* Fix network_cli exec_command connection init
Fixes https://github.com/ansible/ansible/issues/61596
* If `exec_command` method is invoked from module side
on connection object to execute the command on target
host check if connection is created if not create the
connection.
* Fix review comment
(cherry picked from commit 74e4993628)
* Fix ansible-doc traceback for removed modules.
This avoids tracebacks with errors like the following when a module has been removed:
module module_name missing documentation (or could not parse documentation): 'NoneType' object does not support item assignment
* Fix ansible-doc sanity test warning handling.
Warnings about removed modules/plugins on stderr are now properly ignored.
Previously an ansible-doc error could result in unrelated errors going undetected because tests were stopped early and the underlying error was ignored.
(cherry picked from commit 064e8e1ef4)
Co-authored-by: Matt Clay <matt@mystile.com>
* [stable-2.9] Fix "JSON object must be str, bytes or bytearray, not list" (#62350)
(cherry picked from commit 84d9b3e)
Co-authored-by: Nathaniel Case <ncase@redhat.com>
* Add changelog
* routeros_facts: fix for error when there's more than 10 interfaces (#61376)
* fix: proper regex for preprocessing routeros output
* test: regression test
* test: fix nondeterministic unit test
* changelog
* Commands tests (#62322)
* commands tests
* add space in order to delete it and tun shipable tests again
* delete space in order to run shipable tests again
(cherry picked from commit 47cf4e6565)
* changelog
Fixes#62319
Change `enable` option to `enabled` in junos_interfaces
and junos_lldp_interfaces
data model to be in sync with other network platform
resource modules added in 2.9 version.
(cherry picked from commit a9a5f4e40d)
The documentation links are now displayed when running from an install.
Previously the links were only displayed when running from source.
This was due to ansible-test checking for the presence of documentation files locally, which are only present when running from source.
The check is no longer necessary since there is a sanity test in place to enforce the presence of documentation for all sanity tests.
(cherry picked from commit 32d965e)
Co-authored-by: Matt Clay <matt@mystile.com>
Fixes#61978
* moar tests for get_url fetch behavior with existing file
* add changelog fragment
(cherry picked from commit 7d51cac)
Co-authored-by: Matt Martz <matt@sivel.net>
* Fix for junos cli_config replace option
* For device that support replace option by loading
configuration from a file on device `config` option
is not required and value of `replace` option is the
path of configuration file on device. This fix allows
invoking run() function in cli_config if `config` option
is None and `replace` option is not boolean
* The command to replace running config on junos device
is `load override <filename>` and not `load replace <filename>`
This is fixed in the junos cliconf plugin.
* Add integration test
(cherry picked from commit 200ed25648)
* VMware: Fix issue with order of changes in vmware_vcenter_statistics
* [WIP] VMware: Fix fragile sort order in vmware_vcenter_statistics (#62288)
* vmware_vcenter_statistics: Fix fragile sort order
* vmware_vcenter_statistics: Python 2.6 compatibility
(cherry picked from commit 3e4d5aeee3)
* remove choices from gather_network_resources facts and allow negating subset without needing to add a new subset specific for negation
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* negated all, min should not return any fact
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
(cherry picked from commit c1e02d5c7a)
* openssh_keypair: make sure public key has same permissions as private key (#61658)
* Make sure public key has same permissions as private key.
* Add changelog.
* Text, not binary.
(cherry picked from commit c19cea9b03)
* openssh_keypair file permissions/ownership: add porting guide entry (#62176)
* Add porting guide entry for 2.9.
(cherry picked from commit 0e72cbd451)
* In pika v1.0.0 BlockingChannel.is_closing was removed. Updating
plugin accordingly.
Ref: https://github.com/pika/pika/pull/1034
* Adding change fragment for is_closing bug.
* Updated change fragment description.
(cherry picked from commit 9b149917a6)
* Pika v1.0.0 and above were causing issues for publish_message. Updated
to ensure publish_message works with pika 0.13.1 and 1.0.0 and above.
* Adding changelog fragment for rabbitmq_publish fix.
* Updating return value.
(cherry picked from commit 1b2fd2cb5f)
* Always specify header of connection keep-alive regardless of python version.
* Add chgangelog fragment
* Fixes to changelog fragment
(cherry picked from commit 606e13919e)
The default behavior of the ansible-test vcenter plugin is to use the govcsim container to run tests.
However, unless the govcsim mode was specified using the VMWARE_TEST_PLATFORM environment variable, the filter code would skip the tests unless the tests ran on Shippable or the user had an ansible-core-ci key.
Now the filter correctly recognizes that govcsim is the default.
(cherry picked from commit cd4882e)
Co-authored-by: Matt Clay <matt@mystile.com>
* Fix location of unit test requirements.
* Preserve ansible-test unit test requirements.
* Remove redundant unit test requirements.
* Fix location of network test requirements.
* Preserve ansible-test network test requirements.
* Remove redundant network test requirements.
* Add missing ordereddict requirements.
* Load collection requirements correctly.
* Add changelog fragment.
(cherry picked from commit cdc4926)
Co-authored-by: Matt Clay <matt@mystile.com>
* [stable-2.9] Fix ansible-test pytest plugin loading. (#62119)
* Avoid assertion rewriting in pytest plugins.
Adding PYTEST_DONT_REWRITE to the ansible-test pytest plugin docstrings disables assertion rewriting in pytest for those plugins.
This avoids warnings during test execution if the plugins are loaded multiple times (such as being imported within tests).
* Run ansible-test pytest plugins early.
The ansible-test pytest plugins need to load and run earlier than conftest modules.
To facilitate this, the pytest_configure function is run during loading, which works since they are loaded (but not always run) before conftest modules are loaded.
A check has also been added to the pytest_configure functions to prevent them from running multiple times in the same process.
* Load pytest plugins using an env var.
The -p command line option loads plugins before conftest, but only during collection.
The PYTEST_PLUGINS environment variable loads plugins before confest, both during collection and test execution.
(cherry picked from commit aaa6d2e)
Co-authored-by: Matt Clay <matt@mystile.com>
* Add missing changelog entry for ansible-test fix.
PR https://github.com/ansible/ansible/pull/62119 was missing a changelog entry.
(cherry picked from commit 6c78f02121)
Creating a virtual environment using `venv` when running in a virtual environment created by `virtualenv` results in a copy of the original virtual environment instead of creation of a new one.
To work around this, `ansible-test` now identifies when it is running in a `virtualenv` created virtual environment and uses the real Python interpreter to create the `venv` virtual environment.
(cherry picked from commit a7bc11c)
Co-authored-by: Matt Clay <matt@mystile.com>
The `test/results/` directory for Ansible test output was already ignored when not using git.
When Ansible Collections were switched to `tests/output/` the ignore entry was previously overlooked.
(cherry picked from commit f110abb)
Co-authored-by: Matt Clay <matt@mystile.com>
* Fix ansible-test venv activation.
When using the ansible-test --venv option, an execv wrapper for each python interpreter is now used instead of a symbolic link.
* Fix ansible-test execv wrapper generation.
Use the currently running Python interpreter for the shebang in the execv wrapper instead of the selected interpreter.
This allows the wrapper to work when the selected interpreter is a script instead of a binary.
* Fix ansible-test sanity requirements install.
When running sanity tests on multiple Python versions, install requirements for all versions used instead of only the default version.
* Fix ansible-test --venv when installed.
When running ansible-test from an install, the --venv delegation option needs to make sure the ansible-test code is available in the created virtual environment.
Exposing system site packages does not work because the virtual environment may be for a different Python version than the one on which ansible-test is installed.
(cherry picked from commit c77ab11051)
Co-authored-by: Matt Clay <matt@mystile.com>
* Fixes to ecs_certificate cert chain for #61738
* Added changelog fragment
* Fixes to ecs_certificate for cleaner join, and better integration test
* Fix integration test formatting
* End cert chain with a \n
* Update changelogs/fragments/61738-ecs-certificate-invalid-chain.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Update main.yml
(cherry picked from commit 943888b955)
This allows junos_config to changes the candidate configuration only and
does not commit it as the active configuration at once w/ the
'check_commit' option.
(cherry picked from commit 483e76ee58)
* Fix ansible-connection persist after playbook run issue
* PR https://github.com/ansible/ansible/pull/59153 to add support
for delaying the ansible-connection added an old issue of
ansible-connection persisting even after playbook run is finished
till either command timeout or connect timeout is triggered.
ansible-connection persist after playbook execution is done
and also delays the connection initilization untill a method
in invoked from module side on the connection object.
* Add chanegelog
(cherry picked from commit 4f29b5a76b)
Python < 2.7.9 does not have the ssl.SSLContext attribute.
ssl.SSLContext is only required when we want to validate the SSL
connection. If `validate_certs` is false, we don't initialize the
`ssl_context` variable.
Add unit-test coverage and a little refactoring:
- avoid the use of `mocker`, when we can push `monkeypatch` which is
`pytest`'s default.
- use `mock.Mocker()` when possible
closes: #57072
(cherry picked from commit 3ea8e0a144)
* fix erroneous failures in docker_compose due to deprecation warnings from docker (#60961)
* Update error handling to work with new method of capturing output
Co-Authored-By: Felix Fontein <felix@fontein.de>
* update error handling
* fix syntax error
* fix indentation
* fix indentation (again)
* remove erroneous line
(cherry picked from commit 0c73e47a42)
Needs to require ansible = version rather than ansible-version
(cherry picked from commit 59afffa)
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
* [stable-2.9] aws_s3 - wait for the bucket before setting ACLs (#61735)
* Wait for the bucket to become available if possible before setting ACLs
(cherry picked from commit 91ccb03552)
Co-authored-by: Sloane Hertel <shertel@redhat.com>
* s3 - improve waiting for the bucket (#61802)
(cherry picked from commit ff05991265)
On OpenBSD, 13 asterisk characters as a password hash, marks the
account as disabled. Otherwise daily(8) script which executes
security(8) will email operator about not properly locked accounts.
Before the diff, we see following warning:
> [WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
After the diff, warning is gone.
(cherry picked from commit 1dea661ce8)
Co-authored-by: kucharskim <mikolaj@kucharski.name>
* [stable-2.9] Fix ansible-test coverage path handling. (#61528)
* Fix ansible-test coverage path handling.
* Split CI unit tests into two groups.
(cherry picked from commit e4e5005640)
Co-authored-by: Matt Clay <matt@mystile.com>
* Add changelog fragment.
The `git submodule status` command is relative to the current git repository by default.
When running from a repository subdirectory paths can be returned above the current directory.
Specifying the current directory with `git submodule status` avoids listing submodules above that directory.
This will fix issues when testing a collection that is rooted below the repository root when that repository uses submodules.
(cherry picked from commit 4063d58339)
Co-authored-by: Matt Clay <matt@mystile.com>
* Azure fix _info/_facts return values for some modules
* Further test fixes
* securitygroup fixes after the move to _info module
(cherry picked from commit 951dac7691)
* Refactor galaxy collection API for v3 support (#61510)
* Refactor galaxy collection API for v3 support
* Added unit tests for GalaxyAPI and starting to fix other failures
* finalise tests
* more unit test fixes
(cherry picked from commit a7fd6e99d9)
* Added changelog fragment
* default collection support
* playbooks run from inside a registered collection will set that collection as the first item in the search order (as will all non-collection roles)
* this allows easy migration of runme.sh style playbook/role integration tests to collections without the playbooks/roles needing to know the name of their enclosing collection
* disable default collection test under Windows
* enable collection search for role dependencies
* unqualified role deps in collection-hosted roles will first search the containing collection
* if the calling role has specified a collections search list in metadata, it will be appended to the search order for unqualified role deps
* disable cycle detection unit test
* failing on 3.7+, needs proper cycle detection
* see #61527
* play, block, task: New attribute forks
With this it is possible to limit the number of concurrent task runs.
forks can now be used in play, block and task. If forks is set in different
levels in the chain, then the smallest value will be used for the task.
The attribute has been added to the Base class as a list to easily provide
all the values that have been set in the different levels of the chain.
A warning has been added because of the conflict with run_once. forks will
be ignored in this case.
The forks limitation in StrategyBase._queue_task is not used for the free
strategy.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Handle forks in free strategy
The forks attribute for the free strategy is handled in run in the free
StrategyModule. This is dony by counting the amount of tasks where the uuid
is the same as the current task, that should be queued next. If this amount
is bigger or equal to the forks attribute from the chain (task, block,
play), then it will be skipped to the next host. Like it is also done with
blocked_hosts.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Test cases for forks with linear and free strategy
With ansible_python_interpreter defined in inventory file using
ansible_playbook_python.
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
* Changing forks keyword to throttle and adding some more docs
* default collection support
* playbooks run from inside a registered collection will set that collection as the first item in the search order (as will all non-collection roles)
* this allows easy migration of runme.sh style playbook/role integration tests to collections without the playbooks/roles needing to know the name of their enclosing collection
* ignore bogus sanity error
* filed #61460
* fixed task unit test failure
* don't append an empty collections list to the ds
* ignore leftover local_action in mod_args ds action parsing
* fix async_extra_data test to not require ssh and bogus locale
* disable default collection test under Windows
* ensure collection location FS code is always bytes
* add changelog
* Fix TypeError in ec2_group.py for Python3 when sorting dictionary list
* Using json.loads() and dumps() to replace sorting
* Bug fixes for ec2_group.py
* Dictionaries cannot be compared/sorted in Python3
* Diff will occur when the IpPermissions have the same IpRanges but have different ordering
* 'before' will be sorted by 'Type' with high priority than 'IP', but 'boto3.describe_security_groups()' function cannot get 'Type' from Amazon
* Add some basic diff mode testing to exercise the rule-sorting code
* Change collection PS util import pattern
* Add changes for py2 compat
* fix up regex and doc errors
* fix up import analysis
* Sanity fix for 2.6 CI workers
* Get collection util path for coverage collection
* Rename OneView _facts modules -> _info
* Adjust PR #.
* Forgot to update test names.
* Remove superfluous blank line.
* Some more things from review.
* Initial commit for rate limiting
- Detects if error code is 429
- Pauses for random time between .5 and 5 seconds before retrying
- If it fails 10 times, give up and tell user
* Redo structure of request() to support rate limiting
* Hold down timer is now a sliding scale
- 3 * number of retries
- Fails after the 30 second wait
* Whitespace fixes
* Redo implementation using decorators
- Errors aren't tested but code works for regular calls
* Unit tests work for error handling
* Add integration tests for successful retries
* Add condition for 502 errors and retry
* Move _error_report out of the class
* PEP8 fixes
* Add changelog entry
* Template value of debugger and then check for validity
* Removed if/else and forcing failure on undefined as per comments
* Added changelog
* changed colon to brackets so it appears as a string
* aws_kms: (integration tests) Test updating a key by ID rather than just my alias
* aws_kms: (integration tests) Test deletion of non-existent and keys that are already marked for deletion
* aws_kms: Ensure we can perform actions on a specific key_id rather than just aliases
In the process switch over to using get_key_details rather than listing all keys.
* aws_kms: When updating keys use the ARN rather than just the ID.
This is important when working with cross-account trusts.
* Handle multiple Content-Type headers correctly
Avoids situations where mulitple Content-Type headers including charset information can result in errors like
```
LookupError: unknown encoding: UTF-8, text/html
```
* Account for multiple conflicting values for content-type and charset
* Add changelog fragment
* Renaming `onepassword_facts` to `onepassword_info`.
* Update module examples.
* Add changelog fragment.
* Add module rename to the 2.9 porting guide.
* Document the parameter types in the module docs.
* Fix incorrect parameter name.
* Update docs/docsite/rst/porting_guides/porting_guide_2.9.rst
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Remove `onepassword_facts` as it has been renamed to `onepassword_info` including fixes for the sanity tests.
* Add support for SubjectKeyIdentifier and AuthorityKeyIdentifier to _info modules.
* Adding SubjectKeyIdentifier and AuthorityKeyIdentifier support to openssl_certificate and openssl_csr.
* Fix type of authority_cert_issuer.
* Add basic tests.
* Add changelog.
* Added proper tests for _info modules.
* Fix docs bug.
* Make sure new features are only used when cryptography backend for openssl_csr is available.
* Work around jinja2 being too old on some CI hosts.
* Add tests for openssl_csr.
* Add openssl_certificate tests.
* Fix idempotence test.
* Move one level up.
* Add ownca_create_authority_key_identifier option.
* Add ownca_create_authority_key_identifier option.
* Add idempotency check.
* Apparently the function call expected different args for cryptography < 2.7.
* Fix copy'n'paste errors and typos.
* string -> general name.
* Add disclaimer.
* Implement always_create / create_if_not_provided / never_create for openssl_certificate.
* Update changelog and porting guide.
* Add comments for defaults.
* aws_kms: (integration tests) Use module_defaults to reduce the copy and paste
* aws_kms: (integration tests) make sure policy option functions.
* aws_kms: (integration tests) Move iam_role creation to start of playbook.
iam_roles aren't fully created when iam_role completes, there's a delay on the Amazon side before they're fully recognised.
* aws_kms: Update policy on existing keys (when passed)
* iam_password_policy: (integration tests) Use module defaults for AWS connection details
* iam_password_policy: (integration tests) Ensure the policy is removed when tests fail
* iam_password_policy: (integration tests) Add regression test for #59102
* iam_password_policy: Only return changed when the policy changes.
* iam_password_policy: PasswordReusePrevention must be omitted to remove/set to 0
* #60930 add changelog
* Update hacking AWS security policy to allow testing of Password Policy Management
* Rename hcloud_datacenter_facts to hcloud_datacenter_info
* Rename hcloud_location_facts to hcloud_location_info
* Rename hcloud_image_facts to hcloud_image_info
* Rename hcloud_floating_ip_facts to hcloud_floating_ip_info
* Rename hcloud_server_type_facts to hcloud_server_type_info
* Rename hcloud_server_facts to hcloud_server_info
* Rename hcloud_ssh_key_facts to hcloud_ssh_key_info
* Rename hcloud_volume_facts to hcloud_volume_info
* Fix typo in hcloud_image_info
* Add to porting guide and add changelog fragment
* Reword porting guide
* add subdir support to collection loading
* collections may now load plugins from subdirs under a plugin type or roles dir, eg `ns.coll.subdir1.subdir2.myrole`->ns.coll's roles/subdir1/subdir2/myrole, `ns.coll.subdir1.mymodule`->ns.coll's plugins/modules/subdir1/mymodule.py
* centralize parsing/validation in AnsibleCollectionRef class
* fix issues loading Jinja2 plugins from multiple sources
* resolves#59462, #59890,
* sanity test fixes
* string fixes
* add changelog entry
* Warn when transforming constructed groups
The `keyed_groups` field has used sanitization since 2.6, but `groups` only started doing so in 2.8.
This adds a warning for the change in behavior.
* changelog
Preserve tag key case by only calling camel_dict_to_snake_dict once,
before the tags are added.
Don't call assert_policy_shape as it seems to fail
Use aws_caller_info in the test suite now that it exists rather
than running `aws sts get_caller_identity`
Ensure that calls using `grant_types` can also use key aliases
* aws_kms: Rename various policy manipulation options to reduce confusion
AWS KMS now has the concept of issuing a 'grant', which is independent
of the policy attached to a key. Rename the following options to make
it clearer that the operate on the CMK Policy *not* on CMK Grants
* aws_kms: don't just rename grant_types/mode, deprecate them too.
* Make win_domain_user idempotent for passwordchanges
* Add changelog fragment
* Use test-credentials function from win_user.
* Split domain from username
* Update win_domain_user.ps1
* Fix ci
* Update win_domain_user.ps1
Fix ci
* Implement review
* Logic cleanup and remove securestring
* Fix typo
* fix syntax
fix syntax
* Use AD object instead of user input as requested by review
* migrate to Ansible.AccessToken
* Add support for passing networks as dicts
* Add function to compare a list of different objects
* Handle comparing falsy values to missing values
* Pass docker versions to Service
* Move can_update_networks to Service class
* Pass Networks in TaskTemplate when supported
* Remove weird __str__
* Add networks integration tests
* Add unit tests
* Add example
* Add changelog fragment
* Make sure that network options are clean
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Set networks elements as raw in arg spec
Co-Authored-By: Felix Fontein <felix@fontein.de>
* Fix wrong variable naming
* Check for network options that are not valid
* Only check for None options
* Validate that aliases is a list
* Addition of entrust provider to openssl_certificate module
* Fix native return values of error messages and JSON response.
* Documentation and syntax fixes per ansibot.
* Refactored structure of for loop due to ansible test failures in python 2.6
* Remove OCSP functionality for inclusion in possible seperate future pull request.
* Remove reissue support.
* Indicate the entrust parameters are specific to entrust.
* Comment fixes to make it clear module_utils request is used.
* Fixes to not_after documentation
* Response to pull request comments and cleanup of error handling for bad connections to properly use the 'six' HttpError for compatibility with both Python 2/3 underlying url libraries.
* pep8/pycodestyle fixes.
* Added code fragment and response to comments.
* Update license to simplified BSD
* Fixed botmeta typo
* Include license text in api.yml
* Remove unsupported certificate types, and always submit an explicit organization to match organization in CSR
* Fix documentation misquote, add expired to a comment, and fix path check timing.
* Update changelogs/fragments/59272-support-for-entrust-provider-in-openssl_certificate_module.yaml
Co-Authored-By: Felix Fontein <felix@fontein.de>