Commit graph

903 commits

Author SHA1 Message Date
Pierre-Louis Bonicoli
2bbe99dc26 circonus_annotation: add unit tests 2017-08-15 19:07:21 -07:00
Brian Coca
f921369445 Ansible Config part2 (#27448)
* Ansible Config part2

- made dump_me nicer, added note this is not prod
- moved internal key removal function to vars
- carry tracebacks in errors we can now show tracebacks for plugins on vvv
- show inventory plugin tracebacks on vvv
- minor fixes to cg groups plugin
- draft config from plugin docs
- made search path warning 'saner' (top level dirs only)
- correctly display config entries and others
- removed unneeded code
- commented out some conn plugin specific from base.yml
- also deprecated sudo/su
- updated ssh conn docs
- shared get option method for connection plugins
- note about needing eval for defaults
- tailored yaml ext
- updated strategy entry
- for connection pliugins, options load on plugin load
- allow for long types in definitions
- better display in ansible-doc
- cleaned up/updated source docs and base.yml
- added many descriptions
- deprecated include toggles as include is
- draft backwards compat get_config
- fixes to ansible-config, added --only-changed
- some code reoorg
- small license headers
- show default in doc type
- pushed module utils details to 5vs
- work w/o config file
- PEPE ATE!
- moved loader to it's own file
- fixed rhn_register test
- fixed boto requirement in make tests
- I ate Pepe
- fixed dynamic eval of defaults
- better doc code

skip ipaddr filter tests when missing netaddr
removed devnull string from config
better becoem resolution

* killed extra space with extreeme prejudice

cause its an affront against all that is holy that 2 spaces touch each other!

shippable timing out on some images, but merging as it passes most
2017-08-15 16:38:59 -04:00
Adrian Likins
8003437ebc prompt for new pass on create/encrypt if none specified (#28185)
* prompt for new pass on create/encrypt if none specified

Make 'ansible-vault' edit or encrypt prompt for a password
if none or provided elsewhere.

Note: ansible-playbook does not prompt if not vault password
is provided

* dont show vault password prompts if not a tty
2017-08-15 13:09:24 -04:00
saichint
d69440c4ef Fix nxos_vpc issues (#28188)
* fix for nxos_vpc issues

* fix unit tests

* clean documentation
2017-08-15 12:08:55 -04:00
Adrian Likins
5739bb075f Vault secrets default vault ids list (#28190)
* Add config option for a default list of vault-ids

This is the vault-id equilivent of ANSIBLE_DEFAULT_PASSWORD_FILE
except ANSIBLE_DEFAULT_VAULT_IDENTITY_LIST is a list.
2017-08-15 11:56:17 -04:00
Adrian Likins
e287af1ac8 Vault secrets empty password (#28186)
* Better handling of empty/invalid passwords

empty password files are global error and cause an
exit. A warning is also emitted with more detail.

ie, if any of the password/secret sources provide
a bogus password (ie, empty) or fail (exception,
 ctrl-d, EOFError), we stop at the first error and exit. 

This makes behavior when entering empty password at
prompt match 2.3 (ie, an error)
2017-08-15 11:01:46 -04:00
3onyc
554496c404 [passwordstore] Use builtin _random_password function instead of pwgen (#25843)
* [password] _random_password -> random_password and moved to util/encrypt.py
* [passwordstore] Use built-in random_password instead of pwgen utility
* [passwordstore] Add integration tests
2017-08-14 15:19:40 -07:00
saichint
9d84a4e530 fix for nxos_ospf_vrf invalid cmd and ntp errors (#27977)
* fix for nxos_ospf_vrf invalid cmd

* fix for nxos_ntp issues
2017-08-14 16:09:16 -04:00
Toshio Kuratomi
3edac559d3 the smart transport is broken by ssh retry code
1fe67f9 introduced retries to the ssh connection put file and fetch
file.  Unfortunately, that change broke the smart transport because it
started raising exceptions instead of returning from _run().  This
breakage is documented in #23711.

An attempt to fix it was made at #23717 but the first attempt was
objected to as needing to touch too much code.  The second attmept was
objected to as smart was forced to encapsulate retries (thus retrying
a sftp "rety" times before trying scp "retry" times and then finally
moving onto piped).  This third attempt has retries encapsulate smart.
So each sub-transport is tried once and if all three fail, another retry
attempt is made which tries each of the three again.

Fixes #23711
Fixes #23717
2017-08-14 08:08:00 -07:00
Trishna Guha
60ce6438e3 fix nxos_overlay_global idempotence (#28150)
* fix nxos_overlay_global idempotence

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* modify nxos_overlay_global unittest

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-08-14 16:09:53 +05:30
David Newswanger
a01aa6e9df Fix structured output not supported in nxos_pim_interface (#28125)
* fixed unstructured error

* fix unit tests so they accept commands in dictionary form
2017-08-14 12:34:05 +05:30
Trishna Guha
12460dd713 Add ios_vrf declarative intent config check (#28001)
* Add ios_vrf declarative intent config check

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* add version for delay param

* modify ios_vrf unit test
2017-08-14 12:27:03 +05:30
Pierre-Louis Bonicoli
94a327dd09 rhn_channel: add unit tests 2017-08-12 10:21:14 -07:00
Sloane Hertel
1de91a9aa0 [cloud] Convert s3 module to use boto3 (#21529)
* replace boto with boto3 for the s3 module

make s3 pep8 and remove from legacy files

fix s3 unit tests

* fix indentation

* s3 module - if we can't create an MD5 sum return None and always upload file

* remove Location.DEFAULT which isn't used in boto3 and tidy up the docs

* pep8

* s3: remove default: null, empty aliases, and required: false from documentation

fix incorrectly documented defaults

* Porting s3 to boto3. Simplify some logic and remove unused imports

* Fix s3 module variables

* Fix a typo in s3 module and remove from pep8 legacy files

* s3: add pagination for listing objects.

Fix logic and use head_object instead of get_object for efficiency.

Fix typo in unit test.

* Fix pagination to maintain backwards compatibility.

Fix incorrect conditional.

Remove redundant variable assignment.

Fix s3 list_object pagination to return all pages

* Use the revised List Objects API as recommended.

* Wrap call to paginated_list in a try/except

Also remembered to allow marker/prefix/max_keys to modify what keys are listed

* Simplify argument
2017-08-11 09:34:33 -04:00
Ganesh Nalawade
3b0e9ded91 Fix fallback and boolean check in argspec (#27994)
Fixes #27978

*  Add missing assignment for param key in fallback handling
*  Add check for frozenset type
*  Unit testcase
2017-08-10 12:10:18 -07:00
Adrian Likins
220db9cdd2 Better vault pass prompt behav on EOF, more unit tests (#27981) 2017-08-10 09:34:57 -04:00
Adrian Likins
82f550e8cd Add prompt formats for 2.3 compat ask-vault-pass (#27974)
The prompt_formats dict didn't get the 'prompt_ask_vault_pass'
item added for interactive --ask-vault-pass, which
caused "KeyError: u'prompt_ask_vault_pass'"

Fixes #27885
2017-08-10 09:34:16 -04:00
Zac Medico
501fc7a248 template: fix KeyError: 'undefined variable: 0 (#27972)
* template: fix KeyError: 'undefined variable: 0

For compatibility with the Context.get_all() implementation
in jinja 2.9, make AnsibleJ2Vars implement collections.Mapping.
Also, make AnsibleJ2Template.newcontext() handle dict type
for the 'vars' parameter.

See: d67f0fd4cc
Fixes: https://github.com/ansible/ansible/issues/20494

* add units/template/test_vars

* intg tests for jinja-2.9 issues like 20494

test cases here are based on
https://github.com/ansible/ansible/issues/20494#issue-202108318
2017-08-09 18:50:53 -04:00
Nathaniel Case
a78f3faa6c nxos_bgp_neighbor_af does not want required_together (#26370)
* nxos_bgp_neighbor_af does not want required_together

* fixup tests

* Fix max_prefix_* issues

* Require address-family

* Fix idempotency for next_hop_third_party

* Fix idempotency for allowas_in*

* Fix idempotency for *_in and *_out

* Reorder command generation again

`default` is first, then `max-prefix`, then booleans
2017-08-09 15:54:34 -04:00
Nathaniel Case
c1bf74283e Network load_config: Capture configuration output and display as warnings (#27851)
* Capture configuration output and display as warnings

* Don't break on nxapi

nxapi errors very loudly instead, so no need to muck about with warnings
2017-08-09 09:43:04 -04:00
Adrian Likins
c38ff3b8f8 pylint fixes for vault related code (#27721)
* rm unneeded parens following assert
* rm unused parse_vaulttext_envelope from yaml.constructor
* No longer need index/enumerate over vault_ids
* rm unnecessary else
* rm unused VaultCli.secrets
* rm unused vault_id arg on VaultAES.decrypt()

pylint: Unused argument 'vault_id'
pylint: Unused parse_vaulttext_envelope imported from ansible.parsing.vault
pylint: Unused variable 'index'
pylint: Unnecessary parens after 'assert' keyword
pylint: Unnecessary "else" after "return" (no-else-return)
pylint: Attribute 'editor' defined outside __init__

* use 'dummy' for unused variables instead of _

Based on pylint unused variable warnings.

Existing code use '_' for this, but that is old
and busted. The hot new thing is 'dummy'. It
is so fetch.

Except for where we get warnings for reusing
the 'dummy' var name inside of a list comprehension.

* Add super().__init__ call to PromptVaultSecret.__init__
pylint: __init__ method from base class 'VaultSecret' is not called (super-init-not-called)

* Make FileVaultSecret.read_file reg method again

The base class read_file() doesnt need self but
the sub classes do.

Rm now unneeded loader arg to read_file()

* Fix err msg string literal that had no effect
pylint: String statement has no effect

The indent on the continuation of the msg_format was wrong
so the second half was dropped.

There was also no need to join() filename (copy/paste from
original with a command list I assume...)

* Use local cipher_name in VaultEditor.edit_file not instance
pylint: Unused variable 'cipher_name'
pylint: Unused variable 'b_ciphertext'

Use the local cipher_name returned from parse_vaulttext_envelope()
instead of the instance self.cipher_name var.

Since there is only one valid cipher_name either way, it was
equilivent, but it will not be with more valid cipher_names

* Rm unused b_salt arg on VaultAES256._encrypt*
pylint: Unused argument 'b_salt'

Previously the methods computed the keys and iv themselves
so needed to be passed in the salt, but now the key/iv
are built before and passed in so b_salt arg is not used
anymore.

* rm redundant import of call from subprocess
pylint: Imports from package subprocess are not grouped

use via subprocess module now instead of direct
import.

* self._bytes is set in super init now, rm dup

* Make FileVaultSecret.read_file() -> _read_file()

_read_file() is details of the implementation of
load(), so now 'private'.
2017-08-08 16:10:03 -04:00
mzizzi
4648dc9702 [cloud] Add more configurable backoff implementations to CloudRetry/AWSRetry (#27251) 2017-08-08 08:56:46 -04:00
Pilou
b57af4428d rhn_register: fix broken imports, add unit tests (#26878)
Fix 'module' object is not callable

* rhn_register: fix Python 3 compatibility
* rhn_register: update requirements
* rhn_register: add unit tests
* Add missing method name
* use a dedicated line for XML related requirements
* rhn_register: drop support for Python 2.4
* rhn_register unit tests: fix Python 3 compatibility
* refactor in order to check order of the requests
2017-08-04 10:12:27 -04:00
Philippe Dellaert
6d33e59ca1 Fix for subspec options validation issue #27715 (#27728)
* Fix for issue ansible/ansible#27715

* Also fixing mutually exclusive check

* Updating subspec checks
These changes take into account a spec with all features enabled and do
the following tests for subspecs:
1. Test proper specs
2. Test Alias
3. Test missing required param
4. Test mutually exclusive params
5. Test required if params
6. Test required one of params
7. Test required together params
8. Test required if params with a default value
9. Test basis subspec params
10. Test invalid subsec params
2017-08-04 19:10:38 +05:30
Peter Sprygada
7b604368d3 adds new filter plugins for network use cases (#27695)
* adds new filter plugins for network use cases

* adds parse_cli filter
* adds parse_cli_textfsm filter
* adds Template class to network_common
* adds conditional function to network_common

* fix up PEP8 issues
2017-08-04 07:47:12 -04:00
Sloane Hertel
467a1f54a3 s3_bucket: fix python3 sorting incompatibility (#27502)
* s3_bucket: fix policy sorting for python3 so strings are evaluated as less than tuples.

Add tests to ensure this behavior is maintained.

* Fix s3_bucket comparison function to work on both Python 3.5 and 3.6

* s3_bucket: document that cmp_to_key is used for python 2.7.

Add another test for s3_bucket to compare policies of different sizes.

* fix pep8

* Work around code-smell grepping by not using the word 'cmp'.
2017-08-03 15:41:26 -04:00
Sloane Hertel
dbbad16385 [cloud] New module: Add module for managing AWS Datapipelines (cloud/amazon/data_pipeline) (#22878)
* New module for managing AWS Datapipelines

* Supports create/activate/deactivate and deletion
* Handles idempotent creation by embeding the version in the
uniqueId field
* Waits for requested state to be reached, as Botocore doesn't
have waiters yet for datapipelines

* rename module, fix imports, add tags option, improve exit_json results, fix a couple bugs, add a TODO so I don't forget

fix pep8

allow timeout to be used for pipeline creation

make .format syntax uniform

fix pep8

fix exception handling

allow pipeline to be modified, refactor, add some comments, remove unnecessary imports

pipeline activation may not be in the activated state long

remove datapipeline version option

change a loop to a list comprehension

create idempotence by hashing the options given to the module minus the objects (which can be modified)

small bugfix

* data_pipeline unittests

make unittests pep8

fix bug in unittests

* remove exception handling that serves no purpose

* Fix python3 incompatibilities in datapipeline tests and add placebo fixture maybe_sleep for faster tests

Fix python3 incompatibilities in data_pipeline build_unique_id()

Don't delete a pipeline in diff_pipeline() because it's unexpected

Don't use time.time() because it causes an issue with placebo testing

re-recorded tests

fix pep8 in data_pipeline

Remove disable_rollback from tests

Make sure unique identifier is a string

re-record tests

* improve documentation and add another example

* use a placebo fixture instead of redundant code in tests

fix tests for PLACEBO_RECORD=false

* Fix data_pipeline docs

use isinstance instead of type()

fix documentation

* fix documentation

* Remove use of undefined variable from data_pipeline module and fix license

* fix copyright header
2017-08-03 15:04:10 -04:00
George Nikolopoulos
31b4ae2e6a New module: manage Citrix Netscaler GSLB site configuration (network/netscaler/netscaler_gslb_site) (#27639)
* Add netscaler_gslb_site

* Lowercase enabled, disabled option values

* Add fixes in netscaler module utils needed for unit test success
2017-08-03 15:26:17 +01:00
George Nikolopoulos
d88c07a037 New module: manage Citrix Netscaler GSLB service configuration (network/netscaler/netscaler_gslb_service)) (#27638)
* Add netscaler_gslb_service

* Lowercase enabled, disabled option values

* Add fixes in netscaler module utils needed for unit test success
2017-08-03 15:26:05 +01:00
George Nikolopoulos
cd865be987 New module: manage Citrix Netscaler SSL certificate keys (network/netscaler/netscaler_ssl_certkey)) (#27641)
* Add netscaler_ssl_certkey

* Fix options

* Lowercase enabled, disabled option values

* Add fixes in netscaler module utils needed for unit test success
2017-08-03 15:24:56 +01:00
George Nikolopoulos
e2f907ae3e Add netscaler_gslb_vserver (#27640) 2017-08-03 12:32:10 +01:00
Felipe Garcia Bulsoni
b060d0ccba Initial commits for integration of HPE OneView resources with Ansible (#26026)
* Initial commit for integration of HPE OneView resources with Ansible Core. Adding FC Network and FC Network Fact modules and unit tests, and OneView base class for all OV resources.
2017-08-02 19:54:32 -07:00
Adrian Likins
27a015f0ad add a 'min' type for gather_subset to collect nothing (#27085)
previously gather_subset=['!all'] would still gather the
min set of facts, and there was no way to collect no facts.

The 'min' specifier in gather_subset is equilivent to
exclude the minimal_gather_subset facts as well.

   gather_subset=['!all', '!min'] will collect no facts

This also lets explicitly added gather_subsets override excludes.

   gather_subset=['pkg_mgr', '!all', '!min'] will collect only the pkg_mgr
fact.
2017-08-02 11:04:01 -04:00
mharista
c85f363aaa Add module cv_server_provision for integration with Arista CloudVision Portal. (#25450)
* Add module cv_server_provision for integration with Arista CloudVision Portal.

* Doc update.

* Remove shebang from test file. Update short description with company and product name.

* Update exception syntax to Python3 style.

* Remove blank line between imports.

* Remove newlines from RETURN documentation.

* Add cvprac to unittest requirements.

* Update unittest format. Add a few additional tests.

* Mock exceptions from cvprac so the library is not needed for unittests.

* Mock cvprac imports.

* Update unit tests to support python 3.5.

* Mock full cvprac library for unittests.

* Update Jinja2 import to pass updated CI checks.

* Update cvprac imports format for new CI tests.

* Add __metaclass__ and __future__.
2017-08-02 15:24:52 +01:00
Adrian Likins
2b0a7338d4 Handle win style CRLF newlines in vault text (#27590)
When parsing a vaulttext blob, use .splitlines()
instead of split(b'\n') to handle \n newlines and
windows style \r\n (CRLF) new lines.

The vaulttext enevelope at this point is just the header line
and a hexlify()'ed blob, so CRLF is a valid newline here.

Fixes #22914
2017-08-01 18:53:22 -04:00
Roman Belyakovsky
42039cd436 New module: manage debian network interfaces file /etc/network/interfaces (system/interfaces_file) (#25295)
* Added new module interfaces_file

* interfaces_file: added unit tests

* interfaces_file: added golden files for unit tests

* interfaces_file: moved to system modules

* interfaces_file: fixed code formatting and convention issues
2017-08-01 12:11:43 -06:00
James Mighion
4dd8f281d6 Adding aruba_config module (#27130)
* Adding aruba_config module.

* Fixing documentation.

* Forgot action plugin.
2017-08-01 11:44:26 -06:00
George Nikolopoulos
f204e7cb33 New module: manage Citrix Netscaler content switching virtual server configuration (network/netscaler/netscaler_cs_vserver) (#26245)
* Add netscaler_cs_vserver

* Correct version_added
2017-08-01 18:43:59 +01:00
George Nikolopoulos
36537186e3 New module: manage Citrix Netscaler content switching policy configuration (network/netscaler/netscaler_cs_policy) (#26189)
* Add netscaler_cs_policy

* Correct version_added
2017-08-01 18:35:29 +01:00
George Nikolopoulos
e329c9da8c New module: manage Citrix Netscaler servicegroup configuration (network/netscaler/netscaler_servicegroup)) (#26183)
* Add netscaler_servicegroup

* Correct version_added
2017-08-01 18:34:28 +01:00
George Nikolopoulos
7df14bd2b0 New module: manage Citrix Netscaler load balancer virtual servers configuration (network/netscaler/netscaler_lb_vserver) (#26144)
* Add netscaler_lb_vserver

* Correct version_added
2017-08-01 18:33:35 +01:00
George Nikolopoulos
ac0c5dec2f Add netscaler_lb_monitor (#26143) 2017-08-01 11:30:47 -06:00
Adrian Likins
17ab546c48 Add 2.0-2.3 facts api compat (ansible_facts(), get_all_facts()) (#27294)
* Add 2.0-2.3 facts api compat (ansible_facts(), get_all_facts())

These are intended to provide compatibilty for modules that
use 'ansible.module_utils.facts.ansible_facts' and
'ansible.module_utils.facts.get_all_facts' from 2.0-2.3 facts
API.

Fixes #25686

Some related changes/fixes needed to provide the compat api:

* rm ansible.constants import from module_utils.facts.compat

Just use a hard coded default for gather_subset/gather_timeout
instead of trying to load it from non existent config if the
module params dont include it.

* include 'external' collectors in compat ansible_facts()

* Add facter/ohai back to the valid collector classes

facter/ohai had  gotten removed from the default_collectors
class used as the default list for all_collector_classes by
setup.py and compat.py

That made gather_subset['facter'] fail.
2017-08-01 12:51:33 -04:00
Ganesh Nalawade
97a34cf008 Add options sub spec validation (#27119)
* Add aggregate parameter validation

aggregate parameter validation will support checking each individual dict
to resolve conditions for aliases, no_log, mutually_exclusive,
required, type check, values, required_together, required_one_of
and required_if conditions in argspec. It will also set default values.

eg:
tasks:
  - name: Configure interface attribute with aggregate
    net_interface:
      aggregate:
        - {name: ge-0/0/1, description: test-interface-1, duplex: full, state: present}
        - {name: ge-0/0/2, description: test-interface-2, active: False}
    register: response
    purge: Yes

Usage:
```
from ansible.module_utils.network_common import AggregateCollection

transform = AggregateCollection(module)
param = transform(module.params.get('aggregate'))
```

Aggregate allows supports for `purge` parameter, it will instruct the module
to remove resources from remote device that hasn’t been explicitly
defined in aggregate. This is not supported by with_* iterators

Also, it improves performace as compared to with_* iterator for network device
that has seperate candidate and running datastore.
For with_* iteration the sequence of operartion is
load-config-1 (candidate db) -> commit (running db) -> load_config-2
(candidate db) -> commit (running db) ...

With aggregate the sequence of operation is
load-config-1 (candidate db) -> load-config-2 (candidate db) -> commit
(running db)

As commit is executed only once per task for aggregate it has
huge perfomance benefit for large configurations.

* Fix CI issues

* Fix review comments

*  Add support for options validation for aliases, no_log,
   mutually_exclusive, required, type check, value check,
   required_together, required_one_of and required_if
   conditions in sub-argspec.
*  Add unit test for options in argspec.
*  Reverted aggregate implementaion.

* Minor change

* Add multi-level argspec support

*  Multi-level argspec support with module's top most
   conditionals options.

* Fix unit test failure

* Add parent context in errors for sub options

* Resolve merge conflict

* Fix CI issue
2017-08-01 09:32:18 -07:00
Will Thames
5f73bdc3bf [cloud] Improve Camel to Snake conversion in EC2 module_utils (#25015)
* Make camel_to_snake work on capitalized plurals

`TargetGroupARNs` should become `target_group_arns`, not
`target_group_ar_ns`

Promote `camel_to_snake` to top layer function but prefix
it with an underscore.

Add tests for improved `_camel_to_snake` function.

Reduce use of `re.compile` as it makes no sense when the
compilation result is not reused.

* Remove unused LooseVersion check

* Fix PLURALs case for camel_to_snake

Also renamed EXPECTED_CAMELIZATION to EXPECTED_SNAKIFICATION
2017-08-01 11:09:22 -04:00
Dag Wieers
97aaf103e8 ACI module_utils library for ACI modules (#27070)
* ACI module_utils library for ACI modules

This PR includes:
- the ACI argument_spec
- an aci_login function
- an experimental aci_request function
- an aci_response function
- included the ACI team

* New prototype using ACIModule

This PR includes:
- A new ACIModule object with various useful methods
2017-07-31 12:44:27 +01:00
Adrian Likins
934b645191 Support multiple vault passwords (#22756)
Fixes #13243

** Add --vault-id to name/identify multiple vault passwords

Use --vault-id to indicate id and path/type

 --vault-id=prompt  # prompt for default vault id password
 --vault-id=myorg@prompt  # prompt for a vault_id named 'myorg'
 --vault-id=a_password_file  # load ./a_password_file for default id
 --vault-id=myorg@a_password_file # load file for 'myorg' vault id

vault_id's are created implicitly for existing --vault-password-file
and --ask-vault-pass options.

Vault ids are just for UX purposes and bookkeeping. Only the vault
payload and the password bytestring is needed to decrypt a
vault blob.

Replace passing password around everywhere with
a VaultSecrets object.

If we specify a vault_id, mention that in password prompts

Specifying multiple -vault-password-files will
now try each until one works

** Rev vault format in a backwards compatible way

The 1.2 vault format adds the vault_id to the header line
of the vault text. This is backwards compatible with older
versions of ansible. Old versions will just ignore it and
treat it as the default (and only) vault id.

Note: only 2.4+ supports multiple vault passwords, so while
earlier ansible versions can read the vault-1.2 format, it
does not make them magically support multiple vault passwords.

use 1.1 format for 'default' vault_id

Vaulted items that need to include a vault_id will be
written in 1.2 format.

If we set a new DEFAULT_VAULT_IDENTITY, then the default will
use version 1.2

vault will only use a vault_id if one is specified. So if none
is specified and C.DEFAULT_VAULT_IDENTITY is 'default'
we use the old format.

** Changes/refactors needed to implement multiple vault passwords

raise exceptions on decrypt fail, check vault id early

split out parsing the vault plaintext envelope (with the
sha/original plaintext) to _split_plaintext_envelope()

some cli fixups for specifying multiple paths in
the unfrack_paths optparse callback

fix py3 dict.keys() 'dict_keys object is not indexable' error

pluralize cli.options.vault_password_file -> vault_password_files
pluralize cli.options.new_vault_password_file -> new_vault_password_files
pluralize cli.options.vault_id -> cli.options.vault_ids

** Add a config option (vault_id_match) to force vault id matching.

With 'vault_id_match=True' and an ansible
vault that provides a vault_id, then decryption will require
that a matching vault_id is required. (via
--vault-id=my_vault_id@password_file, for ex).

In other words, if the config option is true, then only
the vault secrets with matching vault ids are candidates for
decrypting a vault. If option is false (the default), then
all of the provided vault secrets will be selected.

If a user doesn't want all vault secrets to be tried to
decrypt any vault content, they can enable this option.

Note: The vault id used for the match is not encrypted or
cryptographically signed. It is just a label/id/nickname used
for referencing a specific vault secret.
2017-07-28 15:20:58 -04:00
James Mighion
a328e96455 Adding aireos_config module (#27408)
* Adding aireos_config module.

* Fixing pep8 W291.
2017-07-29 00:36:04 +05:30
Trishna Guha
6d1bd33aa5 fix iosxr_banner (#27378)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-07-28 17:09:04 +05:30
Trishna Guha
a49c419651 fix nxos_vrf_af nxapi & cli (#27307)
* fix nxapi failure #27142

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* fix nxos_vrf_af nxapi and cli

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-07-28 09:02:02 +05:30
David Newswanger
81151ef02c Remove Deprecated Template network modules (#27076)
* removed deprecated networking template modules

* update changelog

* update changelog
2017-07-27 19:40:11 +01:00
saichint
9b9a8749da Add integration tests and fix nxos providers (#26913)
* fix issues with python3.x

* Add integration testa and fix for nxos_evpn_vni

* add nxos_evpn_vni to nxos.yaml

* fix get_vtp_config()

* add new integration tests

* fix rollback

* add integration test files
2017-07-27 09:32:35 -04:00
Matt Davis
3f1ec6b862 add custom module type validation (#27183)
* Module argument_spec now accepts a callable for the type argument, which is passed through and called with the value when appropriate. On validation/conversion failure, the name of the callable (or its type as a fallback) is used in the error message.
* adds basic smoke tests for custom callable validator functionality
2017-07-26 16:12:50 -07:00
Trishna Guha
41ce724801 fix nxos_hsrp (#27306)
* fix nxos_hsrp

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* modify nxos_hsrp test

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-07-26 11:38:55 +05:30
Toshio Kuratomi
802c9efaa3 Disable abstract-class-instantiated for smoketests
These tests are actually checking that the classes will error out if
they are still abstracted and instantiated
2017-07-25 15:58:23 -07:00
Toshio Kuratomi
225fa5d092 Fix undefined variables, basestring usage, and some associated python3 issues 2017-07-25 15:58:23 -07:00
Toshio Kuratomi
9f7b0dfc30 Remove automatic use of system six
* Enable the pylint no-name-in-module check.  Checks that identifiers in
  imports actually exist.  When we do this, we also have to ignore
  _MovedItems used in our bundled six.  This means pylint won't check
  for bad imports below ansible.module_utils.six.moves but that's
  something that pylint punts on with a system copy of six so this is
  still an improvement.
* Remove automatic use of system six.  The exec in the six code which
  tried to use a system library if available destroyed pylint's ability
  to check for imports of identifiers which did not exist (the
  no-name-in-module check).  That test is important enough that we
  should sacrifice the bundling detection in favour of the test.
  Distributions that want to unbundle six can replace the bundled six in
  ansible/module_utils/six/__init__.py to unbundle.  however, be aware
  that six is tricky to unbundle.  They may want to base their efforts
  off the code we were using:

  2fff690caa/lib/ansible/module_utils/six/__init__.py

* Update tests for new location of bundled six Several code-smell tests
  whitelist the bundled six library.  Update the path to the library so
  that they work.

* Also check for basestring in modules as the enabled pylint tests will
  also point out basestring usage for us.
2017-07-25 15:58:23 -07:00
Ricardo Carrillo Cruz
3a3bdde869 Fix multiple code and test issues on iosxr (#27267)
* Fix multiple code and test issues on iosxr

It passes the integration tests now.
Fixes #27123

* Fix pep8 issue

* Fix unit tests
2017-07-25 17:21:53 +02:00
Philippe Dellaert
c00554735f New module: management of the Nuage Networks VSP SDN solution (network/nuage/nuage_vspk) (#24895)
* Nuage module and unit tests with requested changes

* Cleanup of imports

* Adding check on python version

* Adding import try and catch wrappers

* Cleanup of requirements and adding integration tests

* Using pypi package for simulator

* Cleanup of requirements and adding integration tests

* Adding aliases for integration tests

* Adding module to import sanity test skip list

* Revert "Adding module to import sanity test skip list"

This reverts commit eab23af8c5ca7c503af63c05610b5db66d31fae4.

* Adding check for importlib and cleanup of requirements
2017-07-25 12:35:03 +01:00
Toshio Kuratomi
47f26ee11c Refactor the tests for _symbolic_mode_to_octal
* Move tests to their own file
* Port to a pytest parametrized test so it's easier to define new tests
* Now that _symbolic_mode_to_octal is a classmethod, we don't have to
  instantiate an AnsibleModule to test it.
* Add tests for #14994, having more than one operator per role and umask
  chmod
2017-07-24 10:08:51 -07:00
Frederic Lepied
7a02f2545a Allow to skip test_aci_rest if no xmljson is installed
There is no such package in Fedora so building the Fedora package fails. See
e970237a2f_ffe3b87d/rpmbuild.log

Introduced by e970237a2f
2017-07-20 19:56:21 -07:00
Nathaniel Case
85e7e342b0 nxos_bgp_af correct parents (#26996)
* move config location

* client-to-client is inverse of BOOL_PARAMS
2017-07-20 13:42:26 -04:00
Gabor Lekeny
7eab802669 SSH fails with '"parsed": false' error message
Fixes: #15436
2017-07-20 08:09:42 -07:00
Pilou
556a1daa33 fix searched paths in DataLoader.path_dwim_relative (avoid AnsibleFileNotFound) (#26729)
* add unit test: nested dynamic includes

* nested dynamic includes: avoid AnsibleFileNotFound error

Error was:
Unable to retrieve file contents
Could not find or access 'include2.yml'

Before 8f758204cf, at the end of
'path_dwim_relative' method, the 'search' variable contained amongst
others paths:
'/tmp/roles/testrole/tasks/tasks/included.yml' and
'/tmp/roles/testrole/tasks/included.yml'.
The commit mentioned before removed the last one despite the method
docstrings specify 'with or without explicitly named dirname subdirs'.

* add integration test: nested includes
2017-07-20 10:26:13 -04:00
Nathaniel Case
56a0b988a9 nxos integration fix part 1 (#27069)
* Assorted Python 3 fixes

* Fix `testcase` definition in integration tests

* Fix nxos_acl_interface

* clean up nxapi after nxos_nxapi
2017-07-19 14:00:05 -04:00
James Mighion
b8337ee9d3 New module aireos_command (#26769)
* Adding ciscowlc_command module and unit tests.

* Adding __init__.py for unit test.

* Fixing PEP8 W503.

* Renaming module from ciscowlc_command to aire_command.

* Renaming aire_command to aireos_command.
2017-07-19 23:14:52 +05:30
Frederic Lepied
65d093d9a7 Skip f5 tests if f5-sdk is not installed (#27035)
Fixes: bug #27034

Introduced by 278fa552f8
2017-07-19 10:09:25 -06:00
Tim Rupp
09e9b4b4ba Adds refactored bigip_monitor_tcp (#26842)
This module needed to be refactored to use the REST API and
coding conventions for newer modules. This patch adds those changes.
This patch also deprecates params in favor of separate modules. These
deprecated params will be removed in 2.5.

Unit tests are provided. Integration tests can be found here

https://github.com/F5Networks/f5-ansible/blob/devel/test/integration/bigip_monitor_tcp.yaml#L23
https://github.com/F5Networks/f5-ansible/tree/devel/test/integration/targets/bigip_monitor_tcp/tasks
2017-07-19 10:07:18 -06:00
Dag Wieers
2b4a8095e9 Simplify XML error-handling and typo (#26929)
This PR fixes:
- A typo in the aci_login function
- Improve (XML) error-handling
- Rename status_code back to status
2017-07-19 08:46:16 +01:00
James Mighion
f682d9bf49 Adding aruba_command module along with unit tests. (#26625)
* Adding aruba_command module along with unit tests.

* Fixing PEP8 E303 too many blank lines.

* Adding default for timeout.

* Removing unused arguments. Moving default for timeout argument. Fixing cliconf to find hostname.

* Fixing PEP8 E302.
2017-07-19 09:49:12 +05:30
Tim Rupp
a236d249ae Adds the bigip_configsync_actions module (#26506)
This module is required as part of HA configuration of a set of
BIG-IPs. It is used to initiate and way for configuration syncing
to happen.

Unit tests are provided. Integration tests can be found here

https://github.com/F5Networks/f5-ansible/blob/devel/test/integration/bigip_configsync_actions.yaml#L23
https://github.com/F5Networks/f5-ansible/tree/devel/test/integration/targets/bigip_configsync_actions/tasks
2017-07-18 18:21:25 +01:00
Tim Rupp
75e609c15e adds the bigip_ucs module (#26663)
This module allows you to load existing UCS files onto a BIG-IP
system

Unit tests are provided. Integration tests can be found here

https://github.com/F5Networks/f5-ansible/blob/devel/test/integration/bigip_ucs.yaml#L23
https://github.com/F5Networks/f5-ansible/tree/devel/test/integration/targets/bigip_ucs/tasks
2017-07-18 18:17:56 +01:00
Tim Rupp
72f41148a0 Adds tcp_echo module for bigip (#26844)
This patch is part a refactor of TCP monitors for BIG-IP. This module
may file in testing without the base tcp module merged because it makes
use of similar fixtures.

Unit tests are provided. Integration tests can be found here

https://github.com/F5Networks/f5-ansible/blob/devel/test/integration/bigip_monitor_tcp_echo.yaml#L23
https://github.com/F5Networks/f5-ansible/tree/devel/test/integration/targets/bigip_monitor_tcp_echo/tasks
2017-07-18 18:04:36 +01:00
Tim Rupp
278fa552f8 Adds half-open tcp monitor module (#26920)
This is necessary as a part of refactoring the tcp monitor module.

Unit tests are provided. Integration tests can be found here

https://github.com/F5Networks/f5-ansible/blob/devel/test/integration/bigip_monitor_tcp_half_open.yaml#L23
https://github.com/F5Networks/f5-ansible/tree/devel/test/integration/targets/bigip_monitor_tcp_half_open/tasks
2017-07-18 17:59:17 +01:00
Abhijeet Kasurde
f7c8e7bdab Update vmware_inventory (#26308)
Fix adds
* Exception handling
* Unit tests

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2017-07-18 07:20:23 -04:00
Guillaume Coré
42ca1ef040 Add unit tests for parted module (#24164)
* Add unit tests for parted module

Test the current expected behavior of the module:
- mock parted() and get_device_info()
- Use some of the examples and test the 'script' passed to parted.
- mock check_parted_label() to return false, as if parted version is > 3.1
- assert get_device_info output is correct

Current implementation of the module runs parted several time while going
through all parameters (flags, name, ...). Between calls it uses get_device_info
to update the dictionary. Use check_mode for some of the tests to force module
to go through all the parameters even is dictionary is not updated.

* test_parted.py: add "name" param into expected results

since 78fff751ab, parse_partition_info
fetch the partition name. This commit adds 'name' key and value into
the expected results.
2017-07-17 21:11:10 -07:00
Ivo van Kreveld
e976f299f8 Divided test methods of TestExtendValue class (#22574)
Divided the two test methods of the TestExtendValue class into multiple test methods so there is a test method for each compare.
2017-07-17 17:47:50 -07:00
Toshio Kuratomi
ff22528b07 Consolidate boolean/mk_boolean conversion functions into a single location
Consolidate the module_utils, constants, and config functions that
convert values into booleans into a single function in module_utils.

Port code to use the module_utils.validate.convert_bool.boolean function
isntead of mk_boolean.
2017-07-17 11:48:05 -07:00
Dag Wieers
e970237a2f New module: access Cisco ACI (network/aci/aci_rest) (#26029)
* aci_rest: New module to access Cisco ACI

This PR includes:
- Relicense as GPLv3+
- Check-mode support
- Cosmetic changes to documentation
- Examples in YAML format
- Removal of incorrect requirements (for this module)
- Do not log passwords
- Implement native fetch_url instead of requests
- Use standard hostname, username and password parameters
- Add alias src for parameter config_file
- Add mutual exclusive content option for inline data (and show some inline examples)
- Add timeout parameter
- Add validate_certs parameter
- Handling ACI result output (identical for JSON as XML input)
- Parse/expose ACI error output to user

* Lower case method, add use_ssl, Use python dicts

This commit includes:
- Use lowercase method names
- Add `use_ssl` parameter (not the `protocol` parameter)
- Use a python dict for the request data (not a JSON string)
- Documentation improvements

* Ensure one of 'content' or 'src' is provided

* Fix issue with totalCount being a string in JSON

This fixes the problem with JSON output where totalCount is a string and
not an integer.

This fixes jedelman8/aci-ansible#7

* Improve code documentation

* Improve error handling and module response

* Small typo

* Improve documentation and examples

* Keep protocol parameter, but deprecate it

* Extrude aci functions from module_utils

* aci_rest: Add unit tests
2017-07-17 16:32:12 +01:00
Nathaniel Case
855544604a Fix nxos_bgp_neighbor_af advertise_map and advertise_map_non_exist (#26721) 2017-07-17 11:15:06 -04:00
Nathaniel Case
61249995a1 Update nxos_interface_ospf & add test (#26644)
* Update nxos_interface_ospf & add test
2017-07-14 12:31:36 -04:00
Peter Sprygada
3bbb32cac5 fixes error when trying to run show start over eapi (#26800) 2017-07-14 15:07:44 +02:00
Pilou
2a92120ffa INI inventory plugin: add documentation about variable types (#25798)
* INI inventory: check variable types
* INI inventory: add doc about variable types

Fixes #25784
2017-07-13 12:04:20 -07:00
Nathaniel Case
5cfdd5df0f nxos_pim_interface (#26367)
* Add unit tests to nxos_pim_interface

* Update tests to match module

* Update nxos_pim_interface

* Address pep8 issues
2017-07-12 15:39:43 -04:00
rahushen
74947168e3 Add nxos_command IT and generalize UT (#26617)
* Add nxos_command IT sanity

* generalize nxos_command UT for different NXOS platforms
2017-07-12 13:19:02 -04:00
Ken Celenza
31b6ac896d Kc update ip filter (#26566)
* add first, last and next usable

* add usable ip filters

* add size usable, range usable and wildcard

* add ip prefix and netmask filter

* add network formatting and check if ip in subnet

* clean up order, add comments

* fix pep8

* update format by index

* clean up and updates from jmcgill298
2017-07-12 17:17:58 +01:00
Ganesh Nalawade
e14e37ee1e Fix junos unit test failures (#26676)
*  Use lxml api's in unit test to parse xml
*  Remove unwanted import in unit test
*  Add ncclient dependency in unit test requirement
2017-07-12 08:36:16 -07:00
Pilou
2d7e00c670 mock_unfrackpath_noop: handle follow parameter (#26662) 2017-07-12 10:13:25 -05:00
Peter Sprygada
0b6f0e6c0d adds more intelligent save logic and diff to network config modules (#26565)
* adds more intelligent save logic and diff to network config modules

* adds sha1 property to NetworkConfig
* adds new argument save_when to argument_spec
* adds new argument diff_against to argument_spec
* adds new argument intended_config to argument_spec
* renames config argument to running_config with alias to config
* deprecates the use of the save argument
* before and after now work with src argument
* misc module clean

Modules updated
* nxos_config
* ios_config
* eos_config

Most notably this makes the save mechanism more intelligent for config
modules for devices that need to copy the ephemeral config to
non-volatile storage.

The diff_against argument allows the playbook task to control what the
device's running-config is diff'ed against. By default it will return
the diff of the startup-config.

* removes ios_config from pep8/legacy_files.txt

* extends the ignore lines argument to the module

* clean up CI errors

* add missing list brackets

* fixes typo

* fixes unit test cases

* remove last line break when returning config contents

* encode config string to bytes before hashing

* fix typo

* addresses feedback in PR

* update unit test cases
2017-07-11 20:34:20 -04:00
mikedlr
07a4079a81 aws.core in new aws dir in module utils - module with AnsibleAWSModule class and fail_json_aws (#25780)
* aws module utils including AnsibleAWSModule
* fail_json_aws method on AnsibleAWSModule to do fail_json nicely with AWS exceptions
* aws module util - feedback - rename to aws/core.py & improve doc strings
2017-07-11 14:01:35 -07:00
Ricardo Carrillo Cruz
b81209c187 Fix multiple EOS EAPI code and test issues (#26651) 2017-07-11 19:28:33 +02:00
Adrian Likins
0fc0b6f059 Mv AnsibleFactCollector back to module_utils (#26150)
It was in lib/ansible/modules/system/setup.py since it
was the only thing using it, but move it back to module_utils
and add a ansible_collector.get_ansible_collector() to build
a facts collector just like the one used by setup.py

mv test_setup.py -> test_ansible_collector.py
All the code it was testing is now in ansible_collector

rm code to create 'ansible_facts' subkey from namespace

Just leave it up to the caller to do, and just return a
flat dictionary from AnsibleFactCollector.collect()
2017-07-11 10:44:22 -04:00
Ganesh Nalawade
be89ef3eb6 junos_linkagg implementation and junos modules refactor (#26587)
* junos_linkagg implementation and junos modules refactor

*  junos_linkagg implementation
*  junos_linkagg integration test
*  net_linkagg integration test for junos
*  decouple `load_config` and `commit` operations,
   to allow single commit (in case on confirm commit) and
   to perform batch commit (multiple `load_config` followed by single
   `commit`)
*  Other related refactor

* Fix CI issues

* Fix unit test failure
2017-07-11 09:52:53 +05:30
James Mighion
58ade65ea6 Adding admin option for iosxr_config (#26509)
* Adding admin option for iosxr_config. Adding unit test for new admin option for iosxr_config. Fixes #24308

* Removing space on empty line.
2017-07-10 10:22:45 -06:00
Ken Evensen
f31d3ddeb7 Pamd Updates (#25817)
* Fix for #25522
Fix for #25855
Fix for #23963

* Minor fix

* Updates per bcoca.  Fix in regex for silvinux.
2017-07-10 11:41:01 -04:00
Trishna Guha
07498ebed3 fix nxos_overlay_global (#26422)
* fix nxos_overlay_global

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* swap check_mode with candidate

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-07-10 18:53:52 +05:30
Trishna Guha
b81882e2a8 vyos_static_route implementation module (#26426)
* vyos_static_route implementation module

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* Add vyos_static_route implementation module

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* unit test

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* modify vyos_static_route

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* integration test vyos_static and net_static_route

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* fix typo integration test

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* modify vyos_static_route

* modify integration test

* vyos_static_route doc build fix

* fix integration test data

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* update net_static_route cli test set

* minor fix
2017-07-10 16:34:56 +05:30
Tim Rupp
37ca55bf71 Adds missing fields for iapp service (#26507)
The iApp service module worked fine previously, but this patch
adds enhancements to it to include more fields that can be
specified when creating iapp services.
2017-07-10 07:27:49 +01:00
Trishna Guha
c5fb4bbcc0 Fix nxos_switchport and unit test (#26131)
* fix nxos_switchport

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* nxos_switchport unit test

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* legacy file

* update unit test

* handle exception
2017-07-06 18:58:36 +05:30
Brian Coca
2a041d10d2 better backwards compat handling of status
restored 'rc' inspection but only when failed is not specified
removed redundant changed from basic.py as task_executor already adds
removed redundant filters, they are tests
added aliases to tests removed from filters
fixed test to new rc handling
2017-07-05 21:44:00 -04:00