* module_utils: Clean up parameter types
This PR includes:
- Parameter types added
- Copyright format fixes
- Short license statement
- Description fixes (only for a few files, then I stopped :-))
* More network stuff
* Fix typo
* Fix PEP8
* Fix booleans
* Fix typo
* module_utils: Clean up parameter types (database)
This PR includes:
- Parameter types added
- Copyright format fixes
- Short license statement
- Description fixes (only for a few files, then I stopped :-))
* Fix validate-modules test ignores
* module_utils: Clean up parameter types (storage)
This PR includes:
- Parameter types added
- Copyright format fixes
- Short license statement
- Description fixes (only for a few files, then I stopped :-))
* Fix quotes
* Fix rST issue
* Raise AnsibleConnectionError on winrm con errors
Currently all uncaught exceptions of the requests library that is used
in winrm will lead to an "Unexpected failure during module execution".
Instead of letting all exceptions bubble up we catch the connection
related errors (inkl. timeouts) and re-raise them as
AnsibleConnectionError so Ansible will mark the host as unreachable and
exit with the correct return code.
This is especially important for Zuul (https://zuul-ci.org) to
distinguish between failures and connection/host related errors.
* Update lib/ansible/plugins/connection/winrm.py
Co-Authored-By: westphahl <westphahl@gmail.com>
* Add changelog fragment
* identity: Add GSSAPI suport for FreeIPA authentication
This enables the usage of GSSAPI for authentication, instead of having
to pass the username and password as part of the playbook run.
If there is GSSAPI support, this makes the password optional, and will
be able to use the KRB5_CLIENT_KTNAME or the KRB5CCNAME environment
variables; which are standard when using kerberos authentication.
Note that this depends on the urllib_gssapi library, and will only
enable this if that library is available.
* identity: Add documentation for GSSAPI authentication for FreeIPA
This documentation describes how to use GSSAPI authentication with the
IPA identity modules.
* identity: Add changelog for GSSAPI support for IPA
This adds the changelog entry for the GSSAPI authentication feature for
the IPA identity module.
* Check that verify_ssl defined in tower_cli.cfg isn't ignored
* Avoid to override verify_ssl value defined in tower_cli.cfg
By default, tower-cli library enables SSL certificates check. But
verify_ssl false value defined in config files read by default by
tower-cli library (for example /etc/tower/tower_cli.cfg) was ignored
because overriden by the tower_verify_ssl parameter default value.
* fix a typo in comment
There are other chat systems with hook implementations more or less
compatible with Slack, such as Rocket.Chat. The latter requires the
Content-Type header to be set to "application/json" (the body is JSON).
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
* [WIP] become plugins
Move from hardcoded method to plugins for ease of use, expansion and overrides
- load into connection as it is going to be the main consumer
- play_context will also use to keep backwards compat API
- ensure shell is used to construct commands when needed
- migrate settings remove from base config in favor of plugin specific configs
- cleanup ansible-doc
- add become plugin docs
- remove deprecated sudo/su code and keywords
- adjust become options for cli
- set plugin options from context
- ensure config defs are avaialbe before instance
- refactored getting the shell plugin, fixed tests
- changed into regex as they were string matching, which does not work with random string generation
- explicitly set flags for play context tests
- moved plugin loading up front
- now loads for basedir also
- allow pyc/o for non m modules
- fixes to tests and some plugins
- migrate to play objects fro play_context
- simiplify gathering
- added utf8 headers
- moved option setting
- add fail msg to dzdo
- use tuple for multiple options on fail/missing
- fix relative plugin paths
- shift from play context to play
- all tasks already inherit this from play directly
- remove obsolete 'set play'
- correct environment handling
- add wrap_exe option to pfexec
- fix runas to noop
- fixed setting play context
- added password configs
- removed required false
- remove from doc building till they are ready
future development:
- deal with 'enable' and 'runas' which are not 'command wrappers' but 'state flags' and currently hardcoded in diff subsystems
* cleanup
remove callers to removed func
removed --sudo cli doc refs
remove runas become_exe
ensure keyerorr on plugin
also fix backwards compat, missing method is attributeerror, not ansible error
get remote_user consistently
ignore missing system_tmpdirs on plugin load
correct config precedence
add deprecation
fix networking imports
backwards compat for plugins using BECOME_METHODS
* Port become_plugins to context.CLIARGS
This is a work in progress:
* Stop passing options around everywhere as we can use context.CLIARGS
instead
* Refactor make_become_commands as asked for by alikins
* Typo in comment fix
* Stop loading values from the cli in more than one place
Both play and play_context were saving default values from the cli
arguments directly. This changes things so that the default values are
loaded into the play and then play_context takes them from there.
* Rename BECOME_PLUGIN_PATH to DEFAULT_BECOME_PLUGIN_PATH
As alikins said, all other plugin paths are named
DEFAULT_plugintype_PLUGIN_PATH. If we're going to rename these, that
should be done all at one time rather than piecemeal.
* One to throw away
This is a set of hacks to get setting FieldAttribute defaults to command
line args to work. It's not fully done yet.
After talking it over with sivel and jimi-c this should be done by
fixing FieldAttributeBase and _get_parent_attribute() calls to do the
right thing when there is a non-None default.
What we want to be able to do ideally is something like this:
class Base(FieldAttributeBase):
_check_mode = FieldAttribute([..] default=lambda: context.CLIARGS['check'])
class Play(Base):
# lambda so that we have a chance to parse the command line args
# before we get here. In the future we might be able to restructure
# this so that the cli parsing code runs before these classes are
# defined.
class Task(Base):
pass
And still have a playbook like this function:
---
- hosts:
tasks:
- command: whoami
check_mode: True
(The check_mode test that is added as a separate commit in this PR will
let you test variations on this case).
There's a few separate reasons that the code doesn't let us do this or
a non-ugly workaround for this as written right now. The fix that
jimi-c, sivel, and I talked about may let us do this or it may still
require a workaround (but less ugly) (having one class that has the
FieldAttributes with default values and one class that inherits from
that but just overrides the FieldAttributes which now have defaults)
* Revert "One to throw away"
This reverts commit 23aa883cbed11429ef1be2a2d0ed18f83a3b8064.
* Set FieldAttr defaults directly from CLIARGS
* Remove dead code
* Move timeout directly to PlayContext, it's never needed on Play
* just for backwards compat, add a static version of BECOME_METHODS to constants
* Make the become attr on the connection public, since it's used outside of the connection
* Logic fix
* Nuke connection testing if it supports specific become methods
* Remove unused vars
* Address rebase issues
* Fix path encoding issue
* Remove unused import
* Various cleanups
* Restore network_cli check in _low_level_execute_command
* type improvements for cliargs_deferred_get and swap shallowcopy to default to False
* minor cleanups
* Allow the su plugin to work, since it doesn't define a prompt the same way
* Fix up ksu become plugin
* Only set prompt if build_become_command was called
* Add helper to assist connection plugins in knowing they need to wait for a prompt
* Fix tests and code expectations
* Doc updates
* Various additional minor cleanups
* Make doas functional
* Don't change connection signature, load become plugin from TaskExecutor
* Remove unused imports
* Add comment about setting the become plugin on the playcontext
* Fix up tests for recent changes
* Support 'Password:' natively for the doas plugin
* Make default prompts raw
* wording cleanups. ci_complete
* Remove unrelated changes
* Address spelling mistake
* Restore removed test, and udpate to use new functionality
* Add changelog fragment
* Don't hard fail in set_attributes_from_cli on missing CLI keys
* Remove unrelated change to loader
* Remove internal deprecated FieldAttributes now
* Emit deprecation warnings now
* standardize user/password connection vars
* docs: use ansible_user and ansible_password
* docs: var precedence for connection vars
* docs: ansible_become_pass -> ansible_become_password etc
* k8s*: add a reference to k8s_auth in all the modules' descriptions
* k8s_auth: new k8s module for handling auth
* k8s_auth: ignore E203
Can't use module_utils.urls, since that lacks user CA support, which is
a critical feature of what this module does.
* Create new documentation pages for httpapi and cliconf
* Add new documentation to plugins toctree and Makefile
* Add DOCUMENTATION to cliconf
* Apply suggestions from code review
* Move docker_ module_utils into subpackage.
* Remove docker_ prefix from module_utils.docker modules.
* Adding jurisdiction for module_utils/docker to $team_docker.
* Making docker* unit tests community supported.
* Linting.
* Python < 2.6 is not supported.
* Refactoring docker-py version comments. Moving them to doc fragments. Cleaning up some indentations.
Fixes: #51675
the sample for 'Fetch all deployments' is "{{ lookup('k8s', kind='Deployment', namespace='testing') }}" but it should be "{{ lookup('k8s', kind='Deployment') }}"
* Update yaml.py exmaple to include A colon
took me some time to find that out, you can have a single host under a group without the A colon, but if you add another host also w/o A colon, they will be parsed as a single line.
* Update yaml.py
* PR Candidate for FortiManager Connection Plugin, plus associated Utilities.
* Update fortimanager.py
Adding additional comments
* Committing changes for PR as requested by Ansible Staff
* Minor doc change to kick off new shippable test. Unrelated code (not our stuff) caused a failure on the last test.
* Removed generic methods for get/set/etc. Moved a copy of FMGRLockCTX into the plugin for portability, and to left the original in the mod_utils/fortimanager.py as deprecated code for pre-2.7 customers still running on pyFMG and not the plugin.
Tested all playbooks and all modules, and all appears well.
Added support for username and password authentication in hashi_vault
lookup plugin.
Fixes: #38878
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* identity: Autodetect FreeIPA server with DNS
This adds the ability for the freeIPA related modules to be able to
auto-detect the IPA server through DNS.
This takes advantage of the fact that a lot of FreeIPA deployments
configure their hosts to use IPA as the nameserver.
This check is only used if we didn't set neither the ipa_host parameter,
nor the environment variable IPA_HOST.
* identity: Specify docs for DNS discovery of ipa_host
These docs specify that it can now default to DNS if the 'ipa-ca' entry
is available.
* Add coherency between check and normal mode see issue #24633
* Add changelog fragment for the PR
* Make change following PR comment
* Remove trailing whitespace
* aws_ec2 Implement the missing 'region discovery'
fixes#45288
tries to use api as documented (which seems to fail in latest boto3 versions)
and fallback to boto3 'hardcoded' list of regions
* fixes and cleanup, add error for worst case scenario
* fix tests, remove more unused code
* add load_name
* acually load the plugin
* set plugin as required
* reverted test changes, removed options tests
* fixes as per feedback and cleanup
Dag Wieers
Emmanouil Kampitakis
Matt Clay
Simon Westphahl
René Moser
Jordan Borean
Matt Martz
Juan Antonio Osorio
Alan Rominger
Abhijeet Kasurde
Pilou
Ondra Machacek
Matt Davis
hansmi
James Cassell
Akira Yokochi
Mariusz Mazur
Karsten Jakobsen
Sloane Hertel
Nathaniel Case
Felix Fontein
Jadi
rabin-io
ftntcorecse
Sandra McCann
vaneuk
Jim Rollenhagen
Anil Kumar Muraleedharan
Nilashish Chakraborty
chronidev
nikkytub
Brian Coca