Commit graph

1068 commits

Author SHA1 Message Date
Matt Martz
4fe08441be Deprecate tests used as filters (#32361)
* Warn on tests used as filters

* Update docs, add aliases for tests that fit more gramatically with test syntax

* Fix rst formatting

* Add successful filter, alias of success

* Remove renamed_deprecation, it was overkill

* Make directory alias for is_dir

* Update tests to use proper jinja test syntax

* Update additional documentation, living outside of YAML files, to reflect proper jinja test syntax

* Add conversion script, porting guide updates, and changelog updates

* Update newly added uses of tests as filters

* No underscore variable

* Convert recent tests as filter changes to win_stat

* Fix some changes related to rebasing a few integration tests

* Make tests_as_filters_warning explicitly accept the name of the test, instead of inferring the name

* Add test for tests_as_filters_warning

* Update tests as filters in newly added/modified tests

* Address recent changes to several integration tests

* Address recent changes in cs_vpc
2017-11-27 17:58:08 -05:00
Samer Deeb
cbf28c20cb Add Support for Mellanox switches: first module: mlnxos_command (#33121)
* Add Support for Mellanox switches: first module: mlnxos_command

Signed-off-by: Samer Deeb <samerd@mellanox.com>

* Add cliconf support for mlnxos

Signed-off-by: Samer Deeb <samerd@mellanox.com>

* 1- Fix short description, 2- remove waitfor

Signed-off-by: Samer Deeb <samerd@mellanox.com>

* remove usage of check_args

Signed-off-by: Samer Deeb <samerd@mellanox.com>
2017-11-27 20:55:08 +00:00
Trishna Guha
25a465ffcb
loopback doesn't support passive_interface (#33252)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-11-27 22:56:16 +05:30
Ken Celenza
748107d369 Type manipulation (#28446)
* add type manipulation

* update for py3

* add tests for list to dict

* Add dict to list tests

* Update tests to search for regex in response

* pep8 clean up

* update Exception for py3

* update test to be py2/3 compat

* update for py26 compat

* potential fix for py3 and py26

* potential fix for py3 and py26 take2

* add new line to kick off shippable

* remove cache file created

* fix filter name

* add space for shipable
2017-11-24 15:26:29 -05:00
Ganesh Nalawade
3d63ecb6f3
Refactor junos modules to Use netconf and cliconf plugins (#32621)
* Fix junos integration test fixes as per connection refactor (#33050)

Refactor netconf connection plugin to work with netconf plugin

* Fix junos integration test fixes as per connection refactor (#33050)

Refactor netconf connection plugin to work with netconf plugin
Fix CI failure
Fix unit test failure
Fix review comments
2017-11-24 12:04:47 +05:30
James Cammarata
d8ae4dfbf2 Adding aliases for field attributes and renaming async attribute (#33141)
* Adding aliases for field attributes and renaming async attribute

As of Python 3.7, the use of async raises an error, whereas before the use
of the reserved word was ignored. This adds an alias field for field attrs
so that both async and async_val (interally) work. This allows us to be
backwards-compatible with 3rd party plugins that may still reference Task.async,
but for the core engine to work on Py3.7+.

* Remove files fixed for 'async' usage from the python 3.7 skip list
2017-11-22 12:35:58 -08:00
jctanner
218987eac1
ANSIBLE_SSH_USETTY configuration option (#33148)
* Allow the user to circumvent adding -tt on ssh commands to help aid in
debugging ssh related problems.
* Move config to the plugin
* Set version_added
* Change yaml section to "connection"
* Fix ssh unit tests
2017-11-22 11:19:43 -05:00
Brian Coca
ebd08d2a01 jsonify inventory (#32990)
* jsonify inventory
* smarter import, dont pass kwargs where not needed
* added datetime
* Eventual plan for json utilities to migrate to common/json_utils when we split
  basic.py no need to move jsonify to another file now as we'll do that later.
* json_dict_bytes_to_unicode and json_dict_unicode_to_bytes will also
  change names and move to common/text.py at that time (not to json).
  Their purpose is to recursively change the elements of a container
  (dict, list, set, tuple) into text or bytes, not to json encode or
  decode (they could be a generic precursor to that but are not limited
  to that.)
* Reimplement the private _SetEncoder which changes sets and datetimes
  into objects that are json serializable into a private function
  instead.  Functions are more flexible, less overhead, and simpler than
  an object.
* Remove code that handled simplejson-1.5.x and earlier.  Raise an error
  if that's the case instead.
  * We require python-2.6 or better which has the json module builtin to
    the stdlib.  So this is only an issue if the stdlib json has been
    overridden by a third party module and the simplejson on the system
    is 1.5.x or less.  (1.5 was released on 2007-01-18)
2017-11-21 13:41:27 -08:00
Matt Clay
e45c763b64 Fix invalid string escape sequences. 2017-11-21 10:03:34 -08:00
Ganesh Nalawade
0ddf092ae3
Add new filter to parse xml output for network use cases (#31562)
* Add new filter to parse xml output for network use cases

Fixes #31026
*  Add parse_xml filter
*  Add documentation for parse_xml filter

* Edited for clarity.

* Fix review comment and add unit tests

* Fix unit test CI failure

* Fix CI issues

* Fix unit test failures

* Fix review comments

* More copy edits.
2017-11-21 12:16:18 +05:30
Corban Johnson
d9a52db17d Adding RPC attribute parameters to junos_rpc network module (#32649)
* Adding RPC attribute arguments to `junos_rpc` network module.

* Specifying module argument version.

* Fixing DOCUMENTATION block.

* First attempt at new test fixture.

* Updated RPC_CLI_MAP.

* Use `result` instead of `reply`.
2017-11-21 10:45:13 +05:30
Mike Wiebe
95a2140f4b Use show command to support wider platform set for nxos_interface module (#33037)
* Use show command to support wider platform set

* Fix unit tests
2017-11-20 18:59:09 +00:00
Arnaud
84117e57ba nxos: 32 bits AS in as-dot format not recognized by regexp asn_regex (#30569)
* added test for 32 bits AS

* Lint not happy.
2017-11-20 10:09:16 +00:00
Tim Rupp
c94d57311c
Adds bigip_vcmp_guest module (#33024)
This module can be used to manage guests on a vCMP provisioned BIG-IP.
vCMP is a hardware-only feature, therefore this module cannot be used
on the VE editions of BIG-IP.
2017-11-17 12:11:52 -08:00
Pilou
a5c9726502 Unit tests: share common code (#31456)
* move set_module_args to units.modules.utils
* unit tests: reuse set_module_args
* unit tests: mock exit/fail_json in module.utils.ModuleTestCase
* unit tests: use module.utils.ModuleTestCase
* unit tests: fix 'import shadowed by loop variable'
2017-11-17 09:17:07 -08:00
Brian Coca
23b1dbacaf
Config continued (#31024)
* included inventory and callback in new config

allow inventory to be configurable
updated connection options settings
also updated winrm to work with new configs
removed now obsolete set_host_overrides
added notes for future bcoca, current one is just punting, it's future's problem
updated docs per feedback
added remove group/host methods to inv data
moved fact cache from data to constructed
cleaner/better options
fix when vars are added
extended ignore list to config dicts
updated paramiko connection docs
removed options from base that paramiko already handles
left the look option as it is used by other plugin types
resolve delegation
updated cache doc options
fixed test_script
better fragment merge for options
fixed proxy command
restore ini for proxy
normalized options
moved pipelining to class
updates for host_key_checking
restructured mixins

* fix typo
2017-11-16 13:49:57 -05:00
Tim Rupp
3f3c526026
Removes deprecated "append" param from snat pool (#32953)
This param was deprecated in 2.4 and slated for removal in 2.5. This
patch removes it.
2017-11-15 19:35:09 -08:00
Tim Rupp
0c1f493b6c
Adds module for managing bigip device connectivity (#32950)
This module is a critical part of the HA process for BIG-IPs.
2017-11-15 16:51:51 -08:00
Adrian Likins
86dc3c09ac
Fix vault --ask-vault-pass with no tty (#31493)
* Fix vault --ask-vault-pass with no tty

2.4.0 added a check for isatty() that would skip setting up interactive
vault password prompts if not running on a tty.

But... getpass.getpass() will fallback to reading from stdin if
it gets that far without a tty. Since 2.4.0 skipped the interactive
prompts / getpass.getpass() in that case, it would never get a chance
to fall back to stdin.

So if 'echo $VAULT_PASSWORD| ansible-playbook --ask-vault-pass site.yml'
was ran without a tty (ie, from a jenkins job or via the vagrant
ansible provisioner) the 2.4 behavior was different than 2.3. 2.4
would never read the password from stdin, resulting in a vault password
error like:

        ERROR! Attempting to decrypt but no vault secrets found

Fix is just to always call the interactive password prompts based
on getpass.getpass() on --ask-vault-pass or --vault-id @prompt and
let getpass sort it out.

* up test_prompt_no_tty to expect prompt with no tty

We do call the PromptSecret class if there is no tty, but
we are back to expecting it to read from stdin in that case.

* Fix logic for when to auto-prompt vault pass

If --ask-vault-pass is used, then pretty much always
prompt.

If it is not used, then prompt if there are no other
vault ids provided and 'auto_prompt==True'.

Fixes vagrant bug https://github.com/hashicorp/vagrant/issues/9033

Fixes #30993
2017-11-15 14:01:32 -05:00
Trishna Guha
3ee2501c83
multiple fixes nxos (#32903)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-11-14 15:23:11 +00:00
Anil Kumar Muraleedharan
177a4fb3ec Adding enos_command module and unit test (#32782)
* Adding git_command module and its UT file

* Changing Author Name and removing 2 blank lines

* Removing blank lines

* Adding enos_config and its UT files

* Removing config module as I am allowed to have only module per PR

* Work on Ganesh's Review comments

* John Review Comments on enos_command.py

* Review comments of John
2017-11-14 15:09:29 +00:00
Trishna Guha
c40de24e9c
fix mtu check nxos_interface (#32880)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-11-14 10:40:37 +00:00
Trishna Guha
f49555d494
nxos_bgp_neighbor_af feature idea disable-peer-as-check (#32665)
* nxos_bgp_neighbor_af feature idea disable-peer-as-check

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* Add unit test

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-11-13 14:48:31 +00:00
Trishna Guha
e4052c1261
Add mtu option nxos_interface feature idea (#32680)
* Add mtu option nxos_interface feature idea

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* Add unit test for mtu feature

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-11-13 14:48:04 +00:00
Adrian Likins
9c58827410
Better handling of malformed vault data envelope (#32515)
* Better handling of malformed vault data envelope

If an embedded vaulted variable ('!vault' in yaml)
had an invalid format, it would eventually cause
an error for seemingly unrelated reasons.
"Invalid" meaning not valid hexlify (extra chars,
non-hex chars, etc).

For ex, if a host_vars file had invalid vault format
variables, on py2, it would cause an error like:

  'ansible.vars.hostvars.HostVars object' has no
  attribute u'broken.example.com'

Depending on where the invalid vault is, it could
also cause "VARIABLE IS NOT DEFINED!". The behavior
can also change if ansible-playbook is py2 or py3.

Root cause is errors from binascii.unhexlify() not
being handled consistently.

Fix is to add a AnsibleVaultFormatError exception and
raise it on any unhexlify() errors and to handle it
properly elsewhere.

Add a _unhexlify() that try/excepts around a binascii.unhexlify()
and raises an AnsibleVaultFormatError on invalid vault data.
This is so the same exception type is always raised for this
case. Previous it was different between py2 and py3.

binascii.unhexlify() raises a binascii.Error if the hexlified
blobs in a vault data blob are invalid.

On py2, binascii.Error is a subclass of Exception.
On py3, binascii.Error is a subclass of TypeError

When decrypting content of vault encrypted variables,
if a binascii.Error is raised it propagates up to
playbook.base.Base.post_validate(). post_validate()
handles exceptions for TypeErrors but not for
base Exception subclasses (like py2 binascii.Error).

* Add a display.warning on vault format errors
* Unit tests for _unhexlify, parse_vaulttext*
* Add intg test cases for invalid vault formats

Fixes #28038
2017-11-10 14:24:56 -05:00
Frederic Lepied
35f79370e1 mock ncclient import in test_connection.py (#32786) 2017-11-10 11:53:04 -05:00
Nathaniel Case
9c0275a879
Connection plugins network_cli and netconf (#32521)
* implements jsonrpc message passing for ansible-connection

* implements more generic mechanism for persistent connections
* starts persistent connection in task_executor if enabled and supported
* supports using network_cli as top level connection plugin
* enhances logging for persistent connection to stdout

* Update action plugins

* Fix Python3 RPC

* Fix Junos bytes<-->str issues

* supports using netconf as top level connection plugin

* Error message when running netconf on an unsupported platform
* Update tests

* Fix `authorize: yes` for `connection: local`

* Handle potentially JSON data in terminal

* Add clarifying detail if possible on ConnectionError
2017-11-09 15:04:40 -05:00
Ganesh Nalawade
37b0537279
Fix ios_config file prompt issue (#32744)
Fixes #23263

Add a carriage return (\r) at end on copy config
command which results in prompt on cli terminal
2017-11-09 22:43:49 +05:30
Brian Coca
db749de5b8 namespace facts
updated action plugins to use new guranteed facts
updated tests to new data clean
added cases for ansible_local and some docstrings
2017-11-09 09:48:14 -05:00
cnasten
f1fe467c22 nso_config module for setting configuration in Cisco NSO (#30973) 2017-11-09 13:34:41 +00:00
Evgeny Fedoruk
59b49329b1 Module for running templates and workflows on vDirect (#31243)
Modure for running configuration templates and workflows on Radware vDirect server
2017-11-08 16:41:44 +00:00
Evgeny Fedoruk
a06f06a9a3 Module for committing pending configuration on Radware devices (#31776)
With this module, pending configurations can be commited
on Radware ADC devices.
2017-11-08 16:41:20 +00:00
Anil Kumar Muraleedharan
9d98452032 New enos_facts, + module_utils/enos.py. modifying copyright year in rest all (#31696)
* Squashing all commits to one as suggested by John

* Adding Unit test method for the module enos_facts.py

* Pep8 and Ylint issues addressed

* Trying again to remove blank line. Some scripts are required for this.

* Bug Fixing for interfaces

* Editing for over indenting issue

* E203 whitespace before ','

* Update enos.py

Added warnings argument as to check_args method

* Update enos_facts.py

Added warnings to check_args method
2017-11-08 15:55:46 +00:00
paulquack
a5da2e44a1 ironware_config module (#32187) 2017-11-07 08:22:22 +00:00
paulquack
806f43a9c0 ironware_facts module (#32186) 2017-11-07 08:19:56 +00:00
Tim Rupp
2bf6ac6c78
Adds bigip_device_trust module (#32608)
This module can be used to manage trusts between two bigip devices.
2017-11-06 20:14:49 -08:00
James Mighion
749197b436 Updating the options to allow decryption and new save_when. (#32602) 2017-11-06 18:20:12 +00:00
Tim Rupp
06363f6ede
Removes bigip_snmp from skip file (#32530) 2017-11-03 07:00:49 -07:00
Tim Rupp
53940670fd
Removes bigip_qkview from skip file (#32529) 2017-11-02 21:27:11 -07:00
Tim Rupp
45787f6ef2
Removes bigip_provision from skip file (#32525) 2017-11-02 17:40:41 -07:00
Tim Rupp
ab71a9de14
Removes bigip_irule from the skip file (#32509) 2017-11-02 11:38:39 -07:00
Jonathan Nuñez
67b1d0f274 CloudFormation module: get StackEvents when ClientRequestToken is not used (#32434)
* When getting the stack events we need to consider the case where we don't have ClientRequestToken fixes #32396

* Adding tests for the case when the ClientRequestToken is not present in the stack creation.

* Renaming the stack that the test for Client Request Token requires so it won't cause collisions with the basic test.
2017-11-02 11:41:49 -04:00
Pilou
43914b3837 Fix include_role unit tests (#31920)
* Ensure include_role unit tests check something

This is not the case: get_tasks_vars doesn't yield

* Fix include_role unit tests

Since e609618274, include_role are not
static anymore.
2017-11-02 10:36:15 -05:00
Tim Rupp
6b6df43eae
Removes bigip_iapp_template from the skip file (#32488) 2017-11-02 07:47:28 -07:00
Tim Rupp
015baf5149
Removes bigip_iapp_service from skip list (#32482) 2017-11-01 21:47:56 -07:00
Tim Rupp
60281b85fe
Refactored bigip_device_dns (#32483)
Module was using old coding standards. This updates the module
2017-11-01 20:31:26 -07:00
Tim Rupp
cbc5c2d556
Removes bigip_hostname from skip file (#32479) 2017-11-01 19:56:20 -07:00
Tim Rupp
d5d4683047
Removes bigip_snmp_trap from skip file (#32470) 2017-11-01 15:20:28 -07:00
Tim Rupp
e3f1198a67
Removes bigip_ucs from skip file (#32462) 2017-11-01 14:22:35 -07:00
Tim Rupp
27188d46a9
Adds bigip_iapplx_package module (#32456)
This module can be used to manage the iAppLX packages you have
installed on a device. It can install and remove packages in
their RPM format.
2017-11-01 12:00:06 -07:00
Tim Rupp
c239749052
Removes bigip_user from skip file (#32451) 2017-11-01 10:37:23 -07:00
Tim Rupp
83674af284
Removes virtual_address from skip file (#32425) 2017-11-01 09:49:06 -07:00
Dave Thelen
2c99cbc874 eos_eapi: adding the desired state config to the new vrf fixes #32111 (#32112)
* adding the desired state config to the new vrf fixes #32111

* fix default vrf initial configured

* add unit test
2017-11-01 22:18:52 +05:30
Sébastien DA ROCHA
bc4ba6b638 Iptables unit tests (#30762)
* Add some tests for iptables

* Fix remove bug (calls 2 times check to remove a chain)

* Add me as maintainer

* Fix PEP8

* Doc: Give more information on issue #18988

* Fix #18988 and test it

* Fix doc (thanks Pillou)

* enable PEP8 check for iptables
2017-11-01 12:08:57 +01:00
Tim Rupp
fc4580b4cc
Removes bigip ssl certificate from skip file (#32424) 2017-10-31 21:17:07 -07:00
Tim Rupp
6193d5bc65
Removes gtm wide ip from skip file (#32422) 2017-10-31 20:45:42 -07:00
Tim Rupp
8868b5fa85
Removes gtm pool from skip file (#32419) 2017-10-31 20:12:53 -07:00
Tim Rupp
daaf8ca86c
Fixes skip imports for bigip_configsync_action module (#32413) 2017-10-31 19:22:36 -07:00
Tim Rupp
8f2b243a3e
Fixes bigip_config to remove from skip file (#32409) 2017-10-31 15:48:23 -07:00
Tim Rupp
8c5cd9c530
Removes bigip_command from the skip file (#32407)
Includes fixes and enhancements to make it unnecessary to include this
module in the skip file
2017-10-31 13:50:28 -07:00
Tim Rupp
8037eb7474
Various fixes for bigip_remote_syslog (#32404)
This patch addresses a number of issues, large and small, that were
identified by users in the downstream repo.

* formatting of some code
* specific option combinations leading to errors
* missing includes for unit tests
2017-10-31 12:32:50 -07:00
Paul Neumann
53fead7c96 ios_logging: Fix some smaller issues, add unit test (#32321)
* ios_logging: Fix typo in documentation

* ios_logging: Fix traceback when setting buffered destination without size

When the size parameter is not configured while configuring the buffered
destination, a traceback occurs due to the fact that validate_size expects the
parameter to be an int. Explicitely converting value to int makes the
check work for every case.

* ios_logging: Update size parameter documentation

Update the documentation of the size paramter to reflect the current behaviour
of setting a default of 4096 for the buffered dest.

* ios_logging: Add unit test

Add unit test for ios_logging testing the behaviour clarified in the previous
commits.

* ios_logging: Fix python 2.6 compliance
2017-10-31 09:25:07 +05:30
Ken Evensen
8724ff3eae pamd: fix issue with trailing commas in module_arguments 2017-10-30 08:24:21 +01:00
Paul Neumann
87f663b950 ios_system: Fix typo in unit test (#32284) 2017-10-29 09:45:13 +05:30
Tim Rupp
2a5f6c28cf
Adds bigip_asm_policy module (#32281)
This module can be used to import asm policies from file or existing
template. Supported file types are xml, compact xml, and binary
2017-10-27 22:31:52 -07:00
Tim Rupp
a16db95ddb
Adds the bigip_ssl_key module (#32270)
This module's purpose is to specifically manage the ssl keys. It
is essentially the key component of the bigip_ssl_certificate module.
The modules were separated and the key portion deprecated from
bigip_ssl_certificate in favor of this module.
2017-10-27 12:52:52 -07:00
Tim Rupp
cc4bbb2929 Various bigip_pool fixes (#32161)
* corrects copyrights and mocks in unit tests
* fixes module code to include code to cleanup tokens
2017-10-25 12:57:21 -07:00
Kedar K
e2bed36d12 - Adds iosxr_netconf module to configure netconf service on IOSXR (#31715)
* - Adds iosxr_netconf module to configure netcong service on Cisco
  IOS-XR devices

* - Adds Integration test for module
- Handles diff return from load_config

* - Adds unit test for iosxr_netconf module
2017-10-24 08:49:23 +05:30
Ryan Brown
11c225e039 Start using ClientRequestTokens in event lists (#31997)
* Start using ClientRequestTokens in event lists

* Include request token in all reqs that support it (basically all but check mode/changeset)

* Update placebo recordings

* Add comments for CRQ popping
2017-10-23 14:39:13 -04:00
Kedar K
465fe5802b -Fixes JSON parsing(use JSON object instead of string) for facts modules. (#31818) 2017-10-23 17:48:52 +05:30
Tim Rupp
965e4151df Adds the bigip_policy module (#31915)
this module allows one to manage policies and re-order their
corresponding rules
2017-10-20 18:05:55 -07:00
Tim Rupp
8085c38e05 Refactors the bigip_gtm_facts module (#31917)
Includes pep fixes and inlining code with current conventions
2017-10-20 18:05:45 -07:00
Tim Rupp
f94d337ef6 Adds new module allowing you to wait for a bigip (#31846)
Module allows you to wait for a bigip device to be
"ready" for configuration. This module will wait for things like
the device coming online as well as the REST API and MCPD being
ready.

If all of the above is not online and ready, then no configuration
will be able to be made.
2017-10-18 18:05:43 +01:00
paulquack
5a6ee054c0 Network command module for Brocade IronWare routers (#31429) 2017-10-17 13:54:32 +01:00
Chris Meyers
cf938e9992 tests for InventoryModule error conditions (#31381)
* tests for InventoryModule error conditions

* modified unicode in tests to ahear to Ansible best practices

* flake8 fixes
2017-10-16 18:52:44 -04:00
Brian Coca
01b6c7c9c6 better cleanup on task results display (#27175)
* better cleanup on task results display

callbacks get 'clean' copy of result objects
moved cleanup into result object itself
removed now redundant callback cleanup
moved no_log tests

* moved import as per feedback
2017-10-16 09:44:11 -04:00
Tim Rupp
02cd881697 Refactors bigip_selfip (#31732)
In this refactor we moved to the most recent coding standards for
both F5 and Ansible. Many bugs were fixed and some features were
also added (such as ipv6 support).
2017-10-13 23:31:32 -07:00
Tim Rupp
0610f09dab Adds various provision fixes (#31731)
* vcmp provisioning support
* documentation fixes
* fixes for python3 causing an exception
2017-10-13 22:19:46 -07:00
Tim Rupp
53445ded84 Fixes documentation related bugs (#31730)
New conventions for ansible warrant fixes to accomodate those
in bigip_partition.

This patch also includes an import fix that can raise an error when
Ansible unit tests run
2017-10-13 22:06:19 -07:00
Tim Rupp
a969a529ab Fixes various gtm pool issues (#31728)
Various formatting related fixes. Also fixed an idempotency problem
with the 'disabled' state
2017-10-13 21:51:28 -07:00
Brian Coca
386515281e additional configmanager tests
left placeholders for more
2017-10-13 20:25:12 -04:00
Adrian Likins
297dfb1d50 Vault secrets script client inc new 'keyring' client (#27669)
This adds a new type of vault-password script  (a 'client') that takes advantage of and enhances the 
multiple vault password support.

If a vault password script basename ends with the name '-client', consider it a vault password script client. 

A vault password script 'client' just means that the script will take a '--vault-id' command line arg.

The previous vault password script (as invoked by --vault-password-file pointing to an executable) takes
no args and returns the password on stdout. But it doesnt know anything about --vault-id or multiple vault
passwords.

The new 'protocol' of the vault password script takes a cli arg ('--vault-id') so that it can lookup that specific
vault-id and return it's password.

Since existing vault password scripts don't know the new 'protocol', a way to distinguish password scripts
that do understand the protocol was needed.  The convention now is to consider password scripts that are
named like 'something-client.py' (and executable) to be vault password client scripts.

The new client scripts get invoked with the '--vault-id' they were requested for. An example:

     ansible-playbook --vault-id my_vault_id@contrib/vault/vault-keyring-client.py some_playbook.yml

That will cause the 'contrib/vault/vault-keyring-client.py' script to be invoked as:

     contrib/vault/vault-keyring-client.py --vault-id my_vault_id

The previous vault-keyring.py password script was extended to become vault-keyring-client.py. It uses
the python 'keyring' module to request secrets from various backends. The plain 'vault-keyring.py' script
would determine which key id and keyring name to use based on values that had to be set in ansible.cfg.
So it was also limited to one keyring name.

The new vault-keyring-client.py will request the secret for the vault id provided via the '--vault-id' option.
The script can be used without config and can be used for multiple keyring ids (and keyrings).

On success, a vault password client script will print the password to stdout and exit with a return code of 0.
If the 'client' script can't find a secret for the --vault-id, the script will exit with return code of 2 and print an error to stderr.
2017-10-13 15:23:08 -04:00
Tim Rupp
ecee475a3a This patch fixes a number of outstanding bugs and code convention problems. (#31618)
* documentation was not inline with other Ansible modules
* Python 3 specific imports were missing
* monitor_type is no longer required when creating a new pool; it is now the default.
* A new monitor_type choice of "single" was added for a more intuitive way to specify "a single monitor". It uses "and_list" underneath, but provides additional checks to ensure that you are specifying only a single monitor.
* host and port arguments have been deprecated for now. Please use bigip_pool_member instead.
* 'partition' field was missing from documentation.
* A note that "python 2.7 or greater is required" has been added for those who were not aware that this applies for ALL F5 modules.
* Unit tests were fixed to support the above module
2017-10-13 09:47:49 -07:00
Tim Rupp
381b18fd80 Adds a refactored bigip_monitor_http module. (#30998)
This patch refactors the bigip_monitor_http module to use REST
instead of SOAP. It additionally adds unit tests and current F5
code conventions.

Integration tests can be found here
* https://github.com/F5Networks/f5-ansible/blob/devel/test/integration/bigip_monitor_http.yaml
* https://github.com/F5Networks/f5-ansible/tree/devel/test/integration/targets/bigip_monitor_http/tasks
2017-10-12 17:02:05 -07:00
Brian Coca
12c8dd1893 config tests
also a couple of fixes to manager
2017-10-12 19:26:39 -04:00
James Mighion
50052b3d70 Adding a cli transport option for the bigip_command module. (#30391)
* Adding a cli transport option for the bigip_command module.

* Fixing keyerror when using other f5 modules. Adding version_added for new option in bigip_command.

* Removing local connection check because the F5 tasks can be delegated to any host that has the libraries for REST.

* Using the network_common load_provider.

* Adding unit test to cover cli transport and updating previous unit test to ensure cli was not called.
2017-10-12 15:07:15 -07:00
Ganesh Nalawade
88da95bb77 Fix rollback in junos_config (#31424)
* Fix rollback in junos_config

Fixes #30778

*  Call `load_configuration` with rollback id in case
   the id is given as input
*  Pass rollback id to `get_diff()` to fetch diff from device

* Fix unit test
2017-10-11 10:25:56 +05:30
Brian Coca
d84df2405d move from with_<lookup>: to loop:
- old functionality is still available direct lookup use, the following are equivalent

  with_nested: [[1,2,3], ['a','b','c']]

  loop: "{{lookup('nested', [1,2,3], ['a','b','c'])}}"

- avoid squashing with 'loop:'
- fixed test to use new intenal attributes
- removed most of 'lookup docs' as these now reside in the plugins
2017-10-10 15:43:49 -04:00
Toshio Kuratomi
2db9b6d2ca Remove wildcard import in test_nclu 2017-10-09 21:41:02 -07:00
Tim Rupp
75c5d0fedc Adds the bigip_remote_syslog module
This patchs add a remote-syslog module that can be used by people
to manage their (basic, not HSL) syslog configuration
2017-10-09 13:21:16 -07:00
Pilou
1c9bffe248 pip module: fix TypeError (#31395)
* pip: add test: an error occurs when pip not found
* pip: fix TypeError exception when pip executable isn't found
2017-10-09 10:01:21 -07:00
Michael Vermaes
fad3a4dc83 Fix typo in vault decrypt error message (#31335) 2017-10-05 18:09:22 -04:00
Sam Doran
e7902d888c Make ansible_selinux facts a consistent type (#31065)
* Make ansible_selinux facts a consistent type

Rather than returning a bool if the Python library is missing, return a dict with one key containing a message explaining there is no way to tell the status of SELinux on the system becasue the Python library is not present.

* Fix unit test
2017-10-05 09:19:08 -04:00
Matt Clay
a333f2e5b0 Fix ansible-test config management. 2017-10-04 12:52:36 -07:00
Tim Rupp
3717ff64cf Adds the bigip_monitor_https module (#31205)
This patch adds the https_monitor module which allows people
to create and manage HTTPS monitors.
2017-10-04 17:18:59 +01:00
Adrian Likins
65393e4747 Fix ansible_distribution on Ubuntu 10.04 (#31108)
The /etc/os-release based distro detection doesn't
seem to work for Ubuntu 10.04 (no /etc/os-release?).

So it was testing the next case which was /etc/lsb-release to
see if it is 'Mandriva'. Since the check for existence of
(/etc/lsb-release, Mandrive) was the first non-empty dist
file match, 'ansible_distribution' was being set to 'Mandriva'
expecting to be corrected by the data from the dist file content.

But since the dist file parsing for Mandriva didn't match for
Ubuntu 10.04 /etc/lsb-release _and_ there is no Debian specific
lsb-release check, 'ansible_distribution' stayed at 'Mandriva'
and the dist file checking loop keeps going and eventually off
the end of the list before finding a better match.

Adding a debian/ubuntu specific check for /etc/lsb-release after
the debian os-release sets the info correctly and stops further
checking of dist files.

Fixes #30693
2017-10-03 15:32:33 -04:00
Hervé Beraud
db70eeb913 Feature/test inventory (#30707)
* [test] move inventory test to right path
* [feat] add unit test for yaml inventory plugin
2017-10-02 23:01:25 -07:00
Felipe Garcia Bulsoni
46fd083138 LogicalInterconnectGroupFactsModule for HPE OneView (#28847)
* Added support to retrieving LIG resources in HPE OneView

* Fixing copyright header according to review

* Swapping out config for full credentials in parameter for documentation
2017-10-02 16:35:27 -04:00
Felipe Garcia Bulsoni
7d74c126a9 EnclosureFactsModule for HPE OneView (#28852)
* Added support to retrieving Enclosures in HPE OneView

- Added unit tests

* Updated version_added to 2.5

* Changing return type of enclosure_script to string

* Fixing copyright header according to review

* Replaced config for credentials in parameters for documentation
2017-10-02 16:32:36 -04:00
Kedar K
916e6be888 - Fix to return error message back to the module. (#31035) 2017-09-29 17:06:30 +05:30