* Add helpful failure message if target_type=ip is not supported
Create test case for target_type=ip not supported
* Update elb_target_group module to latest standards
Use AnsibleAWSModule
Improve exception handling
Improve connection handling
(cherry picked from commit 29770a297a)
* no_log even when task_result doesn't provide key
- now also checks task property
- added reproducer to tests for unreachable status on item loop
(cherry picked from commit 336b3762b2)
* Add changelog entry for the no_log fix
(cherry picked from commit 5fdd101a3e)
* cherry-picked from 89cea78e30 and fixed merge conflicts from restructuring the integration tests in devel
Fix async for aws_s3
Add a test that async is able to be used on aws_s3 tasks
(cherry picked from commit cef92e3942cdd76866c47d25f903625e6d7eb6ed)
* changelog format tweak
* Fixes to ios_logging (#41029)
* Logging size may not show up in config
* This is much simpler
* Avoid repetition in tests
* Both options of buffered are optional
(cherry picked from commit 92a95368fe)
* Added changelog
* Use _remote_is_local=True for local connection in synchronize (#40833)
* All instances of local connection should use _remote_is_local=True. Fixes#40551
* Switch to instance attribute for synchronize
* Add test that shows that synchronize _remote_is_local addresses tmpdir building
(cherry picked from commit ad7ba91f75)
* Add changelog entry for #40833
* fix become_method 'doas' support by properly specifying becomecmd
a repatch of https://github.com/ansible/ansible/pull/13451/ which was never committed to 'devel' branch.
* fix play_context test for become_method doas to match new becomecmd
(cherry picked from commit be3670f528)
* Fix failing aws_ses_identity integration tests (#39560)
* Fix failing aws_ses_identity integration tests
Reduce boilerplate with yaml anchor
* remove unstable test alias
* Update feedback forwarding check to use desired state rather than
repeated API calls.
(cherry picked from commit 571c183f59)
* changelog
* Fix legacy Nexus 3k integration test and module issues. (#40322)
* Add setup ignore_errors for nxos_config test
* Fix parse_fan_info for n3k
* Skip bidir tests for N3k
* Omit vni config for n3k
* Skip unsupported nxos_vrf_af test on N3K
* Add legacy N3K platform tag
(cherry picked from commit 63e16431b7)
* Skip N35 and N3L platforms for nxos_evpn_global test (#40333)
(cherry picked from commit ad69ef88e7)
* add normalize_interface in module_utils and fix nxos_l3_interface module (#40598)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
(cherry picked from commit 0b7932db30)
* nxos_interface: Disable switchport for loopback/svi (#40314)
* nxos_interface: Disable switchport for loopback/svi
* Replace interface_type with get_interface_type(name)
(cherry picked from commit d04a989bd2)
* fixes bug with matching nxos prompts (#40655)
This change addresses an issue where the prompt matching regular
expressions would not match a prompt if the hostname starts with a
numeric value. Before this change, the connection would fail with a
socket.timeout() error. This change updates the termnal_stdout_re
values to now check for a number.
See Github issue #38639
(cherry picked from commit d829ff6993)
* fix nxos_vrf and migrate get_interface_type to module_utils (#40825)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
(cherry picked from commit b4baa2d484)
* nxos_vlan fix
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* changelog nxos bugfixes 2.5.4
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
* Ios test fixes (#40503)
* Return messages generated from edit_config to module
* This does not seem to work that way
* Change test IP addresses to not conflict with device config
(cherry picked from commit eb818df1ec)
* Search all assigned ipv6 addresses instead of just the first (#40533)
* Search all assigned ipv6 addresses instead of just the first
* Add test for idempotency with multiple ipv6 addresses assigned
(cherry picked from commit e8d02a3a0f)
* Fix ios test pt. 2 (#40628)
* Add missing idempotence assert
* Remove dhcp with other addresses on ipv6
(cherry picked from commit f88412b7cd)
Change the command to get the interface in a vlan "show vlan" => "show vlan brief"
Change the parsing of the return command of the switch.
The return of the ios command is fixed so i cut with fix number of carracter.
Adding looking for the next line to add the forgeted interfaces.
(cherry picked from commit 3903ca5)
Co-authored-by: pierremahot <pierre.mahot@orange.fr>
* winrm: add better exception handling for krb5 auth with pexpect
* Added changelog fragment
* Added exception handler in case kinit path isn't valid, added test cases
* fixed for Python 2 compatibility
(cherry picked from commit 5e28e282a5)
* Ios test fixes (#40503)
* Return messages generated from edit_config to module
* This does not seem to work that way
* Change test IP addresses to not conflict with device config
* Add test for idempotency with multiple ipv6 addresses assigned
* Do not join flag parameters
This put a comma between every character of the tcp flag parameters, resulting in a bad iptables command.
Fixes#36490
* Use suboptions to ensure tcp_flags options are lists
* Add unit tests for tcp_flags
* Add example of how to use tcp_flags
(cherry picked from commit c9d3bb59a4)
* winrm: source user from options than remote_user (#40467)
* winrm: source user from options than remote_user
* fixed up mock for kerberos import
* Added changelog fragment
* get hostname from option as well
(cherry picked from commit 1ac180c74d)
* Also removed uneeded method that wasn't backported
* ec2_vpc_route_table: Update matching_count parsing on find_subnets function and tests
* ec2_vpc_route_table: Update matching_count parsing on find_subnets function
(cherry picked from commit 1905a6e8fb)
* Fixing lack of failure when uploaded source is invalid (#37461)
Checking the response status for 400 and throwing exception.
Unit tests updated.
Fixes#37406
(cherry picked from commit 5e990301bb)
* changelog
Previously the test framework (DCI, Zuul) were installing the various
dependencies, this meant the list of what was required was duplicated.
Having everything defined in ansible-test makes it easier for people to
run tests locally.
Also this allows the test to work correctly on Python 2 & Python 3
(cherry picked from commit 27942d937f)
* Fix nested noop block padding in dynamic includes (#38814)
* Fix nested noop block padding in dynamic includes
* Address issues from the review
* Fix typo
(cherry picked from commit 5dd8977cfa)
* Add changelog/fragment for 38814
* [cloud] Make ec2_vpc_route_table wait for the route to propagate (#35975)
* Stabilize ec2_vpc_route_table
Wait for route table to be present before attempting to use it
Sleep before getting the final state of the route table in case modifications are incomplete
* Conditionally wait if changes were made
* Simplify logic
(cherry picked from commit 8fb31ac2f01e7c75d5181510290c99aee22be7ef)
* Route custom waiter (#36922)
This creates a way for us to use boto3's data-driven waiter support to use custom waiters where Boto3 hasn't implemented them yet.
The only waiter implemented so far is for VPC Route Tables to check that they exist, and this replaces some custom retry code.
(cherry picked from commit a40bce2bcbd5a40aee0de2b6ab5f6197bb1c5237)
* Use NormalizedOperationMethod to catch ClientErrors so the waiter can handle them properly (#37356)
(cherry picked from commit c9e8aca26cfc7559e7e8c7970acf06cd30cc7629)
* [cloud] Add custom waiters to stabilize ec2_vpc_subnet module - Fixes#36083 (#37534)
* stabilize ec2_vpc_subnet module
* Add waiters for ec2_vpc_subnet
Clean up integration tests
* Reenable CI for stabilized ec2_vpc_subnet tests
* rename waiters
* Use module_json_aws where applicable
Handle WaiterError first if waiting failed
* Fix traceback when tagging with keys/values that look like booleans
* Fix check mode with tags
* Add integration tests for tags that look like booleans and check mode
* Add waiter for deleting subnet
* Sleep a few seconds after using aws command line
(cherry picked from commit ea943e454c783c6b0ffb91b78131f27cd9bce269)
* Fix sporadic errors in ec2_vpc_subnet integration tests (#38473)
(cherry picked from commit 46f13d343786fa3985cc16cc770762984c7884ac)
* [aws] Skip ec2_vpc_subnet waiters for old botocore versions (#39171)
Fix ec2_vpc_subnet for botocore versions that do not accept the WaiterConfig parameter
(cherry picked from commit 6b91dae21c20006677e1e4adf2a9ff7ad55ca49c)
* [aws] Increase possible wait time for nonmonotonic subnet attributes (#38960)
(cherry picked from commit c4f010704890581a4974e83af03c2e81fb29e58e)
* changelog
* Fixes to improve ios_system idempotency (#38303)
Added detection of additional formatting for domain_name, domain_search,
lookup_source, and lookup_enabled on some software versions. In each
case they failed to detect existing commands with a '-' in it.
Fix: #38301
(cherry picked from commit 67acffb5f2)
* Nxos fixes (#40117)
* Alter nxos_nxapi tests to test the right thing
* Defend #40027
(cherry picked from commit f04c876ecd)
- Works with the --remote option.
- Can be disabled with the --disable-httptester option.
- Change image with the --httptester option.
- Only load and run httptester for targets that require it.
(cherry picked from commit c1f9efabf4)
* Only change expiration date if it is different
Modify user_info() method to also return the password expiration.
Compare current and desired expiration times and only change if they are different.
* Improve formatting on user tests
* Add integration test for expiration
* Add changelog fragment
* Improve integration test
Skip macOS and use getent module for validating expiration date.
* Fix expiration change for FreeBSD
* Don't use datetime since the total_seconds method isn't available on CentOS 6
* Use better name for expiration index field
Use separate tasks for verifying expiration date on BSD
* Use calendar.timegm() rather than time.mktime()
calendar.timegm() is the inverse of time.gmtime() and returns a timestamp in UTC not localtime
Add tests that change the system timezone away from UTC
* Mark tests as destructive and use test for change status
* Fix account expiration for FreeBSD
Use DATE_FORMAT when setting expiration date on FreeBSD. Previously the argument passed to -e was an integer of days since epoch when the account will expire which was inserted directly into master.passwd. This value is interpreted as seconds since epoch by the system, meaning the account expiration was actually set to a few hours past epoch.
Greatly simply comparing desired and current expiration time by using the first three values of the struct_time tuple rather than doing a whole bunch of manipulations of the seconds since epoch.
(cherry picked from commit 5a6bdef76b)
* Remove provider (and transport, where applicable) from consideration
* Add tests that misplaced transport does not fail task
(cherry picked from commit c6270e15a6)
* show version brief does not work on iosxr virtual (#37609)
* show version brief does not work on iosxr virtual
* ci failures fix
(cherry picked from commit 66b389a00d)
* changelog entry
* Handling of configurations blocks with end-* at the end of the block (#39673)
* handle end-policy issue
* revert changes in iosxr cliconf
* fix trailing parents not included in difference
* Moving fix to platform specific fix
* pep 8 issues
(cherry picked from commit ef577b71cc)
* changelog entry
* Fix eos_vlan associated interface check
Fix eos_vlan associated interface check by comparing
the interface in want and have without converting the
interface name to lower
* Update eos_vlan docs
* Update changelog
(cherry picked from commit afdc2364f2)
Fix ios integration test failures in CI. Since the packet transfer and receive rate
on the interface is not determined to remove the tx_rate and rx_rate test conditions
to prevent intermittent failure.
(cherry picked from commit 4c5ac16447)
There was a traceback when setting permissions on a directory tree when
there were broken symlinks inside of the tree and follow=true. chmod -R
ignores broken symlinks inside of the tree so we've fixed the file
module to do the same.
Fixes#39456
(cherry picked from commit 6b159fdb03)
* Fix for file module with symlinks to nonexistent target
When creating a symlink to a nonexistent target, creating the symlink
would work but subsequent runs of the task would fail because it was
trying to operate on the target instead of the symlink.
Fixes#39558
(cherry picked from commit 4f664f8ff6)
* vyos_interface require multiple network nodes to run
We don't have the ability to run these currently, so disable them.
The original logic was also incorrect, the tests don't pass on lab, DCI
nor single instance nodepool, so disable
https://github.com/ansible/ansible/issues/39667 tracks getting these
enabled again
* eth0 -> Gi0/0
* Correctly detect if we should run lldp
* Correctly detect if we should run lldp
(cherry picked from commit 923a81e9e5)
* removed additional check for name parameter
(cherry picked from commit 91357d07f4f9eb3714f582c1959ff54d25129500)
* Added empty default
Fix for issue https://github.com/ansible/ansible/issues/38482
(cherry picked from commit 60a32771039c190a7e9f6e0eb4d0f6bf4c356fd4)
* [ec2_ami] Ensure name or image_id is provided for state=present (#38972)
Add integration tests for backward compatibility and ensuring name or image_id is provided
(cherry picked from commit e2aa1155ba)
Fixes#27262
(cherry picked from commit 81b2529159)
Add tests for template with non-ascii filenames
This is a test in response to #27262 but I could not provoke the error
so it only shows that the current code is working with non-ascii
filenames in this case. It doesn't show whether there's some other bug
somewhere.
(cherry picked from commit f91d961cb4)
* [cloud] ec2_vpc_route_table: ignore routes without DestinationCidrBlock
Add module warnings rather than silently skipping
* Permit warnings for routes tables containing vpc endpoints to be turned off
* Add tests to ensure a VPC endpoint associated with a route table does not result in a traceback
(cherry picked from commit da3f7a8db1)
* win_file: Handle [] in paths, fix touch in check mode (#37901)
* win_file: Handle [] in paths, fix touch in check mode
* Fixed typo for p/invoke command
(cherry picked from commit 4b57fa91d0)
* Added changelog fragment for win_file special char fix
(cherry picked from commit 61bcf4740f)
* Ansible.ModuleUtils.FileUtil - Add ability to test non file system provider paths (#39200)
(cherry picked from commit b6afe6946d)
* Added changelog fragment
* Skip self._parent on dynamic, defer to grandparent for attr lookup (#38827)
* Skip self._parent on dynamic, defer to grandparent for attr lookup
* Revert _inheritable
* Add tests for include inheritance from static blocks
Fixes#38037#36194
(cherry picked from commit 354aa8d602)
* Add changelog for #38827
* Consider parent also when comparing IncludedFile (#37083)
* Consider parent also when comparing IncludedFile
* Add new tests for IncludedFile and convert to pytest
(cherry picked from commit cdb79b0e3a)
* Add changelog for #37083
* module_common: set required parameter templar
Fix the following error (related to b455901):
$ ./hacking/test-module -m ./lib/ansible/modules/system/ping.py -I ansible_python_interpreter=/usr/bin/python
Traceback (most recent call last):
File "./hacking/test-module", line 268, in <module>
main()
File "./hacking/test-module", line 249, in main
(modfile, modname, module_style) = boilerplate_module(options.module_path, options.module_args, interpreters, options.check, options.filename)
File "./hacking/test-module", line 152, in boilerplate_module
task_vars=task_vars
File "ansible/lib/ansible/executor/module_common.py", line 910, in modify_module
environment=environment)
File "ansible/lib/ansible/executor/module_common.py", line 736, in _find_module_utils
shebang, interpreter = _get_shebang(u'/usr/bin/python', task_vars, templar)
File "ansible/lib/ansible/executor/module_common.py", line 452, in _get_shebang
interpreter = templar.template(task_vars[interpreter_config].strip())
AttributeError: 'NoneType' object has no attribute 'template'
* module_common.modify_module: templar is required
(cherry picked from commit 7908f78fa6)
* fix inventory plugin source caching
- avoid caching invetnory sources in loader in base
- same fix for yaml plugin
- idem for 'auto' plugin
fixes#37162
* fix mock dataloader func sig
(cherry picked from commit 886c4edfb9)
This offers an optimization that allows loading larger
inventories of various structure by improving the
scaling laws involved for adding hosts and groups.
The primary speed benefit is the elimination of duplicate
recusion from traversing converging paths.
(cherry picked from commit 153c9bd539)
If user does not specify any network type then set network type
to dhcp. There are additional checks around 'ip', 'netmask' and
'type' in network spec.
Fixes: #38466
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 9b139baacb)
* fix for when status codes are provided as a comma separated list (#38080)
* fix for when status codes are provided as an array of strings
* convert status codes to int, additional tests
(cherry picked from commit c38617a736)
* Added changelog fragment
* Fix 'New Vault password' on vault 'edit'
ffe0ddea96 introduce a
change on 'ansible-vault edit' that tried to check
for --encrypt-vault-id in that mode. But '--encrypt-vault-id'
is not intended for 'edit' since the 'edit' should always
reuse the vault secret that was used to decrypt the text.
Change cli to not check for --encrypt-vault-id on 'edit'.
VaultLib.decrypt_and_get_vault_id() was change to return
the vault secret used to decrypt (in addition to vault_id
and the plaintext).
VaultEditor.edit_file() will now use 'vault_secret_used'
as returned from decrypt_and_get_vault_id() so that
an edited file always gets reencrypted with the same
secret, regardless of any vault id configuration or
cli options.
Fixes#35834
(cherry picked from commit 6e737c8cb6)
* openssl_certificate: Handle dump() in check_mode (#38386)
Currently, when ones run the module in check_mode it tries to retrieve
values from the actual certificate generated in the generate() function.
Since in check_mode we call dump() without calling generate(), self.cert
is None, leading to self.cert.get_notBefore(), self.cert.get_notAfter()
and self.cert.get_serial_number() raising an error.
> NoneType' object has no attribute 'get_notBefore'
The solution is to have two way to handle dump() method, whether its run
in check_mode=True or check_mode=False leading to different way the
information is retrieved.
(cherry picked from commit 99497ce54c)
* added eos_smoke tests
* removed left over file
* added note to uncomment broken eapi test when #36919 is fixed
* uncommented fixed test, added unbecome test
* skip become tests when connection=local
(cherry picked from commit 712d30f46c)
* Eos :do not push config to device if check_mode is enabled (#37287)
* eos can not check config without config session support
* add testcase for check_mode without config session
* fix eos eapi to read use_session env var
(cherry picked from commit a1026dbce5)
* Backport/2.5/37287 - Eos do not push config is check_mode is enabled
* Close & remove paramiko connection where appropriate (#37528)
* Update unit test
(cherry picked from commit 594840c1d6)
* Put back $PATH checking in ansible-connection call (#37933)
(cherry picked from commit 169209c32a)
* issue:38167 add support for onyx version 3.6.6000 for onyx_linkagg (#38191)
Signed-off-by: Samer Deeb <samerd@mellanox.com>
(cherry picked from commit 72d42bd065)
* fragment
* issue:37307 Add support for changes in pfc output in onyx 3.6.6000 (#37651)
* issue:37307 Add support for changes in pfc output in onyx 3.6.6000
Signed-off-by: Samer Deeb <samerd@mellanox.com>
(cherry picked from commit 9dfb665e43)
* fragment
* issue:37306 Fix issue with vlan support for onyx version 3.6.6000
Signed-off-by: Samer Deeb <samerd@mellanox.com>
(cherry picked from commit a89bafce2e)
* nso_verify handle leaf-list in 4.5 and identityref (#37393)
NSO verify did not handle leaf-list value verification in 4.5 and
later due to changes made for configuration writing made.
map prefix for identityref types in verification.
(cherry picked from commit 6308047dc9)
* Remove timeout
* win_service: fix when dealing with paths with special chars and change WMI to CIM cmdlets (#37897)
* win_service: fix when dealing with paths with special chars and change WMI to CIM cmdlets
* compare username in lowercase for test
(cherry picked from commit f37a44430f)
* Added changelog fragment
* azure_rm_networkinterface: fixed issue when public ip address should not be created (#36824)
* fixed issue when public ip address should not be created
* adding test for public ip address
* fixed samples
* another fix to sample formatting
* fixed test
* fix test
* fixed test
* another attempt to fix test
* maybe it works now
* still wrong
* improved check per customer request
* removed stupid semicolon
* updated test to match main scenario
* changed ip configurations to list
* another attempt
(cherry picked from commit 89401f13f7)
* Added changelog fragment
* Fix redundant yaml error blurbs on ModArgs parse errors
Some of the AnsibleParserErrors from parsing.mod_args
are created with the obj=some_yaml_ds options but
some are not.
If they were, we don't want to add another yaml_ds to
it, because that will result in double yaml error blurbs.
And since we dont need to add info, we can just re raise it.
But if there is no ._obj, add it here so we get the extra
detail in the error message (see issue #14790) and raise
a new AnsibleParserError instance.
Fixes#36848
* cleanup existing test_tasks pep8/sanity issues
(cherry picked from commit e166946a0a)
This fix adds environment variables for connection in vmware_*
modules.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 0ae7a0e88c)
The generated file was completely unusable by the system
therefore the fix which ensures that diffing the file
prior to changes and after only shows diffs
Furthermore the code did not work for Python 3.6
> f.writelines(to_bytes(lines, errors='surrogate_or_strict'))
E TypeError: a bytes-like object is required, not 'int'
The other modifications (lambda variable renaming) is to
comply with default flake8 rules
(cherry picked from commit 612d0d6634)
Fixes#37208
If check_mode is enabled instead of committing th config need to
discard all the chnages to cnadidate db
In case of cli to discard changes issue `rollback 0` command
and for netconf execute `discard-changes` rpc call
(cherry picked from commit 8eaa9cc938)
Fixes#36979
If `abort` is not issued in the top level session prompt
the existing session goes to pending state.
The fix is to come out of config mode by issuing `end` command
and again to same config session and execute `abort` which
`abort` is issued at the top level session prompt.
(cherry picked from commit 017ea018d0649b8b6f392f9505992f39e99943fa)
SGs created when a VPC ID was not specified would not necessarily
get the default egress rule, even when no explicit egress rules
were set.
Add some checks for egress rules in results from existing tests
(cherry picked from commit 98b29f8ad6)
Fixes#35993 - Changes to update_size in commit eb4cc31 made it so
the group dict passed into update_size was not modified. As a result,
the 'replace' call does not see an updated min_size like it previously
did and doesn't pause to wait for any new instances to spin up. Instead,
it moves straight into terminating old instances. Fix is to add batch_size
to min_size when calling wait_for_new_inst.
Fixes#28087 - Make replace_all_instances and replace_instances behave
exactly the same by setting replace_instances = current list of instances
when replace_all_instances used. Root cause of issue was that without lc_check
terminate_batch will terminate all instances passed to it and after updating
the asg size we were querying the asg again for the list of instances - so terminate batch
saw the list including new ones just spun up.
When creating new asg with replace_all_instances: yes and lc_check: false
the instances that are initially created are then subsequently replaced.
This change makes it so replace only occurs if the asg already existed.
Add integration tests for #28087 and #35993.
(cherry picked from commit a2b3120e85)
* Fix name parameter templating in include_role module (#36372)
An IncludedFile() object built using the original_task will have
its _task bound to the original_task. The iterative reassignment of
original_task._role_name during with_item loops leaves all returned
included_files with the same ._task._role_name (the final name from
the with_items list). This commit builds IncludedFile() objects
from an original_task.copy() to avoid the problematic binding.
(cherry picked from commit 54e70fc783)
* Test include role with items in name #36372 (#37001)
* Tests for #36372
* Tests for #36372
* Tests for #36372
(cherry picked from commit 8c4f349743)
* Add changelog for #36372
