* The Univention modules have a issue with an unassigned variable.
The variable diff is only assigned if state is 'present', else the
variable is unused. But the module will return the diff variable as a
return value. If the state isn't 'present' the module will fail with an
python UnboundLocalError exception.
(cherry picked from commit 26fa97922abb9bc197af5745e83c235c2d652116)
* Add a changelog fragment for PR 55083.
(cherry picked from commit b4ae654890a606bf5321c6b1a612d77de9ef47dd)
* Added recently added return fields for query
* Defined type of string for older fields too
* Fix incorrect type for org_id
(cherry picked from commit 9f7584e311)
* Allow all of yum version compare operators
* * yum: name="foo >= VERSION" integration test
* changelog fragment
(cherry picked from commit 1532e31ec0)
* Correct behavior so that direction isn't required for default.
* Add more tests.
* 'disabled' values cannot be changed.
* Include 'not specified' in messages.
(cherry picked from commit 7d27348356)
* Performance fixes for net and org lookups
- Both methods had duplicate lookups
- This should significantly improve performance
- Currently untested
* Add ChangeLog file
* Change from bugfix to bugfixes and change indent
(cherry picked from commit c254b93796)
* correct openssl rsa to genrsa in acme doc fragment
* acme_certificate.py - updated route53 example to include wait: yes
(cherry picked from commit c11af3dbef)
The controller's fixup_perms2 uses filesystem acls to make the temporary
file for copy readable by an unprivileged become user. On Python3, the
acls are then copied to the destination filename so we have to remove
them from there.
We can't remove them prior to the copy because we may not have
permission to read the file if the acls are not present. We can't
remove them in atomic_move() because the move function shouldn't know
anything about controller features. We may want to generalize this into
a helper function, though.
Fixes#44412
Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
(cherry picked from commit d15812fabf)
* nxos_igmp_snooping: group-timeout fails when igmp snooping disabled
group-timeout config will be rejected by the device if `ip igmp snooping` is disabled.
* raise a failure for this condition
* reorder the command list so that group-timeout is always last
* SA fixes
* SA fixes
* only call gt_dependency if gt
(cherry picked from commit 8c33ba3ecd)
* `nxos_facts` crashes with certain nxos images; e.g. `7.0(3)I7(3)` as a result of this call:
```
data = self.run('show lldp neighbors', output='json')
```
...which returns `ERROR: No neighbour information` when the device has no neighbors.
* This response causes httpapi's `handle_reponse()` to raise a ConnectionError, which is caught by `utils/jsonrpc.py` which is expecting `code` in the exception data:
```
except ConnectionError as exc:
display.vvv(traceback.format_exc())
error = self.error(code=exc.code, message=to_text(exc))
```
* Found by: `nxos_facts/tests/common/not_hardware.yaml:7`
(cherry picked from commit 874fd70d10)
* network.py:ActionModule:run: does not honor _handle_src_option failures
PR #50301 moved template error handling out of run() and into its
own method in `_handle_src_option`; however, after the change run()
ignores the return value so any errors are ignored.
Reproduceable with `nxos_config/tests/common/src_invalid.yaml`
Verified fix with `nxos_config/tests/common/src_*` tests.
Ref:
71113ee291 (diff-7477bf046013758366cc85b06f90709aR43)
* nxos_config/tests/common/src_basic: Updated to test with src
This test was not actually testing with `src:` as it should have.
* Revert 412d7e change to plugins/action/network.py
PR #52912 fixed this already.
* nxos_config: fix src_invalid test
(cherry picked from commit d69239c440)
* nxos_interfaces_ospf: fix passive-interface states & check_mode
This fix addresses issues #41704 and #45343.
The crux of the problem is that `passive-interface` should have been treated as a tri-state value instead of a boolean.
The `no` form of the command disables the passive state on an interface (allows it to form adjacencies and send routing updates). It's essentially an override for `passive-interface default` which enables passive state on all OSPF interfaces.\*
This `no` config will be present in `running-config`.
\**See `router ospf` configuration.*
Since both enable and disable states are explicit configs, the proper way to remove either of these is with the `default` syntax.
Passive-interface config syntax:
```
ip ospf passive-interface # enable (nvgens)
no ip ospf passive-interface # disable (nvgens)
default ip ospf passive-interface # default (removes config, does not nvgen)
```
Code changes:
* `passive_interface` param changed from boolean to string, restricted to `true`,`false`,`default`.
* Several passive-interface specific checks were added because the existing module logic tends to test for true or false and doesn't handle the None case.
* Fixed `check_mode`.
Sanity verified on: N9K,N7K,N3K,N6K
* Fix doc header
* Unit tests for passive-interface
* doc fix#2
* Fix indent for SA
* Remove 'default' keyword, restore bool behavior
* remove changes to sanity
(cherry picked from commit 20fb77c49b)
* nxos_linkagg: `group` type mismatch causes idempotency failure
* `group` values need to be cast; e.g.
```
want = {'group': '20'}
have = {'group': 20}
```
* Found with N7K `sanity` test
* nxos_linkagg: change group param type to str
(cherry picked from commit 66fe6bfa0b)
* The test was setting `lsa max` value to 2222 but the default `lsa hold` value is 5000.
* `hold` must be less than `max` or else the device raises a clierror, so I just added a lower non-default `hold` value to satisfy the cli.
(cherry picked from commit c1e9f594d2)
The N7K is another platform that raises an error when trying to remove
an RP w/prefix-list specified. These tests are now skipped for N7K.
(cherry picked from commit c5de2233d0)
* Fixed another problem where `group-timeout` was processed before `ip igmp snooping` was enabled
* `sanity` playbook:
* N6K: `show ip igmp snooping | json` succeeds on the device but doesn't return any data in body; added a skip to the sanity playbook to keep it out of CI
* Added a setup task to do initial cleanup on the device
(cherry picked from commit 07774b4ccf)
Basic passwords are rejected by the nxos device unless `no password strength-check`
is configured. This change just makes the password meet the minimum strength checks.
(cherry picked from commit 591e0ffb69)
Test yaml fixes for n3048:
* 3048 does not support bidir option
* 3048 cannot remove rp-address if prefix-list/route-map is present
* yes: no ip pim rp-address x.x.x.x
* no: no ip pim rp-address x.x.x.x prefix-list foo
* no: no ip pim rp-address x.x.x.x route-map bar
This test now passes on N9k/N7k/N6k/N3k.
(cherry picked from commit ea0ef3b2e1)
* nxos_hsrp: fix 'sh_preempt': <unknown enum:>
Some older nxos images fail to set this attr value. This fix checks for
unknown enum and issues a second (unstructured) call to the device to get
the data.
* add whitespace for pep8
(cherry picked from commit 5dc65d0dfc)
* Fix 'defaults' option in the nxos_config module
Nxos get_config is allways called with the 'all' option.
* Fix flag's calculation
* Add tests
* nxos_config: the 'backup' option take into account the value of 'defaults' option
If 'defaults' option is true, the running-config backup is done with the all
keyword.
(cherry picked from commit 87a01df6ad)
Searching for digits somewhere in the output line will also match VLAN name (lines) starting with digits.
Fixes issue #50998
(cherry picked from commit b1c295386f)
Fixes#53236
* If dispatch() rpc response has data element
return the xml string from `<data>` element
else return the complete xml string from
`<rpc-reply>`.
(cherry picked from commit aac5ef5e13e692c09bfd30772311733878b01035)
When using before and after in combination, the opposite behavior was induced. This PR makes the the replacement happen between the specified patterns as intended.
* Added integration tests
* Add changelog, porting guide entry, and minor doc fixes.
(cherry picked from commit cf69ec5db0)
Co-authored-by: Evan Kaufman <evan.kaufman@gmail.com>
* Catch all request timeouts for winrm connection
The current implementation only catches 'ConnectTimeout' exceptions.
Instead we should catch 'Timout' which also catches ReadTimeout
exceptions.
Improves on: #51744
Co-Authored-By: westphahl <westphahl@gmail.com>
* Changelog for winrm error handling improvement