Commit graph

928 commits

Author SHA1 Message Date
Matt Martz
bd4b92c0b6 Ensure that the become password is written on py3 in the ssh connection plugin. Fixes #34727
(cherry picked from commit 29c1d5cb5d)
2018-01-19 08:06:07 -08:00
Toshio Kuratomi
649ffc10a2 Revert "Ensure that the become password is written on py3 in the ssh connection plugin. Fixes #34727"
This reverts commit fb9e7a85b3.

We may not have a 2.4.3rc3 so reverting this for now
2018-01-18 19:42:24 -08:00
Matt Martz
fb9e7a85b3 Ensure that the become password is written on py3 in the ssh connection plugin. Fixes #34727
(cherry picked from commit 29c1d5cb5d)
2018-01-18 09:33:08 -08:00
James Cammarata
f1c458303a Backport of b107e397 (Cache tasks as they are queued)
* Cache tasks as they are queued instead of en masse

This also moves the task caching from the PlayIterator to the
StrategyBase class, where it makes more sense (and makes it easier
to not have to change the strategy class methods leading to an API
change).

Fixes #31673

* Cleaning up unit tests due to 502ca780

(cherry picked from commit b107e397cb)
2018-01-15 10:04:08 -08:00
Toshio Kuratomi
1546ddb3c3 Fix up the test-set_mode_if_different unittests 2018-01-04 21:05:38 -08:00
Ganesh Nalawade
13937ce772
ios_config save (#33791) (#33872)
* Fixing save so it still works. Adding changed as an option for save_when.

* Updating unit tests.

* Updating description to state that changed was added in 2.5.

(cherry picked from commit 3a9083cf48)

* Update Changelog
2017-12-13 22:31:09 +05:30
Matt Martz
926dfb7c04 Add test for clean_copy preservation of keys
(cherry picked from commit 5c63bb0090)
2017-12-12 14:27:41 -06:00
Trishna Guha
790e290b6b loopback doesn't support passive_interface (#33252)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
(cherry picked from commit 25a465ffcb)
2017-12-06 12:08:10 -08:00
R. Francis Smith
f0741ecaa0 updated pamd rule args regexp to match file paths also (#33432)
* Added . and / to rule args regexp

Things like pam_echo.so file=/etc/foo.txt weren't being matched and
causing incorrect change counts.  Adding / and . fixed that.

Fixes #33351

(cherry picked from commit e957760d52)
2017-11-30 16:02:39 -05:00
Mike Wiebe
9845e5a018 Use show command to support wider platform set for nxos_interface module (#33037)
* Use show command to support wider platform set

* Fix unit tests

(cherry picked from commit 95a2140f4b)
2017-11-22 18:28:17 -08:00
Brian Coca
db83d420af jsonify inventory (#32990)
* jsonify inventory
* smarter import, dont pass kwargs where not needed
* added datetime
* Eventual plan for json utilities to migrate to common/json_utils when we split
  basic.py no need to move jsonify to another file now as we'll do that later.
* json_dict_bytes_to_unicode and json_dict_unicode_to_bytes will also
  change names and move to common/text.py at that time (not to json).
  Their purpose is to recursively change the elements of a container
  (dict, list, set, tuple) into text or bytes, not to json encode or
  decode (they could be a generic precursor to that but are not limited
  to that.)
* Reimplement the private _SetEncoder which changes sets and datetimes
  into objects that are json serializable into a private function
  instead.  Functions are more flexible, less overhead, and simpler than
  an object.
* Remove code that handled simplejson-1.5.x and earlier.  Raise an error
  if that's the case instead.
  * We require python-2.6 or better which has the json module builtin to
    the stdlib.  So this is only an issue if the stdlib json has been
    overridden by a third party module and the simplejson on the system
    is 1.5.x or less.  (1.5 was released on 2007-01-18)
(cherry picked from commit ebd08d2a01)
2017-11-21 13:44:51 -08:00
Adrian Likins
f68330acb2 Fix vault --ask-vault-pass with no tty (#31493)
* Fix vault --ask-vault-pass with no tty

2.4.0 added a check for isatty() that would skip setting up interactive
vault password prompts if not running on a tty.

But... getpass.getpass() will fallback to reading from stdin if
it gets that far without a tty. Since 2.4.0 skipped the interactive
prompts / getpass.getpass() in that case, it would never get a chance
to fall back to stdin.

So if 'echo $VAULT_PASSWORD| ansible-playbook --ask-vault-pass site.yml'
was ran without a tty (ie, from a jenkins job or via the vagrant
ansible provisioner) the 2.4 behavior was different than 2.3. 2.4
would never read the password from stdin, resulting in a vault password
error like:

        ERROR! Attempting to decrypt but no vault secrets found

Fix is just to always call the interactive password prompts based
on getpass.getpass() on --ask-vault-pass or --vault-id @prompt and
let getpass sort it out.

* up test_prompt_no_tty to expect prompt with no tty

We do call the PromptSecret class if there is no tty, but
we are back to expecting it to read from stdin in that case.

* Fix logic for when to auto-prompt vault pass

If --ask-vault-pass is used, then pretty much always
prompt.

If it is not used, then prompt if there are no other
vault ids provided and 'auto_prompt==True'.

Fixes vagrant bug https://github.com/hashicorp/vagrant/issues/9033

Fixes #30993

(cherry picked from commit 86dc3c09ac)
2017-11-15 14:07:39 -05:00
Adrian Likins
29bdd0b326 Better handling of malformed vault data envelope (#32515)
If an embedded vaulted variable ('!vault' in yaml)
had an invalid format, it would eventually cause
an error for seemingly unrelated reasons.
"Invalid" meaning not valid hexlify (extra chars,
non-hex chars, etc).

For ex, if a host_vars file had invalid vault format
variables, on py2, it would cause an error like:

  'ansible.vars.hostvars.HostVars object' has no
  attribute u'broken.example.com'

Depending on where the invalid vault is, it could
also cause "VARIABLE IS NOT DEFINED!". The behavior
can also change if ansible-playbook is py2 or py3.

Root cause is errors from binascii.unhexlify() not
being handled consistently.

Fix is to add a AnsibleVaultFormatError exception and
raise it on any unhexlify() errors and to handle it
properly elsewhere.

Add a _unhexlify() that try/excepts around a binascii.unhexlify()
and raises an AnsibleVaultFormatError on invalid vault data.
This is so the same exception type is always raised for this
case. Previous it was different between py2 and py3.

binascii.unhexlify() raises a binascii.Error if the hexlified
blobs in a vault data blob are invalid.

On py2, binascii.Error is a subclass of Exception.
On py3, binascii.Error is a subclass of TypeError

When decrypting content of vault encrypted variables,
if a binascii.Error is raised it propagates up to
playbook.base.Base.post_validate(). post_validate()
handles exceptions for TypeErrors but not for
base Exception subclasses (like py2 binascii.Error).

* Add a display.warning on vault format errors
* Unit tests for _unhexlify, parse_vaulttext*
* Add intg test cases for invalid vault formats

Fixes #28038

(cherry picked from commit 9c58827410)
2017-11-10 14:31:32 -05:00
Ganesh Nalawade
5944a447f7
Fix ios_config file prompt issue (#32744) (#32780)
Fixes #23263

Add a carriage return (\r) at end on copy config
command which results in prompt on cli terminal
(cherry picked from commit 37b0537279)

Update CHANGELOG.md
2017-11-10 20:32:35 +05:30
Chris Meyers
f00f2466d4 tests for InventoryModule error conditions (#31381)
* tests for InventoryModule error conditions

* modified unicode in tests to ahear to Ansible best practices

* flake8 fixes

(cherry picked from commit cf938e9992)
2017-11-08 10:56:19 -08:00
Pilou
35d942d6a0 Fix include_role unit tests (#31920)
* Ensure include_role unit tests check something

This is not the case: get_tasks_vars doesn't yield

* Fix include_role unit tests

Since e609618274, include_role are not
static anymore.

(cherry picked from commit 43914b3837)
2017-11-02 08:39:32 -07:00
Ganesh Nalawade
bc01b5d981
eos_eapi: adding the desired state config to the new vrf fixes #32111 (#32112) (#32452)
* adding the desired state config to the new vrf fixes #32111

* fix default vrf initial configured

* add unit test

* Update CHANGELOG

(cherry picked from commit 2c99cbc874)
2017-11-01 23:02:51 +05:30
Paul Neumann
ebd559c43a ios_system: Fix typo in unit test (#32284)
(cherry picked from commit 87f663b950)
2017-11-01 08:54:07 -07:00
Paul Neumann
de60b9e1a8 ios_logging: Fix some smaller issues, add unit test (#32321)
* ios_logging: Fix typo in documentation

* ios_logging: Fix traceback when setting buffered destination without size

When the size parameter is not configured while configuring the buffered
destination, a traceback occurs due to the fact that validate_size expects the
parameter to be an int. Explicitely converting value to int makes the
check work for every case.

* ios_logging: Update size parameter documentation

Update the documentation of the size paramter to reflect the current behaviour
of setting a default of 4096 for the buffered dest.

* ios_logging: Add unit test

Add unit test for ios_logging testing the behaviour clarified in the previous
commits.

* ios_logging: Fix python 2.6 compliance

(cherry picked from commit 53fead7c96)
2017-11-01 08:53:39 -07:00
Kedar K
70c3aefdaf - Fix to return error message back to the module. (#31035)
(cherry picked from commit 916e6be888)
2017-10-26 07:38:23 -07:00
Brian Coca
b61bfc87b8 better cleanup on task results display (#27175)
* better cleanup on task results display

callbacks get 'clean' copy of result objects
moved cleanup into result object itself
removed now redundant callback cleanup
moved no_log tests

* moved import as per feedback

(cherry picked from commit 01b6c7c9c6)
2017-10-26 07:32:33 -07:00
Ganesh Nalawade
e001fb7c14 Fix rollback in junos_config (#31424) (#31563)
* Fix rollback in junos_config (#31424)

* Fix rollback in junos_config

Fixes #30778

*  Call `load_configuration` with rollback id in case
   the id is given as input
*  Pass rollback id to `get_diff()` to fetch diff from device

* Fix unit test

(cherry picked from commit 88da95bb77)

* Update changelog
2017-10-11 15:28:42 +05:30
Sam Doran
71e0540016 Make ansible_selinux facts a consistent type (#31065)
* Make ansible_selinux facts a consistent type

Rather than returning a bool if the Python library is missing, return a dict with one key containing a message explaining there is no way to tell the status of SELinux on the system becasue the Python library is not present.

* Fix unit test

(cherry picked from commit e7902d888c)
2017-10-05 09:19:56 -04:00
Matt Clay
2572b2147e Fix ansible-test config management.
(cherry picked from commit a333f2e5b0)
2017-10-04 12:53:29 -07:00
Adrian Likins
4025b47629 Fix fact failures cause by ordering of collectors (#30777)
* Fix fact failures cause by ordering of collectors

Some fact collectors need info collected by other facts.
(for ex, service_mgr needs to know 'ansible_system').
This info is passed to the Collector.collect method via
the 'collected_facts' info.

But, the order the fact collectors were running in is
not a set order, so collectors like service_mgr could
run before the PlatformFactCollect ('ansible_system', etc),
so the 'ansible_system' fact would not exist yet.

Depending on the collector and the deps, this can result
in incorrect behavior and wrong or missing facts.

To make the ordering of the collectors more consistent
and predictable, the code that builds that list is now
driven by the order of collectors in default_collectors.py,
and the rest of the code tries to preserve it.

* Flip the loops when building collector names

iterate over the ordered default_collectors list
selecting them for the final list in order instead
of driving it from the unordered collector_names set.

This lets the list returned by select_collector_classes
to stay in the same order as default_collectors.collectors

For collectors that have implicit deps on other fact collectors,
the default collectors can be ordered to include those early.

* default_collectors.py now uses a handful of sub lists of
collectors that can be ordered in default_collectors.collectors.

fixes #30753
fixes #30623

(cherry picked from commit 95abc1d82e)
2017-09-28 10:56:18 -04:00
Adrian Likins
042079aa87 Use vault_id when encrypted via vault-edit (#30772)
* Use vault_id when encrypted via vault-edit

On the encryption stage of
'ansible-vault edit --vault-id=someid@passfile somefile',
the vault id was not being passed to encrypt() so the files were
always saved with the default vault id in the 1.1 version format.

When trying to edit that file a second time, also with a --vault-id,
the file would be decrypted with the secret associated with the
provided vault-id, but since the encrypted file had no vault id
in the envelope there would be no match for 'default' secrets.
(Only the --vault-id was included in the potential matches, so
the vault id actually used to decrypt was not).

If that list was empty, there would be an IndexError when trying
to encrypted the changed file. This would result in the displayed
error:

ERROR! Unexpected Exception, this is probably a bug: list index out of range

Fix is two parts:

1) use the vault id when encrypting from edit

2) when matching the secret to use for encrypting after edit,
include the vault id that was used for decryption and not just
the vault id (or lack of vault id) from the envelope.

add unit tests for #30575 and intg tests for 'ansible-vault edit'

Fixes #30575

(cherry picked from commit a14d0f3586)
2017-09-26 12:31:58 -04:00
Adrian Likins
2149d1092b Fix 'distribution' fact for ArchLinux (#30723)
Allow empty wasn't breaking out of the process_dist_files
loop, so a empty /etc/arch-release would continue searching
and eventually try /etc/os-release. The os-release parsing
works, but the distro name there is 'Arch Linux' which does
not match the 2.3 behavior of 'Archlinux'

Add a OS_RELEASE_ALIAS map for the cases where we need to get
the distro name from os-release but use an alias.

We can't include 'Archlinux' in SEARCH_STRING because a name match on its keys
but without a match on the content causes a fallback to using the first
whitespace seperated item from the file content as the name.
For os-release, that is in form 'NAME=Arch Linux'

With os-release returning the right name, this also supports the
case where there is no /etc/arch-release, but there is a /etc/os-release

Fixes #30600

* pep8 and comment cleanup

(cherry picked from commit 3eab636b3f)
2017-09-25 15:06:05 -04:00
Adrian Likins
bca1818b1e Fix pkg_mgr fact on OpenBSD (#30725)
* Fix pkg_mgr fact on OpenBSD

Add a OpenBSDPkgMgrFactCollector that hardcodes pkg_mgr
to 'openbsd_pkg'. The ansible collector will choose the
OpenBSD collector if the system is OpenBSD and the 'Generic'
one otherwise.

This removes PkgMgrFactCollectors depenency on the
'system' fact being in collected_facts, which also
avoids ordering issues (if the pkg mgr fact is collected
before the system fact...)

Fixes #30623

(cherry picked from commit 12404f470a)
2017-09-22 14:24:57 -04:00
Adrian Likins
f8ad9ca75d Don't ask for password confirm on 'ansible-vault edit' (#30514)
This is to match the 2.3 behavior on:

        ansible-vault edit encrypted_file.yml

Previously, the above command would consider that a 'new password'
scenario and prompt accordingly, ie:

        $ ansible-vault edit encrypted_file.yml
        New Password:
        Confirm New Password:

The bug was cause by 'create_new_password' being used for
'edit' action. This also causes the previous implicit 'auto prompt'
to get triggered and prompt the user.

Fix is to make auto prompt explicit in the calling code to handle
the 'edit' case where we want to auto prompt but we do not want
to request a password confirm.

Fixes #30491

(cherry picked from commit 307be59092)
2017-09-20 11:00:42 -04:00
Toshio Kuratomi
0c843b70cc Fix jenkins_plugin test for no net situations (#30568)
Unittests are sometimes run without network connectivity in build
systems.  Make that work correctly by mocking out _get_url_data with the
expected return value.
(cherry picked from commit 0a69e27e62)
2017-09-19 13:13:10 -07:00
Toshio Kuratomi
4ea99a4cbe Update aci tests for new messages from lxml-4.0+
(cherry picked from commit 1fa3fb45bc)
2017-09-17 19:06:30 -07:00
Mike Wiebe
cc81d1e1c3 Rel240/fix nxos pim interface (#29885)
* fix nxos_pim_interface

* Add integration test coverage and fix unit test

* Add clarifying comments

* Make ansibot happy

(cherry picked from commit 173c41aefe)
2017-09-14 14:30:43 -07:00
Nathaniel Case
f25f03b539 Generalize nxos_bgp event-history detection (#28890)
* More general handling of event-history

* Update unit tests

(cherry picked from commit f84ff216b6)
2017-09-14 09:05:21 -07:00
Miguel Ángel Ajo
738f08d627 Fixes #23680 bug with py3.x due to binary string handling (#23688)
* This commit includes a unit test to exercise the _is_role
function and make sure it doesn't break in any Python version.
* Import os.path and other minor fixups

(cherry picked from commit 8e4f112b39)
2017-09-09 18:40:30 -07:00
Toshio Kuratomi
8eab6a43f7 Fix set theory filters for python3
The set theory filters need to use lists rather than generators on python3.

Also add unit tests for most of the mathstuff filters

Fixes #26494

(cherry picked from commit 75249e311e)
2017-09-09 17:40:55 -07:00
Brian Coca
5ce6066e4c less confusing 'args' message (#29053)
* less confusing 'args' message

* fix test

* gone native

(cherry picked from commit fe3b4325c2)
2017-09-06 15:33:09 -07:00
Nathaniel Case
8bfdbd0f73 nxos_bgp_neighbor: Fix regex &report warnings (#28888)
* Fix over-detection of log-neighbor-as

* Report nxos warnings

* Update nxos_bgp_neighbor unit tests to test remove-private-as
2017-09-01 15:17:42 -04:00
Trishna Guha
252efcebf5 module should fail if eos_user is added without configured_password or nopassword or sshkey (#28780)
* module should fail if eos_user is added without configured_password or nopassword or sshkey

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* fix eos_user unit test

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>

* fix eos_user integration test

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-08-31 15:29:57 -04:00
Felipe Garcia Bulsoni
fd304d9b5b Added support to SAN Manager resource in HPE OneView (#28787)
- Added unit tests
2017-08-30 18:32:43 +02:00
Felipe Garcia Bulsoni
1e785d4117 FcoeNetworkFactsModule for HPE OneView (#28728)
* Add FcoeNetworkFactsModule for retrieving HPE OneView FCoE Networks

- Allow querying for FCoE Network resources in HPE OneView
- Adds unit tests to new module

* Fix "required: no"
2017-08-30 16:51:28 +02:00
Felipe Garcia Bulsoni
6ea2099ee4 EthernetNetworkFactsModule for HPE OneView (#28723)
* Adds EthernetNetworkFactsModule for retrieve HPE OneView

- Allows retrieving Ethernet Network resources from HPE OneView
- Adds unit tests

* Removed required: no
2017-08-30 16:49:57 +02:00
Felipe Garcia Bulsoni
a4ae8536d9 NetworkSetFactsModule for HPE OneView (#28730)
* Add NetworkSetFactsModule for retrieving HPE OneView Network Sets

- Allow querying for Network Set resources in HPE OneView
- Adds unit tests to new module
- Updates oneview_module_loader copyright header to short GPL3 version

* Adding possibility to pass in credentials as parameters

* Removed required false and changed format of filter_by_name declaration

* Updated examples in docs to reflect new way to pass in credentials

- All examples of the oneview_network_set_facts updated to use
credential parameters
- All required=False from oneview base module removed
- Shared docs updated to bring attention to API version being used
2017-08-30 16:46:05 +02:00
jacky.chen
75998d3ca3 [cloud] Add the ability to modify shard count to kinesis_stream module (#24805)
* Add the ability to modify shard count to kinesis_stream module

* Fixed an issue in kinesis_stream where update() reports not changed when it is changed

* Remove unreachable message and make the try and catch block shorter
2017-08-29 17:13:46 -04:00
Mike Wiebe
d9fc3def94 Fixes #28779 eth_mode key error (#28782)
* Fixes #28779 eth_mode key error

* Remove unused get_config references

* Addressed PR comment
2017-08-29 17:07:46 -04:00
Nathaniel Case
64dac346c9 Fix nxos_pim_interface dr-priority handling (#28472)
* Fix nxos_pim_interface dr-priority handling

* Prefer execute_show over `| json`

* Mock get_config

* Fix sparse-mode detection
2017-08-29 14:42:09 -04:00
Brian Coca
aec1dfd1fa fix improt order to actually skip when no boto 2017-08-29 13:06:25 -04:00
Jacob McGill
1c4fe510d0 IOS Ping: Add new module to support ping tests from IOS devices (#28557)
* IOS Ping: Add new module to support ping tests from IOS devices

* Add tests

* Add fixtures for ios_ping
2017-08-29 11:21:49 -04:00
Kai
3251aecd95 Fix leading slashes being stripped from mount src (#24013)
* Tidy mount module for testing

Fix spelling mistakes in comments. I *think* the example for omitting parents
root has the wrong parent ID.

Make mountinfo file a parameter for testing.

* Don't strip leading slash from mounts

The current code does not follow the example, it produces src=tmp/aaa instead
of src=/tmp/aaa. This causes problems with bind mounts under /rootfs.

* Use dictionary to store mounts by ID

Instead of looping over each one to check if the ID matches. This does not
preserve the order of the output on < Python3.6, but that is not necessary.

* Make linux_mounts a dict

Always accessed by 'dst', so avoid looping by just making it a key.

* Add test case for get_linux_mounts
2017-08-29 15:16:53 +02:00
Brian Coca
f9b3f4f934 make groups magic var dependant on inventory (#28677)
* make groups magic var dependant on inventory

it was overtly restricted by 'host'
minor fixes to test_var_manager.py, need to test other values also

* pepe hates extra blank line
2017-08-28 17:21:11 -04:00
Michael De La Rue
fbec5ab12d [cloud] new module lambda_policy (PR #24951)
- Fixes to lambda
- reformatting + tests for lambda_facts
- lambda module integration test
- switch lambda and lambda_facts to AnsibleAwsModule
- Get the account ID from STS, GetUser, and finally error message
2017-08-28 16:45:53 -04:00