Commit graph

3026 commits

Author SHA1 Message Date
Ganesh Nalawade
97a34cf008 Add options sub spec validation (#27119)
* Add aggregate parameter validation

aggregate parameter validation will support checking each individual dict
to resolve conditions for aliases, no_log, mutually_exclusive,
required, type check, values, required_together, required_one_of
and required_if conditions in argspec. It will also set default values.

eg:
tasks:
  - name: Configure interface attribute with aggregate
    net_interface:
      aggregate:
        - {name: ge-0/0/1, description: test-interface-1, duplex: full, state: present}
        - {name: ge-0/0/2, description: test-interface-2, active: False}
    register: response
    purge: Yes

Usage:
```
from ansible.module_utils.network_common import AggregateCollection

transform = AggregateCollection(module)
param = transform(module.params.get('aggregate'))
```

Aggregate allows supports for `purge` parameter, it will instruct the module
to remove resources from remote device that hasn’t been explicitly
defined in aggregate. This is not supported by with_* iterators

Also, it improves performace as compared to with_* iterator for network device
that has seperate candidate and running datastore.
For with_* iteration the sequence of operartion is
load-config-1 (candidate db) -> commit (running db) -> load_config-2
(candidate db) -> commit (running db) ...

With aggregate the sequence of operation is
load-config-1 (candidate db) -> load-config-2 (candidate db) -> commit
(running db)

As commit is executed only once per task for aggregate it has
huge perfomance benefit for large configurations.

* Fix CI issues

* Fix review comments

*  Add support for options validation for aliases, no_log,
   mutually_exclusive, required, type check, value check,
   required_together, required_one_of and required_if
   conditions in sub-argspec.
*  Add unit test for options in argspec.
*  Reverted aggregate implementaion.

* Minor change

* Add multi-level argspec support

*  Multi-level argspec support with module's top most
   conditionals options.

* Fix unit test failure

* Add parent context in errors for sub options

* Resolve merge conflict

* Fix CI issue
2017-08-01 09:32:18 -07:00
Ganesh Nalawade
19fac707fa junos_netconf integration test failure fix (#27569)
*  Create socket using port value and not connection type
*  Correct error message in integration test task
2017-08-01 21:33:11 +05:30
Will Thames
5f73bdc3bf [cloud] Improve Camel to Snake conversion in EC2 module_utils (#25015)
* Make camel_to_snake work on capitalized plurals

`TargetGroupARNs` should become `target_group_arns`, not
`target_group_ar_ns`

Promote `camel_to_snake` to top layer function but prefix
it with an underscore.

Add tests for improved `_camel_to_snake` function.

Reduce use of `re.compile` as it makes no sense when the
compilation result is not reused.

* Remove unused LooseVersion check

* Fix PLURALs case for camel_to_snake

Also renamed EXPECTED_CAMELIZATION to EXPECTED_SNAKIFICATION
2017-08-01 11:09:22 -04:00
David Newswanger
e599a01bdc added lines to mode: strict (#27442) 2017-08-01 16:06:33 +01:00
Ganesh Nalawade
60676add33 iosxr implemetation for net_interface (#27513)
* iosxr implemetation for net_interface

*  iosxr_interface implementation

* Add integration test

*  iosxr_interface integration test
*  net_interface intergration test for iosxr

* update boilerplate
2017-08-01 20:19:54 +05:30
Will Thames
f972994662 [cloud] fix VPC behavior for ec2_group module, improve integration tests (#27038)
* Add tests for group in a VPC

* Improve ec2_group output and documentation

Update ec2_group to provide full security group information
Add RETURN documentation to match

* Fix ec2_group creation within a VPC

Ensure VPC ID gets passed when creating security group

* Add test for auto creating SG

* Fix ec2_group auto group creation

* Add backoff to describe_security_groups

Getting LimitExceeded from describe_security_groups is definitely
possible (source: me) so add backoff to increase likelihood of
success.

To ensure that all `describe_security_group` calls are backed off,
remove implicit ones that use `ec2.SecurityGroup`. From there,
the decision to remove the `ec2` boto3 resource and rely on the client
alone makes good sense.

* Tidy up auto created security group

Add resource_prefix to auto created security group and delete
it in the `always` section.
Use YAML argument form for all module parameters
2017-08-01 06:53:43 -04:00
Ganesh Nalawade
2d734c7ea7 Fix for ios integration test failuers (#27552)
Fixes #27116
2017-08-01 14:33:04 +05:30
John R Barker
499875f897 host_key_checking = False (#27553) 2017-08-01 09:51:22 +01:00
Jordan Borean
7a7a0cae94 win_service: added support for paused services (#27216)
* win_service: added support for paused services

* change pausable service for local computers

* more fixes for older hosts

* sigh

* skip pause tests for Server 2008 as it relies on the service
2017-08-01 18:48:14 +10:00
Pilou
ade593da52 Copy module: improve tests allowing to use a managed host which isn't the controller host (#25672)
* set output_dir_expanded using module result

'path' values are expanded using 'expandvars' too

* foo.txt is located in 'files' directory

* Use 'role_path' and 'connection: local' for local paths

'{{ role_path }}/tmp' is used for generated paths

* Use local connection with local paths

/tmp/ansible-test-abs-link and /tmp/ansible-test-abs-link-dir are
defined by targets/copy/files/subdir/subdir1/ansible-test-abs-link
and targets/copy/files/subdir/subdir1/ansible-test-abs-link-dir links.

* task names: add a suffix when same name is reused

* Check that item exists before checking file mode

then error message is more explicit when item doesn't exist

* Use output_dir_expanded only when necessary

* Enforce remote_user when root is required

* Fix remote path

* Use different local & remote user

this is useful when controller and managed hosts are identical

* Checks must not expect output of tested module to be right

* Use a temporary directory on the controller

* Use sha1 & md5 filters instead of hardcoded values

* Use 'remote_dir' for directory on managed host

* Workaround tempfile error on OS X

Error was:
temp_path = tempfile.mkdtemp(prefix='ansible_')
AttributeError: 'module' object has no attribute 'mkdtemp'"
2017-07-31 22:07:22 -07:00
Pilou
49b8bd0358 Fix broken import in utilities.helper._accelerate (#27088)
* Fix py3 compatibility using six.moves.socketserver

* Remove useless call to str
2017-07-31 22:05:46 -07:00
Toshio Kuratomi
0b9a78f0b3 Remove wildcard, add boilerplate and get rid of get_exception
* smaller collections of database modules
* Some of the smaller collections of network modules
2017-07-31 13:51:38 -07:00
Matt Clay
0c7602fb59 Add potential work-around for expect on macOS.
http://pexpect.readthedocs.io/en/stable/commonissues.html#truncated-output-just-before-child-exits
2017-07-31 13:22:07 -07:00
Nathaniel Case
13948b6d72 More nxos integration fixes (#27507)
* nxos does not have `authorize`

* Enable nxos_banner nxapi tests
2017-07-31 14:13:32 -04:00
Andrew Saraceni
7b3d893f2d New Module: Manage Windows local group membership (win_group_member) (#26307)
* initial commit for win_group_member module

* fix variable name change for split_adspath

* correct ordering of examples/return data to match documentation verbiage

* change tests setup/teardown to use new group rather than an inbult group
2017-07-31 11:10:57 -07:00
David Newswanger
a01884ca2f added register: result to nxos_interface tests (#27504) 2017-07-31 13:37:27 -04:00
Matt Davis
91f4c37ed7 rename legacy PS module_utils to remove PowerShell prefix (#27495) 2017-07-31 10:06:12 -07:00
Martin Krizek
43d3c092fa Add dnf group install/upgrade integration tests (#27482) 2017-07-31 08:54:34 -04:00
saichint
350018de73 nxos_vxlan_vtep fixes and integration tests (#27405)
* fix issue 27404

* conflict resolve
2017-07-31 08:37:31 -04:00
Dag Wieers
97aaf103e8 ACI module_utils library for ACI modules (#27070)
* ACI module_utils library for ACI modules

This PR includes:
- the ACI argument_spec
- an aci_login function
- an experimental aci_request function
- an aci_response function
- included the ACI team

* New prototype using ACIModule

This PR includes:
- A new ACIModule object with various useful methods
2017-07-31 12:44:27 +01:00
John R Barker
82a0a05406 Revert "Use needs/root, rather than become: yes" (#27483)
* Revert "Add test_items to junos_system integration target (#27481)"

This reverts commit 9e03953fce.

* Revert "Use needs/root, rather than become: yes (#27479)"

This reverts commit 5576cc6769.
2017-07-31 11:36:57 +01:00
Ricardo Carrillo Cruz
9e03953fce Add test_items to junos_system integration target (#27481) 2017-07-31 12:09:13 +02:00
John R Barker
5576cc6769 Use needs/root, rather than become: yes (#27479) 2017-07-31 08:03:47 +01:00
John R Barker
3ea421d9da root when installing packages (#27477) 2017-07-31 07:46:29 +01:00
John R Barker
42298f890e Install Python (#27476) 2017-07-31 07:20:19 +01:00
John R Barker
ea4eb8f1c8 prepare_ovs call gather facts (#27468)
* prepare_ovs call gather facts

As we are no longer using run_ovs_integration_tests.yml we need to
explicitly gather facts so we can call the correct package manager.

* typo
2017-07-30 18:39:22 +01:00
Toshio Kuratomi
4109a82d0a remove wildcards and add boilerplate
* cloud/centurylink
* source_control
* cloud/google
* notification
* cloud/rackspace
* cloud/vmware
2017-07-29 14:13:30 -07:00
Toshio Kuratomi
21564cdb98 Add some features to the pylint sanity check
* Enable specific tests (this lets us disable a group and then
  enable a particular test inside of it)
* Comment out tests in the enable and disable files
2017-07-29 14:13:30 -07:00
Toshio Kuratomi
0765ceb66d revise ordered list of boilerplate work 2017-07-29 07:02:12 -07:00
Toshio Kuratomi
8de6cff2b1 more wildcards 2017-07-29 07:02:12 -07:00
Toshio Kuratomi
1ee08c0f06 Get rid of more wildcard imports and add boilerplate to more modules
This commit cleans up the following module categories:
* messaging
* inventory
* crypto
* commands
* clustering
* cloud/webfaction
* cloud/docker
* cloud/digital_ocean
2017-07-29 07:02:12 -07:00
Toshio Kuratomi
6f69cd4501 Add code to allow from __future__ in docs-only modules 2017-07-28 22:10:17 -07:00
Toshio Kuratomi
8b7db55a94 Modify boilerplate code-smell test to check some of the module dirs 2017-07-28 22:10:17 -07:00
Toshio Kuratomi
4e6cce354e Remove wildcard imports
Made the following changes:

* Removed wildcard imports
* Replaced long form of GPL header with short form
* Removed get_exception usage
* Added from __future__ boilerplate
  * Adjust division operator to // where necessary

For the following files:

* web_infrastructure modules
* system modules
* linode, lxc, lxd, atomic, cloudscale, dimensiondata, ovh, packet,
  profitbricks, pubnub, smartos, softlayer, univention modules
* compat dirs (disabled as its used intentionally)
2017-07-28 22:10:17 -07:00
Matt Clay
f6d7fc548e Fix ansible-test type hints. 2017-07-28 21:47:04 -07:00
Toshio Kuratomi
0a2cdb2585 New tests for copy recursive with absolute paths
Absolute path trailing slash handling in absolute directories

find_needle() isn't passing a trailing slash through verbatim.  Since
copy uses that to determine if it should copy a directory or just the
files inside of it, we have to detect that and restore it after calling
find_needle()

Fixes #27439
2017-07-28 21:00:51 -07:00
Matt Clay
e241e15899 Add support for non_local alias in ansible-test. 2017-07-28 12:24:55 -07:00
Adrian Likins
934b645191 Support multiple vault passwords (#22756)
Fixes #13243

** Add --vault-id to name/identify multiple vault passwords

Use --vault-id to indicate id and path/type

 --vault-id=prompt  # prompt for default vault id password
 --vault-id=myorg@prompt  # prompt for a vault_id named 'myorg'
 --vault-id=a_password_file  # load ./a_password_file for default id
 --vault-id=myorg@a_password_file # load file for 'myorg' vault id

vault_id's are created implicitly for existing --vault-password-file
and --ask-vault-pass options.

Vault ids are just for UX purposes and bookkeeping. Only the vault
payload and the password bytestring is needed to decrypt a
vault blob.

Replace passing password around everywhere with
a VaultSecrets object.

If we specify a vault_id, mention that in password prompts

Specifying multiple -vault-password-files will
now try each until one works

** Rev vault format in a backwards compatible way

The 1.2 vault format adds the vault_id to the header line
of the vault text. This is backwards compatible with older
versions of ansible. Old versions will just ignore it and
treat it as the default (and only) vault id.

Note: only 2.4+ supports multiple vault passwords, so while
earlier ansible versions can read the vault-1.2 format, it
does not make them magically support multiple vault passwords.

use 1.1 format for 'default' vault_id

Vaulted items that need to include a vault_id will be
written in 1.2 format.

If we set a new DEFAULT_VAULT_IDENTITY, then the default will
use version 1.2

vault will only use a vault_id if one is specified. So if none
is specified and C.DEFAULT_VAULT_IDENTITY is 'default'
we use the old format.

** Changes/refactors needed to implement multiple vault passwords

raise exceptions on decrypt fail, check vault id early

split out parsing the vault plaintext envelope (with the
sha/original plaintext) to _split_plaintext_envelope()

some cli fixups for specifying multiple paths in
the unfrack_paths optparse callback

fix py3 dict.keys() 'dict_keys object is not indexable' error

pluralize cli.options.vault_password_file -> vault_password_files
pluralize cli.options.new_vault_password_file -> new_vault_password_files
pluralize cli.options.vault_id -> cli.options.vault_ids

** Add a config option (vault_id_match) to force vault id matching.

With 'vault_id_match=True' and an ansible
vault that provides a vault_id, then decryption will require
that a matching vault_id is required. (via
--vault-id=my_vault_id@password_file, for ex).

In other words, if the config option is true, then only
the vault secrets with matching vault ids are candidates for
decrypting a vault. If option is false (the default), then
all of the provided vault secrets will be selected.

If a user doesn't want all vault secrets to be tried to
decrypt any vault content, they can enable this option.

Note: The vault id used for the match is not encrypted or
cryptographically signed. It is just a label/id/nickname used
for referencing a specific vault secret.
2017-07-28 15:20:58 -04:00
James Mighion
a328e96455 Adding aireos_config module (#27408)
* Adding aireos_config module.

* Fixing pep8 W291.
2017-07-29 00:36:04 +05:30
Matt Clay
d83129f0d1 Fix integration test aliases. 2017-07-28 10:57:16 -07:00
Mike Wiebe
07b097af7c Fix nxos portchannel force option (#27190)
* Add integration tests

* Fix force option

* Enable nxos_portchannel test

* Satisfy ansibot demands
2017-07-28 13:06:41 -04:00
David Newswanger
c594f1e1c9 fixed nontype error (#27428) 2017-07-28 21:50:09 +05:30
David Newswanger
3b1f2aeb16 Iosxr attribute error #27122 (#27425)
* WIP fixing iosxr_logging idempotency

* remove debug stuff from module, add teardown section to start of test
2017-07-28 20:07:34 +05:30
Martin Krizek
36c6d0f748 fetch: fail if flat=yes and dest=existing-dir w/o trailing slash 2017-07-28 09:53:50 -04:00
Trishna Guha
6d1bd33aa5 fix iosxr_banner (#27378)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-07-28 17:09:04 +05:30
Yanis Guenane
9e41fd399b Removing openssl_publickey from pep8 legacy files (#27414) 2017-07-28 11:10:02 +02:00
Trishna Guha
a49c419651 fix nxos_vrf_af nxapi & cli (#27307)
* fix nxapi failure #27142

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* fix nxos_vrf_af nxapi and cli

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-07-28 09:02:02 +05:30
Matt Clay
87d434ed68 Fix ansible-test handling of git output. 2017-07-27 18:26:23 -07:00
Matt Clay
51bd07204b Revert "Revert "Allow ini plugin to load file using other encoding than utf8." (#27407)"
This reverts commit 520696fb39.
2017-07-27 18:15:56 -07:00
Toshio Kuratomi
520696fb39 Revert "Allow ini plugin to load file using other encoding than utf8." (#27407)
* Revert "Update conventions in azure modules"

This reverts commit 30a688d8d3.

* Revert "Allow specific __future__ imports in modules"

This reverts commit 3a2670e0fd.

* Revert "Fix wildcard import in galaxy/token.py"

This reverts commit 6456891053.

* Revert "Fix one name in module error due to rewritten VariableManager"

This reverts commit 87a192fe66.

* Revert "Disable pylint check for names existing in modules for test data"

This reverts commit 6ac683ca19.

* Revert "Allow ini plugin to load file using other encoding than utf8."

This reverts commit 6a57ad34c0.
2017-07-27 17:08:31 -07:00