: raise exception if exception caught doesn't match the one that is managed
* mysql_user: improve plugins output (add msg field with explicit informations)
* mysql_user: fix old / new password hash comparison
* mysql_user: fix reference to old MySQLdb lib
* mysql_user: fix cursor when root password is left empty (mysql DB invisible)
* mysql_user: add contrib
* Rename changelogs/fragments/45355-mysql_user-fix-versions-compatibilities to add YML extension
- Fixed issue #25017,#37567
- Add example for prompt on launch
- Add integration test for prompt on launch
Signed-off-by: Hideki Saito <saito@fgrep.org>
* updated tests and changelog for 54516
* Handle errors if PG does not support partitioning.
* Check for PG > 10 in tasks
* Show changes for partitioned tables in ansible
* Added documentation in the tests
* Update test/integration/targets/postgresql/tasks/postgresql_privs.yml
Co-Authored-By: raymondroelands <raymondroelands@users.noreply.github.com>
* Update test/integration/targets/postgresql/tasks/postgresql_privs.yml
Co-Authored-By: raymondroelands <raymondroelands@users.noreply.github.com>
* Added check for 0 tables after revoking rights
* Added test and moved tests
Added check mode test and moved test right after the change.
* Rebased postgresql_privs.py
* Correct behavior so that direction isn't required for default.
* Add more tests.
* 'disabled' values cannot be changed.
* Include 'not specified' in messages.
