Commit graph

33310 commits

Author SHA1 Message Date
Adrian Likins
f68330acb2 Fix vault --ask-vault-pass with no tty (#31493)
* Fix vault --ask-vault-pass with no tty

2.4.0 added a check for isatty() that would skip setting up interactive
vault password prompts if not running on a tty.

But... getpass.getpass() will fallback to reading from stdin if
it gets that far without a tty. Since 2.4.0 skipped the interactive
prompts / getpass.getpass() in that case, it would never get a chance
to fall back to stdin.

So if 'echo $VAULT_PASSWORD| ansible-playbook --ask-vault-pass site.yml'
was ran without a tty (ie, from a jenkins job or via the vagrant
ansible provisioner) the 2.4 behavior was different than 2.3. 2.4
would never read the password from stdin, resulting in a vault password
error like:

        ERROR! Attempting to decrypt but no vault secrets found

Fix is just to always call the interactive password prompts based
on getpass.getpass() on --ask-vault-pass or --vault-id @prompt and
let getpass sort it out.

* up test_prompt_no_tty to expect prompt with no tty

We do call the PromptSecret class if there is no tty, but
we are back to expecting it to read from stdin in that case.

* Fix logic for when to auto-prompt vault pass

If --ask-vault-pass is used, then pretty much always
prompt.

If it is not used, then prompt if there are no other
vault ids provided and 'auto_prompt==True'.

Fixes vagrant bug https://github.com/hashicorp/vagrant/issues/9033

Fixes #30993

(cherry picked from commit 86dc3c09ac)
2017-11-15 14:07:39 -05:00
s-hertel
3b9b3b281e Add changelog entry for elb_application_lb fix 2017-11-15 13:59:34 -05:00
Tomaž Šifrer
6f7259df3a Fix: modifying existing application lb using certificates now properly sets certificates (#28217)
(cherry picked from commit 3bd89f8298)
2017-11-15 13:57:36 -05:00
Toshio Kuratomi
466e4eb892 Add changelog for os_floating_ip fix 2017-11-14 11:11:12 -08:00
Sorin Sbarnea
a821a96e53 Avoid AttributeError: internal_network on os_floating_ip (#32887)
Fixes #32884

Change-Id: I3be1dc81266b32dd8f545b743365c2bbc02dfdeb
Signed-off-by: Sorin Sbarnea <ssbarnea@redhat.com>
(cherry picked from commit 3fedd88a9f)
2017-11-14 10:45:08 -08:00
Matt Martz
df47cf43a0 Add changelog entry for #32219 2017-11-14 10:55:21 -06:00
Musee Ullah
e2e3ab4d45 Keep newlines when reading LXC container config file (#32219) 2017-11-14 10:47:29 -06:00
Sam Doran
1379e77bf1 Add proper check mode support to the script module (#31852)
* Do not run script in check mode

Fixes #30676

* Reformat script integration test

* Add integration tests for check mode of script module

* Fix name on test

* Cleanup temp file

* win_script integration test syntaxt changes

* Add check mode tests for win_script

* Use proper variable in test

* Fail if source file does not exist

* Verify script is accessible and don't copy in check mode

Use shlex to properly split shell arguments, though a path with spaces in it still needs to be quoted in the playbook.
Add note to docs describing such.
Improve error message if file is not found indicating there may be a space in the path.

* Properly encode path now that path is split using shlex

* Allow for spaces in both path and script name

* Add unicode character test to Linux script tests

* Add Linux test for space in path to script

(cherry picked from commit ea3638b580)
2017-11-14 11:10:25 -05:00
Trishna Guha
545bd41927
multiple nxos fixes (#32905)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-11-14 15:23:49 +00:00
Trishna Guha
8b19c1c02d
change inventory_hostname to ansible_host to fix test (#32890) (#32891)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
(cherry picked from commit 11de330372)
2017-11-14 10:48:35 +00:00
Ganesh Nalawade
363e605ac4
Change netconf port in testcase as per test enviornment (#32883) (#32889)
(cherry picked from commit c3636108bc)
2017-11-14 15:39:39 +05:30
Trishna Guha
f179adcf2c
fix dci failure nxos (#32877) (#32878)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
(cherry picked from commit ceefeeb279)
2017-11-14 07:21:47 +00:00
Trishna Guha
0a43449391
nxos_config and nxos_facts - fixes for N35 platform. (#32762) (#32875)
* nxos_config and nxos_facts - fixes for N35 platform.  (#32762)

* update nxos_facts to handle errors in n35 platform

* switch show commands to output text

* replace basestring which is not supported in python3

* do it like the other modules: use string_types

* incorporate PR review

(cherry picked from commit 1360ae6518)

* update changelog

Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-11-14 05:18:53 +00:00
Trishna Guha
4433544eb0
Fix snmp bugs on Nexus 3500 platform (#32773) (#32847)
* Add n35 platform support

* Fix regex bug and add snmp_location it tests

* Enable nxos_snmp_location tests

(cherry picked from commit de8d00b401)
2017-11-13 11:54:12 +00:00
Trishna Guha
4f333eff78
nxos_interface error handling (#32846)
Signed-off-by: Trishna Guha <trishnaguha17@gmail.com>
2017-11-13 11:42:14 +00:00
Brian Coca
f8415adb17 added note about serial behaviour (#32461)
* added note about serial behaviour
(cherry picked from commit a0c0076cfb)
2017-11-12 14:06:08 -08:00
Toshio Kuratomi
b702687f39 Add the template lookup escaping to the 2.4 porting guide (#32760)
* Add the template lookup escaping to the 2.4 porting guide
(cherry picked from commit faa74a8ccd)
2017-11-12 14:02:03 -08:00
Toshio Kuratomi
52d2245b26 Keywords docs (#32807)
* Fixup keyword dumping

* Clarify introductory text
* Turn links in the keyword description into seealso entries in the rst.

* Have plugin_formatter cleanup trailing whitespace

The indent filter in jinja2 < 2.10 indents blank lines by default which
leads to trailing whitespace.  Cleanup after that filter.

* Edits

* Copy edit

(cherry picked from commit e07cbb033f)
2017-11-10 17:11:28 -08:00
Adrian Likins
29bdd0b326 Better handling of malformed vault data envelope (#32515)
If an embedded vaulted variable ('!vault' in yaml)
had an invalid format, it would eventually cause
an error for seemingly unrelated reasons.
"Invalid" meaning not valid hexlify (extra chars,
non-hex chars, etc).

For ex, if a host_vars file had invalid vault format
variables, on py2, it would cause an error like:

  'ansible.vars.hostvars.HostVars object' has no
  attribute u'broken.example.com'

Depending on where the invalid vault is, it could
also cause "VARIABLE IS NOT DEFINED!". The behavior
can also change if ansible-playbook is py2 or py3.

Root cause is errors from binascii.unhexlify() not
being handled consistently.

Fix is to add a AnsibleVaultFormatError exception and
raise it on any unhexlify() errors and to handle it
properly elsewhere.

Add a _unhexlify() that try/excepts around a binascii.unhexlify()
and raises an AnsibleVaultFormatError on invalid vault data.
This is so the same exception type is always raised for this
case. Previous it was different between py2 and py3.

binascii.unhexlify() raises a binascii.Error if the hexlified
blobs in a vault data blob are invalid.

On py2, binascii.Error is a subclass of Exception.
On py3, binascii.Error is a subclass of TypeError

When decrypting content of vault encrypted variables,
if a binascii.Error is raised it propagates up to
playbook.base.Base.post_validate(). post_validate()
handles exceptions for TypeErrors but not for
base Exception subclasses (like py2 binascii.Error).

* Add a display.warning on vault format errors
* Unit tests for _unhexlify, parse_vaulttext*
* Add intg test cases for invalid vault formats

Fixes #28038

(cherry picked from commit 9c58827410)
2017-11-10 14:31:32 -05:00
Brian Coca
58d37124d9 avoid chroot paths (#32778)
* avoid chroot paths in entity names when loading host_group_vars

fixes #32764

(cherry picked from commit e7941b0d4e)
2017-11-10 13:27:57 -05:00
Ganesh Nalawade
5944a447f7
Fix ios_config file prompt issue (#32744) (#32780)
Fixes #23263

Add a carriage return (\r) at end on copy config
command which results in prompt on cli terminal
(cherry picked from commit 37b0537279)

Update CHANGELOG.md
2017-11-10 20:32:35 +05:30
Ganesh Nalawade
eb4c5936f3
Fix junos netconf port issue in integration test (#32610) (#32668)
(cherry picked from commit 6d1d06e0f7)
2017-11-10 20:32:06 +05:30
Jordan Borean
ac1538ac74 Updated changelog for vmware logon error handling 2017-11-10 16:25:30 +10:00
Abhijeet Kasurde
64f75fc2d3 Add error handling for user login (#32613)
This fix adds additional error handling for vmware connect
method, where username provided user does not have required
permissions to use/login ESXi.

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
(cherry picked from commit 80967380d3)
2017-11-10 16:23:59 +10:00
Abhijeet Kasurde
80c275a371
Move resource pool login to a separate function and fix undefined var reference (#32674)
(cherry picked from commit 932f62ab57)
2017-11-10 06:20:31 +00:00
Abhijeet Kasurde
65ed70955d
Get the moid in a more failsafe manner (#32671)
(cherry picked from commit eca4897a08)
2017-11-10 06:18:47 +00:00
Abhijeet Kasurde
fa23f30762
vmware_guest: refactor spec serialization (#32681)
* Refactor spec serialization so that native types are evaluated last.
* Remove redundant type checks

Fixes #30818

(cherry picked from commit ada404d0ac)
2017-11-10 01:27:00 +00:00
Jordan Borean
32c1953df0 Updated changelog for win_copy fix 2017-11-10 06:38:57 +10:00
u625030
612d9e04d7 Update win_copy for #32677 (#32682)
* Update win_copy for #32677

enable large zip file support in win_copy

* Update win_copy.py

(cherry picked from commit 6d597ac05a)
2017-11-10 06:36:55 +10:00
Toshio Kuratomi
df04fde6c3 Add the change to when we escape backslashes (for the template lookup plugin) to changelog
This was slated for 2.3.3 but after talking with kustodian we decided it
wasn't appropriate for a minor release.  So 2.4.0 is where it appeared
2017-11-09 10:22:29 -08:00
Toshio Kuratomi
db54b0fb25 New release v2.4.2.0-0.3.beta3 2017-11-08 16:41:38 -08:00
Matt Clay
c994819fcf Changelog entry for script inventory plugin fix. 2017-11-08 10:59:38 -08:00
Chris Meyers
f00f2466d4 tests for InventoryModule error conditions (#31381)
* tests for InventoryModule error conditions

* modified unicode in tests to ahear to Ansible best practices

* flake8 fixes

(cherry picked from commit cf938e9992)
2017-11-08 10:56:19 -08:00
Martin Krizek
95bd052c4e Add changelog entry for the stdin py3 fix 2017-11-08 12:04:24 +01:00
Jan Pazdziora
000df969dc Fix #31694: running with closed stdin on python 3 (#31695)
(cherry picked from commit e5dbf63b65)
2017-11-08 12:02:33 +01:00
Brian Coca
aa54a3510f handle ignore_errors in loop
ensures we get both a templated ignore_errors and a
correct 'summary' result for ignore_errors when used in loops

fixes #32384

(cherry picked from commit d22627d944)
2017-11-07 19:53:18 -05:00
Kevin Zhao
24743e5cdc cherry-pick changes of azure_rm_common from devel to 2.4 (#32607)
* remove explicit provider reg from azure_rm (#31369)

* now that it's handled automatically as of msrest > 0.4.9

* add user-agent to Azure API calls (#31872)

* addi Ansible user-agent in Azure API calls

* fix import error

* add user agent for cloud shell (#32332)
2017-11-07 14:56:09 -08:00
Ryan S. Brown
e9b5e14764 [cloud] sns_topic: Fix unreferenced variable
Cherry-pick of 4e759a9cce
2017-11-07 09:55:26 -05:00
Toshio Kuratomi
f9e16d7072 Added urls python3 fix to changelog 2017-11-06 09:23:17 -08:00
David Hain
97c3037206 Use to_native when validating proxy result (#32596)
* Use bytes directly instead of converting to text
(cherry picked from commit 708829fab9)
2017-11-06 09:22:17 -08:00
Sloane Hertel
793c473fe2 Use region derived from get_aws_connection_info() in dynamodb_table to fix tagging bug (#32557) 2017-11-06 08:49:09 -05:00
Martin Krizek
29cf375157 Add changelog entry for the yum locale fix 2017-11-06 11:32:42 +01:00
Martin Krizek
36bcab8a68 yum: use the C locale when screen scraping (#32203)
(cherry picked from commit a8ab1a0b20)
2017-11-06 11:31:32 +01:00
Martin Krizek
274503991e Add changelog entry for git archive fix 2017-11-06 11:30:52 +01:00
Martin Krizek
d8bfed678c git: fix archive when update is set to no (#31829)
(cherry picked from commit e3a847a142)
2017-11-06 11:28:46 +01:00
Toshio Kuratomi
0796190053 Prefer the stdlib SSLContext over urllib3 context
We do not go through the effort of finding the right PROTOCOL setting if
we have SSLContext in the stdlib.  So we do not want to hit the code
that uses PROTOCOL to set the urllib3-provided ssl context when
SSLContext is available.  Also, the urllib3 implementation appears to
have a bug in some recent versions.  Preferring the stdlib version will
work around that for those with Python-2.7.9+ as well.

Fixes #26235
Fixes #25402
Fixes #31998

(cherry picked from commit 725ae96e1b)
2017-11-04 13:11:45 -07:00
patlachance
309dbecbc7 iam.py: return iam.role dict when creating roles (#28964)
(cherry picked from commit 45e35be4c1)
2017-11-03 10:07:21 -04:00
Dmitry Marakasov
20764e248e Documentation typo fixes (#32473)
(cherry picked from commit 843fba509f)
2017-11-02 19:40:09 -07:00
Toshio Kuratomi
0617ac1f24 Add changelog entry for inventory nonascii paths fix 2017-11-02 19:32:12 -07:00
Toshio Kuratomi
07fa571502 Fix non-ascii errors in config manager
(cherry picked from commit d166bba126)
2017-11-02 19:32:12 -07:00