* Allow creation of user with localhost exception.
Fixes#22791
When access control is enabled, Mongo allows a user to be created from
localhost (called the "localhost exception":
https://docs.mongodb.com/v3.2/core/security-users/#localhost-exception).
When the `update_password` parameter was added to this module in
Ansible 2.1, this functionality was broken due to a query performed
before `user_add()` is called. This fix only performs the query when
when `update_password` is set to `on-create`, allowing a user to be
created via the localhost exception.
* Only set `password = None` when user exists.
* Change iam_managed_policy to return snake case
Import module_utils.ec2 methods explicitly
* iam_managed_policy: tidy argument spec
Remove unnecessary specifications (`default=None`, `required=False`)
Use `required_if` to check for `policy` when `state` is `present`
* Provide exception handling in iam_managed_policy
Pretty much all AWS API calls can go wrong, and we should handle them.
Update line wrapping to improve readability of method calls
* Improve error handling when policy version limit exceeded
Better document policy version limit exceeded, and check
the error code to see that that's actually what happened
(rather than e.g. no permissions to add a new version)
* iam_managed_policy: better handle pagination and retry
* Update hpilo_facts.py
Add option to change the ssl version used to connect to the remote iLO
* Update hpilo_facts.py
addition of spaces after commas in lists and replace()
Removing module_version from Attributes, support for class based resouces that need version specified when multiple version are present, support for File resource that has blank output for ModuleName/Version in Get-DscResource
* shorten warning on reservd fact collision
also remove ansible_ from namespaced facts for vars manager
handle str conversion errors
use tuple to avoid iterator errors
version added added
* only modify final one
* removed ansible_ removal
* vmware_guest: fixes for cache objects and datacenter association
* find_all_objs was only looking for datastores
* Clear the result if it's datacenter is not correct.
* Re-enable pyvmomi installation
Addresses #25011
Addresses #26511
* apk: Fix failure when both install and upgrade in same command
If name list contains an installed package that needs upgrade plus a new package, apk command would fail due to missing space character.
* Simplify fix by concatenating lists
* add first, last and next usable
* add usable ip filters
* add size usable, range usable and wildcard
* add ip prefix and netmask filter
* add network formatting and check if ip in subnet
* clean up order, add comments
* fix pep8
* update format by index
* clean up and updates from jmcgill298
* Slight refactor on vmware_guest to fix path searching and vcsim compatibility.
* Clean up pep8 errors
* Fix more pep8 issues
* Add assertions
* Remove debug failure
* Update docsting for folder with examples
* Revise _get_vm_prop based on suggestions
* Implement folder walker to find a folder path
* More enhancements for datacenter->datacenter cloning
* Fix a few pep8 issues
* Remove useless check for subclass of None
* Fix a few suggestions
* Move serialize_spec to a util function
* Group exceptions together
Fixes#25011
* add connection plugin for buildah
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* fixup
* create a method to invoke buildah
* mount container filesystem persistently so we can access it
during put and fetch
* use copyfile function for copying files
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* revert tests
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* fixup
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* progress
(this will be squashed into a single commit before merge)
* add docs for the conn plugin
* fix issue invoking the integration tests
* add a way to invoke commands inside the container as a different user
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* fix shellcheck warning
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* adds more intelligent save logic and diff to network config modules
* adds sha1 property to NetworkConfig
* adds new argument save_when to argument_spec
* adds new argument diff_against to argument_spec
* adds new argument intended_config to argument_spec
* renames config argument to running_config with alias to config
* deprecates the use of the save argument
* before and after now work with src argument
* misc module clean
Modules updated
* nxos_config
* ios_config
* eos_config
Most notably this makes the save mechanism more intelligent for config
modules for devices that need to copy the ephemeral config to
non-volatile storage.
The diff_against argument allows the playbook task to control what the
device's running-config is diff'ed against. By default it will return
the diff of the startup-config.
* removes ios_config from pep8/legacy_files.txt
* extends the ignore lines argument to the module
* clean up CI errors
* add missing list brackets
* fixes typo
* fixes unit test cases
* remove last line break when returning config contents
* encode config string to bytes before hashing
* fix typo
* addresses feedback in PR
* update unit test cases
This was discussed with the core team and removing this option was preferred.
For backward compatibility we accept the parameter, but warn the user instead.
Previously the gce module would only allow scopes to be specified by
alias, this adds support for specifying scopes by full URI, however
validation is limited to just ensuring the URI begins with:
https://www.googleapis.com/auth
Based on issue 23642, add some info about the used python
executable and version to the error message when ssl connection
fail in a way that may be related to the version.
Module was importing '*' from facts to get to TimeoutError
but that has moved to facts.timeout, so import is updated.
Also rm old style imports to new style imports at the start
of the module.
'signal' py module was used and referenced but never imported,
presumably it was using the 'signal' previously imported into
module_utils.facts. Now imported directly.
'AnsibleModule' was also from a * import, so now imported directly.
A ref to 'module' was in _delete_disks_when_detached(), so now it
is updated to raise an AzureException() with its message, and
let its caller catch it and call module.fail_json()
* Rm check for unused 'name' arg for restarted.
The module docs claim 'name' is not required for
restarted state, and the code doesn't seem to use
it is.
* Better error msg for linode 'restarted' state.
* Remove the eval() and loop over args.
* Fix use of eval(args), and cleanups.
* linode 'stopped' state doesnt need name either
Fixes#3873
It was in lib/ansible/modules/system/setup.py since it
was the only thing using it, but move it back to module_utils
and add a ansible_collector.get_ansible_collector() to build
a facts collector just like the one used by setup.py
mv test_setup.py -> test_ansible_collector.py
All the code it was testing is now in ansible_collector
rm code to create 'ansible_facts' subkey from namespace
Just leave it up to the caller to do, and just return a
flat dictionary from AnsibleFactCollector.collect()
* junos_linkagg implementation and junos modules refactor
* junos_linkagg implementation
* junos_linkagg integration test
* net_linkagg integration test for junos
* decouple `load_config` and `commit` operations,
to allow single commit (in case on confirm commit) and
to perform batch commit (multiple `load_config` followed by single
`commit`)
* Other related refactor
* Fix CI issues
* Fix unit test failure
In Python a function is always truthy, and the name of the
`create_changeset` function was being accidentally used instead of
`module.params['changeset']`.
VMware provides a different DMI product name for VMs booted via UEFI vs BIOS.
VMware provides a different DMI product name for VMs booted via UEFI ('VMware7,1') vs BIOS ('VMware Virtual Platform')
Fixes#26517
During the writing of Windows path integration tests we discovered that
incorrect paths (including escape sequences) cause very cryptic error
messages.
This fix ensures that invalid paths cause a proper error message.
We also had to fix the following modules:
- win_shortcut: `src` can be a URL
* Add transformed json output in junos_command
Fixes#26363
If the display is in `xml` format for command responses
add th transformed `json` output in the result.
* Fix CI issue
* Feature #2731: added postgres import and dump
* Feature #2731: be more permissive of arguments
```
hacking/test-module -m ./ppostgresql_db.py -a "db=example state=dump target=/tmp/out"`
```
failed previously since host, user, and port were required as keywords
in the pg_dump / pg_import methods.
* Feature #2731: fixed doc string for validate-modules
```
$ ansible-validate-modules database/postgresql/
```
now passes.
* Feature #2731: disable 'password' for dump/restore
* Feature #2731: bump added version to 2.3
* Feature #2731: replace db_import with db_restore
* Feature #2731: add missing version description
* Feature #2731: fix 'state' description
* Feature #2731: fix pep8 issues
* Feature #2731: put state documentation in a single string
* Bump added version from 2.3 to 2.4
* Fix pep8 and pylint errors
* Attempt yaml formatting of documentation string
* Add integration tests for postgres_db:dump/restore
* Update dump/restore logic to support new kw-args
Also attempt to support password; integration tests are
still failing.
* Revert to postgres user for dump/restore
Passing PGPASSWORD is not working for subprocesses. For the
moment, reverting to the strategy of failing if login_password
is set and using `postgres` for all testing of dump/restore.
* Various cleanups to have tests passing
* Working tests for {sql,tar} x {,bz2,gz,xz}
* Use pg_user to support FreeBSD
* Revert login_ prefixes and re-enable password support
All `login_` keywords are mapped to their non-prefix versions
so the previous changes were effectively using `postgres` for
all actions. With the proper keywords, PGPASSWORD-passing to
the subprocess is now working.
* Optionally add password
environ_update doesn't handle None values in the
dictionary to be added to the environment. Adding
check.
* Quick fixes
* Refactor login arguments after fixes from pchauncey
The fixes introduced by pchaunchy pointed to further issues
(like no --dbname on PG<=9.2) with the login parameters. This
refactors them and adds further tests.
Note: this will still not pass integration tests due to a further
issue with pg_dump as a non-admin user:
pg_restore: [archiver (db)] Error while PROCESSING TOC:
pg_restore: [archiver (db)] Error from TOC entry 1925; 0 0 COMMENT EXTENSION plpgsql
pg_restore: [archiver (db)] could not execute query: ERROR: must be owner of extension plpgsql
* Introduce target_opts for passing limiting dumped/restored schemas
The current integration tests (PG version and template DBs) don't
permit a regular user (`{{ db_user1 }}`) access to plpgsql causing
restores to fail. By adding an option for passing arbitrary args to
pg_dump and pg_restore, testing is made easier. This also paves the
way for `-j` usage, once the PG version is bumped.
The iApp service module worked fine previously, but this patch
adds enhancements to it to include more fields that can be
specified when creating iapp services.
* add enhanced run option support for win_scheduled_task
* changed run_level option to runlevel
* correct merge conflicts since task path fix
* changed run_level option to runlevel
* changed do_not_store_password to store_password, and other minor fixes
* conditional logic swap, and documentation change for password
* postgresql_user module - transaction logic hacks to allow recovery from failed select
* postgresql_user - PEP8 and style fixes to make debugging easier
* postgresql_user - move password changing logic to separate function
* postgresql_user - trap failure in case where there is no access to pg_authid
* postgresql_user - further PEP8 fixes
* postgresql_user - Simplify password change logic and improve imports according to suggestions from PR review
* postgresql_user - Eliminate pep8/blank line errors introduced in merge
* Check behaviour when pg_authid relation isn't readable
TASK [postgresql : Normal user isn't allowed to access pg_authid relation:
password comparison will fail, password will be updated] ***
An exception occurred during task execution. To see the full traceback,
use -vvv. The error was: psycopg2.ProgrammingError: permission denied
for relation pg_authid
* Don't reintroduce passlib, remove useless query
This PR includes:
- Checkmode improvements
- Integration tests
- A fix for python3
- PEP8 fixes
This backports improvements from the win_wakeonlan module.
* Implementation of junos_static_route module
* junos implementation of net_static_route
* integration test for junos_static_route
* integration test for junos net_static_route
* Minor change
* Doc change
* Fix CI issue
* On python3, stdin goes through a buffer that translates from raw bytes
to text. this interferes with pause as it (1) performs universal
newline conversion and therefore '\r' is turned into '\n' and (2) the
buffering prevents us from getting the typed characters immediately
(possibly a python3 bug?) Using the raw byte stream that's behind the
text decoder fixes these problems.
Unrelated cleanups:
* Use to_text instead of str for conversion into strings to avoid possible tracebacks
* Use either \r or \n as the end of a line.
Fixes#26278Resolves#26446
* openwrt_init: clearly state that python is required
As python isn't installed by default on OpenWrt/LEDE,
clearly state that python is required
Signed-off-by: Etienne CHAMPETIER <echampetier@anevia.com>
* opkg: clearly state that python is required
As python isn't installed by default on OpenWrt/LEDE,
clearly state that python is required
Signed-off-by: Etienne CHAMPETIER <echampetier@anevia.com>
* junos_user declarative module changes
* Active/Deactivate support
* junos_user integration test
* net_user intergration test for junos
* Add version_added for active param
By default, the vendor neutral modules will just go on if no
implementation module is found.
If user specifies the task argument fail_on_missing_module and
sets it to True, then we bail out the play early and report that
to the user.
restored 'rc' inspection but only when failed is not specified
removed redundant changed from basic.py as task_executor already adds
removed redundant filters, they are tests
added aliases to tests removed from filters
fixed test to new rc handling
This is part of the effort to make win_get_url parameters conform to
other modules. The option `validate_certs` is the common option for
this.
See also #20160
* as a result of recent core engine changes to ignore rc, modules are responsible to set `failed` on nonzero RC if they want that behavior
* the `failed` filter currently triggers on nonzero RC, which caused the tests to false-pass
* updated tests to explicitly check both rc and failed keys, as well as using the failed filter.
This is a new fix to replace #20361 due to the synchronize module changing
sufficiently to make that commit no longer merge cleanly.
Fixes#20361
Related to #20311
Currently chocolatey is not failing when the user requests version X,
but version X is not available in the repository.
Obviously the module should fail in this case.
This fixes#25393
* Fix ansible-doc traceback when a plugin doesn't parse correctly
* Change extract_metadata ivocation to take either an ast or source
code. When given source code, it can find file offsets for the start
and end of dict. When given the ast, it is quicker as it doesn't have
to reparse the source. Requires changing the call to the function to
use a keyword arg.
* Fix reading of metadata to find the last occurrence of
ANSIBLE_METADATA instead of the first.
* Add some more unittests to get closer to complete coverage
* Pep8 fixes
* Removed redundant check for name
* Check validity of api_token
* Don't report changed when tag is already present
Fixes#24265
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fixes become_method: runas for unprivileged users
* sets permissions on tempdir appropriately
* allows automatic system environment generation for new token (old Process.Start way prevents this)
* add basic become runas tests
All that is required to verify the signature is that the matching
public key is present in the remote user's keyring. There is no need
for GnuPG to explicitly trust the authenticity of the key.
Not Ansible specific, but rather the behavior of the `git verify-commit`
and the `git verify-tag` command line invocations.
The following snippet:
- name: Let the DMZ connect to internet
firewalld:
zone: dmz
masquerade: True
permanent: True
immediate: True
state: enabled
will fail with this error message:
Exception caught: set_masquerade_enabled() takes 1 positional argument but 3 were given
It turn out that it treat 'zone' as a array of string instead of 1 string.
I only tested on Python 3 with a Fedora 25.
* correct, cleanup & simplify dwim stack
latlh chIS logh HeS qar wej chel laD
better errors
update find_file to new exception
* addressed latest comments
* test should not use realpath as it follows symlink
this fails when on OS X as /var is now a symlink to /private/var
but first_found was not supposed to follow symlinks
CreateSnapshot may fail with several exceptions. This
fix generically handles these exceptions.
Fixes#21121
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Fixed he exception handling logic for the delete_group function.
fixes issue #26100
* Removed the unnecessary del_meta variables and made some other adjustments to the delete_user function
Fix adds support for quiesce and memory options while taking
snapshot of virtual machine. Update documentation and examples
for reflecting this change.
Fixes#26270
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Unittests for extracting metadata from plugins
* Port plugin_docs to use the generic extract_metadata function
* Make the helper functions seek_end_of{string,dict} private
check_mode should behave pretty similarly to non-check mode -
just don't actually create or delete subnets or change tags.
Using DryRun for check_mode behaves very differently and results
in the following module failure:
```
"msg": "Unable to update tags for subnet-abcd1234,
error: EC2ResponseError: 412 Precondition Failed
<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<Response><Errors><Error><Code>DryRunOperation</Code>
<Message>Request would have succeeded, but DryRun flag
is set.</Message></Error></Errors>
<RequestID>12345678-abcd-1234-abcd-abcd1234abcd</RequestID></Response>"
```
* Add support for EC2 dynamic data in ec2_facts
- Flattens out JSON in the instance identity document and IAM info/credentials for easy access to facts
- This changes region fact from ‘ansible_ec2_placement_region’ to ’ansible_ec2_instance_identity_document_region’
* Maintain backwards compatibility by putting the region into the old key
* Improve JSON parsing logic and split security group IDs
* Add documentation, backwards compatibility, fix bug and formatting
- Update documentation for ec2_facts with return values
- Preserve JSON value from the metadata service for backwards compatibility
- Fix bug in fix_invalid_varnames
- The keys in the dict were being modified in place; new dict now created to hold the sanitized keys
- Consolidate two replace calls with a regex substitution
- Move imports for ec2_facts to the top
* Add support for parsing the IAM instance profile role
When using Python3, the exec_module function errors out with a
unsupported operand type(s) for +: 'dict_keys' and 'list'
error when adding the .keys() to a static list. Use the explicit
list function to make a list of keys and then add to the ['tags'] list.
This module can add, remove, update versions, and set default versions
of managed policies. It will cycle out old versions of policies if too
many are present. It will check and set the version of the policy that
matches the pased in policy document if one already exists.
Incorporating changes from PR
Descriptions now have full stops, and pep8 error has been
addressed. Also added requirements, author, and updated interface to
"preview"
Additional change to pass CI
Previous commit added in some whitespace errors. Additinoally added
correct value for version_added, added in a RETURN block for
documentation, and moved import to top of file
Fixed error detaching policy from users
Updates to pass 2.4 CI
Updating iam_managed_policy supporting feedback
The user variable stores whether we need to set user@ in our connection
string. It's now being used at the toplevel of the run() method so the
default needs to be calculated further up the stack
Fixes#24910
Switch to dicts in common code caused silent failures during arg translation, so default values and non-check-mode were always used.
* fixes#23653
* fixes#24062
* fixes#22938
* fixes#25156
commit f79beaa3b3b642c370552d63b0848195358bccd0
Author: James Cammarata <jimi@sngx.net>
Date: Wed Jun 28 17:00:57 2017 -0500
Add example for iptables using the policy option
commit 1a0f9debdb526bef9d8d469a84a8cc55ef68da03
Author: James Cammarata <jimi@sngx.net>
Date: Wed Jun 28 16:59:52 2017 -0500
Fix missing re import for iptables after merging #19476
commit 084479d21d5bdf751a94c787b6644d4f330c5f8a
Author: Alexey Solodkiy <work@x1.by>
Date: Sun Dec 18 12:07:05 2016 +0300
fix#19476
* win_say: Fix issue, add integration test
This PR includes:
- Make speed_speech an integer parameter
- Test for empty parameters too
- Add integration tests
* Improve the $speech_speed parameter handling
As requested
include_vars will now also return a key 'ansible_included_var_files'
which contains the list of files that were successfully loaded.
This is useful information and, amongst other things, a way for users
to know exactly what files were included when debugging their
playbooks.
This also allows us to improve the integration tests around
include_vars.
So in an effort to verify if Windows modules are feature complete
compared to the python equivalent, I stumbled upon these differences.
This PR includes:
- Add missing 'data' option from documentation
- Simplify ping module
- Update integration tests to test exception