with new configuration the sudo flags are always set and become cannot override,
switching to simle 'or' will result in become_flags working.
also sudo_flags are deprecated.
also changed from YAML null causing a 'None' str
fixes#30629
(cherry picked from commit 236d13ac3a)
Previously to use the modes put or get the object had to be specified with a leading /. Since the boto call doesn't take an object like that this was overlooked and removed. Added a check to remove that leading character.
* made callbacks backwards compatible
* note about porting guide
* deprecation notice so those callbacks get updated.
This fixes#30597 for those that were not inheriting from base.
Callback must either inherit from base (directly or indirectly),
which already implements this or implement set_options themselves.
(cherry picked from commit 131d417c7a)
This is to catch vault secrets from config and
cli. Previously vault_password_file in config was
missed since it was added by setup_vault_secrets,
so check after setup_vault_secrets.
Related to #30514
(cherry picked from commit 174cb1f33c)
This is to match the 2.3 behavior on:
ansible-vault edit encrypted_file.yml
Previously, the above command would consider that a 'new password'
scenario and prompt accordingly, ie:
$ ansible-vault edit encrypted_file.yml
New Password:
Confirm New Password:
The bug was cause by 'create_new_password' being used for
'edit' action. This also causes the previous implicit 'auto prompt'
to get triggered and prompt the user.
Fix is to make auto prompt explicit in the calling code to handle
the 'edit' case where we want to auto prompt but we do not want
to request a password confirm.
Fixes#30491
(cherry picked from commit 307be59092)
* Restore correct coloring to selective callback
This fixes the bug raised in #30506
* Fix format issues for Python 2.6 & indent
Removed the zero length fields to support format under Python 2.6
Fixed E128 continuation line under-indented for visual indent issue
(cherry picked from commit d74c871559)
updated clog
* Add _ and . to regex (#30396)
Adding underscore and period to the nxos regex for determining the prompt for hostnames with underscores and periods in the hostname.
(cherry picked from commit 33b8d7069f)
* Add change log
* windows: fix list type in legacy module utils
* only change the return for the list type instead of affecting it all
* additional null check when using an array
(cherry picked from commit 01563ccd5d)
* openssl_certificate: Fix parameter assertion in Python3
Parameter assertion in Python3 is broken. pyOpenSSL get_X() functions
returns b'' type string and tries to compare it with '' string, leading
to failure.
The error mentionned above has been fixed by sanitizing the inputs from
a user to the assert only backend.
Also, this error was hidden by the fact that the improper check method
was called in the generate() functions.
* Add simple integration test for openssl_certificate
* remove subject == issuer assertion
* run integration tests only on supported hosts
* change min supported version to 0.15.x
* Add test for more CSR fields
* also convert dict members to bytes
* fix version_compare
* openssl_{csr, certificate}: Fail if pyOpenSSL <= 0.15
Previous 0.13 pyOpenSSL was a C-binding, and required the parameter
passed to add_extention to be in ASN.1. This has changed with the move
to 0.14 and it is now all pythong and string based.
Previous the 0.15 release, the `get_extensions()` method didn't exist,
since the modules rely heavily on it we ensure pyOpenSSL version is at
last 0.15.0.
* check pyopenssl version in openssl_csr integration test
(cherry picked from commit 2186b04934)
* finalize lookup documentation
* minor fixes to ansible-doc
- actually show which file caused error on when listing plugins
- removed redundant display of type and name
* smart quote fixes from toshio
(cherry picked from commit 24d4787b2d)
* changed RunCommand result from Tuple to CommandResult for easier future extensibility
* moved Win32 Dictionary->multi-null-string environment munging into C#
(cherry picked from commit 0e70057f56)
As-merged, had several issues that prevented idempotent usage. Some args were defined at the wrong UI level. Dual-state args didn't match up with typical Ansible UI.
(cherry picked from commit 6b5b465125)
* Fixes nxos_pim_rp_address module idempotence
* * Adds a note in header comment to indicate no support for absent state
(cherry picked from commit ff84fc969c)
* fixed issue with default callback inheritance
- callbacks need to document same options as callbacks they inherit from to get them configured
- since default is also used by many 3rd party callbacks for inheritance, making the code 'tolerate' the missing docs
and fallback to using the direct constant to configure it's options.
(cherry picked from commit 81fd67c10f)
* Fix nxos_snmp_community idempotence issue
* Use passed in name to filter
* Test updates and remove unused method
(cherry picked from commit 9af6dc4751)
It could be something like '10beta4', which StrictVersion() would
reject. When Postgres 10 is released, it will be '10', which
StrictVersion() would STILL reject.
Fortunately, psycopg2 has a 'server_version' connection attribute that
is guaranteed to be an integer like 90605 for version 9.6.5, or 100000
for version 10. We can safely use this for version-specific code.
(cherry picked from commit 0addd53926)
1) import_role was never resulting in a static inclusion of the role
tasks due to a logic error.
2) no error was raised when import_role tried to use a with loop, resulting
in a strange error down the execution path.
(cherry picked from commit cd2774af78)
Also fixes instances where conditionals or other variables may result in
hosts executing lists of tasks of differing sizes.
Fixes#18748
(cherry picked from commit 6730f81024)
* fix nxos_pim_interface
* Add integration test coverage and fix unit test
* Add clarifying comments
* Make ansibot happy
(cherry picked from commit 173c41aefe)
* Consistency and document treatment of default bool values
* Document that default bool values can be any Ansible recognized bool.
choose the one that reads better in context
* For fragments used by the copy module, make bool types use type=bool and not choices
* Edit for clarity
(cherry picked from commit 8a2f069468)
The dellos action plugins should add the remote address of the switch
provider to the play context. This was fixed in issue #23589 in an
almost identical manner for the eos, ios, iosxr, and vyos action
plugins.
Fixes: #30350
(cherry picked from commit ac69fcccdc)
* Clean up nxos_snmp_contact & nxos_snmp_location
* Bring nxos_snmp_community in line
* Bring nxos_snmp_host in line
* And I would have gotten away with it too,
if it weren't for those meddling sanity tests
* Bring nxos_snmp_traps & nxos_snmp_user in line
* Appease Shippable
(cherry picked from commit 8c03609e54)
* ec2_group: Handle name conflict with empty vpc_id.
If several groups exist with the same name (and vpc_id is None) then
treat the group outside the vpc as preferred (same as it would for a vpc
group with vpc_id specified). Also don't run the egress rules code in
that case.
* Handle lack of `IpPermissionsEgress` attribute on EC2 classic groups
In EC2 classic groups, the `while True` loop checking for egress
permissions will continue infinitely.
* Handle incompatible combinations of EC2 Classic + VPC groups
* Fix integration tests in accounts lacking EC2 classic
This change checks against the security group created, instead of the
module parameters, for VPC ID. This means that new accounts with a
default VPC will still wait properly for the first egress rule to
populate.
* Fix conditional for storing described groups with preference for matching VPC IDs
* Revert `vpc_id is None` on conditional to allow for default VPCs
(cherry picked from commit 4bc4abfe1b)
Per the new style of execution, for dynamic tasks conditionals are expected
to only affect the include task itself and should not be inherited by child
tasks. This patch brings the behavior inline with this expectation.
Fixes#27845
(cherry picked from commit b38f746604)
* nxos_file_copy bug fix
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* provider gets set to None in module level when transport is cli
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
(cherry picked from commit 578ae3b238)
Fixes#29974
Add `None` check while comparing module parameter values (want) with the actual
configuration present on device (have).
(cherry picked from commit d8371cec91)
* ACI EPG TO DOMAIN: Add vm_provider docstring and add support for microsoft and openstack
* Fix typo
* Fix whitespace
(cherry picked from commit 2489eeece0)
* windows facts: better way to get machine SID
* remove the substring and just get the property that contains the value we need
(cherry picked from commit f6858cdd4d)
Pull the get_poller_result inside the if block so that if the caller has
wait_for_deployment_completion=False, it doesnt block and wait for it to
finish.
Also, since the result contains information about the deployment, provide
None values for it in the output.(Not sure if this needs to be documented)
Fixes#26014
(cherry picked from commit c0000bc722)
* Updated pip module to always return changed if venv is created
Fixes#23204
* Add integration test to pip (see #23204)
(cherry picked from commit 6dbc3c63f8)
* fixes#26623
* Test-Path (and thus `-type path` in Get-AnsibleParam) fail on a nonexistent drive letter, since it can't be mapped to a PSProvider.
* added support and basic smoke tests for
(cherry picked from commit 1e2ce4c8ab)
* Create instance-store AMI instances with 'terminate' as the shutdown behavior since it is required.
* Match on the error code instead of searching for a string in the message.
* Narrow conditional to only fix shutdown behavior if fixing it would help
* Fix pep8.
* Using docstrings conflicts with the standard use of docstrings
* PYTHON_OPTIMIZE=2 will omit docstrings. Using docstrings makes future
changes to the plugin and module code subject to the requirement that we
ensure it won't be run with optimization.
(cherry picked from commit cc343a4376)
* module and vault fixes
- fix module_path cli option and usage, which fixes#29653
- move --output to be in subset of vault cli, no need for all vault enabled cli to use it
- added debug to loader to see directories added
(cherry picked from commit 2165bac212)
* harmonize openssl-csr argument names
* the module has been introduced by 2.4 not only the privatekey_passphrase
(cherry picked from commit 177ce3014c)
* refactor firewalld module with object abstraction
This change creates a FirewallTransaction object that each
individual transaction type is a sub-class of as they all follow the
same pattern to enable or disable something in the firewall.
Also, there's a few bugfixes here:
- Fix the "source" type to handle permanent operations
- Remove ambiguity of required parameters for only specific use
cases that can lead to transactions effectively being a no-op.
Instead, pick sane defaults and document them.
- Change how imports are done so globals are no longer needed
This is based on the original feedback by Toshio from the last
refactor attempt:
https://github.com/ansible/ansible-modules-extras/pull/3383
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
* fix line too long for pep8 for shippable tests
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
* remove firewalld from pep8/legacy-files
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
(cherry picked from commit 75127092f2)
* only complain about ini deprecation if value is set
* set plugin config for stdout and other types
* updated plugin docs, moved several plugins to new config
* finished ssh docs
* fixed some issues seen in plugins while modifying docs
* placeholder for 'required'
* callbacks must use _plugin_options as _options already in use
(cherry picked from commit 869a318492)
from __future__ unicode_literals leads to developer confusion as
developers no longer can tell whether a bare literal string is a byte
string or a unicode string. Explicit marking as u"" or b"" is the way
to solve the same problem in the Ansbile codebase.
(cherry picked from commit ff13d58c14)
* Change ansible-doc usage to show -a is for internal use
ansible-doc -a is for testing that documentation is sane. It should not
be used by normal users in production. The main reason for this is that
it is designed to fail if there are any undocumented modules or plugins.
This is good for testing that all plugins we ship are documented. It is
not good for end users who may have undocumented third-party plugins.
(cherry picked from commit cfaea8a053)
The config variables defined with eval, like INVENTORY_IGNORE_EXTS,
are not stored properly once the eval is processed.
This causes references to the constant to still have the eval in the
value.
(cherry picked from commit f0aa31b49e)
* Adjust version checking regex to account fo no comma in IOS-XE
* Adjusted regex to include last character of version number
(cherry picked from commit e5d247fdc0)
since we want to make namespaced facts drop ansible_ prefix but don't have the
time before release to perfect this feature, we are going to postpone it for now
until we have the resources to fix this issue. That way we won't have people relying
on the 'incorrect' names for a release.
(cherry picked from commit 0c291ece1a)
* fix sid lookup issues and update copyright/license to latest format
* simplify win_owner and win_share by removing unnecessary function
(cherry picked from commit 8f050d3719)
* This commit includes a unit test to exercise the _is_role
function and make sure it doesn't break in any Python version.
* Import os.path and other minor fixups
(cherry picked from commit 8e4f112b39)
The set theory filters need to use lists rather than generators on python3.
Also add unit tests for most of the mathstuff filters
Fixes#26494
(cherry picked from commit 75249e311e)
* cloud: azure: fix typo introduced in commit 16d23e9
The commit "Add reference to VNET resource group (#26052)"
removed an used variable.
* network: aos: error hint never shown
(cherry picked from commit 6797221107)
- better variable precedence management
- universal plugin option handling
- also updated comments for future directions
- leverage fragments for plugins
- removed fact namespacing
- added 'firendly name' field
- updated missing descriptions
- removed some unused yaml entries, updated others to reflect possible future
- documented more plugins
- allow reading docs using alias
- short licenses
- corrected args for 'all plugins'
- fixed -a option for ansible-doc
- updated vars plugins to allow docs
- fixed 'gathering'
- only set options IF connection
- added path list and renamed pathspec mostly the diff is , vs : as separator
- readded removed config entries that were deprecated but had no message ... and deprecated again
- now deprecated entries give warning when set
(cherry picked from commit 075ead8fb0)
* let generate_man also gen rst pages for cli tools
* make template-file, output-dir, output format cli options for generate_man
* update main Makefile to use generate_man.py for docs (man pages and rst)
* update vault docs that use :option:
* Edits based on
6e34ea6242 and
a3afc78535
* add a optparse 'desc' to lib/ansible/cli/config.py
The man page needs a short desc for the 'NAME' field
which it gets from the option parse 'desc' value.
Fixes building ansible-config man page.
* add trim_docstring from pep257 to generate_man
use pep258 docstring trim function to fix up any indention
weirdness inherit to doc strings (ie, lines other than
first line being indented.
* Add refs to cli command actions
To reference ansible-vaults --vault-id option, use:
:option:`The link text here <ansible-vault --vault-id>`
or:
:option:`--vault-id <ansible-vault --vault-id>`
To reference ansible-vault's 'encrypt' action, use:
:ref:`The link text here <ansible_vault_encrypt>`
or most of the time:
:ref:`ansible-vault encrypt <ansible_vault_encrypt>`
(cherry picked from commit 89c973445c)
This allows to use a pathlist in the ansible.cfg:
[default]
inventory = path/inventory:other_path/inventory
Since ansible allows to use --inventory on CLI more then once, we should also support a pathlist in the config.
(cherry picked from commit da488a8db5)
* cleaner get for file based caches
* now db based facts behave like file ones
we now keep local in mem cache to avoid race conditions on expiration during ansible runs
(cherry picked from commit 13d1520f3d)
* win_regedit: fixed up diff output to be more representative of type
* added diff fix for creation of key and prop in one go
(cherry picked from commit 91e7c3ec81)
* Fix digital_ocean module_util api_token bug
* Included environment variables also
* Removed try/catch and added a check on self.oauth_token
Modules using the DigitalOceanHelper would expect the module to handle any api key resolution.
This prevents errors when adding new rules that conflict with existing
ones that will be deleted. For example this allows adding a new rule
with the same priority of a rule that will be purged.
* add 2 quota variables for openstack: loadbalancer and pool. In neutron, they're set to 10 by default. So in the real production environment, you would hit this limit very soon.
* specify version_added for new options
This PR includes:
- A new function to modify query strings in URLs
- Add rsp-subtree=modified to post/delete requests
- Test the ACI response for changes and report back
- Return the used URL back to the user
- Remove check-mode support (as it was non-functional anyway)
- Fix a bug related to method=delete and not having content set
This fixesdatacenter/aci-ansible#111
* Add EOS provider options as subspec
* Add IOS provider options as subspec
* Add IOS XR provider options as subspec
* Add Junos provider options as subspec
* Add NX-OS provider options as subspec
* Add Vyos provider options as subspec
* Remove password checks from check_args
* Do the same to aireos, aruba, ce, dellos*, & sros, as they work the same way
* VyOS does not support `transport`
This reverts commit 43247c8dfe.
Revert "Bring nxos_snmp_community in line"
This reverts commit 0df77408d7.
Revert "Clean up nxos_snmp_contact & nxos_snmp_location"
This reverts commit 9e4cdd2fce.
I should probably not be up this early
* module should fail if eos_user is added without configured_password or nopassword or sshkey
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* fix eos_user unit test
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* fix eos_user integration test
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Fix junos_user pruge option failures
Fixes#25989
Add seperate handling for purge option which
fetches configured users on remote device
and delete the one not present in aggregate
list.
* Minor changes
* Fix encoding errors on grp.gr_name, which can contain non-ascii character at LDAP/AD domain workstations
* fix: utils.to_text() is now used instead of py3-incompatible unicode() method
Fix appearance of failure when creating a cloudformation changeset after a rollback. When creating a cloudformation changeset it shouldn't matter if the last event was.
_ROLLBACK_COMPLETE since creating a changeset is not an event. Fixes#27853.
Before fix, logic tries to access info from 're' library
which raises AttributeError.
Fix adds correct variable usage for accessing next/previous
search results from github api.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
CloudLinux and OpenVZ have common roots, but CloudLinux does not really
provide OS virtualization so it should not be regarded as a 'openvz'
system. This change adds a check for the existance of the LVE kernel
module which only exists on CloudLinux.
Fixes: https://github.com/ansible/ansible/issues/26424
* Add FcoeNetworkFactsModule for retrieving HPE OneView FCoE Networks
- Allow querying for FCoE Network resources in HPE OneView
- Adds unit tests to new module
* Fix "required: no"
* Add NetworkSetFactsModule for retrieving HPE OneView Network Sets
- Allow querying for Network Set resources in HPE OneView
- Adds unit tests to new module
- Updates oneview_module_loader copyright header to short GPL3 version
* Adding possibility to pass in credentials as parameters
* Removed required false and changed format of filter_by_name declaration
* Updated examples in docs to reflect new way to pass in credentials
- All examples of the oneview_network_set_facts updated to use
credential parameters
- All required=False from oneview base module removed
- Shared docs updated to bring attention to API version being used
